summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHaixiao Yan <haixiao.yan.cn@windriver.com>2026-01-14 10:43:11 +0800
committerGyorgy Sarvari <skandigraun@gmail.com>2026-01-15 13:45:04 +0100
commitbca6ddaa0d791bd2a95bf72edca3bb70b03e8cce (patch)
tree01fdd8883e847a44eb8ff5afac9b6492b9bc839c
parent7d4507f226bd2af939d4482fb14a809867ece939 (diff)
downloadmeta-openembedded-bca6ddaa0d791bd2a95bf72edca3bb70b03e8cce.tar.gz
python3-django: Fix undefined _lazy_re_compile
Fix the following error introduced by CVE-2024-27351.patch and CVE-2025-32873.patch: NameError: name '_lazy_re_compile' is not defined Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat
-rw-r--r--meta-python/recipes-devtools/python/python3-django/Fix-undefined-_lazy_re_compile.patch49
-rw-r--r--meta-python/recipes-devtools/python/python3-django_2.2.28.bb1
2 files changed, 50 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/Fix-undefined-_lazy_re_compile.patch b/meta-python/recipes-devtools/python/python3-django/Fix-undefined-_lazy_re_compile.patch
new file mode 100644
index 0000000000..226aaea07a
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/Fix-undefined-_lazy_re_compile.patch
@@ -0,0 +1,49 @@
1From f89fec5d58bc1684478fe23c29a34f17ca529b1a Mon Sep 17 00:00:00 2001
2From: Haixiao Yan <haixiao.yan.cn@windriver.com>
3Date: Tue, 13 Jan 2026 14:14:02 +0800
4Subject: [PATCH] python3-django: Fix undefined _lazy_re_compile
5
6Fix the following error introduced by CVE-2024-27351.patch and
7CVE-2025-32873.patch:
8
9NameError: name '_lazy_re_compile' is not defined
10
11Upstream-Status: Inappropriate [Fix the regression in the previous fix for CVE-2024-27351 and CVE-2025-32873]
12
13Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
14---
15 django/utils/html.py | 2 +-
16 django/utils/text.py | 4 ++--
17 2 files changed, 3 insertions(+), 3 deletions(-)
18
19diff --git a/django/utils/html.py b/django/utils/html.py
20index 858a517d92f8..6eb8bc3dbf38 100644
21--- a/django/utils/html.py
22+++ b/django/utils/html.py
23@@ -38,7 +38,7 @@ _html_escapes = {
24 }
25
26 # HTML tag that opens but has no closing ">" after 1k+ chars.
27-long_open_tag_without_closing_re = _lazy_re_compile(r"<[a-zA-Z][^>]{1000,}")
28+long_open_tag_without_closing_re = re.compile(r"<[a-zA-Z][^>]{1000,}")
29
30
31 @keep_lazy(str, SafeText)
32diff --git a/django/utils/text.py b/django/utils/text.py
33index c474d5681eeb..e104b60c4f6c 100644
34--- a/django/utils/text.py
35+++ b/django/utils/text.py
36@@ -27,8 +27,8 @@ def capfirst(x):
37 # text with only open brackets "<<<...". The class below provides the services
38 # and correct answers for the use cases, but in these edge cases does it much
39 # faster.
40-re_notag = _lazy_re_compile(r"([^<>\s]+)", re.S)
41-re_prt = _lazy_re_compile(r"<|([^<>\s]+)", re.S)
42+re_notag = re.compile(r"([^<>\s]+)", re.S)
43+re_prt = re.compile(r"<|([^<>\s]+)", re.S)
44
45
46 class WordsRegex:
47--
482.34.1
49
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 24b86a3e26..f2bb1de4f2 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -32,6 +32,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
32 file://CVE-2024-39330.patch \ 32 file://CVE-2024-39330.patch \
33 file://CVE-2025-32873.patch \ 33 file://CVE-2025-32873.patch \
34 file://CVE-2025-64459.patch \ 34 file://CVE-2025-64459.patch \
35 file://Fix-undefined-_lazy_re_compile.patch \
35 " 36 "
36 37
37SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413" 38SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-12 12:04:44 +0000