[hardknott 01/15] python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)

Armin Kuster

From: Trevor Gamblin <trevor.gamblin@...>

3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized
QuerySet.order_by() input.

Additional release notes:

- Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values_list(…, named=True) after prefetch_related() (#32812).
- Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+
when altering BinaryField, JSONField, or TextField to non-nullable
- Fixed a regression in Django 3.2 that caused a migration crash on MySQL
8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a
default value (#32832).
- Fixed a bug in Django 3.2 where a system check would crash on a model
with an invalid app_label (#32863).

There is no corresponding uprev for the 2.x LTS branch since it is
already at the latest version (2.2.24).

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
Signed-off-by: Khem Raj <raj.khem@...>
Signed-off-by: Trevor Gamblin <trevor.gamblin@...>

(cherry picked from commit fe50bd100548500842667210df9757d84ec11b16)

Signed-off-by: Joe Slater <joe.slater@...>
Signed-off-by: Armin Kuster <akuster808@...>
.../python/{python3-django_3.2.4.bb => python3-django_3.2.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-django_3.2.4.bb => python3-django_3.2.5.bb} (77%)

diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb
similarity index 77%
rename from meta-python/recipes-devtools/python/python3-django_3.2.4.bb
rename to meta-python/recipes-devtools/python/python3-django_3.2.5.bb
index 52504885e5..5890c85419 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb
@@ -1,7 +1,7 @@
require python-django.inc
inherit setuptools3

-SRC_URI[sha256sum] = "66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296"
+SRC_URI[sha256sum] = "3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd"

RDEPENDS_${PN} += "\
${PYTHON_PN}-sqlparse \

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.