Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap 2026-01-26T04:34:44+00:00 2026-01-26T04:34:44+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-01-23T17:02:12+00:00 urn:sha1:a627e747a79760daff2b794f1a363f672773b004 Upstream has switched from setuptools3 build backend to setuptools_build_meta, however their setuptools requirements are higher than what's available in oe-core. As a workaround, add a patch that lowers the requirements. This change has been tested by successfully executing the django test suite in qemu (without Selenium tests). Changes: 4.2.27: https://docs.djangoproject.com/en/6.0/releases/4.2.27/ - Fix CVE-2025-13372 - Fix CVE-2025-64460 - Fixed a regression in Django 4.2.26 where DisallowedRedirect was raised by HttpResponseRedirect and HttpResponsePermanentRedirect for URLs longer than 2048 characters. The limit is now 16384 characters 4.2.26: https://docs.djangoproject.com/en/6.0/releases/4.2.26/ - Fix CVE-2025-64458 - Fix CVE-2025-64459 4.2.25: https://docs.djangoproject.com/en/6.0/releases/4.2.25/ - Fix CVE-2025-59681 - Fix CVE-2025-59682 4.2.24: https://docs.djangoproject.com/en/6.0/releases/4.2.24/ - Fix CVE-2025-57833 4.2.23: https://docs.djangoproject.com/en/6.0/releases/4.2.23/ - Fix CVE-2025-48432 4.2.22: https://docs.djangoproject.com/en/6.0/releases/4.2.22/ - Fix CVE-2025-48432 4.2.21: https://docs.djangoproject.com/en/6.0/releases/4.2.21/ - Change build backend - Fix CVE-2025-32873 - Fixed a data corruption possibility in file_move_safe() when allow_overwrite=True, where leftover content from a previously larger file could remain after overwriting with a smaller one due to lack of truncation - Fixed a regression in Django 4.2.20, introduced when fixing CVE 2025-26699, where the wordwrap template filter did not preserve empty lines between paragraphs after wrapping text Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2025-10-30T07:13:43+00:00 Soumya Sambu soumya.sambu@windriver.com 2025-10-22T23:26:24+00:00 urn:sha1:15e18246dd0c0585cd1515a0be8ee5e2016d1329 Includes fix for CVE-2025-26699 Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.19/ https://docs.djangoproject.com/en/dev/releases/4.2.20/ Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 54f5df8907cbf1212d0733ffddc049c7b8b8aaf0) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>