From 5cae540dd45a02a65b8f36c4a37e752ac6afee3a Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Thu, 5 Feb 2026 07:59:53 +0100 Subject: python3-werkzeug: upgrade 3.1.4 -> 3.1.5 Contains fix for CVE-2026-21860 Changelog: - safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. - The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. - Fix AttributeError when initializing DebuggedApplication with pin_security=False. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit ecf359d2562795ca8de18f12f117cd654c30965e) From the release notes: This is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal --- .../python/python3-werkzeug_3.1.4.bb | 24 ---------------------- .../python/python3-werkzeug_3.1.5.bb | 24 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 24 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb create mode 100644 meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb (limited to 'meta-python/recipes-devtools/python') diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb deleted file mode 100644 index 2cfb5864b1..0000000000 --- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb +++ /dev/null @@ -1,24 +0,0 @@ -SUMMARY = "The comprehensive WSGI web application library" -DESCRIPTION = "\ -Werkzeug started as simple collection of various utilities for WSGI \ -applications and has become one of the most advanced WSGI utility modules. \ -It includes a powerful debugger, full featured request and response objects, \ -HTTP utilities to handle entity tags, cache control headers, HTTP dates, \ -cookie handling, file uploads, a powerful URL routing system and a bunch \ -of community contributed addon modules." -HOMEPAGE = "https://werkzeug.palletsprojects.com" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" - -SRC_URI[sha256sum] = "cd3cd98b1b92dc3b7b3995038826c68097dcb16f9baa63abe35f20eafeb9fe5e" - -inherit pypi python_flit_core - -RDEPENDS:${PN} += " \ - python3-markupsafe \ - python3-logging \ - python3-profile \ - python3-compression \ - python3-json \ - python3-difflib \ -" diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb new file mode 100644 index 0000000000..b92711ea04 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb @@ -0,0 +1,24 @@ +SUMMARY = "The comprehensive WSGI web application library" +DESCRIPTION = "\ +Werkzeug started as simple collection of various utilities for WSGI \ +applications and has become one of the most advanced WSGI utility modules. \ +It includes a powerful debugger, full featured request and response objects, \ +HTTP utilities to handle entity tags, cache control headers, HTTP dates, \ +cookie handling, file uploads, a powerful URL routing system and a bunch \ +of community contributed addon modules." +HOMEPAGE = "https://werkzeug.palletsprojects.com" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" + +SRC_URI[sha256sum] = "6a548b0e88955dd07ccb25539d7d0cc97417ee9e179677d22c7041c8f078ce67" + +inherit pypi python_flit_core + +RDEPENDS:${PN} += " \ + python3-markupsafe \ + python3-logging \ + python3-profile \ + python3-compression \ + python3-json \ + python3-difflib \ +" -- cgit v1.2.3-54-g00ecf