CVS commit: pkgsrc/www/py-django

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu Oct  2 07:49:51 UTC 2025

Modified Files:
        pkgsrc/www/py-django: Makefile distinfo

Log Message:
py-django: updated to 5.2.7

Django 5.2.7 fixes one security issue with severity “high”, one security issue with severity “low”, and one bug in 5.2.6. Also, the latest string translations from Transifex are incorporated.

CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB

QuerySet.annotate(), alias(), aggregate(), and extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed 
to these methods (follow up to CVE 2022-28346).

CVE-2025-59682: Potential partial directory-traversal via archive.extract()

The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with 
the target directory (follow up to CVE 2021-3281).

Bugfixes

Fixed a regression in Django 5.2 that reduced the color contrast of the chosen label of filter_horizontal and filter_vertical widgets within a TabularInline


To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 pkgsrc/www/py-django/Makefile
cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/py-django/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-django/Makefile
diff -u pkgsrc/www/py-django/Makefile:1.148 pkgsrc/www/py-django/Makefile:1.149
--- pkgsrc/www/py-django/Makefile:1.148 Wed Sep  3 14:28:03 2025
+++ pkgsrc/www/py-django/Makefile       Thu Oct  2 07:49:51 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.148 2025/09/03 14:28:03 adam Exp $
+# $NetBSD: Makefile,v 1.149 2025/10/02 07:49:51 adam Exp $
 
-DISTNAME=      django-5.2.6
+DISTNAME=      django-5.2.7
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/

Index: pkgsrc/www/py-django/distinfo
diff -u pkgsrc/www/py-django/distinfo:1.121 pkgsrc/www/py-django/distinfo:1.122
--- pkgsrc/www/py-django/distinfo:1.121 Wed Sep  3 14:28:03 2025
+++ pkgsrc/www/py-django/distinfo       Thu Oct  2 07:49:51 2025
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.121 2025/09/03 14:28:03 adam Exp $
+$NetBSD: distinfo,v 1.122 2025/10/02 07:49:51 adam Exp $
 
-BLAKE2s (django-5.2.6.tar.gz) = 0da4066a0641c677ef6688b259a0676629c2cd608ed83ca32c8b03c5588045f4
-SHA512 (django-5.2.6.tar.gz) = f2780e72ab6b54503a2ccee2fb2139399c175d8704a9b7fa4308f7688ad7b3a5fd744850ec6f702e0696ac190bc510e8d91584858381f7fd41eb89f1d7619e2c
-Size (django-5.2.6.tar.gz) = 10858861 bytes
+BLAKE2s (django-5.2.7.tar.gz) = 46596468384c63291c883cbef35556bced53f80c8a661245d8dc21dff7a4c57e
+SHA512 (django-5.2.7.tar.gz) = df330f665b2e08a27dbe88d60b026158e37dfa722b7896493dade841b91a74a9b38cd7ec9597f101126f618947e35674929cb871fdc4499291eeafb1dbb10946
+Size (django-5.2.7.tar.gz) = 10865812 bytes