Received: by mail.netbsd.org (Postfix, from userid 605) id 0805084DB0; Mon, 13 May 2019 15:54:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 83AA584D87 for ; Mon, 13 May 2019 15:54:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id nvB5u18zfP2d for ; Mon, 13 May 2019 15:54:51 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id DDEAE84C82 for ; Mon, 13 May 2019 15:54:51 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D81CBFB16; Mon, 13 May 2019 15:54:51 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1557762891200270" MIME-Version: 1.0 Date: Mon, 13 May 2019 15:54:51 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/www/py-django-cors-headers To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20190513155451.D81CBFB16@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1557762891200270 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Mon May 13 15:54:51 UTC 2019 Modified Files: pkgsrc/www/py-django-cors-headers: Makefile PLIST distinfo Log Message: py-django-cors-headers: updated to 3.0.1 3.0.1: Allow 'null' in CORS_ORIGIN_WHITELIST check. 3.0.0: CORS_ORIGIN_WHITELIST now requires URI schemes, and optionally ports. This is part of the CORS specification (Section 3.2) that was not implemented in this library, except from with the CORS_ORIGIN_REGEX_WHITELIST setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure http:// Origins to a secure https:// site. You will need to update your whitelist to include schemes, for example from this: CORS_ORIGIN_WHITELIST = ['example.com'] ...to this: CORS_ORIGIN_WHITELIST = ['https://example.com'] Removed the CORS_MODEL setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you are using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for check_request_enabled that reads from your model. Note you'll need to handle the move to include schemes for Origins. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/py-django-cors-headers/Makefile \ pkgsrc/www/py-django-cors-headers/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/py-django-cors-headers/PLIST Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1557762891200270 Content-Disposition: inline Content-Length: 2830 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/py-django-cors-headers/Makefile diff -u pkgsrc/www/py-django-cors-headers/Makefile:1.8 pkgsrc/www/py-django-cors-headers/Makefile:1.9 --- pkgsrc/www/py-django-cors-headers/Makefile:1.8 Mon Apr 29 07:48:33 2019 +++ pkgsrc/www/py-django-cors-headers/Makefile Mon May 13 15:54:51 2019 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.8 2019/04/29 07:48:33 adam Exp $ +# $NetBSD: Makefile,v 1.9 2019/05/13 15:54:51 adam Exp $ -DISTNAME= django-cors-headers-2.5.3 +DISTNAME= django-cors-headers-3.0.1 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} CATEGORIES= www python MASTER_SITES= ${MASTER_SITE_PYPI:=d/django-cors-headers/} Index: pkgsrc/www/py-django-cors-headers/distinfo diff -u pkgsrc/www/py-django-cors-headers/distinfo:1.8 pkgsrc/www/py-django-cors-headers/distinfo:1.9 --- pkgsrc/www/py-django-cors-headers/distinfo:1.8 Mon Apr 29 07:48:33 2019 +++ pkgsrc/www/py-django-cors-headers/distinfo Mon May 13 15:54:51 2019 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.8 2019/04/29 07:48:33 adam Exp $ +$NetBSD: distinfo,v 1.9 2019/05/13 15:54:51 adam Exp $ -SHA1 (django-cors-headers-2.5.3.tar.gz) = 2ef4a2f4f73d5cf3f24b18d7f33703ac29ae937c -RMD160 (django-cors-headers-2.5.3.tar.gz) = 8a0dd1d90bff79bd36f8afe1c062cd2c003b9934 -SHA512 (django-cors-headers-2.5.3.tar.gz) = 2d892970531cefa110a411424553b221ee8c7edfb97b2ae1ddbb36020692f028f318c03d95dd4fe2c77aeb0cc1279ed5b456e836907683585868b0fb859b0232 -Size (django-cors-headers-2.5.3.tar.gz) = 23295 bytes +SHA1 (django-cors-headers-3.0.1.tar.gz) = 677735bc0c3a460dfa8eb436d329959c56edb516 +RMD160 (django-cors-headers-3.0.1.tar.gz) = 7420a2538368f785da6808b62fd1cdd7a5f16c62 +SHA512 (django-cors-headers-3.0.1.tar.gz) = 38671b51f228d9edc00530d0cd85ca5adff22ebe8f10f526a4106734be17a4b0a51588b1beec880fa1cf3530d34eeacd42698cefb4e4743ad70ebdc6b5d162b1 +Size (django-cors-headers-3.0.1.tar.gz) = 24360 bytes Index: pkgsrc/www/py-django-cors-headers/PLIST diff -u pkgsrc/www/py-django-cors-headers/PLIST:1.2 pkgsrc/www/py-django-cors-headers/PLIST:1.3 --- pkgsrc/www/py-django-cors-headers/PLIST:1.2 Sun Mar 10 15:27:07 2019 +++ pkgsrc/www/py-django-cors-headers/PLIST Mon May 13 15:54:51 2019 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2019/03/10 15:27:07 adam Exp $ +@comment $NetBSD: PLIST,v 1.3 2019/05/13 15:54:51 adam Exp $ ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt @@ -19,9 +19,6 @@ ${PYSITELIB}/corsheaders/defaults.pyo ${PYSITELIB}/corsheaders/middleware.py ${PYSITELIB}/corsheaders/middleware.pyc ${PYSITELIB}/corsheaders/middleware.pyo -${PYSITELIB}/corsheaders/models.py -${PYSITELIB}/corsheaders/models.pyc -${PYSITELIB}/corsheaders/models.pyo ${PYSITELIB}/corsheaders/signals.py ${PYSITELIB}/corsheaders/signals.pyc ${PYSITELIB}/corsheaders/signals.pyo --_----------=_1557762891200270--