1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch
new file mode 100644
index 0000000000..9150cea07e
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch
@@ -0,0 +1,29 @@
+From 43a9c9bfa6aa626ec2a22540bea28d2ca77964be Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Fri, 4 Nov 2022 13:47:53 -0400
+Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes
+ #3659.
+CVE: CVE-2022-40897
+Upstream-Status: Backport [
+Upstream :  https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
+Import from Ubuntu: http://archive.ubuntu.com/ubuntu/pool/main/s/setuptools/setuptools_45.2.0-1ubuntu0.1.debian.tar.xz
+]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ setuptools/package_index.py           | 2 +-
+ setuptools/tests/test_packageindex.py | 1 -
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+--- setuptools-45.2.0.orig/setuptools/package_index.py
+++ setuptools-45.2.0/setuptools/package_index.py
+@@ -215,7 +215,7 @@ def unique_values(func):
+     return wrapper
+ 
+ 
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
+REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+ 
+

diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch new file mode 100644 index 0000000000..9150cea07e --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch
@@ -0,0 +1,29 @@
	1	From 43a9c9bfa6aa626ec2a22540bea28d2ca77964be Mon Sep 17 00:00:00 2001
	2	From: "Jason R. Coombs" <jaraco@jaraco.com>
	3	Date: Fri, 4 Nov 2022 13:47:53 -0400
	4	Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes
	5	#3659.
	6
	7	CVE: CVE-2022-40897
	8	Upstream-Status: Backport [
	9	Upstream : https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
	10	Import from Ubuntu: http://archive.ubuntu.com/ubuntu/pool/main/s/setuptools/setuptools_45.2.0-1ubuntu0.1.debian.tar.xz
	11	]
	12	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
	13
	14	---
	15	setuptools/package_index.py \| 2 +-
	16	setuptools/tests/test_packageindex.py \| 1 -
	17	2 files changed, 1 insertion(+), 2 deletions(-)
	18
	19	--- setuptools-45.2.0.orig/setuptools/package_index.py
	20	+++ setuptools-45.2.0/setuptools/package_index.py
	21	@@ -215,7 +215,7 @@ def unique_values(func):
	22	return wrapper
	23
	24
	25	-REL = re.compile(r"""<([^>]\srel\s=\s['"]?([^'">]+)[^>])>""", re.I)
	26	+REL = re.compile(r"""<([^>]\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>])>""", re.I)
	27	# this line is here to fix emacs' cruddy broken syntax highlighting
	28
	29