mirror of
https://git.yoctoproject.org/poky
synced 2026-02-11 11:13:04 +01:00
af06cbf82b
According to [1] which provided the fix link [2], but upstream author reworked it later [3][4][5] Backport and rebase all the patches for tracing [1] https://nvd.nist.gov/vuln/detail/CVE-2024-5569 [2]fd604bd34f[3]3cb5609002[4]f89b93f037[5]cc61e6140f(From OE-Core rev: 13bd99e17f0aca108839e81e9aa0b14351116fdf) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
31 lines
898 B
Diff
31 lines
898 B
Diff
From 9084bc59784cb240628996c1cb95f4f786ebedcc Mon Sep 17 00:00:00 2001
|
|
From: "Jason R. Coombs" <jaraco@jaraco.com>
|
|
Date: Wed, 27 Nov 2024 23:38:28 -0800
|
|
Subject: [PATCH 5/5] Prefer simpler path.rstrip to consolidate checks for
|
|
empty or only paths.
|
|
|
|
Upstream-Status: Backport [https://github.com/jaraco/zipp/commit/cc61e6140f0dfde2ff372db932442cf6df890f09]
|
|
Rebase to v3.7.0
|
|
CVE: CVE-2024-5569
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
|
---
|
|
zipp.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/zipp.py b/zipp.py
|
|
index 236af49..87c4219 100644
|
|
--- a/zipp.py
|
|
+++ b/zipp.py
|
|
@@ -55,7 +55,7 @@ def _ancestry(path):
|
|
['//b//d///f', '//b//d', '//b']
|
|
"""
|
|
path = path.rstrip(posixpath.sep)
|
|
- while path and not path.endswith(posixpath.sep):
|
|
+ while path.rstrip(posixpath.sep):
|
|
yield path
|
|
path, tail = posixpath.split(path)
|
|
|
|
--
|
|
2.25.1
|
|
|