From patchwork Wed Mar 23 17:33:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 5758 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E671C433EF for ; Wed, 23 Mar 2022 17:34:00 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.160.1648056833721455900 for ; Wed, 23 Mar 2022 10:33:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=pps06212021 header.b=E+w7CW7i; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=00811796c1=trevor.gamblin@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22NDeW2s014831 for ; Wed, 23 Mar 2022 17:33:53 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from : to : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=PPS06212021; bh=rZrEnb5PdYnBA+By9vygHuXUlPVG5jn+/74jJhpTsfY=; b=E+w7CW7iyUpVY3NJPycRe7679LTvY/H4biMcFb5WyUIikDR5BW9j5mQSt5RrlH1a9IRo zvWo/0iJWz/YUVgcl7Bln350tCJsrUUOxI+XlcYk8UB8FMe/JkIyzFJ4FhAD8f0qqyCM qEG68fGN6o1XYelfTcWplCiOcCpGctljoxNP+TdYMVYWJF7/VXDn9cs9HSXFkkmU89SX k2I5RePDf4F9HqSqkkeD05VgW1CxX3CZSDpywNKSEP1tO0YnOU6DhVDlGqBRbA1l+9k5 VQ2PVc2KwTWSbmGVKAIYn8KVJEiXkdGyKcLSkC+OEGHMPjHI/zS38WytmCdTlBG5jglk mg== Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2102.outbound.protection.outlook.com [104.47.58.102]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3ew4d03qup-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 23 Mar 2022 17:33:52 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kSFPsp8GKIRHUW115us0T7+0f/3ixL4ZDfPcPCf/CJpAOubZjC4NNa4Du1pIUxj0tIBYliua3t+ECY+EX43imrp0C9xwFmI82SjHlor67r8MiEuLJK3oHoYu1byn8i3k7HUs9feVVWnaodf4P/75ZqyqYc8EeO9bYbPd+IarxeD2Ao0RyY/BAk3T8ZTJeWGmKDGau5Ii+NfQJhp8UzWve4n+LoTesN+/zhmYb4Elym/Dx4jq1XXDl0N/JOKjOFoDXO/bHNpm8qePV+ueWy53JC8uMAsRd0+L0dQBQYEvKP+y1iYag0yl6s/JrJv+r0fKPBifgBapw62LvCT1xrbeyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rZrEnb5PdYnBA+By9vygHuXUlPVG5jn+/74jJhpTsfY=; b=PXhP1gBf2s5Qci6qQp0X33Uu2U9Emy80Cg1Xha0flvPjYupJ0FnbsW6vxxpEL0tVhO9ik9TveybYX+BQRdEzZWkhCgXDlgr+rHUITFyEqMvOkKI5QHOdSobqjEO81B8OJnbAkngK2fT0lMM9R4UxyBNk0rOO4qjFUdy+AgB5K9JBRRKZRBi8K5NrpAHxLN5uHpOAQr7nZY2xowwKVvmcnqygwmUYg+NRXjuzfZ9HndDITUk8q93bAeKC/o6TS0mmhAtmZeg3xPRiC/gAeZERS/GxarTJeRIuKJjxry4oxsXev6581FaoSUr3zml3qF2dp8wwbG40rs0VnwZahO3tEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from BY5PR11MB3909.namprd11.prod.outlook.com (2603:10b6:a03:191::13) by BN8PR11MB3844.namprd11.prod.outlook.com (2603:10b6:408:91::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Wed, 23 Mar 2022 17:33:48 +0000 Received: from BY5PR11MB3909.namprd11.prod.outlook.com ([fe80::c1c7:209:c28f:67dc]) by BY5PR11MB3909.namprd11.prod.outlook.com ([fe80::c1c7:209:c28f:67dc%3]) with mapi id 15.20.5081.023; Wed, 23 Mar 2022 17:33:48 +0000 From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][hardknott][PATCH 1/2] python3-django: upgrade 2.2.24 -> 2.2.27 Date: Wed, 23 Mar 2022 13:33:31 -0400 Message-Id: <20220323173332.16576-1-trevor.gamblin@windriver.com> X-Mailer: git-send-email 2.33.0 X-ClientProxiedBy: YQBPR0101CA0141.