Wed Sep 11 16:50:38 2013 UTC ()
Changes 1.5.3:
These releases address a directory-traversal vulnerability in one of Django's built-in template tags. While this issue requires some fairly specific factors to be exploitable, we encourage all users of Django to upgrade promptly.


(adam)
diff -r1.42 -r1.43 pkgsrc/www/py-django/Makefile
diff -r1.29 -r1.30 pkgsrc/www/py-django/PLIST
diff -r1.27 -r1.28 pkgsrc/www/py-django/distinfo
cvs diff -r1.42 -r1.43 pkgsrc/www/py-django/Makefile (expand / switch to unified diff)

--- pkgsrc/www/py-django/Makefile 2013/08/13 17:48:24 1.42
+++ pkgsrc/www/py-django/Makefile 2013/09/11 16:50:38 1.43
@@ -1,20 +1,19 @@ @@ -1,20 +1,19 @@
1# $NetBSD: Makefile,v 1.42 2013/08/13 17:48:24 adam Exp $ 1# $NetBSD: Makefile,v 1.43 2013/09/11 16:50:38 adam Exp $
2 2
3DJANGOVERS= 1.5.2 3DISTNAME= Django-1.5.3
4DISTNAME= Django-${DJANGOVERS} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl}
5PKGNAME= ${PYPKGPREFIX}-django-${DJANGOVERS} 
6CATEGORIES= www python 5CATEGORIES= www python
7MASTER_SITES= http://www.djangoproject.com/m/releases/1.5/ 6MASTER_SITES= http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
8 7
9MAINTAINER= joerg@NetBSD.org 8MAINTAINER= joerg@NetBSD.org
10HOMEPAGE= http://www.djangoproject.com/ 9HOMEPAGE= http://www.djangoproject.com/
11COMMENT= Django, a high-level Python Web framework 10COMMENT= Django, a high-level Python Web framework
12LICENSE= modified-bsd 11LICENSE= modified-bsd
13 12
14PREV_PKGPATH= www/py-django-devel 13PREV_PKGPATH= www/py-django-devel
15 14
16PLIST_SUBST+= PYVERSSUFFIX=${PYVERSSUFFIX:Q} 15PLIST_SUBST+= PYVERSSUFFIX=${PYVERSSUFFIX:Q}
17 16
18USE_LANGUAGES= # empty 17USE_LANGUAGES= # empty
19REPLACE_PYTHON= ${WRKSRC}/django/bin/*.py 18REPLACE_PYTHON= ${WRKSRC}/django/bin/*.py
20REPLACE_PYTHON+= ${WRKSRC}/django/bin/profiling/*.py 19REPLACE_PYTHON+= ${WRKSRC}/django/bin/profiling/*.py
cvs diff -r1.29 -r1.30 pkgsrc/www/py-django/Attic/PLIST (expand / switch to unified diff)

