py-django2: updated to 2.2.28 Django 2.2.28 fixes two security issues with severity ���high��� in 2.2.27. CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra() QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods. CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument.diff -r1.42 -r1.43 pkgsrc/www/py-django2/Makefile
(adam)
| @@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.42 2022/02/02 10:17:19 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.43 2022/04/20 12:28:57 adam Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= Django-2.2.27 | 3 | DISTNAME= Django-2.2.28 | |
| 4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} | 4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} | |
| 5 | CATEGORIES= www python | 5 | CATEGORIES= www python | |
| 6 | MASTER_SITES= https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ | 6 | MASTER_SITES= https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ | |
| 7 | MASTER_SITES+= ${MASTER_SITE_PYPI:=D/Django/} | 7 | MASTER_SITES+= ${MASTER_SITE_PYPI:=D/Django/} | |
| 8 | 8 | |||
| 9 | MAINTAINER= joerg@NetBSD.org | 9 | MAINTAINER= joerg@NetBSD.org | |
| 10 | HOMEPAGE= https://www.djangoproject.com/ | 10 | HOMEPAGE= https://www.djangoproject.com/ | |
| 11 | COMMENT= Django, a high-level Python Web framework | 11 | COMMENT= Django, a high-level Python Web framework | |
| 12 | LICENSE= modified-bsd | 12 | LICENSE= modified-bsd | |
| 13 | 13 | |||
| 14 | DEPENDS+= ${PYPKGPREFIX}-pytz-[0-9]*:../../time/py-pytz | 14 | DEPENDS+= ${PYPKGPREFIX}-pytz-[0-9]*:../../time/py-pytz | |
| 15 | 15 | |||
| 16 | USE_LANGUAGES= # none | 16 | USE_LANGUAGES= # none |
| @@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
| 1 | $NetBSD: distinfo,v 1.39 2022/02/02 10:17:19 adam Exp $ | 1 | $NetBSD: distinfo,v 1.40 2022/04/20 12:28:57 adam Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (Django-2.2.27.tar.gz) = 6acf7763f3a10c05d2aef04d1342c9da238e1a63fe3829e3694946f5bbe53a0f | 3 | BLAKE2s (Django-2.2.28.tar.gz) = 5ea76cca148513c4af6a38d1ed05bff2674dac53492a8b85b10c4be79709c4d7 | |
| 4 | SHA512 (Django-2.2.27.tar.gz) = 0db670651a820b49d855e38a336c0c6990ce4701bb686c5e8a292ccb03342e995c61c2c628b1d625d2715404e969fc31c256e5bf0fd6c1ff714d1c1c1ee30bff | 4 | SHA512 (Django-2.2.28.tar.gz) = 228aec6ee8619ff3d0397ff867bd59352900fb95557bd02cfea594b3bc3f813b5bcd13f488b451b0ee79a4d52deab19c5e97aa40f1075ba06db72542d119228e | |
| 5 | Size (Django-2.2.27.tar.gz) = 9185716 bytes | 5 | Size (Django-2.2.28.tar.gz) = 9187543 bytes |