helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-python
History
Rahul Janani Pandi a9a4998947 python3-aiohttp: Fix CVE-2024-23334 
aiohttp is an asynchronous HTTP client/server framework
for asyncio and Python.When using aiohttp as a web server
and configuring static routes, it is necessary to specify
the root path for static files. Additionally, the option
'follow_symlinks' can be used to determine whether to
follow symbolic links outside the static root directory.
When 'follow_symlinks' is set to True, there is no
validation to check if reading a file is within the root
directory. This can lead to directory traversal
vulnerabilities, resulting in unauthorized access to
arbitrary files on the system, even when symlinks are not
present. Disabling follow_symlinks and using a reverse proxy
are encouraged mitigations. Version 3.9.2 fixes this issue.

References:
https://security-tracker.debian.org/tracker/CVE-2024-23334
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2

Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-04-28 13:10:23 -04:00
..
classes
meta-python: Clean up recipes and classes that were moved to oe-core
2022-03-16 09:25:28 -04:00
conf
layer.conf: change layer priority to match oe-core
2022-02-28 08:39:26 -08:00
licenses
python3-crc32c: add 2.2.post0
2022-03-01 09:06:56 -08:00
recipes-connectivity
python3-thrift: upgrade 0.15.0 -> 0.16.0
2022-04-06 14:55:16 -04:00
recipes-core
meta-python-image: Fix build depends
2022-05-17 05:57:10 -07:00
recipes-devtools
python3-aiohttp: Fix CVE-2024-23334
2024-04-28 13:10:23 -04:00
recipes-extended
meta-python: Drop broken BBCLASSEXTEND variants
2023-11-18 10:03:15 -05:00
COPYING.MIT
README
meta-openemnedded: Add myself as kirkstone maintainer
2022-04-23 17:14:31 -07:00

README 

meta-python
================================

Introduction
-------------------------

This layer is intended to be the home of python modules for OpenEmbedded.

Dependencies
-------------------------

The meta-python layer depends on:

	URI: git://git.openembedded.org/openembedded-core
	layers: meta
	branch: kirkstone

	URI: git://git.openembedded.org/meta-openembedded
	layers: meta-oe
	branch: kirkstone

Please follow the recommended setup procedures of your OE distribution.
For Angstrom that is:
        http://www.angstrom-distribution.org/building-angstrom,
other distros should have similar online resources.

Contributing
-------------------------

The meta-openembedded mailinglist
(openembedded-devel@lists.openembedded.org) is used for questions,
comments and patch review. It is subscriber only, so please register
before posting.

Send pull requests to openembedded-devel@lists.openembedded.org with
'[meta-python][kirkstone]' in the subject.

When sending single patches, please use something like:
git send-email -M -1 --to=openembedded-devel@lists.openembedded.org --subject-prefix='meta-python][kirkstone][PATCH'

Maintenance
-------------------------

Layer maintainers: Armin Kuster <akuster808@gmail.com>