helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-05-16 06:39:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-python
History
Jiaying Song 78afe9d40c python3-aiohttp: fix CVE-2025-53643 and drop CVE-2024-42367 patch 
- Fix CVE-2025-53643:
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and
Python. Prior to version 3.12.14, the Python parser is vulnerable to a
request smuggling vulnerability due to not parsing trailer sections of
an HTTP request. If a pure Python version of aiohttp is installed (i.e.
without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled,
then an attacker may be able to execute a request smuggling attack to
bypass certain firewalls or proxy protections. Version 3.12.14 contains
a patch for this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-53643

- Drop CVE-2024-42367.patch:
According to upstream discussion and advisory [1][2], aiohttp 3.8.6 is
not affected by CVE-2024-42367, and the patch is therefore no longer
needed.

[1] https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
[2] https://github.com/aio-libs/aiohttp/issues/11149

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:05 +02:00
..
classes
meta-python: Clean up recipes and classes that were moved to oe-core
2022-03-16 09:25:28 -04:00
conf
layer.conf: change layer priority to match oe-core
2022-02-28 08:39:26 -08:00
licenses
python3-crc32c: add 2.2.post0
2022-03-01 09:06:56 -08:00
recipes-connectivity
python3-thrift: upgrade 0.15.0 -> 0.16.0
2022-04-06 14:55:16 -04:00
recipes-core
meta-python-image: Fix build depends
2022-05-17 05:57:10 -07:00
recipes-devtools
python3-aiohttp: fix CVE-2025-53643 and drop CVE-2024-42367 patch
2025-09-06 16:27:05 +02:00
recipes-extended
meta-python: Drop broken BBCLASSEXTEND variants
2023-11-18 10:03:15 -05:00
COPYING.MIT
README
meta-openemnedded: Add myself as kirkstone maintainer
2022-04-23 17:14:31 -07:00

README 

meta-python
================================

Introduction
-------------------------

This layer is intended to be the home of python modules for OpenEmbedded.

Dependencies
-------------------------

The meta-python layer depends on:

	URI: git://git.openembedded.org/openembedded-core
	layers: meta
	branch: kirkstone

	URI: git://git.openembedded.org/meta-openembedded
	layers: meta-oe
	branch: kirkstone

Please follow the recommended setup procedures of your OE distribution.
For Angstrom that is:
        http://www.angstrom-distribution.org/building-angstrom,
other distros should have similar online resources.

Contributing
-------------------------

The meta-openembedded mailinglist
(openembedded-devel@lists.openembedded.org) is used for questions,
comments and patch review. It is subscriber only, so please register
before posting.

Send pull requests to openembedded-devel@lists.openembedded.org with
'[meta-python][kirkstone]' in the subject.

When sending single patches, please use something like:
git send-email -M -1 --to=openembedded-devel@lists.openembedded.org --subject-prefix='meta-python][kirkstone][PATCH'

Maintenance
-------------------------

Layer maintainers: Armin Kuster <akuster808@gmail.com>