CVS commit: pkgsrc/www/py-django

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue Nov 11 10:42:37 UTC 2025

Modified Files:
        pkgsrc/www/py-django: Makefile PLIST distinfo

Log Message:
py-django: updated to 5.2.8

Django 5.2.8 fixes one security issue with severity “high”, one security issue with severity “moderate”, and several bugs in 5.2.7. It also adds compatibility with Python 3.14.

CVE-2025-64458: Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

Python’s NFKC normalization is slow on Windows. As a consequence, HttpResponseRedirect, HttpResponsePermanentRedirect, and the shortcut redirect() were subject to a potential denial-of-service attack 
via certain inputs with a very large number of Unicode characters (follow up to CVE 2025-27556).

CVE-2025-64459: Potential SQL injection via _connector keyword argument

QuerySet.filter(), exclude(), get(), and Q were subject to SQL injection using a suitably crafted dictionary, with dictionary expansion, as the _connector argument.

Bugfixes

Added compatibility for oracledb 3.4.0.

Fixed a bug in Django 5.2 where QuerySet.first() and QuerySet.last() raised an error on querysets performing aggregation that selected all fields of a composite primary key.

Fixed a bug in Django 5.2 where proxy models having a CompositePrimaryKey incorrectly raised a models.E042 system check error.


To generate a diff of this commit:
cvs rdiff -u -r1.150 -r1.151 pkgsrc/www/py-django/Makefile
cvs rdiff -u -r1.52 -r1.53 pkgsrc/www/py-django/PLIST
cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/py-django/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-django/Makefile
diff -u pkgsrc/www/py-django/Makefile:1.150 pkgsrc/www/py-django/Makefile:1.151
--- pkgsrc/www/py-django/Makefile:1.150 Thu Oct  9 08:02:00 2025
+++ pkgsrc/www/py-django/Makefile       Tue Nov 11 10:42:37 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.150 2025/10/09 08:02:00 wiz Exp $
+# $NetBSD: Makefile,v 1.151 2025/11/11 10:42:37 adam Exp $
 
-DISTNAME=      django-5.2.7
+DISTNAME=      django-5.2.8
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/

Index: pkgsrc/www/py-django/PLIST
diff -u pkgsrc/www/py-django/PLIST:1.52 pkgsrc/www/py-django/PLIST:1.53
--- pkgsrc/www/py-django/PLIST:1.52     Mon Apr 14 14:20:53 2025
+++ pkgsrc/www/py-django/PLIST  Tue Nov 11 10:42:37 2025
@@ -1,10 +1,9 @@
-@comment $NetBSD: PLIST,v 1.52 2025/04/14 14:20:53 adam Exp $
+@comment $NetBSD: PLIST,v 1.53 2025/11/11 10:42:37 adam Exp $
 bin/django-admin-${PYVERSSUFFIX}
 ${PYSITELIB}/${WHEEL_INFODIR}/METADATA
 ${PYSITELIB}/${WHEEL_INFODIR}/RECORD
 ${PYSITELIB}/${WHEEL_INFODIR}/WHEEL
 ${PYSITELIB}/${WHEEL_INFODIR}/entry_points.txt
-${PYSITELIB}/${WHEEL_INFODIR}/licenses/AUTHORS
 ${PYSITELIB}/${WHEEL_INFODIR}/licenses/LICENSE
 ${PYSITELIB}/${WHEEL_INFODIR}/licenses/LICENSE.python
 ${PYSITELIB}/${WHEEL_INFODIR}/top_level.txt

Index: pkgsrc/www/py-django/distinfo
diff -u pkgsrc/www/py-django/distinfo:1.122 pkgsrc/www/py-django/distinfo:1.123
--- pkgsrc/www/py-django/distinfo:1.122 Thu Oct  2 07:49:51 2025
+++ pkgsrc/www/py-django/distinfo       Tue Nov 11 10:42:37 2025
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.122 2025/10/02 07:49:51 adam Exp $
+$NetBSD: distinfo,v 1.123 2025/11/11 10:42:37 adam Exp $
 
-BLAKE2s (django-5.2.7.tar.gz) = 46596468384c63291c883cbef35556bced53f80c8a661245d8dc21dff7a4c57e
-SHA512 (django-5.2.7.tar.gz) = df330f665b2e08a27dbe88d60b026158e37dfa722b7896493dade841b91a74a9b38cd7ec9597f101126f618947e35674929cb871fdc4499291eeafb1dbb10946
-Size (django-5.2.7.tar.gz) = 10865812 bytes
+BLAKE2s (django-5.2.8.tar.gz) = ad7c8d45a998db2c986f8c5dc65347f5abd0e783769aad14cb2b60906f4fb2ad
+SHA512 (django-5.2.8.tar.gz) = e360b69d45841c5c6068e96560621155cba5450901c0f598da226bc6fb9ea89c5a909f5568e4b492aa852006e7b00ab3528aa8f5ff6d97baa6227e7dcf8c068c
+Size (django-5.2.8.tar.gz) = 10849032 bytes