From 5bd6cfdfbbd32480ff4506a57338e8dde74e4586 Mon Sep 17 00:00:00 2001
From: adam <adam@pkgsrc.org>
Date: Tue, 19 Jul 2016 07:32:42 +0000
Subject: [PATCH] Django 1.9.8 fixes a security issue and several bugs in
 1.9.7.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Unsafe usage of JavaScript’s Element.innerHTML could result in XSS in the admin’s add/change related popup. Element.textContent is now used to prevent execution of the data.

The debug view also used innerHTML. Although a security issue wasn’t identified there, out of an abundance of caution it’s also updated to use textContent.


Bugfixes:

* Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AddField on PostgreSQL.
* Fixed makemessages crash on Python 2 with non-ASCII file names.
---
 www/py-django/Makefile |  4 ++--
 www/py-django/PLIST    |  6 ++----
 www/py-django/distinfo | 10 +++++-----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/www/py-django/Makefile b/www/py-django/Makefile
index 4c343c89a630..82a4638eeb89 100644
--- a/www/py-django/Makefile
+++ b/www/py-django/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.73 2016/06/06 09:34:59 adam Exp $
+# $NetBSD: Makefile,v 1.74 2016/07/19 07:32:42 adam Exp $
 
-DISTNAME=	Django-1.9.7
+DISTNAME=	Django-1.9.8
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME:tl}
 CATEGORIES=	www python
 MASTER_SITES=	http://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
diff --git a/www/py-django/PLIST b/www/py-django/PLIST
index cab0ecb2abfd..49d482e2ad31 100644
--- a/www/py-django/PLIST
+++ b/www/py-django/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.39 2016/05/07 07:51:52 adam Exp $
+@comment $NetBSD: PLIST,v 1.40 2016/07/19 07:32:42 adam Exp $
 bin/django-admin${PYVERSSUFFIX}
 bin/django-admin${PYVERSSUFFIX}.py
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
@@ -1091,6 +1091,7 @@ ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/LICENSE-JQUERY.t
 ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/jquery.js
 ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/jquery/jquery.min.js
 ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/LICENSE-XREGEXP.txt
+${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js
 ${PYSITELIB}/django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.min.js
 ${PYSITELIB}/django/contrib/admin/templates/admin/404.html
 ${PYSITELIB}/django/contrib/admin/templates/admin/500.html
@@ -2226,9 +2227,6 @@ ${PYSITELIB}/django/contrib/gis/db/models/query.pyo
 ${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.py
 ${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.pyc
 ${PYSITELIB}/django/contrib/gis/db/models/sql/__init__.pyo
-${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.py
-${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.pyc
-${PYSITELIB}/django/contrib/gis/db/models/sql/aggregates.pyo
 ${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.py
 ${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.pyc
 ${PYSITELIB}/django/contrib/gis/db/models/sql/conversion.pyo
diff --git a/www/py-django/distinfo b/www/py-django/distinfo
index 065ec736b229..0e11a65b592e 100644
--- a/www/py-django/distinfo
+++ b/www/py-django/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.56 2016/06/06 09:34:59 adam Exp $
+$NetBSD: distinfo,v 1.57 2016/07/19 07:32:42 adam Exp $
 
-SHA1 (Django-1.9.7.tar.gz) = ea27c185acaf9ea39c692beca4c07ecf8974e72e
-RMD160 (Django-1.9.7.tar.gz) = 5271da31b90677332e124b98dde9d5bca2a9d9c4
-SHA512 (Django-1.9.7.tar.gz) = 4ace73b57496fac917e455e76aec6b9873949dc95bf84177e7db8f507de1656eee9cb7ae1040643b681e6f57a796147ffce8f6b9ff3ce81fc3e21aecaee2b11a
-Size (Django-1.9.7.tar.gz) = 7442680 bytes
+SHA1 (Django-1.9.8.tar.gz) = a3617f4007255fc69df5152741446ebeee7e0a82
+RMD160 (Django-1.9.8.tar.gz) = 5e1e56280a5877b85c6ca1d0ac47b9f3c70c9537
+SHA512 (Django-1.9.8.tar.gz) = a0784b60ccb0d89fe0abe9dde78a64873939edbdb17a7ae77e3ee7c31fae5cdfc87d98d070def3043bdaac2e73b82eeb019b30cd85994ea1e30803ac04d8fda1
+Size (Django-1.9.8.tar.gz) = 7494012 bytes