python3-pip: fix CVE-2021-3572

Backport the body of a fix for CVE-2021-3572 since hardknott carries 20.0.2, and the delta between it and the latest 21.1.3 is more than just bugfixes. CVE: CVE-2021-3572 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
author: Trevor Gamblin <trevor.gamblin@windriver.com> 2021-07-22 16:43:29 -0400
committer: Anuj Mittal <anuj.mittal@intel.com> 2021-07-31 14:10:45 +0800
commit: fb7a2af241795b82f121381cea6f4b56ce948ebf (patch)
tree: 4dd9edbedf6f4cd2a3782a5b516ddd5e624bf1f6 /meta/recipes-devtools/python/python3-pip_20.0.2.bb
parent: e458c15627e7b27392d158cbb9417f66424aa7d5 (diff)
download: openembedded-core-contrib-fb7a2af241795b82f121381cea6f4b56ce948ebf.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
index 99eeea2edf..9242d0e82e 100644
--- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb
+++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e"
 
 DEPENDS += "python3 python3-setuptools-native"
 
-SRC_URI += "file://0001-change-shebang-to-python3.patch"
+SRC_URI += "file://0001-change-shebang-to-python3.patch \
+            file://0001-Don-t-split-git-references-on-unicode-separators.patch \
+            "
 
 SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86"
 SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f"
author	Trevor Gamblin <trevor.gamblin@windriver.com>	2021-07-22 16:43:29 -0400
committer	Anuj Mittal <anuj.mittal@intel.com>	2021-07-31 14:10:45 +0800
commit	fb7a2af241795b82f121381cea6f4b56ce948ebf (patch)
tree	4dd9edbedf6f4cd2a3782a5b516ddd5e624bf1f6 /meta/recipes-devtools/python/python3-pip_20.0.2.bb
parent	e458c15627e7b27392d158cbb9417f66424aa7d5 (diff)
download	openembedded-core-contrib-fb7a2af241795b82f121381cea6f4b56ce948ebf.tar.gz