python3-django: upgrade 5.0.11 -> 5.0.14

Drop patch merged in the upstream. Release notes: https://docs.djangoproject.com/en/dev/releases/5.0.12/ https://docs.djangoproject.com/en/dev/releases/5.0.13/ https://docs.djangoproject.com/en/dev/releases/5.0.14/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-31 13:38:06 +00:00 · 2025-12-09 07:57:42 +13:00 · 2025-12-09 07:57:42 +13:00 · 873297afaa
commit 873297afaa
parent 4d1817df45
2 changed files with 1 additions and 103 deletions
--- a/meta-python/recipes-devtools/python/python3-django/CVE-2025-26699.patch
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2025-26699.patch
@ -1,100 +0,0 @@
-From 5fd7c868791b635ef20d2991cc028516b9021dd4 Mon Sep 17 00:00:00 2001
-From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
-Date: Tue, 25 Feb 2025 09:40:54 +0100
-Subject: [PATCH] [5.0.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in
- wordwrap template filter.
-
-Thanks sw0rd1ight for the report.
-
-Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
-
-CVE: CVE-2025-26699
-Upstream-Status: Backport [https://github.com/django/django/commit/e88f7376fe68]
-
-Backport Changes:
- The fix has been adapted from the upstream Django v4.2.20 patch for
-  CVE-2025-26699, applied to the python3-django_5.0.11.bb recipe.
-
- The upstream patch includes changes to a 4.2.20.txt release-note file.
-  This file does not exist in the Django 5.0.11 source tree, so it was
-  intentionally omitted from this backport.
-
- Only the relevant code changes from the upstream patch were applied.
-  No functional differences exist in the vulnerable logic between
-  Django 4.2.x and 5.0.x.
-
-(cherry picked from commit e88f7376fe68dbf4ebaf11fad1513ce700b45860)
-Signed-off-by: Anil Dongare <adongare@cisco.com>
---
- django/utils/text.py                          | 28 +++++++------------
- .../filter_tests/test_wordwrap.py             | 11 ++++++++
- 2 files changed, 21 insertions(+), 18 deletions(-)
-
-diff --git a/django/utils/text.py b/django/utils/text.py
-index d992f80dd2..36ab6a9efc 100644
--- a/django/utils/text.py
-+++ b/django/utils/text.py
-@@ -1,6 +1,7 @@
- import gzip
- import re
- import secrets
-+import textwrap
- import unicodedata
- from gzip import GzipFile
- from gzip import compress as gzip_compress
-@@ -97,24 +98,15 @@ def wrap(text, width):
-     ``width``.
-     """
- 
-    def _generator():
-        for line in text.splitlines(True):  # True keeps trailing linebreaks
-            max_width = min((line.endswith("\n") and width + 1 or width), width)
-            while len(line) > max_width:
-                space = line[: max_width + 1].rfind(" ") + 1
-                if space == 0:
-                    space = line.find(" ") + 1
-                    if space == 0:
-                        yield line
-                        line = ""
-                        break
-                yield "%s\n" % line[: space - 1]
-                line = line[space:]
-                max_width = min((line.endswith("\n") and width + 1 or width), width)
-            if line:
-                yield line
-
-    return "".join(_generator())
-+    wrapper = textwrap.TextWrapper(
-+        width=width,
-+        break_long_words=False,
-+        break_on_hyphens=False,
-+    )
-+    result = []
-+    for line in text.splitlines(True):
-+        result.extend(wrapper.wrap(line))
-+    return "\n".join(result)
- 
- 
- def add_truncation_text(text, truncate=None):
-diff --git a/tests/template_tests/filter_tests/test_wordwrap.py b/tests/template_tests/filter_tests/test_wordwrap.py
-index 88fbd274da..4afa1dd234 100644
--- a/tests/template_tests/filter_tests/test_wordwrap.py
-+++ b/tests/template_tests/filter_tests/test_wordwrap.py
-@@ -78,3 +78,14 @@ class FunctionTests(SimpleTestCase):
-             "this is a long\nparagraph of\ntext that\nreally needs\nto be wrapped\n"
-             "I'm afraid",
-         )
-+
-+    def test_wrap_long_text(self):
-+        long_text = (
-+            "this is a long paragraph of text that really needs"
-+            " to be wrapped I'm afraid " * 20_000
-+        )
-+        self.assertIn(
-+            "this is a\nlong\nparagraph\nof text\nthat\nreally\nneeds to\nbe wrapped\n"
-+            "I'm afraid",
-+            wordwrap(long_text, 10),
-+        )
-- 
-2.43.5
-
--- a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb
+++ b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb
@ -4,9 +4,7 @@ inherit setuptools3
 # Windows-specific DoS via NFKC normalization, not applicable to Linux
 CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Windows"

-SRC_URI = "file://CVE-2025-26699.patch \
-           "
-SRC_URI[sha256sum] = "e7d98fa05ce09cb3e8d5ad6472fb602322acd1740bfdadc29c8404182d664f65"
+SRC_URI[sha256sum] = "29019a5763dbd48da1720d687c3522ef40d1c61be6fb2fad27ed79e9f655bc11"

 RDEPENDS:${PN} += "\
    python3-sqlparse \