python3-lxml: Security fix CVE-2022-2309

CVE-2022-0934: lxml: NULL Pointer Dereference in lxml Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-2309 Patch from: 86368e9cf7 Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
2026-04-20 23:48:20 +00:00 · 2022-07-25 15:54:57 +08:00
parent 2763eaf35f
commit cb4e7fb4b0
2 changed files with 101 additions and 1 deletions
--- a/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
+++ b/meta-python/recipes-devtools/python/python3-lxml_4.8.0.bb
@@ -20,7 +20,8 @@ DEPENDS += "libxml2 libxslt"

 SRC_URI[sha256sum] = "f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23"

-SRC_URI += "${PYPI_SRC_URI}"
+SRC_URI += "${PYPI_SRC_URI} \
+            file://CVE-2022-2309.patch "
 inherit pkgconfig pypi setuptools3

 # {standard input}: Assembler messages: