[pkgsrc/trunk]: pkgsrc/www/py-django Django 1.11.5:

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/da0521c393c4
branches:  trunk
changeset: 367778:da0521c393c4
user:      adam <adam%pkgsrc.org@localhost>
date:      Wed Sep 06 15:19:17 2017 +0000

description:
Django 1.11.5:

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page?

In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This 
vulnerability shouldn?t affect most production sites since you shouldn?t run with DEBUG = True (which makes this page accessible) in your production settings.

Bugfixes:

Fixed GEOS version parsing if the version has a commit hash at the end (new in GEOS 3.6.2).
Added compatibility for cx_Oracle 6.
Fixed select widget rendering when option values are tuples.
Django 1.11 inadvertently changed the sequence and trigger naming scheme on Oracle. This causes errors on INSERTs for some tables if 'use_returning_into': False is in the OPTIONS part of DATABASES. 
The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily requires an update to Oracle tables created with Django 1.11.[1-4]. Use the upgrade script in 28451 comment 8 to update 
sequence and trigger names to use the pre-1.11 naming scheme.
Added POST request support to LogoutView, for equivalence with the function-based logout() view.
Omitted pages_per_range from BrinIndex.deconstruct() if it?s None.
Fixed a regression where SelectDateWidget localized the years in the select box.
Fixed a regression in 1.11.4 where runserver crashed with non-Unicode system encodings on Python 2 + Windows.
Fixed a regression in Django 1.10 where changes to a ManyToManyField weren?t logged in the admin change history and prevented ManyToManyField initial data in model forms from being affected by 
subsequent model changes.
Fixed non-deterministic results or an AssertionError crash in some queries with multiple joins.
Fixed a regression in contrib.auth?s login() and logout() views where they ignored positional arguments

diffstat:

 www/py-django/Makefile |   4 ++--
 www/py-django/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 691c1f713d04 -r da0521c393c4 www/py-django/Makefile
--- a/www/py-django/Makefile    Wed Sep 06 14:45:24 2017 +0000
+++ b/www/py-django/Makefile    Wed Sep 06 15:19:17 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.89 2017/09/04 18:08:30 wiz Exp $
+# $NetBSD: Makefile,v 1.90 2017/09/06 15:19:17 adam Exp $
 
-DISTNAME=      Django-1.11.4
+DISTNAME=      Django-1.11.5
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME:tl}
 CATEGORIES=    www python
 MASTER_SITES=  https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
diff -r 691c1f713d04 -r da0521c393c4 www/py-django/distinfo
--- a/www/py-django/distinfo    Wed Sep 06 14:45:24 2017 +0000
+++ b/www/py-django/distinfo    Wed Sep 06 15:19:17 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.69 2017/08/02 10:45:09 adam Exp $
+$NetBSD: distinfo,v 1.70 2017/09/06 15:19:17 adam Exp $
 
-SHA1 (Django-1.11.4.tar.gz) = 2fd515ec779ab9bced0f96d92a22de9b726beadf
-RMD160 (Django-1.11.4.tar.gz) = 17925e46904c586e120ed8766eb6debbe98a4bdb
-SHA512 (Django-1.11.4.tar.gz) = 4a96b25f6a2211b2985deaafc04ed5c167eed8835f51b8234bd479787f99f257faffbaa11de85fa28736540b0decf85dd386ca041e1b9888b958f04a3b0066c6
-Size (Django-1.11.4.tar.gz) = 7870752 bytes
+SHA1 (Django-1.11.5.tar.gz) = c16f8090c2251ff03e041afda77264474777a2d7
+RMD160 (Django-1.11.5.tar.gz) = 76c2246e8e292109dcb1462f96cd7891cc63baf9
+SHA512 (Django-1.11.5.tar.gz) = bd43524d80721f10e98ca1cb2d487b51258c5e66febcda4ff4487c4c057f2920bb84452ff966b1cfe5dbb7d11138b467f7e1d65017ac9dd92f76497147fce89c
+Size (Django-1.11.5.tar.gz) = 7875054 bytes