linux/meta-openembedded.git/meta-python/recipes-devtools/python, branch hardknott-next

PATCH] python3-lxml: upgrade 4.6.3 -> 4.6.5

2022-04-16T16:52:00+00:00

Release notes (https://github.com/lxml/lxml/blob/master/CHANGES.txt): 4.6.5 (2021-12-12) ================== Bugs fixed ---------- * A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818). * A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818). 4.6.4 (2021-11-01) ================== Features added -------------- * GH#317: A new property ``system_url`` was added to DTD entities. Patch by Thirdegree. * GH#314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars. Patch by Isaac Jurado. Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster

python3-django: upgrade 3.2.5 -> 3.2.12

2022-04-02T17:37:03+00:00

The delta between 3.2.5 and 3.2.12 contain numerous CVE and other bugfixes. git log --oneline 3.2.5..3.2.12 shows: fdf209eab8 (tag: 3.2.12) [3.2.x] Bumped version for 3.2.12 release. d16133568e [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 1a1e8278c4 [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. a7e89fe776 [3.2.x] Added stub release notes for 3.2.12 and 2.2.27. 027f4c4ceb [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 0a9a46a1d7 [3.2.x] Post-release version bump. 6e499a28ac (tag: 3.2.11) [3.2.x] Bumped version for 3.2.11 release. 8d2f7cff76 [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. c7fe895bca [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. a8b32fe13b [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. b0aa0709a5 [3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases. ae242235db [3.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. ecd2793897 [3.2.x] Added CVE-2021-44420 to security archive. 1cea03ab00 [3.2.x] Post-release version bump. 0153a63a67 (tag: 3.2.10) [3.2.x] Bumped version for 3.2.10 release. 333c656030 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 6014b812e2 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle. cb724ef6c0 [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL. 0cf2d48ba8 [3.2.x] Added requirements.txt to files ignored by Sphinx builds. 487a2da02e [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 742d6bc8db [3.2.x] Corrected signatures of QuerySet's methods. 99532fdadf [3.2.x] Corrected isort example in coding style docs. 31539a63f2 [3.2.x] Corrected "pip install" call in coding style docs. 76a0a8a917 [3.2.x] Configured Read The Docs to build all formats. 04e66e245d [3.2.x] Fixed crash building HTML docs since Sphinx 4.3. dfa1145a22 [3.2.x] Corrected multiply defined labels in docs. 9d171643d4 [3.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 327dac6e7c [3.2.x] Fixed #33247 -- Added configuration for Read The Docs. bc691d555e [3.2.x] Corrected module reference in contributing tutorial. 3357ad2de2 [3.2.x] Fixed typo in docs/topics/logging.txt. 34e5e61479 [3.2.x] Added stub release notes for Django 3.2.10. 21a56d596a [3.2.x] Post-release version bump. 1b3c0d3b54 (tag: 3.2.9) [3.2.x] Bumped version for 3.2.9 release. e299cc2d2c [3.2.x] Added release date for 3.2.9. 947d2707c6 [3.2.x] Added Google Cloud Spanner to list of third-party DB backends. 128179c0f8 [3.2.x] Refs #33182 -- Adjusted custom admin theming example to use correct template block. f5802a21c4 [3.2.x] Fixed #33194 -- Fixed migrations when altering a field with functional indexes on SQLite. fdc1c6435c [3.2.x] Fixed #33198 -- Corrected BinaryField.max_length docs. dbcd81841f [3.2.x] Refs #32074 -- Removed usage of deprecated asyncore and smtpd modules. 137a9899d7 [3.2.x] Refs #27131 -- Removed SMTPBackendTests.test_server_login(). 1128291650 [3.2.x] Added 'formatter' to spelling wordlist. 82fee0446d [3.2.x] Refs #32074 -- Doc'd Python 3.10 compatibility in Django 3.2.x. 1aed4663c3 [3.2.x] Refs #32074 -- Added Python 3.10 to classifiers and tox.ini. 53fad80ffe [3.2.x] Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop() on Python 3.7+. f6726fdc3e [3.2.x] Refs #32074 -- Fixed find_module()/find_loader() warnings on Python 3.10+. d0dc446444 [3.2.x] Refs #32074 -- Removed usage of deprecated Thread.setDaemon(). 8bebb1c04a [3.2.x] Refs #32074 -- Removed usage of Python's deprecated distutils.version package. faeae84dad [3.2.x] Skipped test_archive tests when bz2/lzma module is not installed. 329311ecbd [3.2.x] Added stub release notes for Django 3.2.9. 