openwrt/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-04-15 19:02:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
36,078 Commits 12 Branches 1 Tag
06eb22a6062ad2fc4e0d36e37f17a1ef485b5d09
Commit Graph

75 Commits

Author SHA1 Message Date
Alexandru Ardelean
06eb22a606 python3-django: update to 6.0.4 
Update package to 6.0.4.

Security fixes:
- CVE-2026-33033: DoS fix in MultiPartParser -- base64-encoded multipart
  uploads with excessive whitespace could cause repeated memory copying
- CVE-2026-3902: ASGI header spoofing fixed -- headers containing underscores
  are now ignored by ASGIRequest to prevent hyphen/underscore conflation
  attacks
- CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin -- add permissions
  on inline model instances were not validated against forged POST data
- CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable -- changelist
  forms incorrectly allowed new instances to be created via forged POST data
- CVE-2026-33034: DoS via ASGI memory upload limit bypass -- missing or
  understated Content-Length could bypass DATA_UPLOAD_MAX_MEMORY_SIZE

Bug fixes:
- alogin/alogout regression where request.user was not set/cleared if already
  materialized by sync middleware
- RelatedFieldWidgetWrapper regression incorrectly wrapping all widgets in a
  fieldset in admin forms

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2026-04-11 12:56:34 +03:00
Wei-Ting Yang
d1923a44fd django: bump to version 6.0.3 
Fix CVE-2026-25674.

Full release notes:
https://docs.djangoproject.com/en/6.0/releases/6.0.3/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-03-11 13:52:18 +02:00
Wei-Ting Yang
551fe9b9b6 django: clean up Makefile 
- Add AUTHORS into PKG_LICENSE_FILES.
- Drop no longer required python3-pytz dependency.
- Remove obsolete CONFLICTS field.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-03-11 13:52:18 +02:00
Wei-Ting Yang
b54cc9b69e django: bump to version 6.0.2 
Release notes:
https://docs.djangoproject.com/en/dev/releases/6.0/
https://docs.djangoproject.com/en/dev/releases/6.0.1/
https://docs.djangoproject.com/en/dev/releases/6.0.2/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-02-06 19:59:56 +02:00
Wei-Ting Yang
364a98daaf django: bump to version 5.2.9 
Fixed CVE-2025-13372 and CVE-2025-64460.

Full release notes:
- https://docs.djangoproject.com/en/dev/releases/5.2.9/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2025-12-05 22:56:57 +01:00
Alexandru Ardelean
7ada8de6b7 django: bump to version 5.2.8 
Because the old one needs an older version of setuptools, than the
one we currently have.

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2025-11-08 11:21:38 +02:00
Alexandru Ardelean
12738a8eec django: allow test.sh only for python3-django package 
No idea how this worked before.
But the '/usr/bin/django-admin' is available only for python3-django

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2025-08-14 15:10:10 +03:00
Alexandru Ardelean
5b6fc86fe6 django: bump to version 5.1.7 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2025-03-15 07:51:39 +02:00
Alexandru Ardelean
75b419e96c django: bump to 5.1.4 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-12-25 21:33:52 +02:00
Alexandru Ardelean
9968ff7983 django: bump to 5.1.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-11-28 08:56:25 +02:00
Alexandru Ardelean
031a4968b5 django: bump to 5.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-08-26 15:43:02 +03:00
Alexandru Ardelean
f9dbdeaa03 django: bump to version 5.0.7 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-07-18 16:20:33 +03:00
Alexandru Ardelean
76c07f6432 django: bump to version 5.0.6 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-06-03 09:42:38 +03:00
Alexandru Ardelean
1a51bd18ac django: bump to version 5.0.4 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-04-16 14:12:52 +03:00
Alexandru Ardelean
ee33d30785 django: bump to version 5.0.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-03-14 16:04:24 +02:00
Alexandru Ardelean
641dfa1695 django: bump to version 5.0.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-02-08 09:40:01 -08:00
Alexandru Ardelean
7833ff1c8a django: bump to version 5.0 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-12-27 19:25:16 +02:00
Alexandru Ardelean
331b5f75f4 django: bump to version 4.2.5 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-09-09 13:46:11 +03:00
Alexandru Ardelean
a5e58afe19 python-django: bump to 4.2.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-07-16 21:29:34 +03:00
Alexandru Ardelean
98d0b78401 django: bump to version 4.2.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-05-15 10:21:24 +03:00
Alexandru Ardelean
2ecde63118 django: bump to version 4.1.7 
Fixes:
   https://nvd.nist.gov/vuln/detail/CVE-2023-23969

