2022-01-05 16:41:32 by Thomas Klausner | Files touched by this commit (289) |
Log message:
python: egg.mk: add USE_PKG_RESOURCES flag
This flag should be set for packages that import pkg_resources
and thus need setuptools after the build step.
Set this flag for packages that need it and bump PKGREVISION.
|
2022-01-05 11:09:54 by Thomas Klausner | Files touched by this commit (4) |
Log message:
py-django*: add dependency on py-setuptools
These use pkg_resources.
Noted by joerg.
Bump PKGREVISION.
|
2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message:
*: bump PKGREVISION for egg.mk users
They now have a tool dependency on py-setuptools instead of a DEPENDS
|
2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030) |
Log message:
www: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts):
www/nghttp2/distinfo
Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
|
2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033) |
Log message:
www: Remove SHA1 hashes for distfiles
|
2020-03-12 17:22:38 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django: updated to 1.11.29
Django 1.11.29 fixes a security issue in 1.11.28.
CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \
and aggregates on Oracle
GIS functions and aggregates on Oracle were subject to SQL injection, using a \
suitably crafted tolerance.
|
2020-02-04 18:23:11 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django: updated to 1.11.28
Django 1.11.28 fixes a security issue:
CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
StringAgg aggregation function was subject to SQL injection, using a suitably \
crafted delimiter.
|
2019-12-19 14:39:50 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django: updated to 1.11.27
Django 1.11.27 fixes a security issue and a data loss bug in 1.11.26.
CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode characters, \
that compared equal to an existing user email when lower-cased for comparison, \
an attacker could be sent a password reset token for the matched account.
In order to avoid this vulnerability, password reset requests now compare the \
submitted email using the stricter, recommended algorithm for case-insensitive \
comparison of two identifiers from Unicode Technical Report 36, section \
2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to \
the email address on record rather than the submitted address.
Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with \
ArrayField(BooleanField()), all values after the first True value were marked as \
checked instead of preserving passed values
|
2019-11-05 08:40:16 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django: updated to 1.11.26
Django 1.11.26:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or \
has_any_keys lookup on JSONField, if the right or left hand side of an \
expression is a key transform.
|
2019-10-01 19:56:03 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django: updated to 1.11.25
Django 1.11.25:
Fixed a crash when filtering with a Subquery() annotation of a queryset \
containing JSONField or HStoreField
|