Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=mickledore-net 2021-12-22T02:47:47+00:00 2021-12-22T02:47:47+00:00 Trevor Gamblin trevor.gamblin@windriver.com 2021-12-20T14:27:38+00:00 urn:sha1:446a503acf6854b3357571044f396e6815f6bd9e From the release notes page (https://docs.djangoproject.com/en/4.0/releases/3.2.10/): Django 3.2.10 fixes a security issue with severity “low” and a bug in 3.2.9. CVE-2021-44420: Potential bypass of an upstream access control based on URL paths HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths. Bugfixes Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with BinaryField on PostgreSQL, which is memoryview-backed (#33333). Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python 3.10. Bugfixes Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering a field with a functional index (#33194). Django 3.2.8 fixes two bugs in 3.2.7. Bugfixes Fixed a bug in Django 3.2 that caused incorrect links on read-only fields in the admin (#33077). Fixed a regression in Django 3.2 that caused incorrect selection of items across all pages when actions were placed both on the top and bottom of the admin change-list view (#33083). Django 3.2.7 fixes a bug in 3.2.6. Bugfixes Fixed a regression in Django 3.2 that caused the incorrect offset extraction from fixed offset timezones (#32992). Django 3.2.6 fixes several bugs in 3.2.5. Bugfixes Fixed a regression in Django 3.2 that caused a crash validating "NaN" input with a forms.DecimalField when additional constraints, e.g. max_value, were specified (#32949). Fixed a bug in Django 3.2 where a system check would crash on a model with a reverse many-to-many relation inherited from a parent class (#32947). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> 2021-08-03T17:21:25+00:00 Martin Jansa Martin.Jansa@gmail.com 2021-07-29T15:04:53+00:00 urn:sha1:c61dc077bbd81260e4f167fa2251643ba0ba6974 This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> 2021-07-16T15:57:37+00:00 Trevor Gamblin trevor.gamblin@windriver.com 2021-07-14T12:54:16+00:00 urn:sha1:fe50bd100548500842667210df9757d84ec11b16 3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input. Additional release notes: - Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(…, named=True) after prefetch_related() (#32812). - Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable (#32503). - Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value (#32832). - Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label (#32863). There is no corresponding uprev for the 2.x LTS branch since it is already at the latest version (2.2.24). Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>