<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/python/python3-zipp_3.17.0.bb, branch yocto-5.0.14</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.14</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.14'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2024-12-06T13:50:24+00:00</updated>
<entry>
<title>python3-zipp: fix CVE-2024-5569</title>
<updated>2024-12-06T13:50:24+00:00</updated>
<author>
<name>Jiaying Song</name>
<email>jiaying.song.cn@windriver.com</email>
</author>
<published>2024-11-22T09:21:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6653eb6e900e9a2934b6c934f26555fe28c1a8d9'/>
<id>urn:sha1:6653eb6e900e9a2934b6c934f26555fe28c1a8d9</id>
<content type='text'>
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp
library, affecting all versions prior to 3.19.1. The vulnerability is
triggered when processing a specially crafted zip file that leads to an
infinite loop. This issue also impacts the zipfile module of CPython, as
features from the third-party zipp library are later merged into
CPython, and the affected code is identical in both projects. The
infinite loop can be initiated through the use of functions affecting
the `Path` module in both zipp and zipfile, such as `joinpath`, the
overloaded division operator, and `iterdir`. Although the infinite loop
is not resource exhaustive, it prevents the application from responding.
The vulnerability was addressed in version 3.19.1 of jaraco/zipp.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-5569

Upstream patches:
https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547
https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0
https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806
https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7

(From OE-Core rev: ec77cfe12f0790c7e3cf2d9bf00e47b4c653997c)

Signed-off-by: Jiaying Song &lt;jiaying.song.cn@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>python: Drop ${PYTHON_PN}</title>
<updated>2024-02-20T11:39:45+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2024-02-19T16:07:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0b33104a973c9dee0a33254197e487e7fc6156b7'/>
<id>urn:sha1:0b33104a973c9dee0a33254197e487e7fc6156b7</id>
<content type='text'>
python 2 is gone and we don't need the abstraction now, drop the remaining usage
of this variable.

The definition in python3-dir.bbclass is left for now for other layers.

(From OE-Core rev: b566b1e32c7993d1ab7795562f648e52ce186a70)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>python3-zipp: upgrade 3.16.2 -&gt; 3.17.0</title>
<updated>2023-09-28T11:37:46+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2023-09-26T08:37:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=42a47c1359134a338d2c3ba6d5b3e45e927743ee'/>
<id>urn:sha1:42a47c1359134a338d2c3ba6d5b3e45e927743ee</id>
<content type='text'>
Changelog:
===========
-Added CompleteDirs.inject classmethod to make available for use elsewhere.
-Avoid matching path separators for '?' in glob.

(From OE-Core rev: fdd3f2ad01ac6ac33f788afc806ad3c25dfd8b53)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
