diff mbox series

[meta-python,kirkstone,4/5] python3-django: fix regression from CVE-2024-24680 patch

Message ID 20260114073440.210915-4-skandigraun@gmail.com
State New
Headers show
Series [meta-python,kirkstone,1/5] python3-twisted: patch CVE-2022-24801 | expand

Commit Message

Gyorgy Sarvari Jan. 14, 2026, 7:34 a.m. UTC 
This change is for python3-django_2.2.28.

The patch that mitigated CVE-2024-246680 accidentally also brought
a regression, some numbers were converted to (human-friendly) string incorrectly.

This backported patch mitigates this problem.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 ...172-Fixed-intcomma-for-string-floats.patch | 30 +++++++++++++++++++
 .../python/python3-django_2.2.28.bb           |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch b/meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch
new file mode 100644
index 0000000000..75b816ab55
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch
@@ -0,0 +1,30 @@ 
+From 820af24fcaae817ab7c0733035673afc3b37eeac Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Thu, 8 Feb 2024 10:58:54 +0100
+Subject: [PATCH] Fixed #35172 -- Fixed intcomma for string floats.
+
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+
+Thanks Warwick Brown for the report.
+
+Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.
+
+Upstream-Status: Backport [https://github.com/django/django/commit/2f14c2cedc9c92373471c1f98a80c81ba299584a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ django/contrib/humanize/templatetags/humanize.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/django/contrib/humanize/templatetags/humanize.py b/django/contrib/humanize/templatetags/humanize.py
+index ee22a45..8490b5e 100644
+--- a/django/contrib/humanize/templatetags/humanize.py
++++ b/django/contrib/humanize/templatetags/humanize.py
+@@ -77,6 +77,8 @@ def intcomma(value, use_l10n=True):
+     if match:
+         prefix = match[0]
+         prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1]
++        # Remove a leading comma, if needed.
++        prefix_with_commas = re.sub(r"^(-?),", r"\1", prefix_with_commas)
+         result = prefix_with_commas + result[len(prefix) :]
+     return result
+ 
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 8e826b9b61..72485295a7 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -34,6 +34,7 @@  SRC_URI += "file://CVE-2023-31047.patch \
             file://CVE-2025-64459.patch \
             file://Fix-undefined-_lazy_re_compile.patch \
             file://Fix-missing-JSONField-in-django.db.mo.patch \
+            file://0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch \
            "
 
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"