openwrt/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-04-15 19:02:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
36,078 Commits 12 Branches 1 Tag
06eb22a6062ad2fc4e0d36e37f17a1ef485b5d09
Commit Graph

74 Commits

Author SHA1 Message Date
Alexandru Ardelean
06eb22a606 python3-django: update to 6.0.4 
Update package to 6.0.4.

Security fixes:
- CVE-2026-33033: DoS fix in MultiPartParser -- base64-encoded multipart
  uploads with excessive whitespace could cause repeated memory copying
- CVE-2026-3902: ASGI header spoofing fixed -- headers containing underscores
  are now ignored by ASGIRequest to prevent hyphen/underscore conflation
  attacks
- CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin -- add permissions
  on inline model instances were not validated against forged POST data
- CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable -- changelist
  forms incorrectly allowed new instances to be created via forged POST data
- CVE-2026-33034: DoS via ASGI memory upload limit bypass -- missing or
  understated Content-Length could bypass DATA_UPLOAD_MAX_MEMORY_SIZE

Bug fixes:
- alogin/alogout regression where request.user was not set/cleared if already
  materialized by sync middleware
- RelatedFieldWidgetWrapper regression incorrectly wrapping all widgets in a
  fieldset in admin forms

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2026-04-11 12:56:34 +03:00
Wei-Ting Yang
d1923a44fd django: bump to version 6.0.3 
Fix CVE-2026-25674.

Full release notes:
https://docs.djangoproject.com/en/6.0/releases/6.0.3/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-03-11 13:52:18 +02:00
Wei-Ting Yang
551fe9b9b6 django: clean up Makefile 
- Add AUTHORS into PKG_LICENSE_FILES.
- Drop no longer required python3-pytz dependency.
- Remove obsolete CONFLICTS field.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-03-11 13:52:18 +02:00
Wei-Ting Yang
b54cc9b69e django: bump to version 6.0.2 
Release notes:
https://docs.djangoproject.com/en/dev/releases/6.0/
https://docs.djangoproject.com/en/dev/releases/6.0.1/
https://docs.djangoproject.com/en/dev/releases/6.0.2/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-02-06 19:59:56 +02:00
Wei-Ting Yang
364a98daaf django: bump to version 5.2.9 
Fixed CVE-2025-13372 and CVE-2025-64460.

Full release notes:
- https://docs.djangoproject.com/en/dev/releases/5.2.9/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2025-12-05 22:56:57 +01:00
Alexandru Ardelean
7ada8de6b7 django: bump to version 5.2.8 
Because the old one needs an older version of setuptools, than the
one we currently have.

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2025-11-08 11:21:38 +02:00
Alexandru Ardelean
5b6fc86fe6 django: bump to version 5.1.7 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2025-03-15 07:51:39 +02:00
Alexandru Ardelean
75b419e96c django: bump to 5.1.4 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-12-25 21:33:52 +02:00
Alexandru Ardelean
9968ff7983 django: bump to 5.1.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-11-28 08:56:25 +02:00
Alexandru Ardelean
031a4968b5 django: bump to 5.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-08-26 15:43:02 +03:00
Alexandru Ardelean
f9dbdeaa03 django: bump to version 5.0.7 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-07-18 16:20:33 +03:00
Alexandru Ardelean
76c07f6432 django: bump to version 5.0.6 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-06-03 09:42:38 +03:00
Alexandru Ardelean
1a51bd18ac django: bump to version 5.0.4 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-04-16 14:12:52 +03:00
Alexandru Ardelean
ee33d30785 django: bump to version 5.0.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-03-14 16:04:24 +02:00
Alexandru Ardelean
641dfa1695 django: bump to version 5.0.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-02-08 09:40:01 -08:00
Alexandru Ardelean
7833ff1c8a django: bump to version 5.0 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-12-27 19:25:16 +02:00
Alexandru Ardelean
331b5f75f4 django: bump to version 4.2.5 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-09-09 13:46:11 +03:00
Alexandru Ardelean
a5e58afe19 python-django: bump to 4.2.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-07-16 21:29:34 +03:00
Alexandru Ardelean
98d0b78401 django: bump to version 4.2.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-05-15 10:21:24 +03:00
Alexandru Ardelean
2ecde63118 django: bump to version 4.1.7 
Fixes:
   https://nvd.nist.gov/vuln/detail/CVE-2023-23969

