kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Django 1.9.8 fixes a security issue and several bugs in 1.9.7.

Browse source 
Unsafe usage of JavaScript’s Element.innerHTML could result in XSS in the admin’s add/change related popup. Element.textContent is now used to prevent execution of the data.

The debug view also used innerHTML. Although a security issue wasn’t identified there, out of an abundance of caution it’s also updated to use textContent.


Bugfixes:

* Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AddField on PostgreSQL.
* Fixed makemessages crash on Python 2 with non-ASCII file names.
This commit is contained in:
adam 2016-07-19 07:32:42 +00:00
parent bb8cc2b9d0
commit 5bd6cfdfbb
3 changed files with 9 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
www/py-django/Makefile
View file

@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.73 2016/06/06 09:34:59 adam Exp $
# $NetBSD: Makefile,v 1.74 2016/07/19 07:32:42 adam Exp $
DISTNAME= Django-1.9.7
DISTNAME= Django-1.9.8
PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl}
CATEGORIES= www python
MASTER_SITES= http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/

6
www/py-django/PLIST
View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.39 2016/05/07 07:51:52 adam Exp $
@comment $NetBSD: PLIST,v 1.40 2016/07/19 07:32:42 adam Exp $
bin/django-admin${PYVERSSUFFIX}
bin/django-admin${PYVERSSUFFIX}.py
${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
@ -1091,6 +1091,7 @@ ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/LICENSE-JQUERY.t
${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/jquery.js
${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/jquery.min.js
${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/LICENSE-XREGEXP.txt
${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js
${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.min.js
${PYSITELIB}/django/contrib/admin/templates/admin/404.html
${PYSITELIB}/django/contrib/admin/templates/admin/500.html
@ -2226,9 +2227,6 @@ ${PYSITELIB}/django/contrib/gis/db/models/query.pyo
${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.py
${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.pyc
${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.pyo
${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.py
${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.pyc
${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.pyo
${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.py
${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.pyc
${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.pyo

10
www/py-django/distinfo
View file

@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.56 2016/06/06 09:34:59 adam Exp $
$NetBSD: distinfo,v 1.57 2016/07/19 07:32:42 adam Exp $
SHA1 (Django-1.9.7.tar.gz) = ea27c185acaf9ea39c692beca4c07ecf8974e72e
RMD160 (Django-1.9.7.tar.gz) = 5271da31b90677332e124b98dde9d5bca2a9d9c4
SHA512 (Django-1.9.7.tar.gz) = 4ace73b57496fac917e455e76aec6b9873949dc95bf84177e7db8f507de1656eee9cb7ae1040643b681e6f57a796147ffce8f6b9ff3ce81fc3e21aecaee2b11a
Size (Django-1.9.7.tar.gz) = 7442680 bytes
SHA1 (Django-1.9.8.tar.gz) = a3617f4007255fc69df5152741446ebeee7e0a82
RMD160 (Django-1.9.8.tar.gz) = 5e1e56280a5877b85c6ca1d0ac47b9f3c70c9537
SHA512 (Django-1.9.8.tar.gz) = a0784b60ccb0d89fe0abe9dde78a64873939edbdb17a7ae77e3ee7c31fae5cdfc87d98d070def3043bdaac2e73b82eeb019b30cd85994ea1e30803ac04d8fda1
Size (Django-1.9.8.tar.gz) = 7494012 bytes