mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
python3-django: fix CVE-2023-36053 patch
This change is for python3-django_2.2.28. The patch was accidentally backported incorrectly. The patch in general introduces a field-length restrictrion on the email input fields, however the patch was backported in a way that the restriction was applied on file input fields instead of email fields. This change amends the patch in a way to restrict the email field. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
+43
@@ -0,0 +1,43 @@
|
|||||||
|
From 85fd44420b007be726b502e3be58f56b0e44cc08 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
Date: Thu, 15 Jan 2026 13:36:01 +0100
|
||||||
|
Subject: [PATCH] Fix patch for CVE-2023-36053
|
||||||
|
|
||||||
|
The patch was accidentally backported incorrectly. The patch in general
|
||||||
|
introduces a field-length restrictrion on the email input fields, however
|
||||||
|
the patch was backported in a way that the restriction was applied on
|
||||||
|
file input fields instead of email fields.
|
||||||
|
|
||||||
|
This change amends the patch in a way to restrict the email field.
|
||||||
|
|
||||||
|
CVE: CVE-2023-36053
|
||||||
|
Upstream-Status: Inappropriate [Backport specific]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
django/forms/fields.py | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/django/forms/fields.py b/django/forms/fields.py
|
||||||
|
index b3156b9..bbb135f 100644
|
||||||
|
--- a/django/forms/fields.py
|
||||||
|
+++ b/django/forms/fields.py
|
||||||
|
@@ -523,6 +523,9 @@ class EmailField(CharField):
|
||||||
|
default_validators = [validators.validate_email]
|
||||||
|
|
||||||
|
def __init__(self, **kwargs):
|
||||||
|
+ # The default maximum length of an email is 320 characters per RFC 3696
|
||||||
|
+ # section 3.
|
||||||
|
+ kwargs.setdefault("max_length", 320)
|
||||||
|
super().__init__(strip=True, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
@@ -542,9 +545,6 @@ class FileField(Field):
|
||||||
|
def __init__(self, *, max_length=None, allow_empty_file=False, **kwargs):
|
||||||
|
self.max_length = max_length
|
||||||
|
self.allow_empty_file = allow_empty_file
|
||||||
|
- # The default maximum length of an email is 320 characters per RFC 3696
|
||||||
|
- # section 3.
|
||||||
|
- kwargs.setdefault("max_length", 320)
|
||||||
|
super().__init__(**kwargs)
|
||||||
|
|
||||||
|
def to_python(self, data):
|
||||||
@@ -44,6 +44,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
|
|||||||
file://0001-Fixed-test_utils.tests.HTMLEqualTests.test_parsing_e.patch \
|
file://0001-Fixed-test_utils.tests.HTMLEqualTests.test_parsing_e.patch \
|
||||||
file://0001-Made-RemoteTestResultTest.test_pickle_errors_detecti.patch \
|
file://0001-Made-RemoteTestResultTest.test_pickle_errors_detecti.patch \
|
||||||
file://0001-fix-quote-type-in-expected-error-message.patch \
|
file://0001-fix-quote-type-in-expected-error-message.patch \
|
||||||
|
file://0001-Fix-patch-for-CVE-2023-36053.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
|
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
|
||||||
|
|||||||
Reference in New Issue
Block a user