Upstream has switched from setuptools3 build backend to setuptools_build_meta, however their setuptools requirements are higher than what's available in oe-core. As a workaround, add a patch that lowers the requirements. This change has been tested by successfully executing the django test suite in qemu (without Selenium tests).
Changes: 4.2.27: https://docs.djangoproject.com/en/6.0/releases/4.2.27/ - Fix CVE-2025-13372 - Fix CVE-2025-64460 - Fixed a regression in Django 4.2.26 where DisallowedRedirect was raised by HttpResponseRedirect and HttpResponsePermanentRedirect for URLs longer than 2048 characters. The limit is now 16384 characters 4.2.26: https://docs.djangoproject.com/en/6.0/releases/4.2.26/ - Fix CVE-2025-64458 - Fix CVE-2025-64459 4.2.25: https://docs.djangoproject.com/en/6.0/releases/4.2.25/ - Fix CVE-2025-59681 - Fix CVE-2025-59682 4.2.24: https://docs.djangoproject.com/en/6.0/releases/4.2.24/ - Fix CVE-2025-57833 4.2.23: https://docs.djangoproject.com/en/6.0/releases/4.2.23/ - Fix CVE-2025-48432 4.2.22: https://docs.djangoproject.com/en/6.0/releases/4.2.22/ - Fix CVE-2025-48432 4.2.21: https://docs.djangoproject.com/en/6.0/releases/4.2.21/ - Change build backend - Fix CVE-2025-32873 - Fixed a data corruption possibility in file_move_safe() when allow_overwrite=True, where leftover content from a previously larger file could remain after overwriting with a smaller one due to lack of truncation - Fixed a regression in Django 4.2.20, introduced when fixing CVE 2025-26699, where the wordwrap template filter did not preserve empty lines between paragraphs after wrapping text Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../0001-lower-setuptools-requirements.patch | 25 +++++++++++++++++++ .../python/python3-django_4.2.20.bb | 14 ----------- .../python/python3-django_4.2.27.bb | 17 +++++++++++++ 3 files changed, 42 insertions(+), 14 deletions(-) create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.27/0001-lower-setuptools-requirements.patch delete mode 100644 meta-python/recipes-devtools/python/python3-django_4.2.20.bb create mode 100644 meta-python/recipes-devtools/python/python3-django_4.2.27.bb diff --git a/meta-python/recipes-devtools/python/python3-django-4.2.27/0001-lower-setuptools-requirements.patch b/meta-python/recipes-devtools/python/python3-django-4.2.27/0001-lower-setuptools-requirements.patch new file mode 100644 index 0000000000..5f6707467b --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django-4.2.27/0001-lower-setuptools-requirements.patch @@ -0,0 +1,25 @@ +From 10ddc1ee660ed5ee4d9aa21f751eb07a1b260b6c Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <[email protected]> +Date: Fri, 23 Jan 2026 13:49:53 +0100 +Subject: [PATCH] lower setuptools requirements + +Scarthgap ships with version 69.1.1 - adjust the requirements for that. + +Upstream-Status: Inappropriate [specific to OE LTS versions] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + pyproject.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pyproject.toml b/pyproject.toml +index 4635d0e..319b261 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -1,6 +1,6 @@ + [build-system] + requires = [ +- "setuptools>=75.8.1; python_version >= '3.9'", ++ "setuptools>=69.0.0; python_version >= '3.9'", + "setuptools<75.4.0; python_version < '3.9'", + ] + build-backend = "setuptools.build_meta" diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.20.bb b/meta-python/recipes-devtools/python/python3-django_4.2.20.bb deleted file mode 100644 index 3fb8b03224..0000000000 --- a/meta-python/recipes-devtools/python/python3-django_4.2.20.bb +++ /dev/null @@ -1,14 +0,0 @@ -require python-django.inc -inherit setuptools3 - -SRC_URI[sha256sum] = "92bac5b4432a64532abb73b2ac27203f485e40225d2640a7fbef2b62b876e789" - -RDEPENDS:${PN} += "\ - python3-sqlparse \ - python3-asgiref \ -" - -# Set DEFAULT_PREFERENCE so that the LTS version of django is built by -# default. To build the 4.x branch, -# PREFERRED_VERSION_python3-django = "4.2.20" can be added to local.conf -DEFAULT_PREFERENCE = "-1" diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.27.bb b/meta-python/recipes-devtools/python/python3-django_4.2.27.bb new file mode 100644 index 0000000000..038b0220fa --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django_4.2.27.bb @@ -0,0 +1,17 @@ +require python-django.inc +inherit python_setuptools_build_meta + +SRC_URI += "file://0001-lower-setuptools-requirements.patch" +SRC_URI[sha256sum] = "b865fbe0f4a3d1ee36594c5efa42b20db3c8bbb10dff0736face1c6e4bda5b92" + +RDEPENDS:${PN} += "\ + python3-sqlparse \ + python3-asgiref \ +" + +PYPI_PACKAGE = "django" + +# Set DEFAULT_PREFERENCE so that the LTS version of django is built by +# default. To build the 4.x branch, +# PREFERRED_VERSION_python3-django = "4.2.%" can be added to local.conf +DEFAULT_PREFERENCE = "-1"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123786): https://lists.openembedded.org/g/openembedded-devel/message/123786 Mute This Topic: https://lists.openembedded.org/mt/117421622/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
