mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-01-31 09:40:23 +00:00
6432fee6d0
An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. References: https://nvd.nist.gov/vuln/detail/CVE-2023-41419 https://github.com/advisories/GHSA-x7m3-jprg-wc5g Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
27 lines
871 B
BlitzBasic
27 lines
871 B
BlitzBasic
SUMMARY = "A coroutine-based Python networking library"
|
|
DESCRIPTION = "gevent is a coroutine-based Python networking library that uses greenlet to provide \
|
|
a high-level synchronous API on top of the libevent event loop."
|
|
HOMEPAGE = "http://www.gevent.org"
|
|
LICENSE = "MIT & Python-2.0"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=4de99aac27b470c29c6c309e0c279b65"
|
|
DEPENDS += "${PYTHON_PN}-greenlet libev c-ares"
|
|
|
|
RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \
|
|
${PYTHON_PN}-mime \
|
|
${PYTHON_PN}-pprint \
|
|
"
|
|
|
|
SRC_URI[sha256sum] = "f48b64578c367b91fa793bf8eaaaf4995cb93c8bc45860e473bf868070ad094e"
|
|
|
|
SRC_URI += "file://CVE-2023-41419.patch"
|
|
|
|
inherit pypi setuptools3
|
|
|
|
# Don't embed libraries, link to the system instead
|
|
export GEVENTSETUP_EMBED = "0"
|
|
|
|
# Delete the embedded copies of libraries so we can't accidentally link to them
|
|
do_configure:append() {
|
|
rm -rf ${S}/deps
|
|
}
|