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:e::14) To BY5PR11MB3909.namprd11.prod.outlook.com (2603:10b6:a03:191::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c1d9f7c2-b6be-4d42-b51b-08da0cf34938 X-MS-TrafficTypeDiagnostic: BN8PR11MB3844:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SxGOIrdSIp+JJ9wHoQlUug+gCCrkOx/+HY0sEHYhxa3Ik2uopnWoZBXyoXTsqLsO1OOhL8GxjQIuQ6PQuWxQWhx8T3yPIN2MWvjbnRo9GYvDw8CC+3DrMAkIDPFYBHfKjlM6DMN05+F5u4RZ0iEK7YvoeELh2Br2wifD55glTwgJuKsrVhXZy86dKwiIH0kkKW3J6tpP7reCdOvWirIfIBBmeWh+WDQwiY2PxYWY2J9OTfP7Rg21nCvVtziiGFelKhyfVtoHfD5FPFCUx1LGz0SjhFN/IMPDjGTDrDtmphvJM+QQjFx7lPPNo3QF8sZzYdk1bk346VPUTUkN9y2a0sRiINdQT2xwQ54Ani//Ei4lnan4qAfhAealM/o+8djLFK+DbqnODfAIHnUQG6NlkjprodSDkVfBcyIB2CX/K/WbcZZrUTnQD6r4K3gvXosKelhZWmV2N4l4BfktiHdJYlyHHEsYRa/uMwc+KkvtI+B9Ktcu7cMQ5pALJUdGZT704vISJeq3VXq0w0IG6Rweqd1EkkbNNAwYOGvJ8ksU3UrBvBWkqSbInr20yv8VupairlHq+kNcD8wTQiRzeyaNi6nHEs0szDhl04rGuB9v+pEzWQFhVV2bJu5vfNRNLT+4X73p/3Z+gBMBDbMSWr26ed9vjWzqjwhKAHw61dcRvqKlDtR67mUJKkXDAnK/yCH/ZIbVqDThVkOZ7xxgs1tC2g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB3909.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(316002)(6916009)(66556008)(66476007)(8676002)(66946007)(1076003)(36756003)(6486002)(8936002)(5660300002)(44832011)(508600001)(86362001)(26005)(186003)(2906002)(38100700002)(6666004)(38350700002)(6512007)(6506007)(52116002)(2616005)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: PLBMokOVcT5WhNzrPtVe1QuNQ4F1cuR8R6j8q7cLoKvdZPFN05AgBwxf3FwNR35ItzfukzR5xw0/zApAPm1jLmBnIRVur75x7J9wI6zchXwHnrmen6/PzMMTj9I4fnvVaAAG0GKzLKJFvgJ4i+BJgDEj070GtLn2OuohipC33lwHCBctClQQFN5KJMfuvsgNvlyO/XGITU3RQC3lSRBFJE2fddGXO+zQYvUrT80SOcptWuyYb3J0yPBDk0jlm9OiTbGDfGzsncpv+beT8l2ltbgDdf96MBqK98bTGKOY99a6EwDy+fqZFiEAUUF8fRkEippZUo8ZYgyTSkOL+qMiyWjns3v1KOCpskO2Gl3P53PEFJ9a8R0N9Jv9HpbfpLbSO1lB4CGu8HRy98JtdNoXbL0W85yl24CM93SG8KTQEXo6V0J0Ej0E4eiYsQfCEOzSOzCGuhUv2klkQZyZbH/nBl1JTrQWaEHzpSX9bZFg32rID74yey6vpxpVaNFuGbWYK7Z/0qxSY9WIskZO/61oPoN64n0J55m7nFzf/xcqy42t72B2tXdpQrgr/1b30m1N6IG2IGPupWw8C4Ma/uqJ4CrgS6RICgRm2qnEheNtNyWCxS8oYg9AjCK6elk5DYRwy693msV1zxKxRvCyx8OHX8uyy2ZwZixL/YLRnG7jzMrzDjCwSL9Elhkw85fKQ7/3z2r8VOBGcnxV4bTK9fVRuOFDqrpcPc8Uq8XuMUCwO8foPk5i6Y9sU4erwFf27UD9XLia1BpA1XiwBBR+Wa7fi5wB6m41kF+o4GoeVXrAlsa/v7zsWizcqNDvZnLc9dpDRLyJpEmmhMujrgcZCoLnWplknHT6IJ/91do9IxVgYGV9CIMwUGplvCTgrED2ZeHwmiBDjHChjzInIxwQmVXqXlCvd3JtB43nofof97v5WPBYvuDnRuUbNIEbVSWb6SuoY9mJE0w7KoHT5ixTE8nv+ynlgIo8L5AWMa8B2/kiI5XmyNFmEZDGnK7yU4Q6elguRV+2/Bbt048Mp138TfH7uuq6fzuA41ufgL9jvJTofc6Sgt8EA51YzlrOBcBNmEVhY63G6fVl3whti5IPvqOV0YcyDgv2rzViVQKD9QiW2tEirPCfmMXgETiZODwyb/is1tpTX2c4rWUuDiTd4Ht6wSzVGaqPaRG9tPoTsykSkEafn1ip42xs4EmQ/L9kvGDgSeh5YMEDHDCD3TQNK9JyYpjtB868XLZDxxwDbAFKUESb0Pg+Lv1qf8hQsqtKYsyTUzUvQJ/GtdtyOL2h2B4WX+cSx1g4c9Ar946dCNsyT/RrWtY0Mvrf/DC5BrBnXnNRD9EW6DEPUOyAUlIeSSLUA+2rbVnV+KwI7OE4aHy6UVPPAJiBD0ujbw9XotJ7d6MN/pzDJHP2frfvjxKWHrTCRs9ztbHZlvkl/OanHI030hVGl3Pk9D2+v9ExPJRJYiL+HYcZpGnLqmMthcaL5CjpOA== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: c1d9f7c2-b6be-4d42-b51b-08da0cf34938 X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB3909.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Mar 2022 17:33:48.0603 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Qb+PzjP+jRkLyIQr2iQtCyHy3MUWudmod68igf6DsnKuan6H3hUbXCKzsAw8MV3HU+c3h5aobegL6nqjyaYFnU8y07aRUcW8EHkk41yhyIU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3844 X-Proofpoint-GUID: 0I-tQ1x-QugrpsbYaJiNDe76oJgVNpui X-Proofpoint-ORIG-GUID: 0I-tQ1x-QugrpsbYaJiNDe76oJgVNpui X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-23_07,2022-03-23_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 mlxscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 impostorscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203230093 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 23 Mar 2022 17:34:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/96164 The delta between 2.2.24 and 2.2.27 contain numerous CVE and other bugfixes. git log --oneline 2.2.24..2.2.27 shows: e541f2d05b (tag: 2.2.27) [2.2.x] Bumped version for 2.2.27 release. c477b76180 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. c27a7eb9f4 [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 4cafd3aacb [2.2.x] Added stub release notes 2.2.27. 77d0fe5868 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. e085d46e4b [2.2.x] Post-release version bump. 44e7cca623 (tag: 2.2.26) 2.2.x] Bumped version for 2.2.26 release. 4cb35b384c [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. c9f648ccfa [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 2135637fdd [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. 03b733d8a8 [2.2.x] Added stub release notes for 2.2.26 release. b87820668e [2.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. 573e70ea48 [2.2.x] Added CVE-2021-44420 to security archive. 8439938602 [2.2.x] Post-release version bump. 79d8dcefb2 (tag: 2.2.25) [2.2.x] Bumped version for 2.2.25 release. 7cf7d74e8a [2.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 0007a5f9fa [2.2.x] Added requirements.txt to files ignored by Sphinx builds. fac0fdd95d [2.2.x] Added stub release notes for 2.2.25. 4bc10b7955 [2.2.x] Fixed crash building HTML docs since Sphinx 4.3. 5289fcfffe [2.2.x] Configured Read The Docs to build all formats. 9a4a2b2089 [2.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 029c830b71 [2.2.x] Fixed #33247 -- Added configuration for Read The Docs. 12141e3116 [2.2.x] Refs #32856 -- Clarified that psycopg2 < 2.9 is required. cf63dd5c1b [2.2.x] Added 'formatter' to spelling wordlist. 05bc1c81aa [2.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. a9c0aa11e7 [2.2.x] Refs #31676 -- Updated technical board description in organization docs. 66008c2af0 [2.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. d4d1c2b3db [2.2.x] Refs #31676 -- Removed Core team from organization docs. 8f59f72a20 [2.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. 837ffcfa68 [2.2.x] Refs #32856 -- Doc'd that psycopg2 < 2.9 is required. dc43667eab [2.2.x] Fixed docs header underlines in security archive. 3e7bb564be [2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive. 48bde7cab4 [2.2.x] Post-release version bump. Signed-off-by: Trevor Gamblin --- .../recipes-devtools/python/python3-django_2.2.24.bb | 9 --------- .../recipes-devtools/python/python3-django_2.2.27.bb | 9 +++++++++ 2 files changed, 9 insertions(+), 9 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.24.bb create mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.27.bb diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.24.bb b/meta-python/recipes-devtools/python/python3-django_2.2.24.bb deleted file mode 100644 index 964ca6ba0..000000000 --- a/meta-python/recipes-devtools/python/python3-django_2.2.24.bb +++ /dev/null @@ -1,9 +0,0 @@ -require python-django.inc -inherit setuptools3 - -SRC_URI[md5sum] = "ebf3bbb7716a7b11029e860475b9a122" -SRC_URI[sha256sum] = "3339ff0e03dee13045aef6ae7b523edff75b6d726adf7a7a48f53d5a501f7db7" - -RDEPENDS_${PN} += "\ - ${PYTHON_PN}-sqlparse \ -" diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.27.bb b/meta-python/recipes-devtools/python/python3-django_2.2.27.bb new file mode 100644 index 000000000..7a50a6928 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django_2.2.27.bb @@ -0,0 +1,9 @@ +require python-django.inc +inherit setuptools3 + +SRC_URI[md5sum] = "4af3aeed9e515ccde107ae6a9804c31f" +SRC_URI[sha256sum] = "1ee37046b0bf2b61e83b3a01d067323516ec3b6f2b17cd49b1326dd4ba9dc913" + +RDEPENDS_${PN} += "\ + ${PYTHON_PN}-sqlparse \ +" From patchwork Wed Mar 23 17:33:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 5757 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 713ABC433EF for ; Wed, 23 Mar 2022 17:33:54 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.170.1648056833246414878 for ; Wed, 23 Mar 2022 10:33:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=pps06212021 header.b=lV7uzTJh; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=00811796c1=trevor.gamblin@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22NDeW2r014831 for ; Wed, 23 Mar 2022 17:33:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from : to : subject : date : message-id : in-reply-to : references : content-transfer-encoding : content-type : mime-version; s=PPS06212021; bh=QXojoHF/bfRgdF06rxozYylYDltCGnBfkTeJPVni4Mc=; b=lV7uzTJhk+F0n1YfZ8DW/Hw5mcjovLh/SPq284+uxLw1Os0G6kymrSvk/dff1u/ovorj BjZAGwV4/8A+972H78Qz7R1THgsDiZ0pTyK0IzJInGP4rbaU7MxAWSqhPMtPiug+1OtD GnmMyyC4C6tIwtPfeJp2Mzk9AZQvSBcgHc2u/zBmFe0OVwvUnxZjTSQEb+xz66WqFEhW os/tU/7WLPb7glcVp1yudIwGccfmXOMPDZrjG5aBjK97MwHHBv15g52HMp8K+LsjmPFM Z340AdFjdo9MF+U9kdijPSq/K+RhvvX8c3gP27N4UL+o99crSN3Ha2rNlhsElu9wjU6W TA== Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2102.outbound.protection.outlook.com [104.47.58.102]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3ew4d03qup-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 23 Mar 2022 17:33:52 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k3VZt4ycPj++SMmVPWRBYFbMpBFdNyoJARF6ODJWl5NzDA2/mYv9Vj/LrSCX93UtpmUik1xgxIZBWGFSvx5GKG+MgMk0qpzGZCwcEXSfxqtAitdoux+QNv/IyrH19wwmWLWvQbVmy4sBtHWkrZxNQ2ZGdsrU/ZspmH2KemjasIktYZ1+GKkiegwE0xpR0ZIiOX/jvxhWhfed1Bu224BlW+T98LnP3a7mEDVCnAMydipluHWHKL8PPyADTEaw39/nCSonpepA1au6CobXjyM6Hq3msbZ2p4/Q0jv5eIRf0eKG8LWoCPFKqUbGMA7uGG8wA3QFxCtDtW8igkXGmTTLwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QXojoHF/bfRgdF06rxozYylYDltCGnBfkTeJPVni4Mc=; b=hQEBglPGHb1yxREqgYy2+CIzxwhLMHLytBGuBhgd2t6/pbpiJK/qUNfvSpvFv0zTgJPwalbC1dWH4g1KVjgKDJncFr8Qyxh7k5bhYA32Ljmcid8jKM46+PHeT5i8S4mvEy6jIbraYiZr4NdpuWx4GwiJEVQr1gGiFA4FhfgVgiJ1EfHCyhA7VbK42HJxhswEPE/LrfPCAGXAuBQz5zR5CSpSye+FxK2JYS0KSWfcrhQg/gHSaTbx2l76PzBXb2ENQvpRHFfmjkmdHj2Ti1Oxm8KvlIL1KRh88nS+l/BAWtLB0XWyKNL9nb5smZ59sPVWau4/tNocxXU8G0fhcha8Yg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from BY5PR11MB3909.namprd11.prod.outlook.com (2603:10b6:a03:191::13) by BN8PR11MB3844.namprd11.prod.outlook.com (2603:10b6:408:91::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Wed, 23 Mar 2022 17:33:49 +0000 Received: from BY5PR11MB3909.namprd11.prod.outlook.com ([fe80::c1c7:209:c28f:67dc]) by BY5PR11MB3909.namprd11.prod.outlook.com ([fe80::c1c7:209:c28f:67dc%3]) with mapi id 15.20.5081.023; Wed, 23 Mar 2022 17:33:49 +0000 From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][hardknott][PATCH 2/2] python3-django: upgrade 3.2.5 -> 3.2.12 Date: Wed, 23 Mar 2022 13:33:32 -0400 Message-Id: <20220323173332.16576-2-trevor.gamblin@windriver.