85e4af6a22 [3.2.x] Post-release version bump. 4540e976d4 (tag: 3.2.8) [3.2.x] Bumped version for 3.2.8 release. 65367b0500 [3.2.x] Added release date for 3.2.7. 51e4dbfeb2 [3.2.x] Refs #27694 -- Doc'd lookups that can be chained with HStoreField key transforms. 031ffc5c84 [3.2.x] Corrected field and model check messages in docs. 7607fe922f [3.2.x] Removed obsolete GEOS 3.5 requirement note. 6760f4fa25 [3.2.x] Fixed #33083 -- Fixed selecting all items in the admin changelist when actions are both top and bottom. e235c7815a [3.2.x] Fixed broken links and redirects in docs. 51e76c922f [3.2.x] Used :rfc: role in docs/topics/conditional-view-processing.txt. d4a587a5fa [3.2.x] Fixed #33077 -- Fixed links to related models for admin's readonly fields in custom admin site. 561a1c0905 [3.2.x] Fixed typo in docs/intro/reusable-apps.txt. 454ee4d3b8 [3.2.x] Corrected outputs and made cosmetic edits in GeoDjango tutorial. b51e0a37cf [3.2.x] Doc'd Jinja2 form renderer. a7be74d017 [3.2.x] Clarified type of Window()'s partition_by and order_by arguments. 54684a3ec0 [3.2.x] Refs #31055 -- Doc'd 'databases' argument of check functions. 1f86ff31b1 [3.2.x] Fixed typo in docs/topics/i18n/formatting.txt. b61f44c339 [3.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. 707239eabf [3.2.x] Added stub release notes for Django 3.2.8. d5710f405a [3.2.x] Post-release version bump. 45a0c54b67 (tag: 3.2.7) [3.2.x] Bumped version for 3.2.7 release. 4b80a40272 [3.2.x] Added release date for 3.2.7. 4e55806720 [3.2.x] Refs #25264 -- Doc's that not all default options are supported by every management command. fe3a854e1d [3.2.x] Fixed #32992 -- Restored offset extraction for fixed offset timezones. 382374a360 [3.2.x] Corrected BaseDatabaseSchemaEditor.execute() signature in docs. 11b2cbb65f [3.2.x] Made sentence about Model consistent in docs. 69009f4952 [3.2.x] Fixed #33046 -- Added note about using length of cached result by QuerySet.count(). d95a0144e5 [3.2.x] Used backend vendors in custom model fields docs. 358e65a5cd [3.2.x] Fixed #33030 -- Fixed broken links to GDAL docs. d29a9ed504 [3.2.x] The geodjango mailing list moved to the Django Forum. eb26b8a0fe [3.2.x] The django-i18n mailing list moved to the Django Forum. 6bb74f3de8 [3.2.x] Fixed some broken links and redirects in docs. f18da11b8a [3.2.x] Updated BaseDatabaseFeatures link in testing tools docs. 2c46e55314 [3.2.x] Clarified URL patterns in tutorial 3. 87e7399760 [3.2.x] Added stub release notes for Django 3.2.7. e1cad66dca [3.2.x] Post-release version bump. eb0f298e76 (tag: 3.2.6) [3.2.x] Bumped version for 3.2.6 release. 70840232f9 [3.2.x] Confirmed release date for Django 3.2.6. d9e05ea17a [3.2.x] Refs #31676 -- Updated technical board description in organization docs. 99d9a3ef7c [3.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. ed29959812 [3.2.x] Refs #31676 -- Removed Core team from organization docs. 55daaa0c79 [3.2.x] Made minor edits to QuerySet.update_or_create() docs. 5fa70c91b4 [3.2.x] Fixed typo in docs/ref/contrib/admin/index.txt. aace6c531d [3.2.x] Fixed #32933 -- Documented BoundField.initial as preferred over Form.get_initial_for_field(). bdd4cbe84a [3.2.x] Fixed #32957 -- Improved visibility of arguments sections in Model.save() docs. b2f7b53fac [3.2.x] Fixed #32947 -- Fixed hash() crash on reverse M2M relation when through_fields is a list. de5a044cf4 [3.2.x] Fixed #32950 -- Removed myproject from imports in admin docs where appropriate. f4cf86f870 [3.2.x] Refs #32949 -- Adjusted release note wording. 1346381760 [3.2.x] Fixed #32949 -- Restored invalid number handling in DecimalField.validate(). 05e997c404 [3.2.x] Fixed typo in docs/ref/databases.txt. 9a65e62c93 [3.2.x] Fixed typo in docs/releases/3.1.13.txt. 0ee092c8dd [3.2.x] Fixed typo in docs/topics/signals.txt. b7d25d025e [3.2.x] Fixed typo in docs/internals/deprecation.txt. 6931963886 [3.2.x] Fixed typo in docs/internals/contributing/committing-code.txt. f36edbc378 [3.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. 527482c513 [3.2.x] Fixed typo in docs/ref/contrib/gis/tutorial.txt. 1d53d2502d [3.2.x] Documented in_bulk behavior with nonexistent id_list items. 9fadb97583 [3.2.x] Added CVE-2021-35042 to security archive. 92efd69107 [3.2.x] Added stub release notes for Django 3.2.6. 3ab942f10a [3.2.x] Post-release version bump. Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster

