Narcissus/shredos.x86_64
2
0
Fork 1
mirror of https://github.com/PartialVolume/shredos.x86_64.git synced 2026-02-21 18:12:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6f79cebe6a7152f2bb83af01a8909c4e33168d45
shredos.x86_64/package/python-django/python-django.mk

16 lines
593 B
Makefile
Raw Normal View History

python-django: new package [Thomas: - Bump to Django 1.7.2, the latest available version; - Support Python 3 in addition to Python 2. - Use a download location from pypi.python.org since the download location from djangoproject.com didn't work as is and is impractical to use with Buildroot: the full URL of the tarball is https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does not end with the tarball file name.] Signed-off-by: oli vogt <oli.vogt.pub01@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-03 13:28:24 +13:00
################################################################################
#
# python-django
#
################################################################################
package/python-django: security bump to version 2.2.4 Fixes the following security issues: CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. The regular expressions used by Truncator have been simplified in order to avoid potential backtracking issues. As a consequence, trailing punctuation may now at times be included in the truncated output. CVE-2019-14233: Denial-of-service possibility in strip_tags() Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable. strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made. Remember that absolutely NO guarantee is provided about the results of strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() call without escaping it first, for example with django.utils.html.escape(). CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter(). CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to excessive recursion when re-percent-encoding invalid UTF-8 octet sequences. uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8 octet sequences. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 14:22:41 +02:00
PYTHON_DJANGO_VERSION = 2.2.4
python-django: new package [Thomas: - Bump to Django 1.7.2, the latest available version; - Support Python 3 in addition to Python 2. - Use a download location from pypi.python.org since the download location from djangoproject.com didn't work as is and is impractical to use with Buildroot: the full URL of the tarball is https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does not end with the tarball file name.] Signed-off-by: oli vogt <oli.vogt.pub01@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-03 13:28:24 +13:00
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
package/python-django: security bump to version 2.2.4 Fixes the following security issues: CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. The regular expressions used by Truncator have been simplified in order to avoid potential backtracking issues. As a consequence, trailing punctuation may now at times be included in the truncated output. CVE-2019-14233: Denial-of-service possibility in strip_tags() Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable. strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made. Remember that absolutely NO guarantee is provided about the results of strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() call without escaping it first, for example with django.utils.html.escape(). CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter(). CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to excessive recursion when re-percent-encoding invalid UTF-8 octet sequences. uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8 octet sequences. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-01 14:22:41 +02:00
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/19/11/3449a2071df9427e7a5c4dddee2462e88840dd968a9b0c161097154fcb0c
boot, package: use SPDX short identifier for BSD-3c We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-30 19:13:38 +05:30
PYTHON_DJANGO_LICENSE = BSD-3-Clause
python-django: new package [Thomas: - Bump to Django 1.7.2, the latest available version; - Support Python 3 in addition to Python 2. - Use a download location from pypi.python.org since the download location from djangoproject.com didn't work as is and is impractical to use with Buildroot: the full URL of the tarball is https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does not end with the tarball file name.] Signed-off-by: oli vogt <oli.vogt.pub01@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-03 13:28:24 +13:00
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_SETUP_TYPE = setuptools
$(eval $(python-package))
Reference in New Issue Copy Permalink