[Buildroot] [PATCH] package/python-django: security bump to 5.1.1

[Buildroot] [PATCH] package/python-django: security bump to 5.1.1

[Marcus Hoffmann via buildroot]

Fixes:
* CVE-2024-45230
* CVE-2024-45231

Further changes: https://docs.djangoproject.com/en/5.1/releases/5.1.1/

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
---
 package/python-django/python-django.hash | 4 ++--
 package/python-django/python-django.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index 8ddc221973..d39bf4d081 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/django/json
-md5  77f44885427c09458e1abd0b48e09517  Django-5.1.tar.gz
-sha256  848a5980e8efb76eea70872fb0e4bc5e371619c70fffbe48e3e1b50b2c09455d  Django-5.1.tar.gz
+md5  8024c23d7efe9e7acb04496ae22739c7  Django-5.1.1.tar.gz
+sha256  021ffb7fdab3d2d388bc8c7c2434eb9c1f6f4d09e6119010bbb1694dda286bc2  Django-5.1.1.tar.gz
 # Locally computed sha256 checksums
 sha256  b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669  LICENSE
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index de5d2a9d06..cfe23ab16b 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
 #
 ################################################################################
 
-PYTHON_DJANGO_VERSION = 5.1
+PYTHON_DJANGO_VERSION = 5.1.1
 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
 # The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/1e/0c/d854d25bb74a8a3b41e642bbd27fe6af12fadd0edfd07d487809cf0ef719
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/88/6f/8f57ed6dc88656edd4fcb35c50dd963f3cd79303bd711fb0160fc7fd6ab7
 PYTHON_DJANGO_LICENSE = BSD-3-Clause
 PYTHON_DJANGO_LICENSE_FILES = LICENSE
 PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/python-django: security bump to 5.1.1

[Thomas Petazzoni via buildroot]

On Wed,  4 Sep 2024 17:44:16 +0200
Marcus Hoffmann via buildroot <buildroot@buildroot.org> wrote:

> Fixes:
> * CVE-2024-45230
> * CVE-2024-45231
> 
> Further changes: https://docs.djangoproject.com/en/5.1/releases/5.1.1/
> 
> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
> ---
>  package/python-django/python-django.hash | 4 ++--
>  package/python-django/python-django.mk   | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)

I've applied to next, because next had 5.1.0.

For master, which has 5.0.8, we need a bump to 5.0.9, which fixes those
security issues I believe (and 2024.02.x should also upgrade to 5.0.9).
Could you send a patch against master bumping to 5.0.9 ?

Thanks a lot!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/python-django: security bump to 5.1.1

[Marcus Hoffmann via buildroot]

Hi Thomas,

On 05.09.24 21:45, Thomas Petazzoni wrote:
> On Wed,  4 Sep 2024 17:44:16 +0200
> Marcus Hoffmann via buildroot <buildroot@buildroot.org> wrote:
> 
>> Fixes:
>> * CVE-2024-45230
>> * CVE-2024-45231
>>
>> Further changes: https://docs.djangoproject.com/en/5.1/releases/5.1.1/
>>
>> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
>> ---
>>   package/python-django/python-django.hash | 4 ++--
>>   package/python-django/python-django.mk   | 4 ++--
>>   2 files changed, 4 insertions(+), 4 deletions(-)
> 
> I've applied to next, because next had 5.1.0.
> 
> For master, which has 5.0.8, we need a bump to 5.0.9, which fixes those
> security issues I believe (and 2024.02.x should also upgrade to 5.0.9).
> Could you send a patch against master bumping to 5.0.9 ?

The release was cut before I had a chance to do so. I've sent a patch 
against the 2024.08.x maintenance branch now. This should also apply on 
top of 2024.02.x I think.

> 
> Thanks a lot!
> 
> Thomas

Best,
Marcus
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/python-django: security bump to 5.1.1

[Peter Korsgaard]

>>>>> "Marcus" == Marcus Hoffmann via buildroot <buildroot@buildroot.org> writes:

 > Fixes:
 > * CVE-2024-45230
 > * CVE-2024-45231

 > Further changes: https://docs.djangoproject.com/en/5.1/releases/5.1.1/

 > Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>

Committed to 2024.02.x and 2024.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/python-django: security bump to 5.1.1

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Marcus" == Marcus Hoffmann via buildroot <buildroot@buildroot.org> writes:
 >> Fixes:
 >> * CVE-2024-45230
 >> * CVE-2024-45231

 >> Further changes: https://docs.djangoproject.com/en/5.1/releases/5.1.1/

 >> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>

 > Committed to 2024.02.x and 2024.08.x, thanks.

Ehh, that was naturally supposed to be about the 5.0.9 bump instead.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot