Flask: bump to 3.1.3; add test.sh

Changelog since 3.1.2: - Fix security vulnerability GHSA-68rp-wp8r-4726: session now marked as accessed for key-existence checks (in, len) to prevent timing attacks Add python3-blinker as dependency (should have been there also in 3.1.2) Add test.sh. Full changelog: https://flask.palletsprojects.com/en/stable/changes/ Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
2026-04-15 19:02:09 +00:00 · 2026-03-23 11:37:06 +00:00
parent 098f975ca3
commit 673344bd7c
2 changed files with 52 additions and 6 deletions
--- a/lang/python/Flask/Makefile
+++ b/lang/python/Flask/Makefile
@@ -5,18 +5,20 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=Flask
-PKG_VERSION:=3.1.2
+PKG_VERSION:=3.1.3
 PKG_RELEASE:=1

 PYPI_NAME:=Flask
 PYPI_SOURCE_NAME:=flask
-PKG_HASH:=bf656c15c80190ed628ad08cdfd3aaa35beb087855e2f494910aa3774cc4fd87
+PKG_HASH:=0ef0e52b8a9cd932855379197dd8f94047b359ca0a78695144304cb45f87c9eb

 PKG_MAINTAINER:=Michal Vasilek <michal.vasilek@nic.cz>
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE.rst
 PKG_CPE_ID:=cpe:/a:palletsprojects:flask

+PKG_BUILD_DEPENDS:=python-flit-core/host
+
 include ../pypi.mk
 include $(INCLUDE_DIR)/package.mk
 include ../python3-package.mk
@@ -27,10 +29,10 @@ define Package/python3-flask
  SUBMENU:=Python
  TITLE:=Flask
  URL:=https://palletsprojects.com/p/flask/
-  DEPENDS:=+python3-asyncio +python3-click +python3-codecs +python3-decimal \
-           +python3-itsdangerous +python3-jinja2 +python3 +python3-logging \
-           +python3-markupsafe +python3-multiprocessing +python3-setuptools \
-           +python3-werkzeug
+  DEPENDS:=+python3-asyncio +python3-blinker +python3-click +python3-codecs \
+           +python3-decimal +python3-itsdangerous +python3-jinja2 +python3 \
+           +python3-logging +python3-markupsafe +python3-multiprocessing \
+           +python3-setuptools +python3-werkzeug
 endef

 define Package/python3-flask/description
--- a/lang/python/Flask/test.sh
+++ b/lang/python/Flask/test.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+[ "$1" = python3-flask ] || exit 0
+
+python3 - <<EOF
+import sys
+import flask
+
+if flask.__version__ != "$2":
+    print("Wrong version: " + flask.__version__)
+    sys.exit(1)
+
+app = flask.Flask(__name__)
+app.config["TESTING"] = True
+app.config["SECRET_KEY"] = "test-secret"
+
+@app.route("/")
+def index():
+    return "Hello, OpenWrt!"
+
+@app.route("/greet/<name>")
+def greet(name):
+    return flask.jsonify(message=f"Hello, {name}!")
+
+@app.route("/session-test")
+def session_test():
+    flask.session["key"] = "value"
+    return "ok"
+
+with app.test_client() as client:
+    resp = client.get("/")
+    assert resp.status_code == 200
+    assert resp.data == b"Hello, OpenWrt!"
+
+    resp = client.get("/greet/World")
+    assert resp.status_code == 200
+    data = flask.json.loads(resp.data)
+    assert data["message"] == "Hello, World!"
+
+    resp = client.get("/session-test")
+    assert resp.status_code == 200
+
+print("python-flask OK")
+EOF