NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-httplib2: security bump to version 0.19.1

Browse Source 
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
  for Python. In httplib2 before version 0.19.0, a malicious server
  which responds with long series of "\xa0" characters in the
  "www-authenticate" header may cause Denial of Service (CPU burn while
  parsing header) of the httplib2 client accessing said server. This is
  fixed in version 0.19.0 which contains a new implementation of auth
  headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
  controlling unescaped part of uri for `httplib2.Http.request()` could
  change request headers and body, send additional hidden requests to
  same server. This vulnerability impacts software that uses httplib2
  with uri constructed by string concatenation, as opposed to proper
  urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
  bd9ee252c8

https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2050b4869d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2021-04-10 00:24:44 +02:00 committed by Peter Korsgaard
parent 792a56ddee
commit 6c0c05d6d5
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package/python-httplib2/Config.in
View File

@ -4,6 +4,7 @@ config BR2_PACKAGE_PYTHON_HTTPLIB2
select BR2_PACKAGE_PYTHON_SSL if BR2_PACKAGE_PYTHON
select BR2_PACKAGE_PYTHON3_ZLIB if BR2_PACKAGE_PYTHON3
select BR2_PACKAGE_PYTHON3_SSL if BR2_PACKAGE_PYTHON3
select BR2_PACKAGE_PYTHON_PYPARSING # runtime
help
httplib2 is a comprehensive HTTP client library, httplib2.py
supports many features left out of other HTTP libraries.

8
package/python-httplib2/python-httplib2.hash
View File

@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/httplib2/json
md5 4c05b09eb6f6c20a31ca488c7a87dda9 httplib2-0.17.2.tar.gz
sha256 eb7a6b137ae31e61c5f429083c5bebb71fe5fd1958e7f3d5c39b21b11cd4b290 httplib2-0.17.2.tar.gz
# Locally computer sha256 checksums
sha256 4205f0d88e04380ba13b9c60e2f85771196b66ee84bf48971d30d82a78e84c3f PKG-INFO
md5 de7f5e3a4adb3105889867327bdd39dc httplib2-0.19.1.tar.gz
sha256 0b12617eeca7433d4c396a100eaecfa4b08ee99aa881e6df6e257a7aad5d533d httplib2-0.19.1.tar.gz
# Locally computed sha256 checksums
sha256 589eec38f72df2be203711d3b8cbece9b908c5e7ff00bc3cab7f63bae9e366b4 LICENSE

6
package/python-httplib2/python-httplib2.mk
View File

@ -4,11 +4,11 @@
#
################################################################################
PYTHON_HTTPLIB2_VERSION = 0.17.2
PYTHON_HTTPLIB2_VERSION = 0.19.1
PYTHON_HTTPLIB2_SOURCE = httplib2-$(PYTHON_HTTPLIB2_VERSION).tar.gz
PYTHON_HTTPLIB2_SITE = https://files.pythonhosted.org/packages/1b/f0/a35a448afea308aeb6a1430dbcfb46f4cef11360cbc18f22af6e567bb847
PYTHON_HTTPLIB2_SITE = https://files.pythonhosted.org/packages/ed/cd/533a1e9e04671bcee5d2854b4f651a3fab9586d698de769d93b05ee2bff1
PYTHON_HTTPLIB2_SETUP_TYPE = setuptools
PYTHON_HTTPLIB2_LICENSE = MIT
PYTHON_HTTPLIB2_LICENSE_FILES = PKG-INFO
PYTHON_HTTPLIB2_LICENSE_FILES = LICENSE
$(eval $(python-package))