mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-05-17 12:08:45 +00:00
dbde84f17b
Details https://nvd.nist.gov/vuln/detail/CVE-2026-32597
Backport commit[1] which fixes this vulnerability as mentioned in changelog[2]
Dropped changes to the changelog, version bump and tests during backport.
[1] 051ea341b5
[2] https://github.com/jpadilla/pyjwt/blob/2.12.0/CHANGELOG.rst
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
23 lines
731 B
BlitzBasic
23 lines
731 B
BlitzBasic
SUMMARY = "JSON Web Token implementation in Python"
|
|
DESCRIPTION = "A Python implementation of JSON Web Token draft 32.\
|
|
Original implementation was written by https://github.com/progrium"
|
|
HOMEPAGE = "https://github.com/jpadilla/pyjwt"
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551"
|
|
|
|
SRC_URI += "file://CVE-2026-32597.patch"
|
|
|
|
SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953"
|
|
|
|
PYPI_PACKAGE = "pyjwt"
|
|
CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly"
|
|
|
|
inherit pypi python_setuptools_build_meta
|
|
|
|
RDEPENDS:${PN} = "\
|
|
python3-cryptography \
|
|
python3-json \
|
|
"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|