From ecf359d2562795ca8de18f12f117cd654c30965e Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Mon, 19 Jan 2026 18:55:02 +0100 Subject: python3-werkzeug: upgrade 3.1.4 -> 3.1.5 Contains fix for CVE-2026-21860 Changelog: - safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. - The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. - Fix AttributeError when initializing DebuggedApplication with pin_security=False. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../python/python3-werkzeug_3.1.4.bb | 26 ---------------------- .../python/python3-werkzeug_3.1.5.bb | 26 ++++++++++++++++++++++ 2 files changed, 26 insertions(+), 26 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb create mode 100644 meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb deleted file mode 100644 index 0886dbfef1..0000000000 --- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb +++ /dev/null @@ -1,26 +0,0 @@ -SUMMARY = "The comprehensive WSGI web application library" -DESCRIPTION = "\ -Werkzeug started as simple collection of various utilities for WSGI \ -applications and has become one of the most advanced WSGI utility modules. \ -It includes a powerful debugger, full featured request and response objects, \ -HTTP utilities to handle entity tags, cache control headers, HTTP dates, \ -cookie handling, file uploads, a powerful URL routing system and a bunch \ -of community contributed addon modules." -HOMEPAGE = "https://werkzeug.palletsprojects.com" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" - -SRC_URI[sha256sum] = "cd3cd98b1b92dc3b7b3995038826c68097dcb16f9baa63abe35f20eafeb9fe5e" - -CVE_PRODUCT = "werkzeug" - -inherit pypi python_flit_core - -RDEPENDS:${PN} += " \ - python3-markupsafe \ - python3-logging \ - python3-profile \ - python3-compression \ - python3-json \ - python3-difflib \ -" diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb new file mode 100644 index 0000000000..1df88b78d0 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb @@ -0,0 +1,26 @@ +SUMMARY = "The comprehensive WSGI web application library" +DESCRIPTION = "\ +Werkzeug started as simple collection of various utilities for WSGI \ +applications and has become one of the most advanced WSGI utility modules. \ +It includes a powerful debugger, full featured request and response objects, \ +HTTP utilities to handle entity tags, cache control headers, HTTP dates, \ +cookie handling, file uploads, a powerful URL routing system and a bunch \ +of community contributed addon modules." +HOMEPAGE = "https://werkzeug.palletsprojects.com" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" + +SRC_URI[sha256sum] = "6a548b0e88955dd07ccb25539d7d0cc97417ee9e179677d22c7041c8f078ce67" + +CVE_PRODUCT = "werkzeug" + +inherit pypi python_flit_core + +RDEPENDS:${PN} += " \ + python3-markupsafe \ + python3-logging \ + python3-profile \ + python3-compression \ + python3-json \ + python3-difflib \ +" -- cgit v1.2.3-54-g00ecf