mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-01-12 15:31:45 +00:00
32200384c7
pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism. References: https://nvd.nist.gov/vuln/detail/CVE-2025-48945 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
24 lines
680 B
BlitzBasic
24 lines
680 B
BlitzBasic
SUMMARY = "Python interface for c-ares"
|
|
DESCRIPTION = "\
|
|
pycares is a Python module which provides an interface to c-ares. c-ares is \
|
|
a C library that performs DNS requests and name resolutions asynchronously."
|
|
HOMEPAGE = "https://github.com/saghul/pycares"
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=b1538fcaea82ebf2313ed648b96c69b1"
|
|
|
|
SRC_URI += "file://CVE-2025-48945.patch"
|
|
SRC_URI[sha256sum] = "b8a004b18a7465ac9400216bc3fad9d9966007af1ee32f4412d2b3a94e33456e"
|
|
|
|
PYPI_PACKAGE = "pycares"
|
|
|
|
inherit pypi python_setuptools_build_meta
|
|
|
|
DEPENDS += "python3-cffi-native"
|
|
|
|
RDEPENDS:${PN} += " \
|
|
python3-cffi \
|
|
python3-idna \
|
|
"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|