python3-certifi: fix CVE-2023-37920

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. References: https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 (From OE-Core rev: 98abbe3394638c6ce795b34247a9e49120e4ffba) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Narpat Mali <narpat.mali@windriver.com> 2023-08-02 17:57:11 +0000
committer: Steve Sakoman <steve@sakoman.com> 2023-08-19 05:56:58 -1000
commit: fbe56e677b36625dd4354275d965044e5e2ffcd9 (patch)
tree: 95a76fcf0f15670b3e579704b7c20b1a4b5551ce /meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
parent: d6b8790370500b99ca11f0d8a05c39b661ab2ba6 (diff)
download: poky-fbe56e677b36625dd4354275d965044e5e2ffcd9.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
index 57bd59ba44..eb1574adf6 100644
--- a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
+++ b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
@@ -7,7 +7,9 @@ HOMEPAGE = " http://certifi.io/"
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=67da0714c3f9471067b729eca6c9fbe8"
-SRC_URI += "file://CVE-2022-23491.patch"
+SRC_URI += "file://CVE-2022-23491.patch \
+            file://CVE-2023-37920.patch \
+           "
 SRC_URI[sha256sum] = "78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872"
author	Narpat Mali <narpat.mali@windriver.com>	2023-08-02 17:57:11 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-08-19 05:56:58 -1000
commit	fbe56e677b36625dd4354275d965044e5e2ffcd9 (patch)
tree	95a76fcf0f15670b3e579704b7c20b1a4b5551ce /meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
parent	d6b8790370500b99ca11f0d8a05c39b661ab2ba6 (diff)
download	poky-fbe56e677b36625dd4354275d965044e5e2ffcd9.tar.gz

diff --git a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb index 57bd59ba44..eb1574adf6 100644 --- a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb +++ b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
@@ -7,7 +7,9 @@ HOMEPAGE = " http://certifi.io/"
7	LICENSE = "ISC"	7	LICENSE = "ISC"
8	LIC_FILES_CHKSUM = "file://LICENSE;md5=67da0714c3f9471067b729eca6c9fbe8"	8	LIC_FILES_CHKSUM = "file://LICENSE;md5=67da0714c3f9471067b729eca6c9fbe8"
9		9
10	SRC_URI += "file://CVE-2022-23491.patch"	10	SRC_URI += "file://CVE-2022-23491.patch \
		11	file://CVE-2023-37920.patch \
		12	"
11		13
12	SRC_URI[sha256sum] = "78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872"	14	SRC_URI[sha256sum] = "78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872"
13		15