Re: SECURITY: www/py-django

Darrin Chandler Wed, 07 Nov 2007 20:26:56 -0800

On Wed, Nov 07, 2007 at 05:57:39PM -0700, Darrin Chandler wrote:
> There was an i18n vuln leading to possible DoS, described at
> http://www.djangoproject.com/weblog/2007/oct/26/security-fix/
> 
> This updates the package to the new point release and bumps package from
> py-django-0.96 -> py-django-0.96.1. Diff attached.
> 
> Tested briefly on i386 with a project under development.
> 
> Thanks to John Danks for the heads up.


I freshened up my ports tree a bit and had another go. Here's a better
diff, thanks to a cluestick and help from [EMAIL PROTECTED]


Index: Makefile
===================================================================
RCS file: /cvs/ports/www/py-django/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- Makefile    8 Oct 2007 08:22:43 -0000       1.2
+++ Makefile    8 Nov 2007 01:25:04 -0000
@@ -2,10 +2,11 @@
 
 COMMENT=       high-level Python web framework
 
+VP=            0.96.1
 V=             0.96
 LNAME=         django
-DISTNAME=      Django-${V}
-PKGNAME=       py-${LNAME}-${V}p0
+DISTNAME=      Django-${VP}
+PKGNAME=       py-${LNAME}-${VP}
 CATEGORIES=    www lang/python
 
 HOMEPAGE=      http://www.djangoproject.com/
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/py-django/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo    19 Sep 2007 13:45:00 -0000      1.1.1.1
+++ distinfo    8 Nov 2007 01:25:04 -0000
@@ -1,5 +1,5 @@
-MD5 (Django-0.96.tar.gz) = b4aedad1e90dd38d58ff9fc756180c7d
-RMD160 (Django-0.96.tar.gz) = 2ca030a75c7b11fcc3507ad929d8a9884c0fad3e
-SHA1 (Django-0.96.tar.gz) = 8870e0946ffe33a78293616d89b640fa58c6fe33
-SHA256 (Django-0.96.tar.gz) = 
d8e9cd5ad36901bc18cd13d939b0cffd23a028d0ae1a56e2ac753573ede10eba
-SIZE (Django-0.96.tar.gz) = 1748745
+MD5 (Django-0.96.1.tar.gz) = EKoy5YlpxO/rAO9CuhkrFw==
+RMD160 (Django-0.96.1.tar.gz) = G9j8zqsQH4BWC7SqikhRwgTzkYs=
+SHA1 (Django-0.96.1.tar.gz) = hScPhX/0BZg8rpoe9237MwPKbuw=
+SHA256 (Django-0.96.1.tar.gz) = SHQTTp/GvQjrfkUeQgODlGaIlcJrfMhn1MP9r51xEIU=
+SIZE (Django-0.96.1.tar.gz) = 1746455
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/www/py-django/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST   19 Sep 2007 13:45:00 -0000      1.1.1.1
+++ pkg/PLIST   8 Nov 2007 01:25:04 -0000
@@ -1,5 +1,6 @@
 @comment $OpenBSD: PLIST,v 1.1.1.1 2007/09/19 13:45:00 merdely Exp $
 bin/${LNAME}-admin.py
+lib/python${MODPY_VERSION}/site-packages/Django-${V}.1-py${MODPY_VERSION}.egg-info
 lib/python${MODPY_VERSION}/site-packages/${LNAME}/
 lib/python${MODPY_VERSION}/site-packages/${LNAME}/__init__.py
 lib/python${MODPY_VERSION}/site-packages/${LNAME}/__init__.pyc

Re: SECURITY: www/py-django

Reply via email to