Re: [oe] [meta-python][kirkstone][PATCH 1/1] python3-django: upgrade 3.2.12 -> 3.2.19

Thu, 15 Jun 2023 12:41:17 -0700 

++ Arman 

Hi Narpat,

As per my knowledge, generally we don't go for package upgrade in stable 
branches like dunfell/kirkstone.

In some special case where we have strong motive then only, we recommend 
package upgrade.
Kirkstone Reference: 
https://github.com/openembedded/meta-openembedded/commit/84782522d145f55e4076699c4bb00bcb4cec98da

Arman(akuster...@gmail.com) can guide us better in this case.

Thanks,
Sanjay

-----Original Message-----
From: openembedded-devel@lists.openembedded.org 
<openembedded-devel@lists.openembedded.org> On Behalf Of Narpat Mali via 
lists.openembedded.org
Sent: Thursday, June 15, 2023 8:30 PM
To: openembedded-devel@lists.openembedded.org
Cc: hari.gpil...@windriver.com
Subject: Re: [oe] [meta-python][kirkstone][PATCH 1/1] python3-django: upgrade 
3.2.12 -> 3.2.19

Reminder.

On 29-05-2023 20:14, Narpat Mali via lists.openembedded.org wrote:
> From: Narpat Mali <narpat.m...@windriver.com>
>
> The delta between 3.2.12 and 3.2.19 contain numerous CVEs and other 
> bugfixes. git log --oneline 3.2.12..3.2.19 shows:
>
> fc42edd2e6 (tag: 3.2.19) [3.2.x] Bumped version for 3.2.19 release.
> eed53d0011 [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential 
> bypass of validation when uploading multiple files using one form field.
> 007e46d815 [3.2.x] Added missing backticks in docs/releases/1.7.txt.
> a37e4d5d6e [3.2.x] Added stub release notes for 3.2.19.
> 963f24cff2 [3.2.x] Added CVE-2023-24580 to security archive.
> e34a2283f2 [3.2.x] Post-release version bump.
> 722e9f8a38 (tag: 3.2.18) [3.2.x] Bumped version for 3.2.18 release.
> a665ed5179 [3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many 
> uploaded files.
> 932b5bd52d [3.2.x] Added stub release notes for 3.2.18.
> c35a5788f4 [3.2.x] Added CVE-2023-23969 to security archive.
> 9bd8db3940 [3.2.x] Post-release version bump.
> aed1bb56d1 (tag: 3.2.17) [3.2.x] Bumped version for 3.2.17 release.
> c7e0151fdf [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological 
> values for Accept-Language.
> 9da46345d8 [3.2.x] Fixed 
> inspectdb.tests.InspectDBTestCase.test_custom_fields() on SQLite 3.37+.
> 4c2b26174f [3.2.x] Removed 'tests' path prefix in a couple tests.
> d21543182d [3.2.x] Adjusted release notes for 3.2.17.
> 4e31d3ea55 [3.2.x] Added stub release notes for 3.2.17.
> 238e8898ac [3.2.x] Corrected passenv value for tox 4.0.6+.
> b381ab4906 [3.2.x] Disabled auto-created table of contents entries on Sphinx 
> 5.2+.
> f6f0699d01 [3.2.x] Removed obsolete doc reference to 
> asyncio.iscoroutinefunction.
> accdd0576d [3.2.x] Added CVE-2022-36359 to security archive.
> 7190b38b8d [3.2.x] Post-release version bump.
> 4c85beca9d (tag: 3.2.16) [3.2.x] Bumped version for 3.2.16 release.
> 5b6b257fa7 [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being 
> interpreted as regular expressions.
> 33affaf0b6 [3.2.x] Added stub notes 3.2.16 release.
> 777362d74a [3.2.x] Added CVE-2022-36359 to security archive.
> eb5bdb461e [3.2.x] Post-release version bump.
> 653a7bd7b7 (tag: 3.2.15) [3.2.x] Bumped version for 3.2.15 release.
> b3e4494d75 [3.2.x] Fixed CVE-2022-36359 -- Escaped filename in 
> Content-Disposition header.
> cb7fbac9f8 [3.2.x] Fixed collation tests on MySQL 8.0.30+.
> 840d009c06 [3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+.
> a5eba20f40 Adjusted release notes for 3.2.15.
> ad104fb50f [3.2.x] Added stub release notes for 3.2.15 release.
