mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-12 13:53:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1a099cb1faa19c80b1ac337338a4947d2570cd72
poky/meta/recipes-devtools/python/python3-requests_2.32.4.bb
Ross Burton 1a099cb1fa python3-requests: backport fix for CVE-2026-25645 
When unpacking zip files requests uses predictable paths. Backport a fix
to use randomly generated pathnames to mitigate injection attacks.

(From OE-Core rev: b23ec9773d67f8767904731afa86fe5ede08f97f)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe846d71b647fb06e6a87cb45a2dd9b0889e2891)
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-06-10 14:35:20 +01:00

35 lines
1023 B
BlitzBasic
Raw Blame History

SUMMARY = "Python HTTP for Humans."
HOMEPAGE = "https://requests.readthedocs.io"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
inherit pypi python_setuptools_build_meta
SRC_URI[sha256sum] = "27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422"
SRC_URI += "file://CVE-2026-25645.patch"
SRC_URI:append:class-nativesdk = " file://environment.d-python3-requests.sh"
do_install:append:class-nativesdk() {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-python3-requests.sh ${D}${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh
}
RDEPENDS:${PN} += " \
python3-certifi \
python3-email \
python3-json \
python3-netserver \
python3-pysocks \
python3-urllib3 \
python3-chardet \
python3-idna \
python3-compression \
"
FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh"
CVE_PRODUCT = "requests"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink