CVS commit: pkgsrc/www/py-django3

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue Jul  6 05:57:43 UTC 2021

Modified Files:
        pkgsrc/www/py-django3: Makefile distinfo

Log Message:
py-django3: updated to 3.2.5

Django 3.2.5 fixes a security issue with severity “high” and several bugs in 3.2.4. Also, the latest string translations from Transifex are incorporated.

CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input

Unsanitized user input passed to QuerySet.order_by() could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation 
warning is emitted.

As a mitigation the strict column reference validation was restored for the duration of the deprecation period. This regression appeared in 3.1.

The issue is not present in the main branch as the deprecated path has been removed.

Bugfixes

Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(…, named=True) after prefetch_related().
Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable.
Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value.
Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/py-django3/Makefile \
    pkgsrc/www/py-django3/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-django3/Makefile
diff -u pkgsrc/www/py-django3/Makefile:1.16 pkgsrc/www/py-django3/Makefile:1.17
--- pkgsrc/www/py-django3/Makefile:1.16 Sat Jun  5 07:22:03 2021
+++ pkgsrc/www/py-django3/Makefile      Tue Jul  6 05:57:43 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.16 2021/06/05 07:22:03 adam Exp $
+# $NetBSD: Makefile,v 1.17 2021/07/06 05:57:43 adam Exp $
 
-DISTNAME=      Django-3.2.4
+DISTNAME=      Django-3.2.5
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME:tl}
 CATEGORIES=    www python
 MASTER_SITES=  https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
Index: pkgsrc/www/py-django3/distinfo
diff -u pkgsrc/www/py-django3/distinfo:1.16 pkgsrc/www/py-django3/distinfo:1.17
--- pkgsrc/www/py-django3/distinfo:1.16 Sat Jun  5 07:22:03 2021
+++ pkgsrc/www/py-django3/distinfo      Tue Jul  6 05:57:43 2021
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.16 2021/06/05 07:22:03 adam Exp $
+$NetBSD: distinfo,v 1.17 2021/07/06 05:57:43 adam Exp $
 
-SHA1 (Django-3.2.4.tar.gz) = 7b0875627bfd044cbfd3c9dc4b87c653a3cbe2dc
-RMD160 (Django-3.2.4.tar.gz) = 25ea2c1689022568ac9fc153ebcb465639443065
-SHA512 (Django-3.2.4.tar.gz) = 5891f77c884cb4bc74f4c9759e2e7be463fc0c661b8dd4d889be0ec46919e59b81f5ce1585c28075b15f03355e66d4b8e7b09001f0c2bea15f8c8aac77d1ea16
-Size (Django-3.2.4.tar.gz) = 9824343 bytes
+SHA1 (Django-3.2.5.tar.gz) = 5a1e09930da6c0b1191eb82d466b8549edcb0c4c
+RMD160 (Django-3.2.5.tar.gz) = d9262cff787fc0481339f991b67aab68c4f7e4a6
+SHA512 (Django-3.2.5.tar.gz) = 03d4eee650a857bed298658c68b916beb74690d16b4b28d649c52a7c2d8a61e92f53136d2de3a77fabe1dd01c0e6b3033befc6842f39c222793fb590b1020c13
+Size (Django-3.2.5.tar.gz) = 9806547 bytes