> 22916c8c1f [3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ 
> with MyISAM storage engine.
> e1cfbe58b7 [3.2.x] Added CVE-2022-34265 to security archive.
> 605cf0d3f6 [3.2.x] Post-release version bump.
> 746e88cc63 (tag: 3.2.14) [3.2.x] Bumped version for 3.2.14 release.
> a9010fe555 [3.2.x] Fixed CVE-2022-34265 -- Protected 
> Trunc(kind)/Extract(lookup_name) against SQL injection.
> 3acf156be3 [3.2.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0.
> 4a5d98ee0a [3.2.x] Bumped minimum Sphinx version to 4.5.0.
> 1a9098166e [3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+.
> 37f4de2deb [3.2.x] Added stub release notes for 3.2.14.
> 7595f763a9 [3.2.x] Fixed 
> test_request_lifecycle_signals_dispatched_with_thread_sensitive with asgiref 
> 3.5.1+.
> 2dc85ecf3e [3.2.x] Fixed CoveringIndexTests.test_covering_partial_index() 
> when DEFAULT_INDEX_TABLESPACE is set.
> a23c25d84a [3.2.x] Fixed #33753 -- Fixed docs build on Sphinx 5+.
> e01b383e02 [3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security 
> archive.
> ac2fb5ccb6 [3.2.x] Post-release version bump.
> 08e6073f87 (tag: 3.2.13) [3.2.x] Bumped version for 3.2.13 release.
> 9e19accb6e [3.2.x] Fixed CVE-2022-28347 -- Protected 
> QuerySet.explain(**options) against SQL injection on PostgreSQL.
> 2044dac5c6 [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), 
> aggregate(), and extra() against SQL injection in column aliases.
> bdb92dba0b [3.2.x] Fixed #33628 -- Ignored directories with empty names in 
> autoreloader check for template changes.
> 70035fb044 [3.2.x] Added stub release notes for 3.2.13 and 2.2.28.
> 7e7ea71a8d [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with 
> Jinja 3.1.0+."
> 610ecc9053 [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
> 754af45773 [3.2.x] Fixed typo in release notes.
> 6f309165e5 [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security 
> archive.
> 1e6b555c92 [3.2.x] Post-release version bump.
>
> Release Notes: https://docs.djangoproject.com/en/3.2/releases/
>
> Signed-off-by: Narpat Mali <narpat.m...@windriver.com>
> ---
>   .../{python3-django_3.2.12.bb => python3-django_3.2.19.bb}      | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>   rename meta-python/recipes-devtools/python/{python3-django_3.2.12.bb 
> => python3-django_3.2.19.bb} (77%)
>
> diff --git 
> a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb 
> b/meta-python/recipes-devtools/python/python3-django_3.2.19.bb
> similarity index 77%
> rename from 
> meta-python/recipes-devtools/python/python3-django_3.2.12.bb
> rename to meta-python/recipes-devtools/python/python3-django_3.2.19.bb
> index adbc498bdf..0c2fc10e63 100644
> --- a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb
> +++ b/meta-python/recipes-devtools/python/python3-django_3.2.19.bb
> @@ -1,7 +1,7 @@
>   require python-django.inc
>   inherit setuptools3
>   
> -SRC_URI[sha256sum] = 
> "9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2"
> +SRC_URI[sha256sum] = 
> "031365bae96814da19c10706218c44dff3b654cc4de20a98bd2d29b9bde469f0"
>   
>   RDEPENDS:${PN} += "\
>       ${PYTHON_PN}-sqlparse \
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#103323): 
https://lists.openembedded.org/g/openembedded-devel/message/103323
Mute This Topic: https://lists.openembedded.org/mt/99201148/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
  • ... Narpat Mali via lists.openembedded.org
    • ... Narpat Mali via lists.openembedded.org
      • ... Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
        • ... Narpat Mali via lists.openembedded.org

Reply via email to