summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-django/Fix-missing-JSONField-in-django.db.mo.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django/Fix-missing-JSONField-in-django.db.mo.patch')
-rw-r--r--meta-python/recipes-devtools/python/python3-django/Fix-missing-JSONField-in-django.db.mo.patch77
1 files changed, 77 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/Fix-missing-JSONField-in-django.db.mo.patch b/meta-python/recipes-devtools/python/python3-django/Fix-missing-JSONField-in-django.db.mo.patch
new file mode 100644
index 0000000000..95a31305a4
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/Fix-missing-JSONField-in-django.db.mo.patch
@@ -0,0 +1,77 @@
1From c019f2cb6fbe266e09c71cd890a22cbce3769b05 Mon Sep 17 00:00:00 2001
2From: Haixiao Yan <haixiao.yan.cn@windriver.com>
3Date: Tue, 13 Jan 2026 14:44:32 +0800
4Subject: [PATCH] python3-django: Fix missing JSONField in django.db.models
5
6Fix the following error introduced by CVE-2024-42005.patch:
7
8AttributeError: module 'django.db.models' has no attribute 'JSONField'
9
10The patch assumes JSONField is available from django.db.models, which
11is not the case for this Django version.
12
13Revert the changes in the following files to restore compatibility:
14tests/expressions/models.py
15tests/expressions/test_queryset_values.py
16
17Upstream-Status: Inappropriate [Fix the regression in the previous fix for CVE-2024-42005]
18
19Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
20---
21 tests/expressions/models.py | 7 -------
22 tests/expressions/test_queryset_values.py | 17 ++---------------
23 2 files changed, 2 insertions(+), 22 deletions(-)
24
25diff --git a/tests/expressions/models.py b/tests/expressions/models.py
26index fb8093849cba..33f7850ac16e 100644
27--- a/tests/expressions/models.py
28+++ b/tests/expressions/models.py
29@@ -97,10 +97,3 @@ class UUID(models.Model):
30
31 def __str__(self):
32 return "%s" % self.uuid
33-
34-
35-class JSONFieldModel(models.Model):
36- data = models.JSONField(null=True)
37-
38- class Meta:
39- required_db_features = {"supports_json_field"}
40diff --git a/tests/expressions/test_queryset_values.py b/tests/expressions/test_queryset_values.py
41index bd52b8efc194..0804531869d9 100644
42--- a/tests/expressions/test_queryset_values.py
43+++ b/tests/expressions/test_queryset_values.py
44@@ -1,8 +1,8 @@
45 from django.db.models.aggregates import Sum
46 from django.db.models.expressions import F
47-from django.test import TestCase, skipUnlessDBFeature
48+from django.test import TestCase
49
50-from .models import Company, Employee, JSONFieldModel
51+from .models import Company, Employee
52
53
54 class ValuesExpressionsTests(TestCase):
55@@ -36,19 +36,6 @@ class ValuesExpressionsTests(TestCase):
56 with self.assertRaisesMessage(ValueError, msg):
57 Company.objects.values(**{crafted_alias: F("ceo__salary")})
58
59- @skipUnlessDBFeature("supports_json_field")
60- def test_values_expression_alias_sql_injection_json_field(self):
61- crafted_alias = """injected_name" from "expressions_company"; --"""
62- msg = (
63- "Column aliases cannot contain whitespace characters, quotation marks, "
64- "semicolons, or SQL comments."
65- )
66- with self.assertRaisesMessage(ValueError, msg):
67- JSONFieldModel.objects.values(f"data__{crafted_alias}")
68-
69- with self.assertRaisesMessage(ValueError, msg):
70- JSONFieldModel.objects.values_list(f"data__{crafted_alias}")
71-
72 def test_values_expression_group_by(self):
73 # values() applies annotate() first, so values selected are grouped by
74 # id, not firstname.
75--
762.34.1
77
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-15 02:58:51 +0000