Re: [oe] [meta-python][kirkstone][PATCH 1/1] python3-django: upgrade 3.2.12 -> 3.2.19

Fri, 16 Jun 2023 03:40:11 -0700

On 16-06-2023 01:10, Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) wrote: 
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

++ Arman

Hi Narpat,

As per my knowledge, generally we don't go for package upgrade in stable 
branches like dunfell/kirkstone.

In some special case where we have strong motive then only, we recommend 
package upgrade.
Kirkstone Reference: 
https://github.com/openembedded/meta-openembedded/commit/84782522d145f55e4076699c4bb00bcb4cec98da
I agree with you but, this patch is for minor version upgrade from 3.2.12 -> 3.2.19 which includes only CVE/Bug fixes. 

Best Regards,

Narpat



Arman(akuster...@gmail.com) can guide us better in this case.

Thanks,
Sanjay

-----Original Message-----
From: openembedded-devel@lists.openembedded.org 
<openembedded-devel@lists.openembedded.org> On Behalf Of Narpat Mali via 
lists.openembedded.org
Sent: Thursday, June 15, 2023 8:30 PM
To: openembedded-devel@lists.openembedded.org
Cc: hari.gpil...@windriver.com
Subject: Re: [oe] [meta-python][kirkstone][PATCH 1/1] python3-django: upgrade 
3.2.12 -> 3.2.19

Reminder.

On 29-05-2023 20:14, Narpat Mali via lists.openembedded.org wrote:

From: Narpat Mali <narpat.m...@windriver.com>

The delta between 3.2.12 and 3.2.19 contain numerous CVEs and other
bugfixes. git log --oneline 3.2.12..3.2.19 shows:

