Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1620198258122340"
MIME-Version: 1.0
Date: Wed, 5 May 2021 07:04:18 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/www/py-django2
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20210505070418.C11F9FA95@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1620198258122340
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	adam
Date:		Wed May  5 07:04:18 UTC 2021

Modified Files:
	pkgsrc/www/py-django2: Makefile distinfo

Log Message:
py-django2: updated to t 2.2.21

Django 2.2.21 fixes a security issue in 2.2.20.
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.

Django 2.2.20
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.
Built-in upload handlers were not affected by this vulnerability.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/www/py-django2/Makefile
cvs rdiff -u -r1.31 -r1.32 pkgsrc/www/py-django2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1620198258122340
Content-Disposition: inline
Content-Length: 1672
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/py-django2/Makefile
diff -u pkgsrc/www/py-django2/Makefile:1.33 pkgsrc/www/py-django2/Makefile:1.34
--- pkgsrc/www/py-django2/Makefile:1.33	Mon Mar  1 12:44:07 2021
+++ pkgsrc/www/py-django2/Makefile	Wed May  5 07:04:18 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.33 2021/03/01 12:44:07 adam Exp $
+# $NetBSD: Makefile,v 1.34 2021/05/05 07:04:18 adam Exp $
 
-DISTNAME=	Django-2.2.19
+DISTNAME=	Django-2.2.21
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME:tl}
 CATEGORIES=	www python
 MASTER_SITES=	https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/

Index: pkgsrc/www/py-django2/distinfo
diff -u pkgsrc/www/py-django2/distinfo:1.31 pkgsrc/www/py-django2/distinfo:1.32
--- pkgsrc/www/py-django2/distinfo:1.31	Mon Mar  1 12:44:07 2021
+++ pkgsrc/www/py-django2/distinfo	Wed May  5 07:04:18 2021
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.31 2021/03/01 12:44:07 adam Exp $
+$NetBSD: distinfo,v 1.32 2021/05/05 07:04:18 adam Exp $
 
-SHA1 (Django-2.2.19.tar.gz) = 7aef80dd858d268cc7dc15e8f3b5a43a5252edda
-RMD160 (Django-2.2.19.tar.gz) = 92fe0035ec141c915a5e06319a2f85755f7938e4
-SHA512 (Django-2.2.19.tar.gz) = 92f2200f147766349526d21b5240307e4f082f97fc5b80b55777330068a9da5eaa9941360ccdd729573d015d9a7a0430461f1ac61f749a0475c006981d8775ea
-Size (Django-2.2.19.tar.gz) = 9209434 bytes
+SHA1 (Django-2.2.21.tar.gz) = 203abbd4ab8dd336a5e1cfcacf2e481ac5a29979
+RMD160 (Django-2.2.21.tar.gz) = d2f9cf28cd455cd4c5b833757e19a7f101eaf4f6
+SHA512 (Django-2.2.21.tar.gz) = 37d1f58c23907792e49c827fe1efe4345fd5d74ca85b44d1f492d45c9f4f7cc9ebfbd59dc6a142bb24b666fb89e2ee62a3bc3e2242cd25d5c1e801a3f07a2589
+Size (Django-2.2.21.tar.gz) = 9209871 bytes


--_----------=_1620198258122340--