diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-02-10 20:19:22 +0100 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2026-02-10 21:11:46 -0800 |
| commit | 8fdf6a64c0cb66b82fc2237b5e5139b552b655fc (patch) | |
| tree | 4bfebdda920903d7184e4f0b6fbb1b104d95c394 /meta-python/recipes-devtools/python/python3-django | |
| parent | 12deb70ea80b2a13be126ebf7bec511668248712 (diff) | |
| download | meta-openembedded-8fdf6a64c0cb66b82fc2237b5e5139b552b655fc.tar.gz | |
python3-django: upgrade 5.2.9 -> 5.2.11
Dropped patch that is included in this release.
Ptests passed:
Ran 18131 tests in 450.882s
OK (skipped=1389, expected failures=5)
Changelog:
5.2.11:
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285,
CVE-2026-1287 and CVE-2026-1312
5.2.10:
* Fixed a bug in Django 5.2 where data exceeding max_length was silently
truncated by QuerySet.bulk_create on PostgreSQL.
* Fixed a bug where management command colorized help (introduced in
Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-django/0001-Fix-test_strip_tags-test.patch | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/0001-Fix-test_strip_tags-test.patch b/meta-python/recipes-devtools/python/python3-django/0001-Fix-test_strip_tags-test.patch deleted file mode 100644 index f77c3b963a..0000000000 --- a/meta-python/recipes-devtools/python/python3-django/0001-Fix-test_strip_tags-test.patch +++ /dev/null | |||
| @@ -1,76 +0,0 @@ | |||
| 1 | From 7b80b2186300620931009fd62c2969f108fe7a62 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jacob Walls <jacobtylerwalls@gmail.com> | ||
| 3 | Date: Thu, 11 Dec 2025 08:44:19 -0500 | ||
| 4 | Subject: [PATCH] Refs #36499 -- Adjusted test_strip_tags following Python | ||
| 5 | behavior change for incomplete entities. | ||
| 6 | |||
| 7 | Upstream-Status: Backport [https://github.com/django/django/commit/7b80b2186300620931009fd62c2969f108fe7a62] | ||
| 8 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 9 | --- | ||
| 10 | tests/utils_tests/test_html.py | 25 ++++++++++++++++++++----- | ||
| 11 | 1 file changed, 20 insertions(+), 5 deletions(-) | ||
| 12 | |||
| 13 | diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py | ||
| 14 | index 7412c2624c73..ee115aaf1cf2 100644 | ||
| 15 | --- a/tests/utils_tests/test_html.py | ||
| 16 | +++ b/tests/utils_tests/test_html.py | ||
| 17 | @@ -1,3 +1,4 @@ | ||
| 18 | +import math | ||
| 19 | import os | ||
| 20 | import sys | ||
| 21 | from datetime import datetime | ||
| 22 | @@ -124,7 +125,7 @@ | ||
| 23 | # old and new results. The check below is temporary until all supported | ||
| 24 | # Python versions and CI workers include the fix. See: | ||
| 25 | # https://github.com/python/cpython/commit/6eb6c5db | ||
| 26 | - min_fixed = { | ||
| 27 | + min_fixed_security = { | ||
| 28 | (3, 14): (3, 14), | ||
| 29 | (3, 13): (3, 13, 6), | ||
| 30 | (3, 12): (3, 12, 12), | ||
| 31 | @@ -132,7 +133,21 @@ | ||
| 32 | (3, 10): (3, 10, 19), | ||
| 33 | (3, 9): (3, 9, 24), | ||
| 34 | } | ||
| 35 | - htmlparser_fixed = sys.version_info >= min_fixed[sys.version_info[:2]] | ||
| 36 | + # Similarly, there was a fix for terminating incomplete entities. See: | ||
| 37 | + # https://github.com/python/cpython/commit/95296a9d | ||
| 38 | + min_fixed_incomplete_entities = { | ||
| 39 | + (3, 14): (3, 14, 1), | ||
| 40 | + (3, 13): (3, 13, 10), | ||
| 41 | + (3, 12): (3, 12, math.inf), # not fixed in 3.12. | ||
| 42 | + } | ||
| 43 | + major_version = sys.version_info[:2] | ||
| 44 | + htmlparser_fixed_security = sys.version_info >= min_fixed_security.get( | ||
| 45 | + major_version, major_version | ||
| 46 | + ) | ||
| 47 | + htmlparser_fixed_incomplete_entities = ( | ||
| 48 | + sys.version_info | ||
| 49 | + >= min_fixed_incomplete_entities.get(major_version, major_version) | ||
| 50 | + ) | ||
| 51 | items = ( | ||
| 52 | ( | ||
| 53 | "<p>See: 'é is an apostrophe followed by e acute</p>", | ||
| 54 | @@ -159,16 +174,19 @@ | ||
| 55 | # https://bugs.python.org/issue20288 | ||
| 56 | ("&gotcha&#;<>", "&gotcha&#;<>"), | ||
| 57 | ("<sc<!-- -->ript>test<<!-- -->/script>", "ript>test"), | ||
| 58 | - ("<script>alert()</script>&h", "alert()h"), | ||
| 59 | + ( | ||
| 60 | + "<script>alert()</script>&h", | ||
| 61 | + "alert()&h;" if htmlparser_fixed_incomplete_entities else "alert()h", | ||
| 62 | + ), | ||
| 63 | ( | ||
| 64 | "><!" + ("&" * 16000) + "D", | ||
| 65 | - ">" if htmlparser_fixed else "><!" + ("&" * 16000) + "D", | ||
| 66 | + ">" if htmlparser_fixed_security else "><!" + ("&" * 16000) + "D", | ||
| 67 | ), | ||
| 68 | ("X<<<<br>br>br>br>X", "XX"), | ||
| 69 | ("<" * 50 + "a>" * 50, ""), | ||
| 70 | ( | ||
| 71 | ">" + "<a" * 500 + "a", | ||
| 72 | - ">" if htmlparser_fixed else ">" + "<a" * 500 + "a", | ||
| 73 | + ">" if htmlparser_fixed_security else ">" + "<a" * 500 + "a", | ||
| 74 | ), | ||
| 75 | ("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951), | ||
| 76 | ("<" + "a" * 1_002, "<" + "a" * 1_002), | ||