mirror of
https://github.com/openwrt/packages.git
synced 2026-04-15 19:02:09 +00:00
06eb22a606
Update package to 6.0.4. Security fixes: - CVE-2026-33033: DoS fix in MultiPartParser -- base64-encoded multipart uploads with excessive whitespace could cause repeated memory copying - CVE-2026-3902: ASGI header spoofing fixed -- headers containing underscores are now ignored by ASGIRequest to prevent hyphen/underscore conflation attacks - CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin -- add permissions on inline model instances were not validated against forged POST data - CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable -- changelist forms incorrectly allowed new instances to be created via forged POST data - CVE-2026-33034: DoS via ASGI memory upload limit bypass -- missing or understated Content-Length could bypass DATA_UPLOAD_MAX_MEMORY_SIZE Bug fixes: - alogin/alogout regression where request.user was not set/cleared if already materialized by sync middleware - RelatedFieldWidgetWrapper regression incorrectly wrapping all widgets in a fieldset in admin forms Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
48 lines
1.3 KiB
Makefile
48 lines
1.3 KiB
Makefile
#
|
|
# Copyright (C) Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=django
|
|
PKG_VERSION:=6.0.4
|
|
PKG_RELEASE:=1
|
|
|
|
PYPI_NAME:=django
|
|
PKG_HASH:=8cfa2572b3f2768b2e84983cf3c4811877a01edb64e817986ec5d60751c113ac
|
|
|
|
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>, Peter Stadler <peter.stadler@student.uibk.ac.at>
|
|
PKG_LICENSE:=BSD-3-Clause
|
|
PKG_LICENSE_FILES:=AUTHORS LICENSE LICENSE.python
|
|
PKG_CPE_ID:=cpe:/a:djangoproject:django
|
|
|
|
include ../pypi.mk
|
|
include $(INCLUDE_DIR)/package.mk
|
|
include ../python3-package.mk
|
|
|
|
define Package/python3-django
|
|
SUBMENU:=Python
|
|
SECTION:=lang
|
|
CATEGORY:=Languages
|
|
TITLE:=The web framework for perfectionists with deadlines
|
|
URL:=https://www.djangoproject.com/
|
|
DEPENDS:= +python3 +python3-asgiref +python3-sqlparse
|
|
PROVIDES:=django
|
|
endef
|
|
|
|
define Package/python3-django/description
|
|
The web framework for perfectionists with deadlines.
|
|
endef
|
|
|
|
define Py3Package/python3-django/install
|
|
$(INSTALL_DIR) $(1)/usr/bin
|
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/django-admin $(1)/usr/bin
|
|
endef
|
|
|
|
$(eval $(call Py3Package,python3-django))
|
|
$(eval $(call BuildPackage,python3-django))
|
|
$(eval $(call BuildPackage,python3-django-src))
|