openwrt/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-05-31 15:02:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
36,328 Commits 12 Branches 1 Tag
c87aa1617d75f5df75c38d2800a3adcd5d2a6293
Commit Graph

74 Commits

Author SHA1 Message Date
Alexandru Ardelean 06eb22a606 python3-django: update to 6.0.4 
Update package to 6.0.4.

Security fixes:
- CVE-2026-33033: DoS fix in MultiPartParser -- base64-encoded multipart
  uploads with excessive whitespace could cause repeated memory copying
- CVE-2026-3902: ASGI header spoofing fixed -- headers containing underscores
  are now ignored by ASGIRequest to prevent hyphen/underscore conflation
  attacks
- CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin -- add permissions
  on inline model instances were not validated against forged POST data
- CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable -- changelist
  forms incorrectly allowed new instances to be created via forged POST data
- CVE-2026-33034: DoS via ASGI memory upload limit bypass -- missing or
  understated Content-Length could bypass DATA_UPLOAD_MAX_MEMORY_SIZE

Bug fixes:
- alogin/alogout regression where request.user was not set/cleared if already
  materialized by sync middleware
- RelatedFieldWidgetWrapper regression incorrectly wrapping all widgets in a
  fieldset in admin forms

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2026-04-11 12:56:34 +03:00
Wei-Ting Yang d1923a44fd django: bump to version 6.0.3 
Fix CVE-2026-25674.

Full release notes:
https://docs.djangoproject.com/en/6.0/releases/6.0.3/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-03-11 13:52:18 +02:00
Wei-Ting Yang 551fe9b9b6 django: clean up Makefile 
- Add AUTHORS into PKG_LICENSE_FILES.
- Drop no longer required python3-pytz dependency.
- Remove obsolete CONFLICTS field.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-03-11 13:52:18 +02:00
Wei-Ting Yang b54cc9b69e django: bump to version 6.0.2 
Release notes:
https://docs.djangoproject.com/en/dev/releases/6.0/
https://docs.djangoproject.com/en/dev/releases/6.0.1/
https://docs.djangoproject.com/en/dev/releases/6.0.2/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2026-02-06 19:59:56 +02:00
Wei-Ting Yang 364a98daaf django: bump to version 5.2.9 
Fixed CVE-2025-13372 and CVE-2025-64460.

Full release notes:
- https://docs.djangoproject.com/en/dev/releases/5.2.9/

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
 2025-12-05 22:56:57 +01:00
Alexandru Ardelean 7ada8de6b7 django: bump to version 5.2.8 
Because the old one needs an older version of setuptools, than the
one we currently have.

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2025-11-08 11:21:38 +02:00
Alexandru Ardelean 5b6fc86fe6 django: bump to version 5.1.7 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2025-03-15 07:51:39 +02:00
Alexandru Ardelean 75b419e96c django: bump to 5.1.4 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-12-25 21:33:52 +02:00
Alexandru Ardelean 9968ff7983 django: bump to 5.1.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-11-28 08:56:25 +02:00
Alexandru Ardelean 031a4968b5 django: bump to 5.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-08-26 15:43:02 +03:00
Alexandru Ardelean f9dbdeaa03 django: bump to version 5.0.7 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-07-18 16:20:33 +03:00
Alexandru Ardelean 76c07f6432 django: bump to version 5.0.6 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-06-03 09:42:38 +03:00
Alexandru Ardelean 1a51bd18ac django: bump to version 5.0.4 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-04-16 14:12:52 +03:00
Alexandru Ardelean ee33d30785 django: bump to version 5.0.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-03-14 16:04:24 +02:00
Alexandru Ardelean 641dfa1695 django: bump to version 5.0.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2024-02-08 09:40:01 -08:00
Alexandru Ardelean 7833ff1c8a django: bump to version 5.0 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-12-27 19:25:16 +02:00
Alexandru Ardelean 331b5f75f4 django: bump to version 4.2.5 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-09-09 13:46:11 +03:00
Alexandru Ardelean a5e58afe19 python-django: bump to 4.2.3 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-07-16 21:29:34 +03:00
Alexandru Ardelean 98d0b78401 django: bump to version 4.2.1 
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-05-15 10:21:24 +03:00
Alexandru Ardelean 2ecde63118 django: bump to version 4.1.7 
Fixes:
   https://nvd.nist.gov/vuln/detail/CVE-2023-23969