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20220323173332.16576-1-trevor.gamblin@windriver.com> References: <20220323173332.16576-1-trevor.gamblin@windriver.com> X-ClientProxiedBy: YQBPR0101CA0141.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:e::14) To BY5PR11MB3909.namprd11.prod.outlook.com (2603:10b6:a03:191::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7a6be199-f417-45d5-a715-08da0cf34a11 X-MS-TrafficTypeDiagnostic: BN8PR11MB3844:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VWfciE6Rrd24bPqhc+x+tBqTeAtywlMUSKQFa4X2ILf8QECxphKDoeX0Ltn8vs9wpPf7e2PSXaP4vJVQ19e6OoMrgM+705GT3/28OVqXVVXKAxFjTewCAnj0FelAuyYUVjDgc3l04lZYafsiC7ESpbzUCC4CT+NaH2oKTr0+K01Iv9w3C4bFK1c4hL95AiJ49sMypPYz14dBthrpcqahvkR2IXiaRXSA7dJMyyxaHZ3DaNOr4cywxBTDoEJDPXBFGsTnUPU2H1szPatK9tD5DExJE79yGahDZ8FmUuzw/yZXdMccZZwOC2e13u28xh4hsH09+4wr/SnjnE5/Vd8mSoPmI0wyI2DnsbxIv9rKiaN3yl0Kk9MUS7byvLrrFJACWypQLVOPlzWQzWRbvEA/KPURNnQO58sJW97O1J3WEVGZ/2kjQOPEr6cS/Bw81YSqpJRSdtCPCkULtEsOzVrNZlxHJrLdG7skBWCYlsOIgky5G68m5AMZ0CWVdIwNMH9IAt7qDcOUj7JjBWa7arh75w3ZudiJUCbYLyDnoLOIUJuj811ueH+IKxbxKoSxh/8v0YVp3CertPkHBdDLUSt9G6rRD7ONOQPeVVA1a81ShIvU64Dd9bKJ8zCr9bk+Mzfw86G5sm9jWtRu7lwjXZGWVOFJY9OFCjxKB1C4QKDTZp/6oc+Ix8l6QDh+l7EUqoBuEyBHbdH4N1mzt/80r3cunw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB3909.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(316002)(6916009)(66556008)(66476007)(8676002)(66946007)(1076003)(36756003)(6486002)(8936002)(5660300002)(44832011)(508600001)(86362001)(26005)(186003)(2906002)(38100700002)(6666004)(38350700002)(6512007)(6506007)(52116002)(2616005)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: D+B+Xs4KnqCGDC2IPvZi/pZ98DeXaH/VdJouLZ4YBjcEo0Qpgh15naXa2KzLfKVuf3gJTTlhv25y+CB1E0Os5RhszINsNhPaKW0z/OWq9OfcTv4y4KjE0qopjGurS2FsTok2os/G2yTmVW+GK/dfnVFbtxUD7sCKQzCFDSwV6EYukp4BZJnjCLP+v11viyvtuNrRH+Q7WlL7MDbNitFdzFpgNIJ1KWpRl9b0kq/IdZKJKgC6dms5n1jzREYyYeU2Bb6CUKyWl3ePR+pU8X2Y6Fuu1Rmfsc684D1YG59aGC0US5p7gcDiGWWD9uAW5N0KiHyYkadPzgBKOLo/R+Tpq/dpa8dnPGyUI9cdc1k7zR4jXNfWnsnS7BM9DMhrRo0rKSrjagf1dc9KXrJlJhVu4IFdWUDM9p23850ufDakOO7XNRApATOImUEiSzK+ld+o8M3UAbEJ4tLH3Vqv/7++NbNZ28jeCCbvimlHgIzuTmCih/HaBD/YBxnXM3Xct2Gnbd8Cr3AKhFDH5dt4msiTpFjsQfGmNQxPi1goRFQYtlXM9YP0gjBQbCi3H9DGsQZVY/8WNxURVJ3nW5DUC8YpjHi33LC2Jvhy+aT7AA6ZWTzvSRMEUoymIq/cOd1fIkT0VcH9ZInobkxdpPPqxgnCQnxFJGPXJG8AV5ys3L3Q7DO9GXqIaTaDziJpGLLoMhNfkeH+hl0dFK2D9904MAk1J+4BM7d/EULi8LgWtrtyryDGlO8gQJIwJ+P3VFuEhDMVakA0HOId+yxWrX3Ud8F1HJes47h4TLOYcehOwd7eTEs5csdEn5DeRfZXOD1DPsnB7brwajcD64mauHYsFC7wuszBXUvaJkWgsXTcwPuYTI9kp+IKcZOo5rNBVg6IGAJlYpUp2iCKgkuazu1Kdlz3k3CiMXiIJiVYQRstGmsvvgDyr+FTTuARPo5+/gM5wo2gnlyGOGGJyQBedgVpDralEg3+uSv5ifxY7RLXch7EWQPqkvA8zsa8K8n6S2v06YVXhrpoBx52Ltf9zf+eQlpy5NPcbOgqrCfbSdaCbquwPk4bMDkApFN7zQYP4RxpVZJYYkkVnH6yr8ubmYAHDoiTHMbi+6c9UAlVx1QYwE0NFSsngqcD6gLt5gnSxH9DJLM8qsv9nUVnVaa1sfrIVUaCmlWqkxwS7mvKVPSB2+WaTMqRIbzXHpuzq4Si6JrJ70zgRys58kerg260b1qy5wPY8M+P9HvG+pSe3vEhS3uuwDj8sR6vjlfr1v9P6mJOdQHPXD42IwTX5eRhOwz8zP2JrPfmlrFa1Ri/dAdxZLZ7QoBk5Zu5uP+XXffEQJvGDYaBoiqC5zZvqQqSVpnOGGCugIxH2Hil3To8GOhZC4K9ItY0wkznxrNo0tkQKikWO79Ys94IFAiM/vBo+dbzsBxwdYGBDz/tZiwnxyXrf9GwG1Erep/h2ozVr33HvsnyfXuqRfvACBlBESHsy/fM7Ri2kQ== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7a6be199-f417-45d5-a715-08da0cf34a11 X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB3909.