From eaacb6321cdcd511dddbcffaaf664eff1b384aa5 Mon Sep 17 00:00:00 2001 From: Xu Huan Date: Wed, 15 Dec 2021 17:48:27 +0800 Subject: python3-django: upgrade 2.2.24 -> 2.2.25 changelog: ================================================================================ Django 2.2.25 fixes a security issue with severity "low" in 2.2.24. CVE-2021-44420: Potential bypass of an upstream access control based on URL paths ================================================================================= HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths. Signed-off-by: Xu Huan Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin --- .../recipes-devtools/python/python3-django_2.2.24.bb | 13 ------------- .../recipes-devtools/python/python3-django_2.2.25.bb | 12 ++++++++++++ 2 files changed, 12 insertions(+), 13 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.24.bb create mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.25.bb (limited to 'meta-python/recipes-devtools/python') diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.24.bb b/meta-python/recipes-devtools/python/python3-django_2.2.24.bb deleted file mode 100644 index 982362bdd1..0000000000 --- a/meta-python/recipes-devtools/python/python3-django_2.2.24.bb +++ /dev/null @@ -1,13 +0,0 @@ -require python-django.inc - -# Pin to 2.2.x LTS releases ONLY for this recipe -UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P(2\.2\.\d*)+)/" - -inherit setuptools3 - -SRC_URI[md5sum] = "ebf3bbb7716a7b11029e860475b9a122" -SRC_URI[sha256sum] = "3339ff0e03dee13045aef6ae7b523edff75b6d726adf7a7a48f53d5a501f7db7" - -RDEPENDS:${PN} += "\ - ${PYTHON_PN}-sqlparse \ -" diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.25.bb b/meta-python/recipes-devtools/python/python3-django_2.2.25.bb new file mode 100644 index 0000000000..86d21fed06 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django_2.2.25.bb @@ -0,0 +1,12 @@ +require python-django.inc + +# Pin to 2.2.x LTS releases ONLY for this recipe +UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P(2\.2\.\d*)+)/" + +inherit setuptools3 + +SRC_URI[sha256sum] = "b1e65eaf371347d4b13eb7e061b09786c973061de95390c327c85c1e2aa2349c" + +RDEPENDS:${PN} += "\ + ${PYTHON_PN}-sqlparse \ +" -- cgit v1.2.3-54-g00ecf