svn commit: r378256 - in branches/2015Q1: security/vuxml www/py-django www/py-django-devel www/py-django14 www/py-django15 www/py-django16
Li-Wen Hsu
lwhsu at FreeBSD.org
Sun Feb 1 17:58:01 UTC 2015
Author: lwhsu
Date: Sun Feb 1 17:57:57 2015
New Revision: 378256
URL: https://svnweb.freebsd.org/changeset/ports/378256
QAT: https://qat.redports.org/buildarchive/r378256/
Log:
MFH: r377750
Document Django 2014-01-13 vulnerabilty
MFH: r377751
- Update to 1.7.3
Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e
MFH: r377752
- Update to 1.6.10
Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e
MFH: r377753
- Update to 1.4.18
Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e
MFH: r377754
- Update to 20150124 snapshot
Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e
MFH: r377755
- Mark DEPRECATED since it is not supported by upstream
MFH: r377804
- Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e
Approved by: ports-secteam (delphij)
Modified:
branches/2015Q1/security/vuxml/vuln.xml
branches/2015Q1/www/py-django-devel/Makefile
branches/2015Q1/www/py-django-devel/distinfo
branches/2015Q1/www/py-django/Makefile
branches/2015Q1/www/py-django/distinfo
branches/2015Q1/www/py-django14/Makefile
branches/2015Q1/www/py-django14/distinfo
branches/2015Q1/www/py-django15/Makefile
branches/2015Q1/www/py-django16/Makefile
branches/2015Q1/www/py-django16/distinfo
Directory Properties:
branches/2015Q1/ (props changed)
Modified: branches/2015Q1/security/vuxml/vuln.xml
==============================================================================
--- branches/2015Q1/security/vuxml/vuln.xml Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/security/vuxml/vuln.xml Sun Feb 1 17:57:57 2015 (r378256)
@@ -57,6 +57,81 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="9c7b6c20-a324-11e4-879c-00e0814cab4e">
+ <topic>django -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py27-django</name>
+ <range><ge>1.4</ge><lt>1.4.18</lt></range>
+ <range><ge>1.5</ge><le>1.5.12</le></range>
+ <range><ge>1.6</ge><lt>1.6.10</lt></range>
+ <range><ge>1.7</ge><lt>1.7.3</lt></range>
+ </package>
+ <package>
+ <name>py32-django</name>
+ <range><ge>1.4</ge><lt>1.4.18</lt></range>
+ <range><ge>1.5</ge><le>1.5.12</le></range>
+ <range><ge>1.6</ge><lt>1.6.10</lt></range>
+ <range><ge>1.7</ge><lt>1.7.3</lt></range>
+ </package>
+ <package>
+ <name>py33-django</name>
+ <range><ge>1.4</ge><lt>1.4.18</lt></range>
+ <range><ge>1.5</ge><le>1.5.12</le></range>
+ <range><ge>1.6</ge><lt>1.6.10</lt></range>
+ <range><ge>1.7</ge><lt>1.7.3</lt></range>
+ </package>
+ <package>
+ <name>py34-django</name>
+ <range><ge>1.4</ge><lt>1.4.18</lt></range>
+ <range><ge>1.5</ge><le>1.5.12</le></range>
+ <range><ge>1.6</ge><lt>1.6.10</lt></range>
+ <range><ge>1.7</ge><lt>1.7.3</lt></range>
+ </package>
+ <package>
+ <name>py27-django-devel</name>
+ <range><lt>20150124,1</lt></range>
+ </package>
+ <package>
+ <name>py32-django-devel</name>
+ <range><lt>20150124,1</lt></range>
+ </package>
+ <package>
+ <name>py33-django-devel</name>
+ <range><lt>20150124,1</lt></range>
+ </package>
+ <package>
+ <name>py34-django-devel</name>
+ <range><lt>20150124,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Django project reports:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2015/jan/13/security/">
+ <p>Today the Django team is issuing multiple releases --
+ Django 1.4.18, Django 1.6.10, and Django 1.7.3 -- as part of our
+ security process. These releases are now available on PyPI and our
+ download page.</p>
+ <p>These releases address several security issues. We encourage all
+ users of Django to upgrade as soon as possible.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.djangoproject.com/weblog/2015/jan/13/security/</url>
+ <cvename>CVE-2015-0219</cvename>
+ <cvename>CVE-2015-0220</cvename>
+ <cvename>CVE-2015-0221</cvename>
+ <cvename>CVE-2015-0222</cvename>
+ </references>
+ <dates>
+ <discovery>2015-01-13</discovery>
+ <entry>2015-01-23</entry>
+ <modified>2015-01-24</modified>
+ </dates>
+ </vuln>
+
<vuln vid="c3d43001-8064-11e4-801f-0022156e8794">
<topic>mutt -- denial of service via crafted mail message</topic>
<affects>
Modified: branches/2015Q1/www/py-django-devel/Makefile
==============================================================================
--- branches/2015Q1/www/py-django-devel/Makefile Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django-devel/Makefile Sun Feb 1 17:57:57 2015 (r378256)
@@ -14,14 +14,14 @@ COMMENT= High-level Python Web framework
LICENSE= BSD3CLAUSE
-SNAPSHOTDATE= 20140821
+SNAPSHOTDATE= 20150124