python3-django: upgrade 2.2.24 -> 2.2.27

2022-04-02T17:37:03+00:00

The delta between 2.2.24 and 2.2.27 contain numerous CVE and other bugfixes. git log --oneline 2.2.24..2.2.27 shows: e541f2d05b (tag: 2.2.27) [2.2.x] Bumped version for 2.2.27 release. c477b76180 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. c27a7eb9f4 [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 4cafd3aacb [2.2.x] Added stub release notes 2.2.27. 77d0fe5868 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. e085d46e4b [2.2.x] Post-release version bump. 44e7cca623 (tag: 2.2.26) 2.2.x] Bumped version for 2.2.26 release. 4cb35b384c [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. c9f648ccfa [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 2135637fdd [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 03b733d8a8 [2.2.x] Added stub release notes for 2.2.26 release. b87820668e [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. 573e70ea48 [2.2.x] Added CVE-2021-44420 to security archive. 8439938602 [2.2.x] Post-release version bump. 79d8dcefb2 (tag: 2.2.25) [2.2.x] Bumped version for 2.2.25 release. 7cf7d74e8a [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 0007a5f9fa [2.2.x] Added requirements.txt to files ignored by Sphinx builds. fac0fdd95d [2.2.x] Added stub release notes for 2.2.25. 4bc10b7955 [2.2.x] Fixed crash building HTML docs since Sphinx 4.3. 5289fcfffe [2.2.x] Configured Read The Docs to build all formats. 9a4a2b2089 [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 029c830b71 [2.2.x] Fixed #33247 -- Added configuration for Read The Docs. 12141e3116 [2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required. cf63dd5c1b [2.2.x] Added 'formatter' to spelling wordlist. 05bc1c81aa [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. a9c0aa11e7 [2.2.x] Refs #31676 -- Updated technical board description in organization docs. 66008c2af0 [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. d4d1c2b3db [2.2.x] Refs #31676 -- Removed Core team from organization docs. 8f59f72a20 [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. 837ffcfa68 [2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required. dc43667eab [2.2.x] Fixed docs header underlines in security archive. 3e7bb564be [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive. 48bde7cab4 [2.2.x] Post-release version bump. Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster

python3-pillow: fix CVE-2022-22815, 22816, 22817

2022-01-30T23:13:01+00:00

Backport three patches from 9.0.0 upstream to fix CVES. Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster

recipes: Update SRC_URI branch and protocols

2021-11-13T15:45:48+00:00

This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster

python3-pyinotify: Add fcntl, logging to RDEPENDS

2021-10-19T15:07:13+00:00

"import pyinotify" throws an error for these modules if they are not included. Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster

python3-pillow: Fix CVE-2021-23437

2021-10-08T19:40:15+00:00

Backport an upstream fix since an uprev would include potentially-breaking functionality changes. Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster

python3-sqlparse: Fix CVE-2021-32839

2021-10-08T19:40:08+00:00

Backport a patch from version 0.4.2 upstream since the uprev would add functionality changes. Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster

python3-urllib3: Upgrade 1.26.4 -> 1.26.5

2021-07-30T23:20:20+00:00

Upgrade to release 1.26.5: - Fixed deprecation warnings emitted in Python 3.10. - Updated vendored six library to 1.16.0. - Improved performance of URL parser when splitting the authority component. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin Fixes CVE 2021-33503. (cherry picked from commit bb39c29a46e44fcc082aed0ce8772f4267a41d2d) Signed-off-by: Joe Slater Signed-off-by: Armin Kuster

python3-pillow: fix CVE-2021-34552

2021-07-28T05:36:24+00:00

Pull fix from version 8.3.1 back to 8.2.0. Signed-off-by: Joe Slater