Tue Dec 14 09:00:38 2021 UTC ()
py-django3: updated to 3.2.10

3.2.10:

CVE-2021-44420: Potential bypass of an upstream access control based on URL pathså…¶

HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths.

Bugfixes

Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with BinaryField on PostgreSQL, which is memoryview-backed


(adam)
diff -r1.21 -r1.22 pkgsrc/www/py-django3/Makefile
diff -r1.23 -r1.24 pkgsrc/www/py-django3/distinfo
cvs diff -r1.21 -r1.22 pkgsrc/www/py-django3/Makefile (expand / switch to unified diff)

--- pkgsrc/www/py-django3/Makefile 2021/11/04 13:37:34 1.21
+++ pkgsrc/www/py-django3/Makefile 2021/12/14 09:00:37 1.22
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.21 2021/11/04 13:37:34 adam Exp $ 1# $NetBSD: Makefile,v 1.22 2021/12/14 09:00:37 adam Exp $
2 2
3DISTNAME= Django-3.2.9 3DISTNAME= Django-3.2.10
4PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl}
5CATEGORIES= www python 5CATEGORIES= www python
6MASTER_SITES= https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ 6MASTER_SITES= https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
7MASTER_SITES+= ${MASTER_SITE_PYPI:=D/Django/} 7MASTER_SITES+= ${MASTER_SITE_PYPI:=D/Django/}
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://www.djangoproject.com/ 10HOMEPAGE= https://www.djangoproject.com/
11COMMENT= Django, a high-level Python Web framework 11COMMENT= Django, a high-level Python Web framework
12LICENSE= modified-bsd 12LICENSE= modified-bsd
13 13
14DEPENDS+= ${PYPKGPREFIX}-asgiref>=3.3.2:../../www/py-asgiref 14DEPENDS+= ${PYPKGPREFIX}-asgiref>=3.3.2:../../www/py-asgiref
15DEPENDS+= ${PYPKGPREFIX}-pytz-[0-9]*:../../time/py-pytz 15DEPENDS+= ${PYPKGPREFIX}-pytz-[0-9]*:../../time/py-pytz
16DEPENDS+= ${PYPKGPREFIX}-sqlparse>=0.2.2:../../databases/py-sqlparse 16DEPENDS+= ${PYPKGPREFIX}-sqlparse>=0.2.2:../../databases/py-sqlparse
cvs diff -r1.23 -r1.24 pkgsrc/www/py-django3/distinfo (expand / switch to unified diff)

--- pkgsrc/www/py-django3/distinfo 2021/11/04 13:37:34 1.23
+++ pkgsrc/www/py-django3/distinfo 2021/12/14 09:00:37 1.24
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.23 2021/11/04 13:37:34 adam Exp $ 1$NetBSD: distinfo,v 1.24 2021/12/14 09:00:37 adam Exp $
2 2
3BLAKE2s (Django-3.2.9.tar.gz) = 00dd131399eebe06affbeea0ff645f10d75eef1e7ffff798ca98c71eb8e41e36 3BLAKE2s (Django-3.2.10.tar.gz) = 716a9b998b5176a9d6d7f86d5e390c4d2de04b98b7385d1d494aa5b6569d8917
4SHA512 (Django-3.2.9.tar.gz) = 62fb297694a7f5e48465e102dc97e3d1d04b94499bc6d98d37a00d96b438b8c919b6d08055868a1836d62b89ff65ce4fa7dbc9390789dab2eeca0187269b125f 4SHA512 (Django-3.2.10.tar.gz) = 6b793a1e544ab988d909d9fc5152d9dbba864c4916bb1f703a07c72f1a945ba93ba53b2f8843b67a16d0e68a736c43faf2f3d8aaa0867de1668c3845c24da7da
5Size (Django-3.2.9.tar.gz) = 9809157 bytes 5Size (Django-3.2.10.tar.gz) = 9811341 bytes