mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-02-13 14:00:26 +00:00
Code Issues Projects Releases Wiki Activity

python3-django: upgrade 5.2.9 -> 5.2.11

Browse Source 
Dropped patch that is included in this release.

Ptests passed:
Ran 18131 tests in 450.882s

OK (skipped=1389, expected failures=5)

Changelog:
5.2.11:
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285,
CVE-2026-1287 and CVE-2026-1312

5.2.10:
* Fixed a bug in Django 5.2 where data exceeding max_length was silently
  truncated by QuerySet.bulk_create on PostgreSQL.

* Fixed a bug where management command colorized help (introduced in
  Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-02-10 20:19:22 +01:00
committed by Khem Raj
parent 12deb70ea8
commit 8fdf6a64c0
3 changed files with 5 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
meta-python/recipes-devtools/python/python3-django/0001-Fix-test_strip_tags-test.patch
View File

@@ -1,76 +0,0 @@
From 7b80b2186300620931009fd62c2969f108fe7a62 Mon Sep 17 00:00:00 2001
From: Jacob Walls <jacobtylerwalls@gmail.com>
Date: Thu, 11 Dec 2025 08:44:19 -0500
Subject: [PATCH] Refs #36499 -- Adjusted test_strip_tags following Python
behavior change for incomplete entities.
Upstream-Status: Backport [https://github.com/django/django/commit/7b80b2186300620931009fd62c2969f108fe7a62]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
tests/utils_tests/test_html.py | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index 7412c2624c73..ee115aaf1cf2 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -1,3 +1,4 @@
+import math
import os
import sys
from datetime import datetime
@@ -124,7 +125,7 @@
# old and new results. The check below is temporary until all supported
# Python versions and CI workers include the fix. See:
# https://github.com/python/cpython/commit/6eb6c5db
- min_fixed = {
+ min_fixed_security = {
(3, 14): (3, 14),
(3, 13): (3, 13, 6),
(3, 12): (3, 12, 12),
@@ -132,7 +133,21 @@
(3, 10): (3, 10, 19),
(3, 9): (3, 9, 24),
}
- htmlparser_fixed = sys.version_info >= min_fixed[sys.version_info[:2]]
+ # Similarly, there was a fix for terminating incomplete entities. See:
+ # https://github.com/python/cpython/commit/95296a9d
+ min_fixed_incomplete_entities = {
+ (3, 14): (3, 14, 1),
+ (3, 13): (3, 13, 10),
+ (3, 12): (3, 12, math.inf), # not fixed in 3.12.
+ }
+ major_version = sys.version_info[:2]
+ htmlparser_fixed_security = sys.version_info >= min_fixed_security.get(
+ major_version, major_version
+ )
+ htmlparser_fixed_incomplete_entities = (
+ sys.version_info
+ >= min_fixed_incomplete_entities.get(major_version, major_version)
+ )
items = (
(
"<p>See: &#39;&eacute; is an apostrophe followed by e acute</p>",
@@ -159,16 +174,19 @@
# https://bugs.python.org/issue20288
("&gotcha&#;<>", "&gotcha&#;<>"),
("<sc<!-- -->ript>test<<!-- -->/script>", "ript>test"),
- ("<script>alert()</script>&h", "alert()h"),
+ (
+ "<script>alert()</script>&h",
+ "alert()&h;" if htmlparser_fixed_incomplete_entities else "alert()h",
+ ),
(
"><!" + ("&" * 16000) + "D",
- ">" if htmlparser_fixed else "><!" + ("&" * 16000) + "D",
+ ">" if htmlparser_fixed_security else "><!" + ("&" * 16000) + "D",
),
("X<<<<br>br>br>br>X", "XX"),
("<" * 50 + "a>" * 50, ""),
(
">" + "<a" * 500 + "a",
- ">" if htmlparser_fixed else ">" + "<a" * 500 + "a",
+ ">" if htmlparser_fixed_security else ">" + "<a" * 500 + "a",
),
("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
("<" + "a" * 1_002, "<" + "a" * 1_002),