python3-django: upgrade to Django 4.2.10 LTS release

Django 4.0.x is no longer supported since April 2023.
Upgrade to the latest 4.x LTS release.

Fixes CVEs:
CVE-2024-24680: Potential denial-of-service in intcomma template filter
CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator
CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri()
CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator
CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field

Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.10.bb b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb
new file mode 100644
index 000000000..45de69235
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb
@@ -0,0 +1,14 @@
+require python-django.inc
+inherit setuptools3
+
+SRC_URI[sha256sum] = "b1260ed381b10a11753c73444408e19869f3241fc45c985cd55a30177c789d13"
+
+RDEPENDS:${PN} += "\
+    ${PYTHON_PN}-sqlparse \
+    ${PYTHON_PN}-asgiref \
+"
+
+# Set DEFAULT_PREFERENCE so that the LTS version of django is built by
+# default. To build the 4.x branch, 
+# PREFERRED_VERSION_python3-django = "4.0.2" can be added to local.conf
+DEFAULT_PREFERENCE = "-1"