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Mar 2022 17:33:48.8259 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 87ILYmTK1zunPpo5eBVczgeCUgf4FfWblKtw0VtcTA3sqUMdSxnj5BWX1yhWiNiBbXCS+icM+zGpYEz7H7YPspgtuFmYX32+4rU1QzENLVc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3844 X-Proofpoint-GUID: cP-tl3E44I2C8UcmPy_OUe6AYm4K_FbC X-Proofpoint-ORIG-GUID: cP-tl3E44I2C8UcmPy_OUe6AYm4K_FbC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-23_07,2022-03-23_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 mlxscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 impostorscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203230093 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 23 Mar 2022 17:33:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/96163 The delta between 3.2.5 and 3.2.12 contain numerous CVE and other bugfixes. git log --oneline 3.2.5..3.2.12 shows: fdf209eab8 (tag: 3.2.12) [3.2.x] Bumped version for 3.2.12 release. d16133568e [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 1a1e8278c4 [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. a7e89fe776 [3.2.x] Added stub release notes for 3.2.12 and 2.2.27. 027f4c4ceb [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security archive. 0a9a46a1d7 [3.2.x] Post-release version bump. 6e499a28ac (tag: 3.2.11) [3.2.x] Bumped version for 3.2.11 release. 8d2f7cff76 [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. c7fe895bca [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. a8b32fe13b [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator. b0aa0709a5 [3.2.x] Added stub release notes for 3.2.11, and 2.2.26 releases. ae242235db [3.2.x] Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. ecd2793897 [3.2.x] Added CVE-2021-44420 to security archive. 1cea03ab00 [3.2.x] Post-release version bump. 0153a63a67 (tag: 3.2.10) [3.2.x] Bumped version for 3.2.10 release. 333c656030 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths. 6014b812e2 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_callable_default() crash on Oracle. cb724ef6c0 [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField on PostgreSQL. 0cf2d48ba8 [3.2.x] Added requirements.txt to files ignored by Sphinx builds. 487a2da02e [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25. 742d6bc8db [3.2.x] Corrected signatures of QuerySet's methods. 99532fdadf [3.2.x] Corrected isort example in coding style docs. 31539a63f2 [3.2.x] Corrected "pip install" call in coding style docs. 76a0a8a917 [3.2.x] Configured Read The Docs to build all formats. 04e66e245d [3.2.x] Fixed crash building HTML docs since Sphinx 4.3. dfa1145a22 [3.2.x] Corrected multiply defined labels in docs. 9d171643d4 [3.2.x] Refs #33247 -- Corrected configuration for Read The Docs. 327dac6e7c [3.2.x] Fixed #33247 -- Added configuration for Read The Docs. bc691d555e [3.2.x] Corrected module reference in contributing tutorial. 3357ad2de2 [3.2.x] Fixed typo in docs/topics/logging.txt. 34e5e61479 [3.2.x] Added stub release notes for Django 3.2.10. 