diff options
| author | Xu Huan <xuhuan.fnst@fujitsu.com> | 2026-01-16 08:38:08 +0100 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-30 18:59:28 +0100 |
| commit | b7ab23179d01d442802721f2100e0409aa17e32a (patch) | |
| tree | d34e47e3c7354c74b620cb6ad3b752fcecd1162a /meta-python/recipes-devtools/python | |
| parent | 01098510f3988a91790eb0d79ac162dc4ca01206 (diff) | |
| download | meta-openembedded-b7ab23179d01d442802721f2100e0409aa17e32a.tar.gz | |
python3-werkzeug: upgrade 2.1.1 -> 2.1.2
Changelog:
==========
The development server does not set Transfer-Encoding: chunked for 1xx, 204, 304, and HEAD responses.
Response HTML for exceptions and redirects starts with <!doctype html> and <html lang=en>.
Fix ability to set some cache_control attributes to False.
Disable keep-alive connections in the development server, which are not supported sufficiently by Python’s http.server.
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0704ebad0d31eec1737e0313b0f221085a9e8166)
Rebased patches in Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch | 5 | ||||
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch | 6 | ||||
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb (renamed from meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb) | 2 |
3 files changed, 6 insertions, 7 deletions
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch index 3a0f4324a1..268a29b368 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch +++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch | |||
| @@ -27,15 +27,14 @@ diff --git a/CHANGES.rst b/CHANGES.rst | |||
| 27 | index 6e809ba..13ef75b 100644 | 27 | index 6e809ba..13ef75b 100644 |
| 28 | --- a/CHANGES.rst | 28 | --- a/CHANGES.rst |
| 29 | +++ b/CHANGES.rst | 29 | +++ b/CHANGES.rst |
| 30 | @@ -4,6 +4,9 @@ | 30 | @@ -4,6 +4,8 @@ |
| 31 | ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS | 31 | ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS |
| 32 | attack where a larger number of form/file parts would result in disproportionate | 32 | attack where a larger number of form/file parts would result in disproportionate |
| 33 | resource use. | 33 | resource use. |
| 34 | +- A cookie header that starts with ``=`` is treated as an empty key and discarded, | 34 | +- A cookie header that starts with ``=`` is treated as an empty key and discarded, |
| 35 | + rather than stripping the leading ``==``. | 35 | + rather than stripping the leading ``==``. |
| 36 | + | ||
| 37 | 36 | ||
| 38 | Version 2.1.1 | 37 | Version 2.1.2 |
| 39 | ------------- | 38 | ------------- |
| 40 | diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py | 39 | diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py |
| 41 | index a8b3523..d6290ba 100644 | 40 | index a8b3523..d6290ba 100644 |
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch index 61551d8fca..351f939b78 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch +++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch | |||
| @@ -25,15 +25,15 @@ index a351d7c..6e809ba 100644 | |||
| 25 | +++ b/CHANGES.rst | 25 | +++ b/CHANGES.rst |
| 26 | @@ -1,5 +1,10 @@ | 26 | @@ -1,5 +1,10 @@ |
| 27 | .. currentmodule:: werkzeug | 27 | .. currentmodule:: werkzeug |
| 28 | 28 | ||
| 29 | +- Specify a maximum number of multipart parts, default 1000, after which a | 29 | +- Specify a maximum number of multipart parts, default 1000, after which a |
| 30 | + ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS | 30 | + ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS |
| 31 | + attack where a larger number of form/file parts would result in disproportionate | 31 | + attack where a larger number of form/file parts would result in disproportionate |
| 32 | + resource use. | 32 | + resource use. |
| 33 | + | 33 | + |
| 34 | Version 2.1.1 | 34 | Version 2.1.2 |
| 35 | ------------- | 35 | ------------- |
| 36 | 36 | ||
| 37 | diff --git a/docs/request_data.rst b/docs/request_data.rst | 37 | diff --git a/docs/request_data.rst b/docs/request_data.rst |
| 38 | index 83c6278..e55841e 100644 | 38 | index 83c6278..e55841e 100644 |
| 39 | --- a/docs/request_data.rst | 39 | --- a/docs/request_data.rst |
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb index 0a18a48406..3c50d19173 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb +++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb | |||
| @@ -18,7 +18,7 @@ SRC_URI += "file://CVE-2023-25577.patch \ | |||
| 18 | file://CVE-2024-34069-0002.patch \ | 18 | file://CVE-2024-34069-0002.patch \ |
| 19 | file://CVE-2024-49767.patch" | 19 | file://CVE-2024-49767.patch" |
| 20 | 20 | ||
| 21 | SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74" | 21 | SRC_URI[sha256sum] = "1ce08e8093ed67d638d63879fd1ba3735817f7a80de3674d293f5984f25fb6e6" |
| 22 | 22 | ||
| 23 | inherit pypi setuptools3 | 23 | inherit pypi setuptools3 |
| 24 | 24 | ||