mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

python3-django: fix CVE-2023-36053 patch

Browse Source 
This change is for python3-django_2.2.28.

The patch was accidentally backported incorrectly. The patch in general
introduces a field-length restrictrion on the email input fields, however
the patch was backported in a way that the restriction was applied on
file input fields instead of email fields.

This change amends the patch in a way to restrict the email field.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-15 13:40:55 +01:00
parent c8b4a0b775
commit 5974cd90a8
2 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-django/0001-Fix-patch-for-CVE-2023-36053.patch
+43
View File
@@ -0,0 +1,43 @@
From 85fd44420b007be726b502e3be58f56b0e44cc08 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 15 Jan 2026 13:36:01 +0100
Subject: [PATCH] Fix patch for CVE-2023-36053
The patch was accidentally backported incorrectly. The patch in general
introduces a field-length restrictrion on the email input fields, however
the patch was backported in a way that the restriction was applied on
file input fields instead of email fields.
This change amends the patch in a way to restrict the email field.
CVE: CVE-2023-36053
Upstream-Status: Inappropriate [Backport specific]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
django/forms/fields.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/django/forms/fields.py b/django/forms/fields.py
index b3156b9..bbb135f 100644
--- a/django/forms/fields.py
+++ b/django/forms/fields.py
@@ -523,6 +523,9 @@ class EmailField(CharField):
default_validators = [validators.validate_email]
def __init__(self, **kwargs):
+ # The default maximum length of an email is 320 characters per RFC 3696
+ # section 3.
+ kwargs.setdefault("max_length", 320)
super().__init__(strip=True, **kwargs)
@@ -542,9 +545,6 @@ class FileField(Field):
def __init__(self, *, max_length=None, allow_empty_file=False, **kwargs):
self.max_length = max_length
self.allow_empty_file = allow_empty_file
- # The default maximum length of an email is 320 characters per RFC 3696
- # section 3.
- kwargs.setdefault("max_length", 320)
super().__init__(**kwargs)
def to_python(self, data):
meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+1
View File
@@ -44,6 +44,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
file://0001-Fixed-test_utils.tests.HTMLEqualTests.test_parsing_e.patch \
file://0001-Made-RemoteTestResultTest.test_pickle_errors_detecti.patch \
file://0001-fix-quote-type-in-expected-error-message.patch \
file://0001-Fix-patch-for-CVE-2023-36053.patch \
"
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"