From 6be4e223cb7d71dabe6fdcaa3b0f622b1c8df741 Mon Sep 17 00:00:00 2001 From: Fathi Boudra Date: Fri, 16 Feb 2024 11:42:03 +0100 Subject: python3-django: upgrade to Django 4.2.10 LTS release Django 4.0.x is no longer supported since April 2023. Upgrade to the latest 4.x LTS release. Fixes CVEs: CVE-2024-24680: Potential denial-of-service in intcomma template filter CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field Signed-off-by: Fathi Boudra Signed-off-by: Khem Raj --- .../recipes-devtools/python/python3-django_4.0.2.bb | 14 -------------- .../recipes-devtools/python/python3-django_4.2.10.bb | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-django_4.0.2.bb create mode 100644 meta-python/recipes-devtools/python/python3-django_4.2.10.bb (limited to 'meta-python/recipes-devtools/python') diff --git a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb b/meta-python/recipes-devtools/python/python3-django_4.0.2.bb deleted file mode 100644 index 7f933d1a37..0000000000 --- a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb +++ /dev/null @@ -1,14 +0,0 @@ -require python-django.inc -inherit setuptools3 - -SRC_URI[sha256sum] = "110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a" - -RDEPENDS:${PN} += "\ - ${PYTHON_PN}-sqlparse \ - ${PYTHON_PN}-asgiref \ -" - -# Set DEFAULT_PREFERENCE so that the LTS version of django is built by -# default. To build the 4.x branch, -# PREFERRED_VERSION_python3-django = "4.0.2" can be added to local.conf -DEFAULT_PREFERENCE = "-1" diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.10.bb b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb new file mode 100644 index 0000000000..45de692356 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb @@ -0,0 +1,14 @@ +require python-django.inc +inherit setuptools3 + +SRC_URI[sha256sum] = "b1260ed381b10a11753c73444408e19869f3241fc45c985cd55a30177c789d13" + +RDEPENDS:${PN} += "\ + ${PYTHON_PN}-sqlparse \ + ${PYTHON_PN}-asgiref \ +" + +# Set DEFAULT_PREFERENCE so that the LTS version of django is built by +# default. To build the 4.x branch, +# PREFERRED_VERSION_python3-django = "4.0.2" can be added to local.conf +DEFAULT_PREFERENCE = "-1" -- cgit v1.2.3-54-g00ecf