Navigation:
Browse pkgsrc
(this page) 2018-05-02 08:28:35 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: py-django: updated to 1.11.13 1.11.13: Bugfixes * Fixed a regression in Django 1.11.8 where altering a field with a unique \ constraint may drop and rebuild more foreign keys than necessary. * Fixed crashes in django.contrib.admindocs when a view is a callable object, \ such as django.contrib.syndication.views.Feed. * Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() \ after combining an annotated and unannotated queryset with union(), \ difference(), or intersection() crashed due to mismatching columns |
| 2018-04-03 10:58:32 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.12 Django 1.11.12: Bugfixes: Fixed a regression in Django 1.11.8 where combining two annotated values_list() \ querysets with union(), difference(), or intersection() crashed due to \ mismatching columns. Fixed a regression in Django 1.11 where an empty choice could be initially \ selected for the SelectMultiple and CheckboxSelectMultiple widgets |
| 2018-03-06 21:04:06 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.11 1.11.11: CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template \ filters CVE-2018-7537: Denial-of-service possibility in truncatechars_html and \ truncatewords_html template filters |
| 2018-02-02 08:55:34 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.10 1.11.10: CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its \ confirm_login_allowed() method even if an incorrect password is entered. This \ can leak information about a user, depending on what messages \ confirm_login_allowed() raises. If confirm_login_allowed() isn’t overridden, \ an attacker enter an arbitrary username and see if that user has been set to \ is_active=False. If confirm_login_allowed() is overridden, more sensitive \ details could be leaked. This issue is fixed with the caveat that AuthenticationForm can no longer raise \ the “This account is inactive.” error if the authentication backend rejects \ inactive users (the default authentication backend, ModelBackend, has done that \ since Django 1.10). This issue will be revisited for Django 2.1 as a fix to \ address the caveat will likely be too invasive for inclusion in older versions. Bugfixes: Fixed incorrect foreign key nullification if a model has two foreign keys to the \ same model and a target model is deleted. Fixed a regression where contrib.auth.authenticate() crashes if an \ authentication backend doesn’t accept request and a later one does. Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields |
| 2018-01-03 08:23:45 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.9 Bugfixes: Fixed a regression in Django 1.11 that added newlines between MultiWidget’s \ subwidgets. Fixed incorrect class-based model index name generation for models with quoted \ db_table. Fixed incorrect foreign key constraint name for models with quoted db_table. Fixed a regression in caching of a GenericForeignKey when the referenced model \ instance uses more than one level of multi-table inheritance. |
| 2017-12-25 10:18:24 by Adam Ciarcinski | Files touched by this commit (1) |
Log message: REPLACE_PYTHON does not need WRKSRC |
| 2017-12-04 15:23:00 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: py-django: updated to 1.11.8 Django 1.11.8 fixes several bugs in 1.11.7: * Reallowed, following a regression in Django 1.10, AuthenticationForm to raise \ the inactive user error when using ModelBackend. * Added support for QuerySet.values() and values_list() for union(), \ difference(), and intersection() queries. * Fixed incorrect index name truncation when using a namespaced db_table. * Made QuerySet.iterator() use server-side cursors on PostgreSQL after values() \ and values_list(). * Fixed crash on SQLite and MySQL when ordering by a filtered subquery that uses \ nulls_first or nulls_last. * Made query lookups for CICharField, CIEmailField, and CITextField use a citext \ cast. * Fixed a regression in caching of a GenericForeignKey when the referenced model \ instance uses multi-table inheritance. * Fixed “Cannot change column ‘x’: used in a foreign key constraint” \ crash on MySQL with a sequence of AlterField and/or RenameField operations in a \ migration |
| 2017-11-02 10:38:43 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.7 1.11.7: Bugfixes * Prevented cache.get_or_set() from caching None if the default argument is a \ callable that returns None. * Fixed the Basque DATE_FORMAT string. * Made QuerySet.reverse() affect nulls_first and nulls_last. * Fixed unquoted table names in Subquery SQL when using OuterRef |
| 2017-10-06 10:52:59 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: update to 1.11.6 Bugfixes: * Made the CharField form field convert whitespace-only values to the \ empty_value when strip is enabled. * Fixed crash when using the name of a model’s autogenerated primary key (id) \ in an Index’s fields. * Fixed a regression in Django 1.9 where a custom view error handler such as \ handler404 that accesses csrf_token could cause CSRF verification failures on \ other pages |
| 2017-09-06 17:19:17 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: Django 1.11.5: CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page¶ In older versions, HTML autoescaping was disabled in a portion of the template \ for the technical 500 debug page. Given the right circumstances, this allowed a \ cross-site scripting attack. This vulnerability shouldn’t affect most \ production sites since you shouldn’t run with DEBUG = True (which makes this \ page accessible) in your production settings. Bugfixes: Fixed GEOS version parsing if the version has a commit hash at the end (new in \ GEOS 3.6.2). Added compatibility for cx_Oracle 6. Fixed select widget rendering when option values are tuples. Django 1.11 inadvertently changed the sequence and trigger naming scheme on \ Oracle. This causes errors on INSERTs for some tables if 'use_returning_into': \ False is in the OPTIONS part of DATABASES. The pre-1.11 naming scheme is now \ restored. Unfortunately, it necessarily requires an update to Oracle tables \ created with Django 1.11.[1-4]. Use the upgrade script in 28451 comment 8 to \ update sequence and trigger names to use the pre-1.11 naming scheme. Added POST request support to LogoutView, for equivalence with the \ function-based logout() view. Omitted pages_per_range from BrinIndex.deconstruct() if it’s None. Fixed a regression where SelectDateWidget localized the years in the select box. Fixed a regression in 1.11.4 where runserver crashed with non-Unicode system \ encodings on Python 2 + Windows. Fixed a regression in Django 1.10 where changes to a ManyToManyField weren’t \ logged in the admin change history and prevented ManyToManyField initial data in \ model forms from being affected by subsequent model changes. Fixed non-deterministic results or an AssertionError crash in some queries with \ multiple joins. Fixed a regression in contrib.auth’s login() and logout() views where they \ ignored positional arguments |
New packages: