From: "Armin Kuster" <akuster808@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [hardknott 01/15] python3-django: upgrade 3.2.4 -> 3.2.5 (fix CVE-2021-35042)
Date: Thu, 29 Jul 2021 16:36:34 -0700 [thread overview]
Message-ID: <98e00710b7c1cf20092b8ff8fa7c01f153ff95ab.1627593245.git.akuster808@gmail.com> (raw)
In-Reply-To: <cover.1627593245.git.akuster808@gmail.com>
From: Trevor Gamblin <trevor.gamblin@windriver.com>
3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized
QuerySet.order_by() input.
Additional release notes:
- Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values_list(…, named=True) after prefetch_related() (#32812).
- Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+
when altering BinaryField, JSONField, or TextField to non-nullable
(#32503).
- Fixed a regression in Django 3.2 that caused a migration crash on MySQL
8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a
default value (#32832).
- Fixed a bug in Django 3.2 where a system check would crash on a model
with an invalid app_label (#32863).
There is no corresponding uprev for the 2.x LTS branch since it is
already at the latest version (2.2.24).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit fe50bd100548500842667210df9757d84ec11b16)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../python/{python3-django_3.2.4.bb => python3-django_3.2.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-django_3.2.4.bb => python3-django_3.2.5.bb} (77%)
diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb
similarity index 77%
rename from meta-python/recipes-devtools/python/python3-django_3.2.4.bb
rename to meta-python/recipes-devtools/python/python3-django_3.2.5.bb
index 52504885e5..5890c85419 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.4.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.5.bb
@@ -1,7 +1,7 @@
require python-django.inc
inherit setuptools3
-SRC_URI[sha256sum] = "66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296"
+SRC_URI[sha256sum] = "3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd"
RDEPENDS_${PN} += "\
${PYTHON_PN}-sqlparse \
--
2.25.1
next prev parent reply other threads:[~2021-07-29 23:36 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-29 23:36 [hardknott 00/15] Patch review July 29th Armin Kuster
2021-07-29 23:36 ` Armin Kuster [this message]
2021-07-29 23:36 ` [hardknott 02/15] redis: fix CVE-2021-29477 Armin Kuster
2021-07-29 23:36 ` [hardknott 03/15] redis: fix CVE-2021-29478 Armin Kuster
2021-07-29 23:36 ` [hardknott 04/15] mariadb: Fix configure Armin Kuster
2021-07-29 23:36 ` [hardknott 05/15] mariadb: Upgrade to 10.5.10 Armin Kuster
2021-07-29 23:36 ` [hardknott 06/15] mariadb: Include missing sys/type.h for ssize_t Armin Kuster
2021-07-29 23:36 ` [hardknott 07/15] mariadb: Fix build with clang/musl Armin Kuster
2021-07-29 23:36 ` [hardknott 08/15] mariadb: Use qemu to run cross-compiled binaries Armin Kuster
2021-07-29 23:36 ` [hardknott 09/15] mariadb: Upgrade to 10.5.11 Armin Kuster
2021-07-29 23:36 ` [hardknott 10/15] mariadb: fix failures to start install_db.service Armin Kuster
2021-07-29 23:36 ` [hardknott 11/15] vboxguestdrivers: upgrade 6.1.18 -> 6.1.20 Armin Kuster
2021-07-29 23:36 ` [hardknott 12/15] vboxguestdrivers: upgrade 6.1.20 -> 6.1.22 Armin Kuster
2021-07-29 23:36 ` [hardknott 13/15] vboxguestdrivers: add a fix for build failure with kernel 5.13 Armin Kuster
2021-07-29 23:36 ` [hardknott 14/15] hiawatha: fix url Armin Kuster
2021-07-29 23:36 ` [hardknott 15/15] python3-pillow: fix CVE-2021-34552 Armin Kuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=98e00710b7c1cf20092b8ff8fa7c01f153ff95ab.1627593245.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.