summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python
diff options
context:
space:
mode:
Diffstat (limited to 'meta-python/recipes-devtools/python')
-rw-r--r--meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch5
-rw-r--r--meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch6
-rw-r--r--meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb (renamed from meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb)2
3 files changed, 6 insertions, 7 deletions
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
index 3a0f4324a1..268a29b368 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
@@ -27,15 +27,14 @@ diff --git a/CHANGES.rst b/CHANGES.rst
27index 6e809ba..13ef75b 100644 27index 6e809ba..13ef75b 100644
28--- a/CHANGES.rst 28--- a/CHANGES.rst
29+++ b/CHANGES.rst 29+++ b/CHANGES.rst
30@@ -4,6 +4,9 @@ 30@@ -4,6 +4,8 @@
31 ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS 31 ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
32 attack where a larger number of form/file parts would result in disproportionate 32 attack where a larger number of form/file parts would result in disproportionate
33 resource use. 33 resource use.
34+- A cookie header that starts with ``=`` is treated as an empty key and discarded, 34+- A cookie header that starts with ``=`` is treated as an empty key and discarded,
35+ rather than stripping the leading ``==``. 35+ rather than stripping the leading ``==``.
36+
37 36
38 Version 2.1.1 37 Version 2.1.2
39 ------------- 38 -------------
40diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py 39diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
41index a8b3523..d6290ba 100644 40index a8b3523..d6290ba 100644
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
index 61551d8fca..351f939b78 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
@@ -25,15 +25,15 @@ index a351d7c..6e809ba 100644
25+++ b/CHANGES.rst 25+++ b/CHANGES.rst
26@@ -1,5 +1,10 @@ 26@@ -1,5 +1,10 @@
27 .. currentmodule:: werkzeug 27 .. currentmodule:: werkzeug
28 28
29+- Specify a maximum number of multipart parts, default 1000, after which a 29+- Specify a maximum number of multipart parts, default 1000, after which a
30+ ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS 30+ ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
31+ attack where a larger number of form/file parts would result in disproportionate 31+ attack where a larger number of form/file parts would result in disproportionate
32+ resource use. 32+ resource use.
33+ 33+
34 Version 2.1.1 34 Version 2.1.2
35 ------------- 35 -------------
36 36
37diff --git a/docs/request_data.rst b/docs/request_data.rst 37diff --git a/docs/request_data.rst b/docs/request_data.rst
38index 83c6278..e55841e 100644 38index 83c6278..e55841e 100644
39--- a/docs/request_data.rst 39--- a/docs/request_data.rst
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
index 0a18a48406..3c50d19173 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
@@ -18,7 +18,7 @@ SRC_URI += "file://CVE-2023-25577.patch \
18 file://CVE-2024-34069-0002.patch \ 18 file://CVE-2024-34069-0002.patch \
19 file://CVE-2024-49767.patch" 19 file://CVE-2024-49767.patch"
20 20
21SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74" 21SRC_URI[sha256sum] = "1ce08e8093ed67d638d63879fd1ba3735817f7a80de3674d293f5984f25fb6e6"
22 22
23inherit pypi setuptools3 23inherit pypi setuptools3
24 24