helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 10:59:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.27.bb
Gyorgy Sarvari a627e747a7
python3-django: upgrade 4.2.20 -> 4.2.27 
Upstream has switched from setuptools3 build backend to setuptools_build_meta,
however their setuptools requirements are higher than what's available in oe-core.
As a workaround, add a patch that lowers the requirements. This change has been
tested by successfully executing the django test suite in qemu (without Selenium tests).

Changes:
4.2.27: https://docs.djangoproject.com/en/6.0/releases/4.2.27/
- Fix CVE-2025-13372
- Fix CVE-2025-64460
- Fixed a regression in Django 4.2.26 where DisallowedRedirect was raised by
  HttpResponseRedirect and HttpResponsePermanentRedirect for URLs longer than 2048 characters.
  The limit is now 16384 characters

4.2.26: https://docs.djangoproject.com/en/6.0/releases/4.2.26/
- Fix CVE-2025-64458
- Fix CVE-2025-64459

4.2.25: https://docs.djangoproject.com/en/6.0/releases/4.2.25/
- Fix CVE-2025-59681
- Fix CVE-2025-59682

4.2.24: https://docs.djangoproject.com/en/6.0/releases/4.2.24/
- Fix CVE-2025-57833

4.2.23: https://docs.djangoproject.com/en/6.0/releases/4.2.23/
- Fix CVE-2025-48432

4.2.22: https://docs.djangoproject.com/en/6.0/releases/4.2.22/
- Fix CVE-2025-48432

4.2.21: https://docs.djangoproject.com/en/6.0/releases/4.2.21/
- Change build backend
- Fix CVE-2025-32873
- Fixed a data corruption possibility in file_move_safe() when
  allow_overwrite=True, where leftover content from a previously larger file could
  remain after overwriting with a smaller one due to lack of truncation
- Fixed a regression in Django 4.2.20, introduced when fixing CVE 2025-26699,
  where the wordwrap template filter did not preserve empty lines between paragraphs
  after wrapping text

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-26 10:04:44 +05:30

18 lines
514 B
BlitzBasic
Raw Blame History

require python-django.inc
inherit python_setuptools_build_meta
SRC_URI += "file://0001-lower-setuptools-requirements.patch"
SRC_URI[sha256sum] = "b865fbe0f4a3d1ee36594c5efa42b20db3c8bbb10dff0736face1c6e4bda5b92"
RDEPENDS:${PN} += "\
python3-sqlparse \
python3-asgiref \
"
PYPI_PACKAGE = "django"
# Set DEFAULT_PREFERENCE so that the LTS version of django is built by
# default. To build the 4.x branch,
# PREFERRED_VERSION_python3-django = "4.2.%" can be added to local.conf
DEFAULT_PREFERENCE = "-1"
Reference in New Issue View Git Blame Copy Permalink