This change is for python3-django_2.2.28. The patch that mitigated CVE-2024-246680 accidentally also brought a regression, some numbers were converted to (human-friendly) string incorrectly.
This backported patch mitigates this problem. Signed-off-by: Gyorgy Sarvari <[email protected]> --- ...172-Fixed-intcomma-for-string-floats.patch | 30 +++++++++++++++++++ .../python/python3-django_2.2.28.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch diff --git a/meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch b/meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch new file mode 100644 index 0000000000..75b816ab55 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch @@ -0,0 +1,30 @@ +From 820af24fcaae817ab7c0733035673afc3b37eeac Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <[email protected]> +Date: Thu, 8 Feb 2024 10:58:54 +0100 +Subject: [PATCH] Fixed #35172 -- Fixed intcomma for string floats. + +From: Mariusz Felisiak <[email protected]> + +Thanks Warwick Brown for the report. + +Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9. + +Upstream-Status: Backport [https://github.com/django/django/commit/2f14c2cedc9c92373471c1f98a80c81ba299584a] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + django/contrib/humanize/templatetags/humanize.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/django/contrib/humanize/templatetags/humanize.py b/django/contrib/humanize/templatetags/humanize.py +index ee22a45..8490b5e 100644 +--- a/django/contrib/humanize/templatetags/humanize.py ++++ b/django/contrib/humanize/templatetags/humanize.py +@@ -77,6 +77,8 @@ def intcomma(value, use_l10n=True): + if match: + prefix = match[0] + prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1] ++ # Remove a leading comma, if needed. ++ prefix_with_commas = re.sub(r"^(-?),", r"\1", prefix_with_commas) + result = prefix_with_commas + result[len(prefix) :] + return result + diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index 8e826b9b61..72485295a7 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb @@ -34,6 +34,7 @@ SRC_URI += "file://CVE-2023-31047.patch \ file://CVE-2025-64459.patch \ file://Fix-undefined-_lazy_re_compile.patch \ file://Fix-missing-JSONField-in-django.db.mo.patch \ + file://0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch \ " SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123449): https://lists.openembedded.org/g/openembedded-devel/message/123449 Mute This Topic: https://lists.openembedded.org/mt/117257841/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
