mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

python3-werkzeug: upgrade 2.1.1 -> 2.1.2

Browse Source 
Changelog:
==========
    The development server does not set Transfer-Encoding: chunked for 1xx, 204, 304, and HEAD responses.
    Response HTML for exceptions and redirects starts with <!doctype html> and <html lang=en>.
    Fix ability to set some cache_control attributes to False.
    Disable keep-alive connections in the development server, which are not supported sufficiently by Python’s http.server.

Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0704ebad0d)

Rebased patches in Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Xu Huan
2026-01-16 08:38:08 +01:00
committed by Gyorgy Sarvari
parent 01098510f3
commit b7ab23179d
3 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
+2 -3
View File
@@ -27,15 +27,14 @@ diff --git a/CHANGES.rst b/CHANGES.rst
index 6e809ba..13ef75b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,6 +4,9 @@
@@ -4,6 +4,8 @@
``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
attack where a larger number of form/file parts would result in disproportionate
resource use.
+- A cookie header that starts with ``=`` is treated as an empty key and discarded,
+ rather than stripping the leading ``==``.
+
Version 2.1.1
Version 2.1.2
-------------
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index a8b3523..d6290ba 100644
meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
+3 -3
View File
@@ -25,15 +25,15 @@ index a351d7c..6e809ba 100644
+++ b/CHANGES.rst
@@ -1,5 +1,10 @@
.. currentmodule:: werkzeug
+- Specify a maximum number of multipart parts, default 1000, after which a
+ ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
+ attack where a larger number of form/file parts would result in disproportionate
+ resource use.
+
Version 2.1.1
Version 2.1.2
-------------
diff --git a/docs/request_data.rst b/docs/request_data.rst
index 83c6278..e55841e 100644
--- a/docs/request_data.rst
meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb → meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
+1 -1
View File
@@ -18,7 +18,7 @@ SRC_URI += "file://CVE-2023-25577.patch \
file://CVE-2024-34069-0002.patch \
file://CVE-2024-49767.patch"
SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74"
SRC_URI[sha256sum] = "1ce08e8093ed67d638d63879fd1ba3735817f7a80de3674d293f5984f25fb6e6"
inherit pypi setuptools3