python3-pip: fix CVE-2021-3572

Backport the body of a fix for CVE-2021-3572 since hardknott carries 20.0.2, and the delta between it and the latest 21.1.3 is more than just bugfixes. CVE: CVE-2021-3572 (From OE-Core rev: fb7a2af241795b82f121381cea6f4b56ce948ebf) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Trevor Gamblin <trevor.gamblin@windriver.com> 2021-07-22 16:43:29 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-06 09:59:14 +0100
commit: ad768575b136ace44690145c2ec2a0b9551b1d48 (patch)
tree: 846b0307649428615c15b63b6eea2b0918f793ee /meta/recipes-devtools/python/python3-pip_20.0.2.bb
parent: 14c5392fded42f17962e1cc07fcc0446881b4fa0 (diff)
download: poky-ad768575b136ace44690145c2ec2a0b9551b1d48.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
index 99eeea2edf..9242d0e82e 100644
--- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb
+++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e"
 DEPENDS += "python3 python3-setuptools-native"
-SRC_URI += "file://0001-change-shebang-to-python3.patch"
+SRC_URI += "file://0001-change-shebang-to-python3.patch \
+            file://0001-Don-t-split-git-references-on-unicode-separators.patch \
+            "
 SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86"
 SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f"
author	Trevor Gamblin <trevor.gamblin@windriver.com>	2021-07-22 16:43:29 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-06 09:59:14 +0100
commit	ad768575b136ace44690145c2ec2a0b9551b1d48 (patch)
tree	846b0307649428615c15b63b6eea2b0918f793ee /meta/recipes-devtools/python/python3-pip_20.0.2.bb
parent	14c5392fded42f17962e1cc07fcc0446881b4fa0 (diff)
download	poky-ad768575b136ace44690145c2ec2a0b9551b1d48.tar.gz

diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb index 99eeea2edf..9242d0e82e 100644 --- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb +++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e"
6		6
7	DEPENDS += "python3 python3-setuptools-native"	7	DEPENDS += "python3 python3-setuptools-native"
8		8
9	SRC_URI += "file://0001-change-shebang-to-python3.patch"	9	SRC_URI += "file://0001-change-shebang-to-python3.patch \
		10	file://0001-Don-t-split-git-references-on-unicode-separators.patch \
		11	"
10		12
11	SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86"	13	SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86"
12	SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f"	14	SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f"