From 5bd6cfdfbbd32480ff4506a57338e8dde74e4586 Mon Sep 17 00:00:00 2001 From: adam Date: Tue, 19 Jul 2016 07:32:42 +0000 Subject: [PATCH] Django 1.9.8 fixes a security issue and several bugs in 1.9.7. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unsafe usage of JavaScript’s Element.innerHTML could result in XSS in the admin’s add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn’t identified there, out of an abundance of caution it’s also updated to use textContent. Bugfixes: * Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AddField on PostgreSQL. * Fixed makemessages crash on Python 2 with non-ASCII file names. --- www/py-django/Makefile | 4 ++-- www/py-django/PLIST | 6 ++---- www/py-django/distinfo | 10 +++++----- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/www/py-django/Makefile b/www/py-django/Makefile index 4c343c89a630..82a4638eeb89 100644 --- a/www/py-django/Makefile +++ b/www/py-django/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.73 2016/06/06 09:34:59 adam Exp $ +# $NetBSD: Makefile,v 1.74 2016/07/19 07:32:42 adam Exp $ -DISTNAME= Django-1.9.7 +DISTNAME= Django-1.9.8 PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} CATEGORIES= www python MASTER_SITES= http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ diff --git a/www/py-django/PLIST b/www/py-django/PLIST index cab0ecb2abfd..49d482e2ad31 100644 --- a/www/py-django/PLIST +++ b/www/py-django/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.39 2016/05/07 07:51:52 adam Exp $ +@comment $NetBSD: PLIST,v 1.40 2016/07/19 07:32:42 adam Exp $ bin/django-admin${PYVERSSUFFIX} bin/django-admin${PYVERSSUFFIX}.py ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO @@ -1091,6 +1091,7 @@ ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/LICENSE-JQUERY.t ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/jquery.js ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/jquery.min.js ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/LICENSE-XREGEXP.txt +${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.min.js ${PYSITELIB}/django/contrib/admin/templates/admin/404.html ${PYSITELIB}/django/contrib/admin/templates/admin/500.html @@ -2226,9 +2227,6 @@ ${PYSITELIB}/django/contrib/gis/db/models/query.pyo ${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.py ${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.pyc ${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.pyo -${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.py -${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.pyc -${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.pyo ${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.py ${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.pyc ${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.pyo diff --git a/www/py-django/distinfo b/www/py-django/distinfo index 065ec736b229..0e11a65b592e 100644 --- a/www/py-django/distinfo +++ b/www/py-django/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.56 2016/06/06 09:34:59 adam Exp $ +$NetBSD: distinfo,v 1.57 2016/07/19 07:32:42 adam Exp $ -SHA1 (Django-1.9.7.tar.gz) = ea27c185acaf9ea39c692beca4c07ecf8974e72e -RMD160 (Django-1.9.7.tar.gz) = 5271da31b90677332e124b98dde9d5bca2a9d9c4 -SHA512 (Django-1.9.7.tar.gz) = 4ace73b57496fac917e455e76aec6b9873949dc95bf84177e7db8f507de1656eee9cb7ae1040643b681e6f57a796147ffce8f6b9ff3ce81fc3e21aecaee2b11a -Size (Django-1.9.7.tar.gz) = 7442680 bytes +SHA1 (Django-1.9.8.tar.gz) = a3617f4007255fc69df5152741446ebeee7e0a82 +RMD160 (Django-1.9.8.tar.gz) = 5e1e56280a5877b85c6ca1d0ac47b9f3c70c9537 +SHA512 (Django-1.9.8.tar.gz) = a0784b60ccb0d89fe0abe9dde78a64873939edbdb17a7ae77e3ee7c31fae5cdfc87d98d070def3043bdaac2e73b82eeb019b30cd85994ea1e30803ac04d8fda1 +Size (Django-1.9.8.tar.gz) = 7494012 bytes