mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Ankur Tyagi
dbde84f17b
Details https://nvd.nist.gov/vuln/detail/CVE-2026-32597 Backport commit[1] which fixes this vulnerability as mentioned in changelog[2] Dropped changes to the changelog, version bump and tests during backport. [1] https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92 [2] https://github.com/jpadilla/pyjwt/blob/2.12.0/CHANGELOG.rst Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
23 lines
731 B
BlitzBasic
23 lines
731 B
BlitzBasic
SUMMARY = "JSON Web Token implementation in Python"
|
|
DESCRIPTION = "A Python implementation of JSON Web Token draft 32.\
|
|
Original implementation was written by https://github.com/progrium"
|
|
HOMEPAGE = "https://github.com/jpadilla/pyjwt"
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551"
|
|
|
|
SRC_URI += "file://CVE-2026-32597.patch"
|
|
|
|
SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953"
|
|
|
|
PYPI_PACKAGE = "pyjwt"
|
|
CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly"
|
|
|
|
inherit pypi python_setuptools_build_meta
|
|
|
|
RDEPENDS:${PN} = "\
|
|
python3-cryptography \
|
|
python3-json \
|
|
"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|