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-02-17 19:32:46 +02:00
Alexandru Ardelean
d17862f68c django: bump to version 4.1.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2023-01-09 17:42:50 +02:00
Peter Stadler
d321db6409 django: bump version 4.1.3 
fix CVE-2022-41323

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2022-12-08 08:35:31 +01:00
Alexandru Ardelean
3468dda484 django: bump to version 4.1.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-10-06 11:36:47 +02:00
Alexandru Ardelean
cbe023d285 django: bump to 4.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-08-22 10:00:47 +03:00
Alexandru Ardelean
b0ddec3161 django: bump to version 4.0.6 
Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-34265

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-07-18 17:46:36 +03:00
Alexandru Ardelean
b9a47cc470 django: bump to version 4.0.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-06-19 09:03:03 +02:00
Alexandru Ardelean
66bf8fb484 django: bump to version 4.0.4 
Fixes
https://nvd.nist.gov/vuln/detail/CVE-2022-28347
https://nvd.nist.gov/vuln/detail/CVE-2022-28346

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-04-28 08:32:24 +02:00
Alexandru Ardelean
1f0244f0c5 django: bump to version 4.0.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-04-07 15:32:34 -07:00
Alexandru Ardelean
95f38fead8 python: django: bump to 4.0.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-02-10 21:09:36 -08:00
Alexandru Ardelean
1eea3d4b2c django: bump to version 4.0.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-01-09 19:13:08 +02:00
Alexandru Ardelean
5ae76d9d60 django: bump to version 3.2.9 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-11-14 09:26:33 +02:00
Alexandru Ardelean
0f84091abe django: bump to version 3.2.8 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-10-19 13:22:25 -07:00
Alexandru Ardelean
7c2b02f682 django: bump to version 3.2.7 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-09-09 14:30:55 -07:00
Alexandru Ardelean
2577bb1eda django: bump to version 3.2.6 
And switch to AUTORELEASE for PKG_RELEASE.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-13 10:04:27 +03:00
Alexandru Ardelean
d3a64a36e9 django: bump to version 3.2.5 
Several bug-fixes.
Fix CVE-2021-35042

Release notes:
  https://docs.djangoproject.com/en/3.2/releases/3.2.5/

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-07-05 10:58:30 +03:00
Alexandru Ardelean
07dbb82e95 django: bump to version 3.2.4 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-06-15 14:58:04 +03:00
Alexandru Ardelean
5a70c9e826 django: bump to version 3.2.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-05-18 12:29:01 +03:00
Alexandru Ardelean
c01d0f16cf django: bump to version 3.2 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-04-12 17:51:54 -07:00
Alexandru Ardelean
dd58d24699 django: bump to version 3.1.7 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmai.com>
 2021-02-24 20:09:57 +02:00
Peter Stadler
18e696fedc django: update to 3.1.6 
fix for CVE-2021-3281

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2021-02-09 08:45:29 +01:00
Alexandru Ardelean
c72c3b60f0 django: bump to version 3.1.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-01-11 22:56:45 +02:00
Alexandru Ardelean
85dd701f8c django: bump to version 3.1.4 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-12-07 11:02:47 +02:00
Alexandru Ardelean
36f4a17827 django: bump to version 3.1.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-11-11 11:08:31 +02:00
Alexandru Ardelean
baafb68da6 django: bump to version 3.1.2 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-10-05 10:23:39 +03:00
Alexandru Ardelean
23938c7aa9 django: bump to version 3.1.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-09-14 09:24:25 +03:00
Alexandru Ardelean
3c4b5ffeb2 django: bump to version 3.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-08-25 08:53:16 +03:00
Alexandru Ardelean
255a46b3f2 django: bump to version 3.0.8 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-07-08 08:43:35 +03:00
Peter Stadler
f8fb3e6a25 django: update to version 3.0.7 
update to newest version

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2020-06-04 17:39:58 +02:00
Alexandru Ardelean
fa3be5cf09 django: bump to version 3.0.6 
Also add 'Peter Stadler <peter.stadler@student.uibk.ac.at>' as
co-maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-05-12 09:19:25 +03:00