Subject: CVS commit: pkgsrc/www/py-django3
From: Adam Ciarcinski
Date: 2021-05-05 09:06:30
Message id: 20210505070630.1FF48FA95@cvs.NetBSD.org

Log Message:
py-django3: updated to 3.2.1

Django 3.2.1

CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via \ 
uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now \ 
applied. Specifically, empty file names and paths with dot segments will be \ 
rejected.

Bugfixes

Corrected detection of GDAL 3.2 on Windows.
Fixed a bug in Django 3.2 where subclasses of BigAutoField and SmallAutoField \ 
were not allowed for the DEFAULT_AUTO_FIELD setting.
Fixed a regression in Django 3.2 that caused a crash of \ 
QuerySet.values()/values_list() after QuerySet.union(), intersection(), and \ 
difference() when it was ordered by an unannotated field.
Restored, following a regression in Django 3.2, displaying an exception message \ 
on the technical 404 debug page.
Fixed a bug in Django 3.2 where a system check would crash on a reverse \ 
one-to-one relationships in CheckConstraint.check or UniqueConstraint.condition.
Fixed a regression in Django 3.2 that caused a crash of ModelAdmin.search_fields \ 
when searching against phrases with unbalanced quotes.
Fixed a bug in Django 3.2 where variable lookup errors were logged rendering the \ 
sitemap template if alternates were not defined.
Fixed a regression in Django 3.2 that caused a crash when combining Q() objects \ 
which contains boolean expressions.
Fixed a regression in Django 3.2 that caused a crash of QuerySet.update() on a \ 
queryset ordered by inherited or joined fields on MySQL and MariaDB.
Fixed a regression in Django 3.2 that caused a crash when decoding a cookie \ 
value, used by django.contrib.messages.storage.cookie.CookieStorage, in the \ 
pre-Django 3.2 format.
Fixed a regression in Django 3.2 that stopped the shift-key modifier selecting \ 
multiple rows in the admin changelist.
Fixed a bug in Django 3.2 where a system check would crash on the \ 
STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path).
Fixed a long standing bug involving queryset bitwise combination when used with \ 
subqueries that began manifesting in Django 3.2, due to a separate fix using \ 
Exists to exclude() multi-valued relationships.
Fixed a bug in Django 3.2 where variable lookup errors were logged when \ 
rendering some admin templates.
Fixed a bug in Django 3.2 where an admin changelist would crash when deleting \ 
objects filtered against multi-valued relationships. The admin changelist now \ 
uses Exists() instead QuerySet.distinct() because calling delete() after \ 
distinct() is not allowed in Django 3.2 to address a data loss possibility.
Fixed a regression in Django 3.2 where the calling process environment would not \ 
be passed to the dbshell command on PostgreSQL.
Fixed a performance regression in Django 3.2 when building complex filters with \ 
subqueries. As a side-effect the private API to check django.db.sql.query.Query \ 
equality is removed.

Django 3.2.0:
Automatic AppConfig discovery simplifies configuration of pluggable applications.
Customizing the type of auto-created primary keys begins a process of migrating \ 
to BigAutoField primary key fields by default.
Functional indexes can now be created on expressions and database functions.

Files:
RevisionActionfile
1.14modifypkgsrc/www/py-django3/Makefile
1.3modifypkgsrc/www/py-django3/PLIST
1.14modifypkgsrc/www/py-django3/distinfo