mirror of
https://git.yoctoproject.org/poky
synced 2026-02-05 16:28:43 +01:00
0372024fe7
urllib3 is a user-friendly HTTP client library for Python. Prior
to 2.5.0, urllib3 does not control redirects in browsers and
Node.js. urllib3 supports being used in a Pyodide runtime utilizing
the JavaScript Fetch API or falling back on XMLHttpRequest. This
means Python libraries can be used to make HTTP requests from a
browser or Node.js. Additionally, urllib3 provides a mechanism to
control redirects, but the retries and redirect parameters are
ignored with Pyodide; the runtime itself determines redirect
behavior. This issue has been patched in version 2.5.0.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50182
Upstream patch:
7eb4a2aafe
(From OE-Core rev: 082b865d9814e7e7aca4466551a035199aa8b563)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
34 lines
796 B
BlitzBasic
34 lines
796 B
BlitzBasic
SUMMARY = "Python HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more"
|
|
HOMEPAGE = "https://github.com/urllib3/urllib3"
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
|
|
|
|
SRC_URI[sha256sum] = "f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d"
|
|
|
|
inherit pypi python_hatchling
|
|
|
|
SRC_URI += " \
|
|
file://CVE-2025-50181.patch \
|
|
file://CVE-2025-50182.patch \
|
|
"
|
|
|
|
DEPENDS += " \
|
|
python3-hatch-vcs-native \
|
|
"
|
|
|
|
RDEPENDS:${PN} += "\
|
|
python3-certifi \
|
|
python3-cryptography \
|
|
python3-email \
|
|
python3-idna \
|
|
python3-json \
|
|
python3-netclient \
|
|
python3-pyopenssl \
|
|
python3-threading \
|
|
python3-logging \
|
|
"
|
|
|
|
CVE_PRODUCT = "urllib3"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|