diff mbox series

[meta-python,whinlatter,18/20] python3-werkzeug: upgrade 3.1.4 -> 3.1.5

Message ID 20260205065955.1267785-18-skandigraun@gmail.com
State New
Headers show
Series [meta-python,whinlatter,01/20] python3-cbor2: patch CVE-2025-68131 | expand

Commit Message

Gyorgy Sarvari Feb. 5, 2026, 6:59 a.m. UTC 
Contains fix for CVE-2026-21860

Changelog:
- safe_join on Windows does not allow more special device names,
  regardless of extension or surrounding spaces.
- The multipart form parser handles a \r\n sequence at a chunk boundary.
  This fixes the previous attempt, which caused incorrect content lengths.
- Fix AttributeError when initializing DebuggedApplication with pin_security=False.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ecf359d2562795ca8de18f12f117cd654c30965e)

From the release notes:
This is the Werkzeug 3.1.5 security fix release, which fixes security issues
and bugs but does not otherwise change behavior and should not result in
breaking changes compared to the latest feature release.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../{python3-werkzeug_3.1.4.bb => python3-werkzeug_3.1.5.bb}    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-werkzeug_3.1.4.bb => python3-werkzeug_3.1.5.bb} (90%)
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb
similarity index 90%
rename from meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb
rename to meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb
index 2cfb5864b1..b92711ea04 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb
@@ -10,7 +10,7 @@  HOMEPAGE = "https://werkzeug.palletsprojects.com"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462"
 
-SRC_URI[sha256sum] = "cd3cd98b1b92dc3b7b3995038826c68097dcb16f9baa63abe35f20eafeb9fe5e"
+SRC_URI[sha256sum] = "6a548b0e88955dd07ccb25539d7d0cc97417ee9e179677d22c7041c8f078ce67"
 
 inherit pypi python_flit_core