1 files changed, 48 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch
new file mode 100644
index 0000000000..04c0cf91e0
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch
@@ -0,0 +1,48 @@
+From 08c5a787262c1ae57f6517d4574b54a5fcaad124 Mon Sep 17 00:00:00 2001
+From: Vlastimil Zíma <ziima@users.noreply.github.com>
+Date: Mon, 24 Oct 2022 12:59:34 +0200
+Subject: [PATCH] Fixed #34098 -- Fixed loss of precision for Decimal values in
+  floatformat filter.
+Regression in 12f7928f5a455e330c0a7f19bc86b37baca12811.
+CVE: CVE-2024-41989
+Upstream-Status: Backport [https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ django/template/defaultfilters.py                     | 2 +-
+ tests/template_tests/filter_tests/test_floatformat.py | 4 ++++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
+index a1d77f5..9ca530c 100644
+--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
+@@ -123,7 +123,7 @@ def floatformat(text, arg=-1):
+     of that value.
+     """
+     try:
+-        input_val = repr(text)
+        input_val = str(text)
+         d = Decimal(input_val)
+     except InvalidOperation:
+         try:
+diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
+index cfc3eaf..acad66d 100644
+--- a/tests/template_tests/filter_tests/test_floatformat.py
+++ b/tests/template_tests/filter_tests/test_floatformat.py
+@@ -44,6 +44,10 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(0.12345, 2), '0.12')
+         self.assertEqual(floatformat(Decimal('555.555'), 2), '555.56')
+         self.assertEqual(floatformat(Decimal('09.000')), '9')
+        self.assertEqual(
+            floatformat(Decimal("123456.123456789012345678901"), 21),
+            "123456.123456789012345678901",
+        )
+         self.assertEqual(floatformat('foo'), '')
+         self.assertEqual(floatformat(13.1031, 'bar'), '13.1031')
+         self.assertEqual(floatformat(18.125, 2), '18.13')
+--
+2.40.0

diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch new file mode 100644 index 0000000000..04c0cf91e0 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch
@@ -0,0 +1,48 @@
	1	From 08c5a787262c1ae57f6517d4574b54a5fcaad124 Mon Sep 17 00:00:00 2001
	2	From: Vlastimil Zíma <ziima@users.noreply.github.com>
	3	Date: Mon, 24 Oct 2022 12:59:34 +0200
	4	Subject: [PATCH] Fixed #34098 -- Fixed loss of precision for Decimal values in
	5	floatformat filter.
	6
	7	Regression in 12f7928f5a455e330c0a7f19bc86b37baca12811.
	8
	9	CVE: CVE-2024-41989
	10
	11	Upstream-Status: Backport [https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124]
	12
	13	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	14	---
	15	django/template/defaultfilters.py \| 2 +-
	16	tests/template_tests/filter_tests/test_floatformat.py \| 4 ++++
	17	2 files changed, 5 insertions(+), 1 deletion(-)
	18
	19	diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
	20	index a1d77f5..9ca530c 100644
	21	--- a/django/template/defaultfilters.py
	22	+++ b/django/template/defaultfilters.py
	23	@@ -123,7 +123,7 @@ def floatformat(text, arg=-1):
	24	of that value.
	25	"""
	26	try:
	27	- input_val = repr(text)
	28	+ input_val = str(text)
	29	d = Decimal(input_val)
	30	except InvalidOperation:
	31	try:
	32	diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
	33	index cfc3eaf..acad66d 100644
	34	--- a/tests/template_tests/filter_tests/test_floatformat.py
	35	+++ b/tests/template_tests/filter_tests/test_floatformat.py
	36	@@ -44,6 +44,10 @@ class FunctionTests(SimpleTestCase):
	37	self.assertEqual(floatformat(0.12345, 2), '0.12')
	38	self.assertEqual(floatformat(Decimal('555.555'), 2), '555.56')
	39	self.assertEqual(floatformat(Decimal('09.000')), '9')
	40	+ self.assertEqual(
	41	+ floatformat(Decimal("123456.123456789012345678901"), 21),
	42	+ "123456.123456789012345678901",
	43	+ )
	44	self.assertEqual(floatformat('foo'), '')
	45	self.assertEqual(floatformat(13.1031, 'bar'), '13.1031')
	46	self.assertEqual(floatformat(18.125, 2), '18.13')
	47	--
	48	2.40.0