21a56d596a [3.2.x] Post-release version bump. 1b3c0d3b54 (tag: 3.2.9) [3.2.x] Bumped version for 3.2.9 release. e299cc2d2c [3.2.x] Added release date for 3.2.9. 947d2707c6 [3.2.x] Added Google Cloud Spanner to list of third-party DB backends. 128179c0f8 [3.2.x] Refs #33182 -- Adjusted custom admin theming example to use correct template block. f5802a21c4 [3.2.x] Fixed #33194 -- Fixed migrations when altering a field with functional indexes on SQLite. fdc1c6435c [3.2.x] Fixed #33198 -- Corrected BinaryField.max_length docs. dbcd81841f [3.2.x] Refs #32074 -- Removed usage of deprecated asyncore and smtpd modules. 137a9899d7 [3.2.x] Refs #27131 -- Removed SMTPBackendTests.test_server_login(). 1128291650 [3.2.x] Added 'formatter' to spelling wordlist. 82fee0446d [3.2.x] Refs #32074 -- Doc'd Python 3.10 compatibility in Django 3.2.x. 1aed4663c3 [3.2.x] Refs #32074 -- Added Python 3.10 to classifiers and tox.ini. 53fad80ffe [3.2.x] Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop() on Python 3.7+. f6726fdc3e [3.2.x] Refs #32074 -- Fixed find_module()/find_loader() warnings on Python 3.10+. d0dc446444 [3.2.x] Refs #32074 -- Removed usage of deprecated Thread.setDaemon(). 8bebb1c04a [3.2.x] Refs #32074 -- Removed usage of Python's deprecated distutils.version package. faeae84dad [3.2.x] Skipped test_archive tests when bz2/lzma module is not installed. 329311ecbd [3.2.x] Added stub release notes for Django 3.2.9. 85e4af6a22 [3.2.x] Post-release version bump. 4540e976d4 (tag: 3.2.8) [3.2.x] Bumped version for 3.2.8 release. 65367b0500 [3.2.x] Added release date for 3.2.7. 51e4dbfeb2 [3.2.x] Refs #27694 -- Doc'd lookups that can be chained with HStoreField key transforms. 031ffc5c84 [3.2.x] Corrected field and model check messages in docs. 7607fe922f [3.2.x] Removed obsolete GEOS 3.5 requirement note. 6760f4fa25 [3.2.x] Fixed #33083 -- Fixed selecting all items in the admin changelist when actions are both top and bottom. e235c7815a [3.2.x] Fixed broken links and redirects in docs. 51e76c922f [3.2.x] Used :rfc: role in docs/topics/conditional-view-processing.txt. d4a587a5fa [3.2.x] Fixed #33077 -- Fixed links to related models for admin's readonly fields in custom admin site. 561a1c0905 [3.2.x] Fixed typo in docs/intro/reusable-apps.txt. 454ee4d3b8 [3.2.x] Corrected outputs and made cosmetic edits in GeoDjango tutorial. b51e0a37cf [3.2.x] Doc'd Jinja2 form renderer. a7be74d017 [3.2.x] Clarified type of Window()'s partition_by and order_by arguments. 54684a3ec0 [3.2.x] Refs #31055 -- Doc'd 'databases' argument of check functions. 1f86ff31b1 [3.2.x] Fixed typo in docs/topics/i18n/formatting.txt. b61f44c339 [3.2.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on Python 3.9.7+. 707239eabf [3.2.x] Added stub release notes for Django 3.2.8. d5710f405a [3.2.x] Post-release version bump. 45a0c54b67 (tag: 3.2.7) [3.2.x] Bumped version for 3.2.7 release. 4b80a40272 [3.2.x] Added release date for 3.2.7. 4e55806720 [3.2.x] Refs #25264 -- Doc's that not all default options are supported by every management command. fe3a854e1d [3.2.x] Fixed #32992 -- Restored offset extraction for fixed offset timezones. 