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
 2023-02-17 19:32:46 +02:00
Alexandru Ardelean d17862f68c django: bump to version 4.1.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2023-01-09 17:42:50 +02:00
Peter Stadler d321db6409 django: bump version 4.1.3 
fix CVE-2022-41323

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2022-12-08 08:35:31 +01:00
Alexandru Ardelean 3468dda484 django: bump to version 4.1.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-10-06 11:36:47 +02:00
Alexandru Ardelean cbe023d285 django: bump to 4.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-08-22 10:00:47 +03:00
Alexandru Ardelean b0ddec3161 django: bump to version 4.0.6 
Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-34265

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-07-18 17:46:36 +03:00
Alexandru Ardelean b9a47cc470 django: bump to version 4.0.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-06-19 09:03:03 +02:00
Alexandru Ardelean 66bf8fb484 django: bump to version 4.0.4 
Fixes
https://nvd.nist.gov/vuln/detail/CVE-2022-28347
https://nvd.nist.gov/vuln/detail/CVE-2022-28346

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-04-28 08:32:24 +02:00
Alexandru Ardelean 1f0244f0c5 django: bump to version 4.0.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-04-07 15:32:34 -07:00
Alexandru Ardelean 95f38fead8 python: django: bump to 4.0.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-02-10 21:09:36 -08:00
Alexandru Ardelean 1eea3d4b2c django: bump to version 4.0.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2022-01-09 19:13:08 +02:00
Alexandru Ardelean 5ae76d9d60 django: bump to version 3.2.9 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-11-14 09:26:33 +02:00
Alexandru Ardelean 0f84091abe django: bump to version 3.2.8 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-10-19 13:22:25 -07:00
Alexandru Ardelean 7c2b02f682 django: bump to version 3.2.7 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-09-09 14:30:55 -07:00
Alexandru Ardelean 2577bb1eda django: bump to version 3.2.6 
And switch to AUTORELEASE for PKG_RELEASE.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-13 10:04:27 +03:00
Alexandru Ardelean d3a64a36e9 django: bump to version 3.2.5 
Several bug-fixes.
Fix CVE-2021-35042

Release notes:
  https://docs.djangoproject.com/en/3.2/releases/3.2.5/

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-07-05 10:58:30 +03:00
Alexandru Ardelean 07dbb82e95 django: bump to version 3.2.4 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-06-15 14:58:04 +03:00
Alexandru Ardelean 5a70c9e826 django: bump to version 3.2.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-05-18 12:29:01 +03:00
Alexandru Ardelean c01d0f16cf django: bump to version 3.2 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-04-12 17:51:54 -07:00
Alexandru Ardelean dd58d24699 django: bump to version 3.1.7 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmai.com>
 2021-02-24 20:09:57 +02:00
Peter Stadler 18e696fedc django: update to 3.1.6 
fix for CVE-2021-3281

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2021-02-09 08:45:29 +01:00
Alexandru Ardelean c72c3b60f0 django: bump to version 3.1.5 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-01-11 22:56:45 +02:00
Alexandru Ardelean 85dd701f8c django: bump to version 3.1.4 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-12-07 11:02:47 +02:00
Alexandru Ardelean 36f4a17827 django: bump to version 3.1.3 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-11-11 11:08:31 +02:00
Alexandru Ardelean baafb68da6 django: bump to version 3.1.2 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-10-05 10:23:39 +03:00
Alexandru Ardelean 23938c7aa9 django: bump to version 3.1.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-09-14 09:24:25 +03:00
Alexandru Ardelean 3c4b5ffeb2 django: bump to version 3.1 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-08-25 08:53:16 +03:00
Alexandru Ardelean 255a46b3f2 django: bump to version 3.0.8 
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-07-08 08:43:35 +03:00
Peter Stadler f8fb3e6a25 django: update to version 3.0.7 
update to newest version

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
 2020-06-04 17:39:58 +02:00
Alexandru Ardelean fa3be5cf09 django: bump to version 3.0.6 
Also add 'Peter Stadler <peter.stadler@student.uibk.ac.at>' as
co-maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2020-05-12 09:19:25 +03:00
Jeffery To 78ef6a9d31 django1: Remove common package 
python-django1-common was added to allow both Python 2 and 3 versions of
Django 1.11 to be installed at the same time. With the removal of Python
2, this package is no longer necessary.

This removes this common package and updates the CONFLICTS value for the
django package.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
 2020-04-23 04:24:23 +08:00