* [Buildroot] [PATCH 1/1] package/python-django: security bump to 4.2.7
@ 2023-11-03 18:44 Adam Duskett
2023-11-03 19:54 ` Thomas Petazzoni via buildroot
2023-11-08 18:10 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Adam Duskett @ 2023-11-03 18:44 UTC (permalink / raw)
To: buildroot; +Cc: Adam Duskett
- Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate()
with aggregates referencing expressions containing subqueries (#34798).
- Restored, following a regression in Django 4.2, creating
varchar/text_pattern_ops indexes on CharField and TextField with
deterministic collations on PostgreSQL (#34932).
Tested on Fedora 39 with:
./support/testing/run-tests tests.package.test_python_django
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
---
package/python-django/python-django.hash | 4 ++--
package/python-django/python-django.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index b68f4231fa..98c338f9d4 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/django/json
-md5 ad84c2b9bbebaa26427a2a656fe5ceea Django-4.2.6.tar.gz
-sha256 08f41f468b63335aea0d904c5729e0250300f6a1907bf293a65499496cdbc68f Django-4.2.6.tar.gz
+md5 d7afe6a68b631725a1dac116a7832b10 Django-4.2.7.tar.gz
+sha256 8e0f1c2c2786b5c0e39fe1afce24c926040fad47c8ea8ad30aaf1188df29fc41 Django-4.2.7.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index 79065ab60a..9b710412fa 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
#
################################################################################
-PYTHON_DJANGO_VERSION = 4.2.6
+PYTHON_DJANGO_VERSION = 4.2.7
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/23/7b/f47d10d870fabfcaa1fba403460a4e482ab7dbba4d715d43981d1f8c8d85
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/5c/62/0c6ab2f3ac9a242b4562b6be1c418685fa7d1ccb8ca302cdb97e0b23cf4b
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
--
2.41.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-django: security bump to 4.2.7
2023-11-03 18:44 [Buildroot] [PATCH 1/1] package/python-django: security bump to 4.2.7 Adam Duskett
@ 2023-11-03 19:54 ` Thomas Petazzoni via buildroot
2023-11-08 18:10 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-11-03 19:54 UTC (permalink / raw)
To: Adam Duskett; +Cc: buildroot
On Fri, 3 Nov 2023 12:44:28 -0600
Adam Duskett <adam.duskett@amarulasolutions.com> wrote:
> - Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate()
> with aggregates referencing expressions containing subqueries (#34798).
>
> - Restored, following a regression in Django 4.2, creating
> varchar/text_pattern_ops indexes on CharField and TextField with
> deterministic collations on PostgreSQL (#34932).
>
> Tested on Fedora 39 with:
> ./support/testing/run-tests tests.package.test_python_django
>
> Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
> ---
> package/python-django/python-django.hash | 4 ++--
> package/python-django/python-django.mk | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-django: security bump to 4.2.7
2023-11-03 18:44 [Buildroot] [PATCH 1/1] package/python-django: security bump to 4.2.7 Adam Duskett
2023-11-03 19:54 ` Thomas Petazzoni via buildroot
@ 2023-11-08 18:10 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-11-08 18:10 UTC (permalink / raw)
To: Adam Duskett; +Cc: buildroot
>>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes:
> - Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate()
> with aggregates referencing expressions containing subqueries (#34798).
> - Restored, following a regression in Django 4.2, creating
> varchar/text_pattern_ops indexes on CharField and TextField with
> deterministic collations on PostgreSQL (#34932).
> Tested on Fedora 39 with:
> ./support/testing/run-tests tests.package.test_python_django
> Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
While this indeed is a security fix, it seems to be for a Windows-only
issue:
https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
Anyway, for 2023.02.x and 2023.08.x I have instead bumped to 4.1.13,
which contains the same fix.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-11-08 18:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-03 18:44 [Buildroot] [PATCH 1/1] package/python-django: security bump to 4.2.7 Adam Duskett
2023-11-03 19:54 ` Thomas Petazzoni via buildroot
2023-11-08 18:10 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox