mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-10 05:49:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
062cbf2be7c55a938caf0a3595a7bb99c0d6f2db
poky/meta/recipes-devtools/python
T
History
Narpat Mali b402c3ac78 python3-pygments: Fix CVE-2022-40896 
CVE-2022-40896:
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.

The CVE issue is fixed by 3 different commits between the releases 2.14.0
(for Smithy lexer), 2.15.0 (for SQL+Jinja lexers) and 2.15.1 (for Java
properties) as per: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/

1. Smithy lexer commit from 2.14.0 release applies successfully on 2.11.2 version.
Commit: https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04
Hence, backported the patch as CVE-2022-40896.patch.

2. SQL+Jinja lexers commit from 2.15.0 release doesn't apply on 2.11.2 version.
Commit: https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194
Actually, this code doesn't exist in 2.11.2 version and it has been introduce by
python3-pygments 2.13.0 version. Hence, this is not vulnerable for 2.11.2 version.
SQL+Jinja lexers is introduced by: https://github.com/pygments/pygments/commit/0bdbd5992baca32d18e01f0ec65337e06abf9456

3. Java properties commit from 2.15.1 release also doesn't apply on 2.11.2 version.
Commit: https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52
Actually, this code also doesn't exist in 2.11.2 version as the code has been modified
in python3-pygments 2.14.0 by: https://github.com/pygments/pygments/commit/a38cb38e93c9635240b3ae89d78d38cf182745da
Hence, this is also not vulnerable for 2.11.2 version.

(From OE-Core rev: ebb224e65a7e1402ccf0d9517bd72748c18e012e)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-09-18 04:28:03 -10:00
..
files
python3-setuptools: upgrade 59.4.0 -> 59.5.0
2021-12-17 09:56:14 +00:00
python3
python3: fix missing comma in get_module_deps3.py
2023-08-02 04:47:13 -10:00
python3-atomicwrites
python3-bcrypt
python3-bcrypt: move from meta-python
2022-03-16 08:48:08 +00:00
python3-certifi
python3-certifi: fix CVE-2023-37920
2023-08-19 05:56:58 -10:00
python3-cryptography
python3-cryptography: fix for CVE-2023-23931
2023-05-10 04:19:56 -10:00
python3-hypothesis
python3-hypothesis: enable ptest
2021-08-22 22:21:47 +01:00
python3-installer
python3-installer: add installer module
2022-03-16 08:48:09 +00:00
python3-jinja2
python3-jsonpointer
python: import jsonpointer from meta-python
2021-11-26 17:01:08 +00:00
python3-mako
python3-mako: backport fix for CVE-2022-40023
2022-11-20 08:19:17 +00:00
python3-markupsafe
python3-more-itertools
python3-numpy
python3-numpy: update 1.22.1 -> 1.22.2
2022-02-08 14:20:18 +00:00
python3-pbr
python3-pip
python3-pip: Improve reproducibility
2022-02-25 15:07:50 +00:00
python3-pluggy
python3-psutil
python3-psutil: move from meta-python
2022-03-16 08:48:08 +00:00
python3-pyasn1
python3-pyasn1: Add from meta-oe/meta-python
2022-03-18 23:27:27 +00:00
python3-pygments
python3-pygments: Fix CVE-2022-40896
2023-09-18 04:28:03 -10:00
python3-pygobject
python3-pytz
python3-pytz: move from meta-python
2022-03-16 08:48:08 +00:00
python3-requests
python3-requests: fix for CVE-2023-32681
2023-06-14 04:16:59 -10:00
python3-scons
python3-scons{-native}: upgrade 4.1.0 -> 4.2.0
2021-08-12 06:26:16 +01:00
python3-setuptools
python3-setuptools: fix for CVE-2022-40897
2023-01-26 23:37:05 +00:00
python3-smartypants
python3-smartypants: patch hash bang to python3
2022-02-25 15:07:50 +00:00
python3-strict-rfc3339
python3-subunit: merge inc; set PIP_INSTALL_PACKAGE
2022-02-25 15:07:50 +00:00
python3-wcwidth
python3-webcolors
python: import webcolors from meta-python
2021-11-26 17:01:08 +00:00
python3-wheel
python3-wheel: fix for CVE-2022-40898
2023-01-26 23:37:05 +00:00
python-rfc3986-validator
python: import rfc3986-validator from meta-python
2021-11-26 17:01:08 +00:00
python3_3.10.13.bb
python3: upgrade to 3.10.13
2023-09-08 16:09:41 -10:00
python3-alabaster_0.7.12.bb
python3-alabaster: Add new recipe
2022-03-18 23:27:27 +00:00
python3-asn1crypto_1.5.1.bb
python3-asn1crypto: upgrade 1.4.0 -> 1.5.1
2022-03-30 13:07:41 +01:00
python3-async_0.6.2.bb
python3-atomicwrites_1.4.0.bb
Convert to new override syntax
2021-08-02 15:44:10 +01:00
python3-attrs_21.4.0.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-babel_2.9.1.bb
python3-babel: Add recipe from meta-oe/meta-python
2022-03-18 23:27:27 +00:00
python3-bcrypt_3.2.0.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-certifi_2021.10.8.bb
python3-certifi: fix CVE-2023-37920
2023-08-19 05:56:58 -10:00
python3-cffi_1.15.0.bb
python3-cffi: move from meta-python
2022-03-16 08:48:08 +00:00
python3-chardet_4.0.0.bb
python3: Add missing HOMEPAGE entries
2022-03-18 23:27:28 +00:00
python3-cryptography_36.0.2.bb
python3-cryptography: fix for CVE-2023-23931
2023-05-10 04:19:56 -10:00
python3-cryptography-vectors_36.0.2.bb
python3-cryptography-vectors: upgrade to 36.0.2
2022-03-18 23:32:46 +00:00
python3-cython_0.29.28.bb
python3-cython: upgrade 0.29.27 -> 0.29.28
2022-03-09 11:46:27 +00:00
python3-dbus_1.2.18.bb
python3-dbus: inherit setuptools3-base not distuils
2022-01-12 21:09:01 +00:00
python3-dbusmock_0.27.3.bb
python3-dbusmock: upgrade 0.26.1 -> 0.27.3
2022-03-30 13:07:41 +01:00
python3-docutils_0.18.1.bb
python3-docutil: Extend to nativesdk
2022-03-17 16:44:33 +00:00
python3-dtschema_2022.1.bb
python3-dtschema: upgrade 2021.12 -> 2022.1
2022-02-18 11:37:12 +00:00
python3-extras_1.0.0.bb
python3-flit-core_3.7.1.bb
classes/flit_core: rename to python_flit_core
2022-03-17 16:44:33 +00:00
python3-git_3.1.32.bb
python3-git: upgrade 3.1.27 -> 3.1.32
2023-08-30 04:46:36 -10:00
python3-gitdb_4.0.9.bb
python3-gitdb: upgrade 4.0.7 -> 4.0.9
2021-11-03 11:12:25 +00:00
python3-hypothesis_6.39.5.bb
python3-hypothesis: upgrade 6.39.2 -> 6.39.5
2022-03-30 13:07:41 +01:00
python3-idna_3.3.bb
python3-idna: Update license to Unicode-TOU
2021-12-17 09:56:15 +00:00
python3-imagesize_1.3.0.bb
python3-imagesize: upgrade 1.2.0 -> 1.3.0
2022-03-30 13:07:41 +01:00
python3-importlib-metadata_4.11.3.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-iniconfig_1.1.1.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-iniparse_0.5.bb
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
python3-installer_0.5.1.bb
classes/flit_core: rename to python_flit_core
2022-03-17 16:44:33 +00:00
python3-iso8601_1.0.2.bb
poetry_core: Rename to python_poetry_core
2022-03-16 08:48:08 +00:00
python3-jinja2_3.1.1.bb
python3-jinja2: Correct HOMEPAGE
2022-04-03 10:40:31 +01:00
python3-jsonpointer_2.2.bb
python3-jsonpointer: Update 2.1 to 2.2
2021-11-26 17:01:08 +00:00
python3-jsonschema_4.4.0.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-libarchive-c_4.0.bb
meta: remove obsolete PIP_INSTALL_PACKAGE
2022-03-12 09:20:03 +00:00
python3-magic_0.4.25.bb
meta: remove obsolete PIP_INSTALL_PACKAGE
2022-03-12 09:20:03 +00:00
python3-mako_1.1.6.bb
python3-mako: backport fix for CVE-2022-40023
2022-11-20 08:19:17 +00:00
python3-markdown_3.3.6.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-markupsafe_2.1.1.bb
python3-markupsafe: upgrade 2.1.0 -> 2.1.1
2022-03-23 12:13:50 +00:00
python3-more-itertools_8.12.0.bb
meta: remove obsolete PIP_INSTALL_PACKAGE
2022-03-12 09:20:03 +00:00
python3-ndg-httpsclient_0.5.1.bb
python3-ndg-httpsclient: Add from meta-oe/meta-python
2022-03-18 23:27:27 +00:00
python3-numpy_1.22.3.bb
python3-numpy: upgrade 1.22.2 -> 1.22.3
2022-03-16 10:31:41 +00:00
python3-packaging_21.3.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-pathlib2_2.3.7.bb
python3-pathlib2: upgrade 2.3.6 -> 2.3.7
2022-02-16 09:46:29 +00:00
python3-pbr_5.8.1.bb
python3-pbr: upgrade 5.8.0 -> 5.8.1
2022-02-16 09:46:29 +00:00
python3-pip_22.0.3.bb
python3-pip: Fix RDEPENDS after the update
2022-08-28 07:51:30 +01:00
python3-pluggy_1.0.0.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-ply_3.11.bb
python3-ply: move from meta-python
2022-03-16 08:48:08 +00:00
python3-poetry-core_1.0.8.bb
poetry_core: Rename to python_poetry_core
2022-03-16 08:48:08 +00:00
python3-pretend_1.0.9.bb
python3-pretend: move from meta-python
2022-03-16 08:48:08 +00:00
python3-psutil_5.9.0.bb
python3-psutil/python3-bcrypt: Add missing HOMEPAGE
2022-03-16 08:48:08 +00:00
python3-py_1.11.0.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-pyasn1_0.4.8.bb
python3-pyasn1: Add from meta-oe/meta-python
2022-03-18 23:27:27 +00:00
python3-pycairo_1.21.0.bb
python3-pycairo: upgrade 1.20.1 -> 1.21.0
2022-03-10 13:07:37 +00:00
python3-pycparser_2.21.bb
python3-pycparser: move from meta-python
2022-03-16 08:48:08 +00:00
python3-pycryptodome_3.14.1.bb
python3-pycryptodome: upgrade 3.14.0 -> 3.14.1
2022-02-10 10:32:08 +00:00
python3-pycryptodomex_3.14.1.bb
python3-pycryptodome: upgrade 3.14.0 -> 3.14.1
2022-02-10 10:32:08 +00:00
python3-pyelftools_0.28.bb
python3-pyelftools: upgrade 0.27 -> 0.28
2022-02-10 10:32:08 +00:00
python3-pygments_2.11.2.bb
python3-pygments: Fix CVE-2022-40896
2023-09-18 04:28:03 -10:00
python3-pygobject_3.42.0.bb
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
python3-pyopenssl_22.0.0.bb
python3-pyopenssl: Add from meta-oe/meta-python
2022-03-18 23:27:27 +00:00
python3-pyparsing_3.0.7.bb
python3-pyparsing: rdepends on python3-html
2022-03-16 13:39:12 +00:00
python3-pyrsistent_0.18.1.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-pysocks_1.7.1.bb
python3-pysocks: Add from meta-oe/meta-python
2022-03-18 23:27:27 +00:00
python3-pytest_7.1.1.bb
python3-pytest: depend on python3-tomli instead of python3-toml
2023-02-15 21:46:55 +00:00
python3-pytest-runner_6.0.0.bb
python3-pytest-runner: upgrade 5.3.1 -> 6.0.0
2022-03-30 13:07:41 +01:00
python3-pytest-subtests_0.7.0.bb
python3-pytest-subtests: upgrade 0.6.0 -> 0.7.0
2022-03-30 13:07:41 +01:00
python3-pytz_2022.1.bb
python3-pytz: upgrade 2021.3 -> 2022.1
2022-03-30 13:07:41 +01:00
python3-pyyaml_6.0.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-requests_2.27.1.bb
python3-requests: fix for CVE-2023-32681
2023-06-14 04:16:59 -10:00
python3-rfc3339-validator_0.1.4.bb
python3-rfc3339/3986-validator: correct upstream version check
2021-11-29 23:07:13 +00:00
python3-rfc3986-validator_0.1.1.bb
python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=
2022-09-28 08:02:11 +01:00
python3-rfc3987_1.3.8.bb
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
python3-ruamel-yaml_0.17.21.bb
python3-ruamel-yaml: upgrade 0.17.20 -> 0.17.21
2022-02-16 09:46:29 +00:00
python3-scons_4.3.0.bb
python3-scons: remove redundant FILES:${PN}-doc
2022-03-10 13:07:37 +00:00
python3-semantic-version_2.9.0.bb
python3-semantic-version: fix upstream verison check
2022-03-20 00:02:22 +00:00
python3-setuptools_59.5.0.bb
python3-setuptools: fix for CVE-2022-40897
2023-01-26 23:37:05 +00:00
python3-setuptools-rust-native_1.1.2.bb
python3-setuptools-rust-native: Add direct dependency of native python3 modules
2023-03-20 17:20:44 +00:00
python3-setuptools-scm_6.4.2.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python3-six_1.16.0.bb
python3-smartypants_2.0.0.bb
python3-smartypants: patch hash bang to python3
2022-02-25 15:07:50 +00:00
python3-smmap_5.0.0.bb
python3-smmap: update to 5.0.0
2021-10-18 13:48:17 +01:00
python3-snowballstemmer_2.2.0.bb
python3-snowballstemmer: Add new recipe
2022-03-18 23:27:27 +00:00
python3-sortedcontainers_2.4.0.bb
python3-sphinx_4.4.0.bb
python3-sphinx: Work around reproducibility issue
2022-03-18 23:27:28 +00:00
python3-sphinx-rtd-theme_0.5.0.bb
python3-sphinx-rtd-theme: correct upstream version check
2022-03-23 12:13:50 +00:00
python3-sphinxcontrib-applehelp_1.0.2.bb
python3-sphinxcontrib-applehelp: add new recipe
2022-03-18 23:27:28 +00:00
python3-sphinxcontrib-devhelp_1.0.2.bb
python3-sphinxcontrib-devhelp: Add new recipe
2022-03-18 23:27:27 +00:00
python3-sphinxcontrib-htmlhelp_2.0.0.bb
python3-sphinxcontrib-htmlhelp: Add new recipe
2022-03-18 23:27:28 +00:00
python3-sphinxcontrib-jsmath_1.0.1.bb
python3-sphinxcontrib-jsmath: Add new recipe
2022-03-18 23:27:28 +00:00
python3-sphinxcontrib-qthelp_1.0.3.bb
python3-sphinxcontrib-qthelp: Add new recipe
2022-03-18 23:27:27 +00:00
python3-sphinxcontrib-serializinghtml_1.1.5.bb
python3-sphinxcontrib-serializinghtml: Add new recipe
2022-03-18 23:27:28 +00:00
python3-strict-rfc3339_0.7.bb
meta: remove obsolete PIP_INSTALL_PACKAGE
2022-03-12 09:20:03 +00:00
python3-subunit_1.4.0.bb
meta: remove obsolete PIP_INSTALL_PACKAGE
2022-03-12 09:20:03 +00:00
python3-testtools_2.5.0.bb
python3-testools: update 2.4.0 -> 2.5.0
2021-07-24 16:33:47 +01:00
python3-toml_0.10.2.bb
Convert to new override syntax
2021-08-02 15:44:10 +01:00
python3-tomli_2.0.1.bb
classes/flit_core: rename to python_flit_core
2022-03-17 16:44:33 +00:00
python3-typing-extensions_3.10.0.0.bb
python3-typing-extensions: fix upstream version check
2022-03-20 00:02:22 +00:00
python3-typogrify_2.0.7.bb
Convert to new override syntax
2021-08-02 15:44:10 +01:00
python3-urllib3_1.26.9.bb
python3-urllib3: upgrade 1.26.8 -> 1.26.9
2022-03-30 13:07:41 +01:00
python3-vcversioner_2.16.0.0.bb
python: import vcversioner from meta-python
2021-11-26 17:01:08 +00:00
python3-wcwidth_0.2.5.bb
Convert to new override syntax
2021-08-02 15:44:10 +01:00
python3-webcolors_1.11.1.bb
python3: Add missing HOMEPAGE entries
2021-11-26 17:01:08 +00:00
python3-wheel_0.37.1.bb
python3-wheel: fix for CVE-2022-40898
2023-01-26 23:37:05 +00:00
python3-zipp_3.7.0.bb
classes/setuptools_build_meta: rename to python_setuptools_build_meta
2022-03-20 00:02:22 +00:00
python-async.inc
Convert to new override syntax
2021-08-02 15:44:10 +01:00
python-cython.inc
python3-cython: upgrade 0.29.27 -> 0.29.28
2022-03-09 11:46:27 +00:00
python-extras.inc
python-gitdb.inc
python3-gitdb: upgrade 4.0.7 -> 4.0.9
2021-11-03 11:12:25 +00:00
python-pbr.inc
Convert to new override syntax
2021-08-02 15:44:10 +01:00
python-pyasn1.inc
python3-pyasn1: Add from meta-oe/meta-python
2022-03-18 23:27:27 +00:00
python-pycryptodome.inc
python3-pycryptodome: update 3.12.0 -> 3.14.0
2022-02-03 09:05:14 +00:00
python-six.inc
Convert to new override syntax
2021-08-02 15:44:10 +01:00
python-testtools.inc
Convert to new override syntax
2021-08-02 15:44:10 +01:00