From cb4e7fb4b08b7ebbdc21485e9a21845931132759 Mon Sep 17 00:00:00 2001
From: Yue Tao <Yue.Tao@windriver.com>
Date: Mon, 25 Jul 2022 15:54:57 +0800
Subject: python3-lxml: Security fix CVE-2022-2309

CVE-2022-0934:
lxml: NULL Pointer Dereference in lxml

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-2309

Patch from:
https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
---
 meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb')

diff --git a/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb b/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
index c4d4df383a..0c78d97abd 100644
--- a/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
+++ b/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
@@ -20,7 +20,8 @@ DEPENDS += "libxml2 libxslt"
 
 SRC_URI[sha256sum] = "f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23"
 
-SRC_URI += "${PYPI_SRC_URI}"
+SRC_URI += "${PYPI_SRC_URI} \
+            file://CVE-2022-2309.patch "
 inherit pkgconfig pypi setuptools3
 
 # {standard input}: Assembler messages:
-- 
cgit v1.2.3-54-g00ecf