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-02-17 19:32:46 +02:00
Alexandru Ardelean
d17862f68c django: bump to version 4.1.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2023-01-09 17:42:50 +02:00
Peter Stadler
d321db6409 django: bump version 4.1.3 
fix CVE-2022-41323

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2022-12-08 08:35:31 +01:00
Alexandru Ardelean
3468dda484 django: bump to version 4.1.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-10-06 11:36:47 +02:00
Alexandru Ardelean
cbe023d285 django: bump to 4.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-08-22 10:00:47 +03:00
Alexandru Ardelean
b0ddec3161 django: bump to version 4.0.6 
Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-34265

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-07-18 17:46:36 +03:00
Alexandru Ardelean
b9a47cc470 django: bump to version 4.0.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-06-19 09:03:03 +02:00
Alexandru Ardelean
66bf8fb484 django: bump to version 4.0.4 
Fixes
https://nvd.nist.gov/vuln/detail/CVE-2022-28347
https://nvd.nist.gov/vuln/detail/CVE-2022-28346

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-04-28 08:32:24 +02:00
Alexandru Ardelean
1f0244f0c5 django: bump to version 4.0.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-04-07 15:32:34 -07:00
Alexandru Ardelean
95f38fead8 python: django: bump to 4.0.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-02-10 21:09:36 -08:00
Alexandru Ardelean
1eea3d4b2c django: bump to version 4.0.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-01-09 19:13:08 +02:00
Alexandru Ardelean
5ae76d9d60 django: bump to version 3.2.9 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-11-14 09:26:33 +02:00
Alexandru Ardelean
0f84091abe django: bump to version 3.2.8 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-10-19 13:22:25 -07:00
Alexandru Ardelean
7c2b02f682 django: bump to version 3.2.7 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-09-09 14:30:55 -07:00
Alexandru Ardelean
2577bb1eda django: bump to version 3.2.6 
And switch to AUTORELEASE for PKG_RELEASE.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-13 10:04:27 +03:00
Alexandru Ardelean
d3a64a36e9 django: bump to version 3.2.5 
Several bug-fixes.
Fix CVE-2021-35042

Release notes:
  https://docs.djangoproject.com/en/3.2/releases/3.2.5/

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-07-05 10:58:30 +03:00
Alexandru Ardelean
07dbb82e95 django: bump to version 3.2.4 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-06-15 14:58:04 +03:00
Alexandru Ardelean
5a70c9e826 django: bump to version 3.2.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-05-18 12:29:01 +03:00
Alexandru Ardelean
c01d0f16cf django: bump to version 3.2 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-04-12 17:51:54 -07:00
Alexandru Ardelean
dd58d24699 django: bump to version 3.1.7 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmai.com>
 2021-02-24 20:09:57 +02:00
Peter Stadler
18e696fedc django: update to 3.1.6 
fix for CVE-2021-3281

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2021-02-09 08:45:29 +01:00
Alexandru Ardelean
c72c3b60f0 django: bump to version 3.1.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-01-11 22:56:45 +02:00
Alexandru Ardelean
85dd701f8c django: bump to version 3.1.4 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-12-07 11:02:47 +02:00
Alexandru Ardelean
36f4a17827 django: bump to version 3.1.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-11-11 11:08:31 +02:00
Alexandru Ardelean
baafb68da6 django: bump to version 3.1.2 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-10-05 10:23:39 +03:00
Alexandru Ardelean
23938c7aa9 django: bump to version 3.1.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-09-14 09:24:25 +03:00
Alexandru Ardelean
3c4b5ffeb2 django: bump to version 3.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-08-25 08:53:16 +03:00
Alexandru Ardelean
255a46b3f2 django: bump to version 3.0.8 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-07-08 08:43:35 +03:00
Peter Stadler
f8fb3e6a25 django: update to version 3.0.7 
update to newest version

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2020-06-04 17:39:58 +02:00
Alexandru Ardelean
fa3be5cf09 django: bump to version 3.0.6 
Also add 'Peter Stadler <peter.stadler@student.uibk.ac.at>' as
co-maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-05-12 09:19:25 +03:00
Jeffery To
78ef6a9d31 django1: Remove common package 
python-django1-common was added to allow both Python 2 and 3 versions of
Django 1.11 to be installed at the same time. With the removal of Python
2, this package is no longer necessary.

This removes this common package and updates the CONFLICTS value for the
django package.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
 2020-04-23 04:24:23 +08:00