[pkgsrc/trunk]: pkgsrc/www/py-django3 py-django3: updated to 3.2.5

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7aa045a58017
branches:  trunk
changeset: 455550:7aa045a58017
user:      adam <adam%pkgsrc.org@localhost>
date:      Tue Jul 06 05:57:43 2021 +0000

description:
py-django3: updated to 3.2.5

Django 3.2.5 fixes a security issue with severity “high” and several bugs in 3.2.4. Also, the latest string translations from Transifex are incorporated.

CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input

Unsanitized user input passed to QuerySet.order_by() could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation 
warning is emitted.

As a mitigation the strict column reference validation was restored for the duration of the deprecation period. This regression appeared in 3.1.

The issue is not present in the main branch as the deprecated path has been removed.

Bugfixes

Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(…, named=True) after prefetch_related().
Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable.
Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value.
Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label

diffstat:

 www/py-django3/Makefile |   4 ++--
 www/py-django3/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 53baecd7a8b8 -r 7aa045a58017 www/py-django3/Makefile
--- a/www/py-django3/Makefile   Tue Jul 06 05:56:34 2021 +0000
+++ b/www/py-django3/Makefile   Tue Jul 06 05:57:43 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.16 2021/06/05 07:22:03 adam Exp $
+# $NetBSD: Makefile,v 1.17 2021/07/06 05:57:43 adam Exp $
 
-DISTNAME=      Django-3.2.4
+DISTNAME=      Django-3.2.5
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME:tl}
 CATEGORIES=    www python
 MASTER_SITES=  https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
diff -r 53baecd7a8b8 -r 7aa045a58017 www/py-django3/distinfo
--- a/www/py-django3/distinfo   Tue Jul 06 05:56:34 2021 +0000
+++ b/www/py-django3/distinfo   Tue Jul 06 05:57:43 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.16 2021/06/05 07:22:03 adam Exp $
+$NetBSD: distinfo,v 1.17 2021/07/06 05:57:43 adam Exp $
 
-SHA1 (Django-3.2.4.tar.gz) = 7b0875627bfd044cbfd3c9dc4b87c653a3cbe2dc
-RMD160 (Django-3.2.4.tar.gz) = 25ea2c1689022568ac9fc153ebcb465639443065
-SHA512 (Django-3.2.4.tar.gz) = 5891f77c884cb4bc74f4c9759e2e7be463fc0c661b8dd4d889be0ec46919e59b81f5ce1585c28075b15f03355e66d4b8e7b09001f0c2bea15f8c8aac77d1ea16
-Size (Django-3.2.4.tar.gz) = 9824343 bytes
+SHA1 (Django-3.2.5.tar.gz) = 5a1e09930da6c0b1191eb82d466b8549edcb0c4c
+RMD160 (Django-3.2.5.tar.gz) = d9262cff787fc0481339f991b67aab68c4f7e4a6
+SHA512 (Django-3.2.5.tar.gz) = 03d4eee650a857bed298658c68b916beb74690d16b4b28d649c52a7c2d8a61e92f53136d2de3a77fabe1dd01c0e6b3033befc6842f39c222793fb590b1020c13
+Size (Django-3.2.5.tar.gz) = 9806547 bytes