mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
fd36d262b8
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1
and earlier allows remote attackers to cause a denial of service via
attacker controlled input to wheel cli.
CVE: CVE-2022-40898
Upstream-Status: Backport [88f02bc335]
(From OE-Core rev: 0974291e545aec68755dfb634c75dca37cca1ea9)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
20 lines
806 B
BlitzBasic
20 lines
806 B
BlitzBasic
SUMMARY = "The official binary distribution format for Python "
|
|
HOMEPAGE = "https://github.com/pypa/wheel"
|
|
SECTION = "devel/python"
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=10;endline=10;md5=8227180126797a0148f94f483f3e1489"
|
|
|
|
SRC_URI[sha256sum] = "e9a504e793efbca1b8e0e9cb979a249cf4a0a7b5b8c9e8b65a5e39d49529c1c4"
|
|
|
|
inherit python_flit_core pypi
|
|
|
|
SRC_URI += "file://0001-Backport-pyproject.toml-from-flit-backend-branch.patch \
|
|
file://0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch \
|
|
"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|
|
|
|
# This used to use the bootstrap install which didn't compile. Until we bump the
|
|
# tmpdir version we can't compile the native otherwise the sysroot unpack fails
|
|
INSTALL_WHEEL_COMPILE_BYTECODE:class-native = "--no-compile-bytecode"
|