diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-23 18:02:12 +0100 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-01-26 10:04:44 +0530 |
| commit | a627e747a79760daff2b794f1a363f672773b004 (patch) | |
| tree | a922fe106995989b103d3dcfb2d8ea8f63911142 /meta-python/recipes-devtools/python/python3-django_4.2.20.bb | |
| parent | c72ce4fc7ea87d1260030d08742302a16fbc5e3a (diff) | |
| download | meta-openembedded-a627e747a79760daff2b794f1a363f672773b004.tar.gz | |
python3-django: upgrade 4.2.20 -> 4.2.27
Upstream has switched from setuptools3 build backend to setuptools_build_meta,
however their setuptools requirements are higher than what's available in oe-core.
As a workaround, add a patch that lowers the requirements. This change has been
tested by successfully executing the django test suite in qemu (without Selenium tests).
Changes:
4.2.27: https://docs.djangoproject.com/en/6.0/releases/4.2.27/
- Fix CVE-2025-13372
- Fix CVE-2025-64460
- Fixed a regression in Django 4.2.26 where DisallowedRedirect was raised by
HttpResponseRedirect and HttpResponsePermanentRedirect for URLs longer than 2048 characters.
The limit is now 16384 characters
4.2.26: https://docs.djangoproject.com/en/6.0/releases/4.2.26/
- Fix CVE-2025-64458
- Fix CVE-2025-64459
4.2.25: https://docs.djangoproject.com/en/6.0/releases/4.2.25/
- Fix CVE-2025-59681
- Fix CVE-2025-59682
4.2.24: https://docs.djangoproject.com/en/6.0/releases/4.2.24/
- Fix CVE-2025-57833
4.2.23: https://docs.djangoproject.com/en/6.0/releases/4.2.23/
- Fix CVE-2025-48432
4.2.22: https://docs.djangoproject.com/en/6.0/releases/4.2.22/
- Fix CVE-2025-48432
4.2.21: https://docs.djangoproject.com/en/6.0/releases/4.2.21/
- Change build backend
- Fix CVE-2025-32873
- Fixed a data corruption possibility in file_move_safe() when
allow_overwrite=True, where leftover content from a previously larger file could
remain after overwriting with a smaller one due to lack of truncation
- Fixed a regression in Django 4.2.20, introduced when fixing CVE 2025-26699,
where the wordwrap template filter did not preserve empty lines between paragraphs
after wrapping text
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django_4.2.20.bb')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-django_4.2.20.bb | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.20.bb b/meta-python/recipes-devtools/python/python3-django_4.2.20.bb deleted file mode 100644 index 3fb8b03224..0000000000 --- a/meta-python/recipes-devtools/python/python3-django_4.2.20.bb +++ /dev/null | |||
| @@ -1,14 +0,0 @@ | |||
| 1 | require python-django.inc | ||
| 2 | inherit setuptools3 | ||
| 3 | |||
| 4 | SRC_URI[sha256sum] = "92bac5b4432a64532abb73b2ac27203f485e40225d2640a7fbef2b62b876e789" | ||
| 5 | |||
| 6 | RDEPENDS:${PN} += "\ | ||
| 7 | python3-sqlparse \ | ||
| 8 | python3-asgiref \ | ||
| 9 | " | ||
| 10 | |||
| 11 | # Set DEFAULT_PREFERENCE so that the LTS version of django is built by | ||
| 12 | # default. To build the 4.x branch, | ||
| 13 | # PREFERRED_VERSION_python3-django = "4.2.20" can be added to local.conf | ||
| 14 | DEFAULT_PREFERENCE = "-1" | ||