Fixed securify issues: * WSGI header spoofing via underscore/dash conflation * Mitigated possible XSS attack via user-supplied redirect URLs * Denial-of-service attack against django.views.static.serve * Database denial-of-service with ModelMultipleChoiceFielddiff -r1.56 -r1.57 pkgsrc/www/py-django/Makefile
(adam)
| @@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.56 2015/01/06 23:07:32 joerg Exp $ | 1 | # $NetBSD: Makefile,v 1.57 2015/01/14 17:07:12 adam Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= Django-1.7.2 | 3 | DISTNAME= Django-1.7.3 | |
| 4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} | 4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} | |
| 5 | CATEGORIES= www python | 5 | CATEGORIES= www python | |
| 6 | MASTER_SITES= http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ | 6 | MASTER_SITES= http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ | |
| 7 | 7 | |||
| 8 | MAINTAINER= joerg@NetBSD.org | 8 | MAINTAINER= joerg@NetBSD.org | |
| 9 | HOMEPAGE= http://www.djangoproject.com/ | 9 | HOMEPAGE= http://www.djangoproject.com/ | |
| 10 | COMMENT= Django, a high-level Python Web framework | 10 | COMMENT= Django, a high-level Python Web framework | |
| 11 | LICENSE= modified-bsd | 11 | LICENSE= modified-bsd | |
| 12 | 12 | |||
| 13 | PREV_PKGPATH= www/py-django-devel | 13 | PREV_PKGPATH= www/py-django-devel | |
| 14 | 14 | |||
| 15 | PLIST_SUBST+= PYVERSSUFFIX=${PYVERSSUFFIX:Q} | 15 | PLIST_SUBST+= PYVERSSUFFIX=${PYVERSSUFFIX:Q} | |
| 16 | 16 |
| @@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
| 1 | $NetBSD: distinfo,v 1.39 2015/01/03 15:47:21 adam Exp $ | 1 | $NetBSD: distinfo,v 1.40 2015/01/14 17:07:12 adam Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (Django-1.7.2.tar.gz) = 142168eef96423d3586d9bd99ca9b3c8d6ae652a | 3 | SHA1 (Django-1.7.3.tar.gz) = 2577e8e40999f5120b091c17e8cabfb518917ca2 | |
| 4 | RMD160 (Django-1.7.2.tar.gz) = 444c021c2df71c4bb95bc0ae4fef9c65d95d2378 | 4 | RMD160 (Django-1.7.3.tar.gz) = 6b5cb798429938b3187b94ea62d355da7f4f5186 | |
| 5 | Size (Django-1.7.2.tar.gz) = 7577911 bytes | 5 | Size (Django-1.7.3.tar.gz) = 7589559 bytes |
| @@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.8 2014/08/23 12:16:45 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.9 2015/01/14 17:07:12 adam Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= Django-1.4.14 | 3 | DISTNAME= Django-1.4.18 | |
| 4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} | 4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} | |
| 5 | CATEGORIES= www python | 5 | CATEGORIES= www python | |
| 6 | MASTER_SITES= http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ | 6 | MASTER_SITES= http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ | |
| 7 | 7 | |||
| 8 | MAINTAINER= joerg@NetBSD.org | 8 | MAINTAINER= joerg@NetBSD.org | |
| 9 | HOMEPAGE= http://www.djangoproject.com/ | 9 | HOMEPAGE= http://www.djangoproject.com/ | |
| 10 | COMMENT= Django, a high-level Python Web framework (LTS version) | 10 | COMMENT= Django, a high-level Python Web framework (LTS version) | |
| 11 | LICENSE= modified-bsd | 11 | LICENSE= modified-bsd | |
| 12 | 12 | |||
| 13 | PLIST_SUBST+= PYVERSSUFFIX=${PYVERSSUFFIX:Q} | 13 | PLIST_SUBST+= PYVERSSUFFIX=${PYVERSSUFFIX:Q} | |
| 14 | 14 | |||
| 15 | USE_LANGUAGES= # empty | 15 | USE_LANGUAGES= # empty | |
| 16 | REPLACE_PYTHON= ${WRKSRC}/django/bin/*.py | 16 | REPLACE_PYTHON= ${WRKSRC}/django/bin/*.py |
| @@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
| 1 | $NetBSD: distinfo,v 1.4 2014/08/23 12:16:45 adam Exp $ | 1 | $NetBSD: distinfo,v 1.5 2015/01/14 17:07:12 adam Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (Django-1.4.14.tar.gz) = ce1db876daceea9f9252b3a886e70ebda8978d6c | 3 | SHA1 (Django-1.4.18.tar.gz) = b3d5211d4269dc1f93ac4ae7897f60a3f06b70c0 | |
| 4 | RMD160 (Django-1.4.14.tar.gz) = 7ba597bc413ce855d881b6aecb5f2e7d9068104d | 4 | RMD160 (Django-1.4.18.tar.gz) = eb57eecc73d3c2619205c52ae2f31000368f5011 | |
| 5 | Size (Django-1.4.14.tar.gz) = 7754876 bytes | 5 | Size (Django-1.4.18.tar.gz) = 7876896 bytes |