fc42edd2e6 (tag: 3.2.19) [3.2.x] Bumped version for 3.2.19 release.
eed53d0011 [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential 
bypass of validation when uploading multiple files using one form field.
007e46d815 [3.2.x] Added missing backticks in docs/releases/1.7.txt.
a37e4d5d6e [3.2.x] Added stub release notes for 3.2.19.
963f24cff2 [3.2.x] Added CVE-2023-24580 to security archive.
e34a2283f2 [3.2.x] Post-release version bump.
722e9f8a38 (tag: 3.2.18) [3.2.x] Bumped version for 3.2.18 release.
a665ed5179 [3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded 
files.
932b5bd52d [3.2.x] Added stub release notes for 3.2.18.
c35a5788f4 [3.2.x] Added CVE-2023-23969 to security archive.
9bd8db3940 [3.2.x] Post-release version bump.
aed1bb56d1 (tag: 3.2.17) [3.2.x] Bumped version for 3.2.17 release.
c7e0151fdf [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological 
values for Accept-Language.
9da46345d8 [3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() 
on SQLite 3.37+.
4c2b26174f [3.2.x] Removed 'tests' path prefix in a couple tests.
d21543182d [3.2.x] Adjusted release notes for 3.2.17.
4e31d3ea55 [3.2.x] Added stub release notes for 3.2.17.
238e8898ac [3.2.x] Corrected passenv value for tox 4.0.6+.
b381ab4906 [3.2.x] Disabled auto-created table of contents entries on Sphinx 
5.2+.
f6f0699d01 [3.2.x] Removed obsolete doc reference to 
asyncio.iscoroutinefunction.
accdd0576d [3.2.x] Added CVE-2022-36359 to security archive.
7190b38b8d [3.2.x] Post-release version bump.
4c85beca9d (tag: 3.2.16) [3.2.x] Bumped version for 3.2.16 release.
5b6b257fa7 [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted 
as regular expressions.
33affaf0b6 [3.2.x] Added stub notes 3.2.16 release.
777362d74a [3.2.x] Added CVE-2022-36359 to security archive.
eb5bdb461e [3.2.x] Post-release version bump.
653a7bd7b7 (tag: 3.2.15) [3.2.x] Bumped version for 3.2.15 release.
b3e4494d75 [3.2.x] Fixed CVE-2022-36359 -- Escaped filename in 
Content-Disposition header.
cb7fbac9f8 [3.2.x] Fixed collation tests on MySQL 8.0.30+.
840d009c06 [3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+.
a5eba20f40 Adjusted release notes for 3.2.15.
ad104fb50f [3.2.x] Added stub release notes for 3.2.15 release.
22916c8c1f [3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ 
with MyISAM storage engine.
e1cfbe58b7 [3.2.x] Added CVE-2022-34265 to security archive.
605cf0d3f6 [3.2.x] Post-release version bump.
746e88cc63 (tag: 3.2.14) [3.2.x] Bumped version for 3.2.14 release.
a9010fe555 [3.2.x] Fixed CVE-2022-34265 -- Protected 
Trunc(kind)/Extract(lookup_name) against SQL injection.
3acf156be3 [3.2.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0.
4a5d98ee0a [3.2.x] Bumped minimum Sphinx version to 4.5.0.
1a9098166e [3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+.
37f4de2deb [3.2.x] Added stub release notes for 3.2.14.
7595f763a9 [3.2.x] Fixed 
test_request_lifecycle_signals_dispatched_with_thread_sensitive with asgiref 
3.5.1+.
2dc85ecf3e [3.2.x] Fixed CoveringIndexTests.test_covering_partial_index() when 
DEFAULT_INDEX_TABLESPACE is set.
a23c25d84a [3.2.x] Fixed #33753 -- Fixed docs build on Sphinx 5+.
e01b383e02 [3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive.
ac2fb5ccb6 [3.2.x] Post-release version bump.
08e6073f87 (tag: 3.2.13) [3.2.x] Bumped version for 3.2.13 release.
9e19accb6e [3.2.x] Fixed CVE-2022-28347 -- Protected 
QuerySet.explain(**options) against SQL injection on PostgreSQL.
2044dac5c6 [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), 
aggregate(), and extra() against SQL injection in column aliases.
bdb92dba0b [3.2.x] Fixed #33628 -- Ignored directories with empty names in 
autoreloader check for template changes.
70035fb044 [3.2.x] Added stub release notes for 3.2.13 and 2.2.28.
7e7ea71a8d [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 
3.1.0+."
610ecc9053 [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
754af45773 [3.2.x] Fixed typo in release notes.
6f309165e5 [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
1e6b555c92 [3.2.x] Post-release version bump.

Release Notes: https://docs.djangoproject.com/en/3.2/releases/

Signed-off-by: Narpat Mali <narpat.m...@windriver.com>
---
   .../{python3-django_3.2.12.bb => python3-django_3.2.19.bb}      | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)
   rename meta-python/recipes-devtools/python/{python3-django_3.2.12.bb
=> python3-django_3.2.19.bb} (77%)

diff --git
a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb
b/meta-python/recipes-devtools/python/python3-django_3.2.19.bb
similarity index 77%
rename from
meta-python/recipes-devtools/python/python3-django_3.2.12.bb
rename to meta-python/recipes-devtools/python/python3-django_3.2.19.bb
index adbc498bdf..0c2fc10e63 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.19.bb
@@ -1,7 +1,7 @@
   require python-django.inc
   inherit setuptools3

-SRC_URI[sha256sum] = 
"9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2"
+SRC_URI[sha256sum] = 
"031365bae96814da19c10706218c44dff3b654cc4de20a98bd2d29b9bde469f0"

   RDEPENDS:${PN} += "\
       ${PYTHON_PN}-sqlparse \




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#103338): 
https://lists.openembedded.org/g/openembedded-devel/message/103338
Mute This Topic: https://lists.openembedded.org/mt/99201148/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
  • ... Narpat Mali via lists.openembedded.org
    • ... Narpat Mali via lists.openembedded.org
      • ... Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
        • ... Narpat Mali via lists.openembedded.org

Reply via email to