diff options
author | Trevor Gamblin <trevor.gamblin@windriver.com> | 2021-07-22 16:43:29 -0400 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2021-07-31 14:10:45 +0800 |
commit | fb7a2af241795b82f121381cea6f4b56ce948ebf (patch) | |
tree | 4dd9edbedf6f4cd2a3782a5b516ddd5e624bf1f6 /meta/recipes-devtools/python/python3-pip_20.0.2.bb | |
parent | e458c15627e7b27392d158cbb9417f66424aa7d5 (diff) | |
download | openembedded-core-contrib-fb7a2af241795b82f121381cea6f4b56ce948ebf.tar.gz |
python3-pip: fix CVE-2021-3572
Backport the body of a fix for CVE-2021-3572 since hardknott carries
20.0.2, and the delta between it and the latest 21.1.3 is more than just
bugfixes.
CVE: CVE-2021-3572
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-devtools/python/python3-pip_20.0.2.bb')
-rw-r--r-- | meta/recipes-devtools/python/python3-pip_20.0.2.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb index 99eeea2edf..9242d0e82e 100644 --- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb +++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e" DEPENDS += "python3 python3-setuptools-native" -SRC_URI += "file://0001-change-shebang-to-python3.patch" +SRC_URI += "file://0001-change-shebang-to-python3.patch \ + file://0001-Don-t-split-git-references-on-unicode-separators.patch \ + " SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86" SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f" |