[hardknott 01/15] python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)

Home Messages Hashtags Subgroups

#92387

[hardknott 01/15] python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)

Armin Kuster #92387 From: Trevor Gamblin <trevor.gamblin@...> 3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input. Additional release notes: - Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(…, named=True) after prefetch_related() (#32812). - Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable (#32503). - Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value (#32832). - Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label (#32863). There is no corresponding uprev for the 2.x LTS branch since it is already at the latest version (2.2.24). Signed-off-by: Trevor Gamblin <trevor.gamblin@...> Signed-off-by: Khem Raj <raj.khem@...> Signed-off-by: Trevor Gamblin <trevor.gamblin@...> (cherry picked from commit fe50bd100548500842667210df9757d84ec11b16) Signed-off-by: Joe Slater <joe.slater@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../python/{python3-django_3.2.4.bb => python3-django_3.2.5.bb} \| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-django_3.2.4.bb => python3-django_3.2.5.bb} (77%) diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb similarity index 77% rename from meta-python/recipes-devtools/python/python3-django_3.2.4.bb rename to meta-python/recipes-devtools/python/python3-django_3.2.5.bb index 52504885e5..5890c85419 100644 --- a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb +++ b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296" +SRC_URI[sha256sum] = "3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd" RDEPENDS_${PN} += "\ ${PYTHON_PN}-sqlparse \ -- 2.25.1
More All Messages By This Member

#92387

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.

Home Hashtags Subgroups Terms