diff options
| author | Narpat Mali <narpat.mali@windriver.com> | 2022-11-18 11:49:15 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2022-11-19 11:16:48 -0500 |
| commit | a8369be5eecf8485619e018e788e04bd0efdffed (patch) | |
| tree | 617a8cfb7534a878fc8dcc8cc914e6b4e425dc7d /meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb | |
| parent | 1a2cc9656da5d8728f59b6823f1d9be96ca48f61 (diff) | |
| download | meta-openembedded-a8369be5eecf8485619e018e788e04bd0efdffed.tar.gz | |
python3-oauthlib: upgrade 3.2.0 -> 3.2.2
As per CVE reference, version 3.2.1 fixes the CVE-2022-36087 issue. But after upgrading the python3-oauthlib version
to 3.2.1, observed that the vulnerable code lines are still available. The same observations were reported here in github at
https://github.com/oauthlib/oauthlib/issues/837 and found that it was a mistake during 3.2.1 release preparation and due to
which vulnerable code was still existing in 3.2.1 source code.
To fix CVE-2022-36087 issue, we need to upgrade python3-oauthlib to 3.2.2 version and here are the changelog of version 3.2.2
https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst
Reference :
https://nvd.nist.gov/vuln/detail/CVE-2022-36087
Upstream fix :
https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb new file mode 100644 index 0000000000..566279d71c --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb | |||
| @@ -0,0 +1,22 @@ | |||
| 1 | SUMMARY = "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic" | ||
| 2 | HOMEPAGE = "https://github.com/idan/oauthlib" | ||
| 3 | |||
| 4 | LICENSE = "BSD-3-Clause" | ||
| 5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482" | ||
| 6 | |||
| 7 | SRC_URI[sha256sum] = "9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918" | ||
| 8 | |||
| 9 | inherit pypi setuptools3 | ||
| 10 | |||
| 11 | # The following configs & dependencies are from setuptools extras_require. | ||
| 12 | # These dependencies are optional, hence can be controlled via PACKAGECONFIG. | ||
| 13 | # The upstream names may not correspond exactly to bitbake package names. | ||
| 14 | # | ||
| 15 | # Uncomment this line to enable all the optional features. | ||
| 16 | #PACKAGECONFIG ?= "test signedtoken signals rsa" | ||
| 17 | PACKAGECONFIG[test] = ",,,${PYTHON_PN}-blinker ${PYTHON_PN}-cryptography ${PYTHON_PN}-pytest ${PYTHON_PN}-pyjwt" | ||
| 18 | PACKAGECONFIG[signedtoken] = ",,,${PYTHON_PN}-cryptography ${PYTHON_PN}-pyjwt" | ||
| 19 | PACKAGECONFIG[signals] = ",,,${PYTHON_PN}-blinker" | ||
| 20 | PACKAGECONFIG[rsa] = ",,,${PYTHON_PN}-cryptography" | ||
| 21 | |||
| 22 | RDEPENDS:${PN} += "${PYTHON_PN}-core ${PYTHON_PN}-crypt ${PYTHON_PN}-datetime ${PYTHON_PN}-json ${PYTHON_PN}-logging ${PYTHON_PN}-math ${PYTHON_PN}-netclient ${PYTHON_PN}-unittest" | ||