From a493947d4b0315f7f5ef5bbf662fa84e38a2e7c3 Mon Sep 17 00:00:00 2001 From: Leon Anavi Date: Wed, 2 Jun 2021 16:36:01 +0300 Subject: [PATCH 1/3] python3-oauthlib: Upgrade 3.1.0 -> 3.1.1 Upgrade to release 3.1.1: - OAuth2.0 Provider - Bugfixes - OAuth2.0 Client - Bugfixes - improved skeleton validator for public vs private client - replace mock library with standard unittest.mock - build isort integration - python2 code removal - add python3.8 support - bump minimum versions of pyjwt and cryptography Signed-off-by: Leon Anavi Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin --- .../{python3-oauthlib_3.1.0.bb => python3-oauthlib_3.1.1.bb} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename meta-python/recipes-devtools/python/{python3-oauthlib_3.1.0.bb => python3-oauthlib_3.1.1.bb} (88%) diff --git a/meta-python/recipes-devtools/python/python3-oauthlib_3.1.0.bb b/meta-python/recipes-devtools/python/python3-oauthlib_3.1.1.bb similarity index 88% rename from meta-python/recipes-devtools/python/python3-oauthlib_3.1.0.bb rename to meta-python/recipes-devtools/python/python3-oauthlib_3.1.1.bb index fe27e8e505c..e11786349c5 100644 --- a/meta-python/recipes-devtools/python/python3-oauthlib_3.1.0.bb +++ b/meta-python/recipes-devtools/python/python3-oauthlib_3.1.1.bb @@ -4,8 +4,7 @@ HOMEPAGE = "https://github.com/idan/oauthlib" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482" -SRC_URI[md5sum] = "43cb2b5bac983712ee55076b61181cc2" -SRC_URI[sha256sum] = "bee41cc35fcca6e988463cacc3bcb8a96224f470ca547e697b604cc697b2f889" +SRC_URI[sha256sum] = "8f0215fcc533dd8dd1bee6f4c412d4f0cd7297307d43ac61666389e3bc3198a3" inherit pypi setuptools3 From c0ba3abc5e95cd42246ac48093a9521dc09cf10b Mon Sep 17 00:00:00 2001 From: Leon Anavi Date: Wed, 2 Jun 2021 16:36:02 +0300 Subject: [PATCH 2/3] python3-django: Upgrade 3.2.3 -> 3.2.4 Upgrade to release 3.2.4: - CVE-2021-33203: Potential directory traversal via admindocs - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses - Fixed a bug in Django 3.2 where a final catch-all view in the admin didn't respect the server-provided value of SCRIPT_NAME when redirecting unauthenticated users to the login page. - Fixed a bug in Django 3.2 where a system check would crash on an abstract model - Prevented unnecessary initialization of unused caches following a regression in Django 3.2 - Fixed a crash in Django 3.2 that could occur when running mod_wsgi with the recommended settings while the Windows colorama library was installed - Fixed a bug in Django 3.2 that would trigger the auto-reloader for template changes when directory paths were specified with strings - Fixed a regression in Django 3.2 that caused a crash of auto-reloader with AttributeError, e.g. inside a Conda environment - Fixed a regression in Django 3.2 that caused a loss of precision for operations with DecimalField on MySQL Signed-off-by: Leon Anavi Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin --- .../python/{python3-django_3.2.3.bb => python3-django_3.2.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-django_3.2.3.bb => python3-django_3.2.4.bb} (77%) diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.3.bb b/meta-python/recipes-devtools/python/python3-django_3.2.4.bb similarity index 77% rename from meta-python/recipes-devtools/python/python3-django_3.2.3.bb rename to meta-python/recipes-devtools/python/python3-django_3.2.4.bb index 7a9611ca120..52504885e5e 100644 --- a/meta-python/recipes-devtools/python/python3-django_3.2.3.bb +++ b/meta-python/recipes-devtools/python/python3-django_3.2.4.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "13ac78dbfd189532cad8f383a27e58e18b3d33f80009ceb476d7fcbfc5dcebd8" +SRC_URI[sha256sum] = "66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296" RDEPENDS_${PN} += "\ ${PYTHON_PN}-sqlparse \ From 74938bb7703a8a81cb0e61d2a004ba0823941adf Mon Sep 17 00:00:00 2001 From: Leon Anavi Date: Wed, 2 Jun 2021 16:36:03 +0300 Subject: [PATCH 3/3] python3-sqlalchemy: Upgrade 1.4.15 -> 1.4.17 Upgrade to release 1.4.17: orm: - Fixed regression caused by just-released performance fix mentioned in #6550 where a query.join() to a relationship could produce an AttributeError if the query were made against non-ORM structures only, a fairly unusual calling pattern. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin --- ...ython3-sqlalchemy_1.4.15.bb => python3-sqlalchemy_1.4.17.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-sqlalchemy_1.4.15.bb => python3-sqlalchemy_1.4.17.bb} (86%) diff --git a/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.15.bb b/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.17.bb similarity index 86% rename from meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.15.bb rename to meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.17.bb index 2d7273bb22d..5b881ea0b63 100644 --- a/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.15.bb +++ b/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.17.bb @@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sqlalchemy.org/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=3359ed561ac16aaa25b6c6eff84df595" -SRC_URI[sha256sum] = "0ff100c75cd175f35f4d24375a0b3d82461f5b1af5fc8d112ef0e5ceea8049e6" +SRC_URI[sha256sum] = "651cdb3adcee13624ba22d5ff3e96f91e16a115d2ca489ddc16a8e4c217e8509" PYPI_PACKAGE = "SQLAlchemy" inherit pypi setuptools3