From b7ab23179d01d442802721f2100e0409aa17e32a Mon Sep 17 00:00:00 2001
From: Xu Huan <xuhuan.fnst@fujitsu.com>
Date: Fri, 16 Jan 2026 08:38:08 +0100
Subject: python3-werkzeug: upgrade 2.1.1 -> 2.1.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Changelog:
==========
    The development server does not set Transfer-Encoding: chunked for 1xx, 204, 304, and HEAD responses.
    Response HTML for exceptions and redirects starts with <!doctype html> and <html lang=en>.
    Fix ability to set some cache_control attributes to False.
    Disable keep-alive connections in the development server, which are not supported sufficiently by Python’s http.server.

Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0704ebad0d31eec1737e0313b0f221085a9e8166)

Rebased patches in Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../python/python3-werkzeug/CVE-2023-23934.patch   |  5 +--
 .../python/python3-werkzeug/CVE-2023-25577.patch   |  6 +--
 .../python/python3-werkzeug_2.1.1.bb               | 48 ----------------------
 .../python/python3-werkzeug_2.1.2.bb               | 48 ++++++++++++++++++++++
 4 files changed, 53 insertions(+), 54 deletions(-)
 delete mode 100644 meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
 create mode 100644 meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb

(limited to 'meta-python/recipes-devtools/python')

diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
index 3a0f4324a1..268a29b368 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
@@ -27,15 +27,14 @@ diff --git a/CHANGES.rst b/CHANGES.rst
 index 6e809ba..13ef75b 100644
 --- a/CHANGES.rst
 +++ b/CHANGES.rst
-@@ -4,6 +4,9 @@
+@@ -4,6 +4,8 @@
      ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
      attack where a larger number of form/file parts would result in disproportionate
      resource use.
 +-   A cookie header that starts with ``=`` is treated as an empty key and discarded,
 +    rather than stripping the leading ``==``.
-+
  
- Version 2.1.1
+ Version 2.1.2
  -------------
 diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
 index a8b3523..d6290ba 100644
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
index 61551d8fca..351f939b78 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
@@ -25,15 +25,15 @@ index a351d7c..6e809ba 100644
 +++ b/CHANGES.rst
 @@ -1,5 +1,10 @@
  .. currentmodule:: werkzeug
-
+ 
 +-   Specify a maximum number of multipart parts, default 1000, after which a
 +    ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
 +    attack where a larger number of form/file parts would result in disproportionate
 +    resource use.
 +
- Version 2.1.1
+ Version 2.1.2
  -------------
-
+ 
 diff --git a/docs/request_data.rst b/docs/request_data.rst
 index 83c6278..e55841e 100644
 --- a/docs/request_data.rst
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
deleted file mode 100644
index 0a18a48406..0000000000
--- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
+++ /dev/null
@@ -1,48 +0,0 @@
-SUMMARY = "The Swiss Army knife of Python web development"
-DESCRIPTION = "\
-Werkzeug started as simple collection of various utilities for WSGI \
-applications and has become one of the most advanced WSGI utility modules. \
-It includes a powerful debugger, full featured request and response objects, \
-HTTP utilities to handle entity tags, cache control headers, HTTP dates, \
-cookie handling, file uploads, a powerful URL routing system and a bunch \
-of community contributed addon modules."
-HOMEPAGE = "http://werkzeug.pocoo.org/"
-LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
-
-PYPI_PACKAGE = "Werkzeug"
-
-SRC_URI += "file://CVE-2023-25577.patch \
-            file://CVE-2023-23934.patch \
-            file://CVE-2024-34069-0001.patch \
-            file://CVE-2024-34069-0002.patch \
-            file://CVE-2024-49767.patch"
-
-SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74"
-
-inherit pypi setuptools3
-
-CLEANBROKEN = "1"
-
-RDEPENDS:${PN} += " \
-    ${PYTHON_PN}-datetime \
-    ${PYTHON_PN}-difflib \
-    ${PYTHON_PN}-email \
-    ${PYTHON_PN}-html \
-    ${PYTHON_PN}-io \
-    ${PYTHON_PN}-json \
-    ${PYTHON_PN}-logging \
-    ${PYTHON_PN}-netclient \
-    ${PYTHON_PN}-netserver \
-    ${PYTHON_PN}-numbers \
-    ${PYTHON_PN}-pkgutil \
-    ${PYTHON_PN}-pprint \
-    ${PYTHON_PN}-simplejson \
-    ${PYTHON_PN}-threading \
-    ${PYTHON_PN}-unixadmin \
-    ${PYTHON_PN}-misc \
-    ${PYTHON_PN}-profile \
-"
-
-# Windows-only vulnerabilities
-CVE_CHECK_IGNORE = "CVE-2024-49766 CVE-2025-66221 CVE-2026-21860"
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
new file mode 100644
index 0000000000..3c50d19173
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
@@ -0,0 +1,48 @@
+SUMMARY = "The Swiss Army knife of Python web development"
+DESCRIPTION = "\
+Werkzeug started as simple collection of various utilities for WSGI \
+applications and has become one of the most advanced WSGI utility modules. \
+It includes a powerful debugger, full featured request and response objects, \
+HTTP utilities to handle entity tags, cache control headers, HTTP dates, \
+cookie handling, file uploads, a powerful URL routing system and a bunch \
+of community contributed addon modules."
+HOMEPAGE = "http://werkzeug.pocoo.org/"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
+
+PYPI_PACKAGE = "Werkzeug"
+
+SRC_URI += "file://CVE-2023-25577.patch \
+            file://CVE-2023-23934.patch \
+            file://CVE-2024-34069-0001.patch \
+            file://CVE-2024-34069-0002.patch \
+            file://CVE-2024-49767.patch"
+
+SRC_URI[sha256sum] = "1ce08e8093ed67d638d63879fd1ba3735817f7a80de3674d293f5984f25fb6e6"
+
+inherit pypi setuptools3
+
+CLEANBROKEN = "1"
+
+RDEPENDS:${PN} += " \
+    ${PYTHON_PN}-datetime \
+    ${PYTHON_PN}-difflib \
+    ${PYTHON_PN}-email \
+    ${PYTHON_PN}-html \
+    ${PYTHON_PN}-io \
+    ${PYTHON_PN}-json \
+    ${PYTHON_PN}-logging \
+    ${PYTHON_PN}-netclient \
+    ${PYTHON_PN}-netserver \
+    ${PYTHON_PN}-numbers \
+    ${PYTHON_PN}-pkgutil \
+    ${PYTHON_PN}-pprint \
+    ${PYTHON_PN}-simplejson \
+    ${PYTHON_PN}-threading \
+    ${PYTHON_PN}-unixadmin \
+    ${PYTHON_PN}-misc \
+    ${PYTHON_PN}-profile \
+"
+
+# Windows-only vulnerabilities
+CVE_CHECK_IGNORE = "CVE-2024-49766 CVE-2025-66221 CVE-2026-21860"
-- 
cgit v1.2.3-54-g00ecf