[oe] [meta-openembedded][kirkstone][PATCH 1/1] python3-oauthlib: upgrade 3.2.0 -> 3.2.2

Fri, 18 Nov 2022 03:49:43 -0800 

As per CVE reference, version 3.2.1 fixes the CVE-2022-36087 issue. But after 
upgrading the python3-oauthlib version
to 3.2.1, observed that the vulnerable code lines are still available. The same 
observations were reported here in github at
https://github.com/oauthlib/oauthlib/issues/837 and found that it was a mistake 
during 3.2.1 release preparation and due to
which vulnerable code was still existing in 3.2.1 source code.

To fix CVE-2022-36087 issue, we need to upgrade python3-oauthlib to 3.2.2 
version and here are the changelog of version 3.2.2
https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst

Reference :
https://nvd.nist.gov/vuln/detail/CVE-2022-36087

Upstream fix :
https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd

Signed-off-by: Narpat Mali <[email protected]>
---
 .../{python3-oauthlib_3.2.0.bb => python3-oauthlib_3.2.2.bb}    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-oauthlib_3.2.0.bb => 
python3-oauthlib_3.2.2.bb} (92%)

diff --git a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb 
b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
similarity index 92%
rename from meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb
rename to meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
index e7f7f0b47..566279d71 100644
--- a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/idan/oauthlib";
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482"
 
-SRC_URI[sha256sum] = 
"23a8208d75b902797ea29fd31fa80a15ed9dc2c6c16fe73f5d346f83f6fa27a2"
+SRC_URI[sha256sum] = 
"9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918"
 
 inherit pypi setuptools3
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#99611): 
https://lists.openembedded.org/g/openembedded-devel/message/99611
Mute This Topic: https://lists.openembedded.org/mt/95109963/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to