USES= cpe gettext python
USE_GITHUB= yes
USE_PYTHON= autoplist distutils
GH_ACCOUNT= ${PORTNAME}
-GH_TAGNAME= ad96254
+GH_TAGNAME= f8e4e4a
GH_COMMIT= ${GH_TAGNAME}
CONFLICTS= py2[0-9]-django-[0-9]*
Modified: branches/2015Q1/www/py-django-devel/distinfo
==============================================================================
--- branches/2015Q1/www/py-django-devel/distinfo Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django-devel/distinfo Sun Feb 1 17:57:57 2015 (r378256)
@@ -1,2 +1,2 @@
-SHA256 (python/Django-20140821.tar.gz) = c93f6e71e46480f8fe63b015717f784d3f06bbfa7149f4677b67c608efec00ad
-SIZE (python/Django-20140821.tar.gz) = 7536234
+SHA256 (python/Django-20150124.tar.gz) = 439d887de4dcceacd88e12779388270a1f654a650db4cc85ddfd1e130b2d0fb4
+SIZE (python/Django-20150124.tar.gz) = 7438215
Modified: branches/2015Q1/www/py-django/Makefile
==============================================================================
--- branches/2015Q1/www/py-django/Makefile Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django/Makefile Sun Feb 1 17:57:57 2015 (r378256)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= django
-PORTVERSION= 1.7
+PORTVERSION= 1.7.3
CATEGORIES= www python
MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION}/ \
CHEESESHOP
Modified: branches/2015Q1/www/py-django/distinfo
==============================================================================
--- branches/2015Q1/www/py-django/distinfo Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django/distinfo Sun Feb 1 17:57:57 2015 (r378256)
@@ -1,2 +1,2 @@
-SHA256 (python/Django-1.7.tar.gz) = 33f781f17f145f79ee8e0b8d753498e0e0188f0b53b2accad4045d623422d5e1
-SIZE (python/Django-1.7.tar.gz) = 7486550
+SHA256 (python/Django-1.7.3.tar.gz) = f226fb8aa438456968d403f6739de1cf2dad128db86f66ee2b41dfebe3645c5b
+SIZE (python/Django-1.7.3.tar.gz) = 7589559
Modified: branches/2015Q1/www/py-django14/Makefile
==============================================================================
--- branches/2015Q1/www/py-django14/Makefile Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django14/Makefile Sun Feb 1 17:57:57 2015 (r378256)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= django
-PORTVERSION= 1.4.15
+PORTVERSION= 1.4.18
CATEGORIES= www python
MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION:R}/ \
CHEESESHOP
Modified: branches/2015Q1/www/py-django14/distinfo
==============================================================================
--- branches/2015Q1/www/py-django14/distinfo Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django14/distinfo Sun Feb 1 17:57:57 2015 (r378256)
@@ -1,2 +1,2 @@
-SHA256 (python/Django-1.4.15.tar.gz) = aa57ceb345091c25648b41c98a6f46fffd7884695fa884c7039291177ded14e9
-SIZE (python/Django-1.4.15.tar.gz) = 7754429
+SHA256 (python/Django-1.4.18.tar.gz) = bfd326fe490d03a2a86466fcb1ac335e7d8d58bc498cfe2311b1d751b515521f
+SIZE (python/Django-1.4.18.tar.gz) = 7876896
Modified: branches/2015Q1/www/py-django15/Makefile
==============================================================================
--- branches/2015Q1/www/py-django15/Makefile Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django15/Makefile Sun Feb 1 17:57:57 2015 (r378256)
@@ -14,6 +14,9 @@ DIST_SUBDIR= python
MAINTAINER= lwhsu at FreeBSD.org
COMMENT= High-level Python Web framework
+DEPRECATED= not supported by upstream
+EXPIRATION_DATE= 2015-02-28
+
LICENSE= BSD3CLAUSE
LICENSE_FILE= ${WRKSRC}/LICENSE
Modified: branches/2015Q1/www/py-django16/Makefile
==============================================================================
--- branches/2015Q1/www/py-django16/Makefile Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django16/Makefile Sun Feb 1 17:57:57 2015 (r378256)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= django
-PORTVERSION= 1.6.7
+PORTVERSION= 1.6.10
CATEGORIES= www python
MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION}/ \
CHEESESHOP
Modified: branches/2015Q1/www/py-django16/distinfo
==============================================================================
--- branches/2015Q1/www/py-django16/distinfo Sun Feb 1 17:49:26 2015 (r378255)
+++ branches/2015Q1/www/py-django16/distinfo Sun Feb 1 17:57:57 2015 (r378256)
@@ -1,2 +1,2 @@
-SHA256 (python/Django-1.6.7.tar.gz) = 9a64211c96a3262bb2545acc82af5d8f3da0175299f7c7e901e4ed455be965fb
-SIZE (python/Django-1.6.7.tar.gz) = 6647301
+SHA256 (python/Django-1.6.10.tar.gz) = 54eb59ce785401c7d1fdeed245efce597e90f811d6a20f6b5c6931c0049d63a6
+SIZE (python/Django-1.6.10.tar.gz) = 6760152
More information about the svn-ports-all
mailing list