382374a360 [3.2.x] Corrected BaseDatabaseSchemaEditor.execute() signature in docs. 11b2cbb65f [3.2.x] Made sentence about Model consistent in docs. 69009f4952 [3.2.x] Fixed #33046 -- Added note about using length of cached result by QuerySet.count(). d95a0144e5 [3.2.x] Used backend vendors in custom model fields docs. 358e65a5cd [3.2.x] Fixed #33030 -- Fixed broken links to GDAL docs. d29a9ed504 [3.2.x] The geodjango mailing list moved to the Django Forum. eb26b8a0fe [3.2.x] The django-i18n mailing list moved to the Django Forum. 6bb74f3de8 [3.2.x] Fixed some broken links and redirects in docs. f18da11b8a [3.2.x] Updated BaseDatabaseFeatures link in testing tools docs. 2c46e55314 [3.2.x] Clarified URL patterns in tutorial 3. 87e7399760 [3.2.x] Added stub release notes for Django 3.2.7. e1cad66dca [3.2.x] Post-release version bump. eb0f298e76 (tag: 3.2.6) [3.2.x] Bumped version for 3.2.6 release. 70840232f9 [3.2.x] Confirmed release date for Django 3.2.6. d9e05ea17a [3.2.x] Refs #31676 -- Updated technical board description in organization docs. 99d9a3ef7c [3.2.x] Refs #31676 -- Added Mergers and Releasers to organization docs. ed29959812 [3.2.x] Refs #31676 -- Removed Core team from organization docs. 55daaa0c79 [3.2.x] Made minor edits to QuerySet.update_or_create() docs. 5fa70c91b4 [3.2.x] Fixed typo in docs/ref/contrib/admin/index.txt. aace6c531d [3.2.x] Fixed #32933 -- Documented BoundField.initial as preferred over Form.get_initial_for_field(). bdd4cbe84a [3.2.x] Fixed #32957 -- Improved visibility of arguments sections in Model.save() docs. b2f7b53fac [3.2.x] Fixed #32947 -- Fixed hash() crash on reverse M2M relation when through_fields is a list. de5a044cf4 [3.2.x] Fixed #32950 -- Removed myproject from imports in admin docs where appropriate. f4cf86f870 [3.2.x] Refs #32949 -- Adjusted release note wording. 1346381760 [3.2.x] Fixed #32949 -- Restored invalid number handling in DecimalField.validate(). 05e997c404 [3.2.x] Fixed typo in docs/ref/databases.txt. 9a65e62c93 [3.2.x] Fixed typo in docs/releases/3.1.13.txt. 0ee092c8dd [3.2.x] Fixed typo in docs/topics/signals.txt. b7d25d025e [3.2.x] Fixed typo in docs/internals/deprecation.txt. 6931963886 [3.2.x] Fixed typo in docs/internals/contributing/committing-code.txt. f36edbc378 [3.2.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references in docs. 527482c513 [3.2.x] Fixed typo in docs/ref/contrib/gis/tutorial.txt. 1d53d2502d [3.2.x] Documented in_bulk behavior with nonexistent id_list items. 9fadb97583 [3.2.x] Added CVE-2021-35042 to security archive. 92efd69107 [3.2.x] Added stub release notes for Django 3.2.6. 3ab942f10a [3.2.x] Post-release version bump. Signed-off-by: Trevor Gamblin --- .../{python3-django_3.2.5.bb => python3-django_3.2.12.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-django_3.2.5.bb => python3-django_3.2.12.bb} (77%) diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.5.bb b/meta-python/recipes-devtools/python/python3-django_3.2.12.bb similarity index 77% rename from meta-python/recipes-devtools/python/python3-django_3.2.5.bb rename to meta-python/recipes-devtools/python/python3-django_3.2.12.bb index 5890c8541..ee71f953b 100644 --- a/meta-python/recipes-devtools/python/python3-django_3.2.5.bb +++ b/meta-python/recipes-devtools/python/python3-django_3.2.12.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd" +SRC_URI[sha256sum] = "9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2" RDEPENDS_${PN} += "\ ${PYTHON_PN}-sqlparse \