--- pkgsrc/www/py-django/Attic/PLIST 2013/08/13 17:48:24 1.29
+++ pkgsrc/www/py-django/Attic/PLIST 2013/09/11 16:50:38 1.30
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.29 2013/08/13 17:48:24 adam Exp $ 1@comment $NetBSD: PLIST,v 1.30 2013/09/11 16:50:38 adam Exp $
2bin/django-admin.py 2bin/django-admin.py
3${PYSITELIB}/${EGG_FILE} 3${PYSITELIB}/${EGG_FILE}
4${PYSITELIB}/django/__init__.py 4${PYSITELIB}/django/__init__.py
5${PYSITELIB}/django/__init__.pyc 5${PYSITELIB}/django/__init__.pyc
6${PYSITELIB}/django/__init__.pyo 6${PYSITELIB}/django/__init__.pyo
7${PYSITELIB}/django/bin/daily_cleanup.py 7${PYSITELIB}/django/bin/daily_cleanup.py
8${PYSITELIB}/django/bin/daily_cleanup.pyc 8${PYSITELIB}/django/bin/daily_cleanup.pyc
9${PYSITELIB}/django/bin/daily_cleanup.pyo 9${PYSITELIB}/django/bin/daily_cleanup.pyo
10${PYSITELIB}/django/bin/django-2to3.py 10${PYSITELIB}/django/bin/django-2to3.py
11${PYSITELIB}/django/bin/django-2to3.pyc 11${PYSITELIB}/django/bin/django-2to3.pyc
12${PYSITELIB}/django/bin/django-2to3.pyo 12${PYSITELIB}/django/bin/django-2to3.pyo
13${PYSITELIB}/django/bin/django-admin.py 13${PYSITELIB}/django/bin/django-admin.py
14${PYSITELIB}/django/bin/django-admin.pyc 14${PYSITELIB}/django/bin/django-admin.pyc
@@ -4420,26 +4420,29 @@ ${PYSITELIB}/django/contrib/sessions/man @@ -4420,26 +4420,29 @@ ${PYSITELIB}/django/contrib/sessions/man
4420${PYSITELIB}/django/contrib/sessions/management/__init__.pyo 4420${PYSITELIB}/django/contrib/sessions/management/__init__.pyo
4421${PYSITELIB}/django/contrib/sessions/management/commands/__init__.py 4421${PYSITELIB}/django/contrib/sessions/management/commands/__init__.py
4422${PYSITELIB}/django/contrib/sessions/management/commands/__init__.pyc 4422${PYSITELIB}/django/contrib/sessions/management/commands/__init__.pyc
4423${PYSITELIB}/django/contrib/sessions/management/commands/__init__.pyo 4423${PYSITELIB}/django/contrib/sessions/management/commands/__init__.pyo
4424${PYSITELIB}/django/contrib/sessions/management/commands/clearsessions.py 4424${PYSITELIB}/django/contrib/sessions/management/commands/clearsessions.py
4425${PYSITELIB}/django/contrib/sessions/management/commands/clearsessions.pyc 4425${PYSITELIB}/django/contrib/sessions/management/commands/clearsessions.pyc
4426${PYSITELIB}/django/contrib/sessions/management/commands/clearsessions.pyo 4426${PYSITELIB}/django/contrib/sessions/management/commands/clearsessions.pyo
4427${PYSITELIB}/django/contrib/sessions/middleware.py 4427${PYSITELIB}/django/contrib/sessions/middleware.py
4428${PYSITELIB}/django/contrib/sessions/middleware.pyc 4428${PYSITELIB}/django/contrib/sessions/middleware.pyc
4429${PYSITELIB}/django/contrib/sessions/middleware.pyo 4429${PYSITELIB}/django/contrib/sessions/middleware.pyo
4430${PYSITELIB}/django/contrib/sessions/models.py 4430${PYSITELIB}/django/contrib/sessions/models.py
4431${PYSITELIB}/django/contrib/sessions/models.pyc 4431${PYSITELIB}/django/contrib/sessions/models.pyc
4432${PYSITELIB}/django/contrib/sessions/models.pyo 4432${PYSITELIB}/django/contrib/sessions/models.pyo
 4433${PYSITELIB}/django/contrib/sessions/serializers.py
 4434${PYSITELIB}/django/contrib/sessions/serializers.pyc
 4435${PYSITELIB}/django/contrib/sessions/serializers.pyo
4433${PYSITELIB}/django/contrib/sessions/tests.py 4436${PYSITELIB}/django/contrib/sessions/tests.py
4434${PYSITELIB}/django/contrib/sessions/tests.pyc 4437${PYSITELIB}/django/contrib/sessions/tests.pyc
4435${PYSITELIB}/django/contrib/sessions/tests.pyo 4438${PYSITELIB}/django/contrib/sessions/tests.pyo
4436${PYSITELIB}/django/contrib/sitemaps/__init__.py 4439${PYSITELIB}/django/contrib/sitemaps/__init__.py
4437${PYSITELIB}/django/contrib/sitemaps/__init__.pyc 4440${PYSITELIB}/django/contrib/sitemaps/__init__.pyc
4438${PYSITELIB}/django/contrib/sitemaps/__init__.pyo 4441${PYSITELIB}/django/contrib/sitemaps/__init__.pyo
4439${PYSITELIB}/django/contrib/sitemaps/management/__init__.py 4442${PYSITELIB}/django/contrib/sitemaps/management/__init__.py
4440${PYSITELIB}/django/contrib/sitemaps/management/__init__.pyc 4443${PYSITELIB}/django/contrib/sitemaps/management/__init__.pyc
4441${PYSITELIB}/django/contrib/sitemaps/management/__init__.pyo 4444${PYSITELIB}/django/contrib/sitemaps/management/__init__.pyo
4442${PYSITELIB}/django/contrib/sitemaps/management/commands/__init__.py 4445${PYSITELIB}/django/contrib/sitemaps/management/commands/__init__.py
4443${PYSITELIB}/django/contrib/sitemaps/management/commands/__init__.pyc 4446${PYSITELIB}/django/contrib/sitemaps/management/commands/__init__.pyc
4444${PYSITELIB}/django/contrib/sitemaps/management/commands/__init__.pyo 4447${PYSITELIB}/django/contrib/sitemaps/management/commands/__init__.pyo
4445${PYSITELIB}/django/contrib/sitemaps/management/commands/ping_google.py 4448${PYSITELIB}/django/contrib/sitemaps/management/commands/ping_google.py
cvs diff -r1.27 -r1.28 pkgsrc/www/py-django/distinfo (expand / switch to unified diff)

--- pkgsrc/www/py-django/distinfo 2013/08/13 17:48:24 1.27
+++ pkgsrc/www/py-django/distinfo 2013/09/11 16:50:38 1.28
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.27 2013/08/13 17:48:24 adam Exp $ 1$NetBSD: distinfo,v 1.28 2013/09/11 16:50:38 adam Exp $
2 2
3SHA1 (Django-1.5.2.tar.gz) = 7137d32505727b057c77b025c3a0355c131de1af 3SHA1 (Django-1.5.3.tar.gz) = fcdaf76e4790c3d5911173f7f24008960f48d46b
4RMD160 (Django-1.5.2.tar.gz) = 5dcfae97b04bdced38af5502fe7f7ac6ef0eb0cc 4RMD160 (Django-1.5.3.tar.gz) = 8b8ef410d0a55a92b53b073c435d946def996fca
5Size (Django-1.5.2.tar.gz) = 8044778 bytes 5Size (Django-1.5.3.tar.gz) = 8049029 bytes