summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
Commit message (Collapse)AuthorAgeFilesLines
* python3-zipp: fix CVE-2024-5569Jiaying Song2024-12-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp. References: https://nvd.nist.gov/vuln/detail/CVE-2024-5569 Upstream patches: https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547 https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0 https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806 https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7 (From OE-Core rev: ec77cfe12f0790c7e3cf2d9bf00e47b4c653997c) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python: Drop ${PYTHON_PN}Richard Purdie2024-02-201-5/+5
| | | | | | | | | | | python 2 is gone and we don't need the abstraction now, drop the remaining usage of this variable. The definition in python3-dir.bbclass is left for now for other layers. (From OE-Core rev: b566b1e32c7993d1ab7795562f648e52ce186a70) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-zipp: upgrade 3.16.2 -> 3.17.0Wang Mingyu2023-09-281-0/+18
Changelog: =========== -Added CompleteDirs.inject classmethod to make available for use elsewhere. -Avoid matching path separators for '?' in glob. (From OE-Core rev: fdd3f2ad01ac6ac33f788afc806ad3c25dfd8b53) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-15 07:28:26 +0000