Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 7 Apr 2020 10:41:35 +0000 (UTC)
From:      Kai Knoblich <kai@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r530965 - in head/www: . py-django-debreach
Message-ID:  <202004071041.037AfZmA028175@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kai
Date: Tue Apr  7 10:41:34 2020
New Revision: 530965
URL: https://svnweb.freebsd.org/changeset/ports/530965

Log:
  [NEW PORT] www/py-django-debreach
  
  Basic/extra mitigation against the BREACH attack for Django projects.
  
  django-debreach provides additional protection to Django's built in CSRF token
  masking by randomizing the content length of each response.
  
  This is achieved by adding a random string of between 12 and 25 characters as a
  comment to the end of the HTML content.  Note that this will only be applied to
  responses with a content type of text/html.
  
  WWW: https://github.com/lpomfrey/django-debreach

Added:
  head/www/py-django-debreach/
  head/www/py-django-debreach/Makefile   (contents, props changed)
  head/www/py-django-debreach/distinfo   (contents, props changed)
  head/www/py-django-debreach/pkg-descr   (contents, props changed)
Modified:
  head/www/Makefile

Modified: head/www/Makefile
==============================================================================
--- head/www/Makefile	Tue Apr  7 10:28:01 2020	(r530964)
+++ head/www/Makefile	Tue Apr  7 10:41:34 2020	(r530965)
@@ -1508,6 +1508,7 @@
     SUBDIR += py-django-crispy-forms
     SUBDIR += py-django-cron
     SUBDIR += py-django-datetime-widget
+    SUBDIR += py-django-debreach
     SUBDIR += py-django-debug-toolbar
     SUBDIR += py-django-dpaste
     SUBDIR += py-django-evolution

Added: head/www/py-django-debreach/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/py-django-debreach/Makefile	Tue Apr  7 10:41:34 2020	(r530965)
@@ -0,0 +1,25 @@
+# $FreeBSD$
+
+PORTNAME=	django-debreach
+PORTVERSION=	2.0.1
+CATEGORIES=	www security python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	kai@FreeBSD.org
+COMMENT=	Adds protection against the BREACH attack in Django
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+TEST_DEPENDS=	${PYTHON_PKGNAMEPREFIX}django22>0:www/py-django22@${PY_FLAVOR}
+
+USES=		python:3.5+
+USE_PYTHON=	autoplist distutils
+
+NO_ARCH=	yes
+
+do-test:
+	@cd ${WRKSRC} && ${PYTHON_CMD} runtests.py
+
+.include <bsd.port.mk>

Added: head/www/py-django-debreach/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/py-django-debreach/distinfo	Tue Apr  7 10:41:34 2020	(r530965)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1586162610
+SHA256 (django-debreach-2.0.1.tar.gz) = 3dd90385918daef4951e67ef6c3dcb550ac5164d84f5cc9889ed52e312597d68
+SIZE (django-debreach-2.0.1.tar.gz) = 14592

Added: head/www/py-django-debreach/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/py-django-debreach/pkg-descr	Tue Apr  7 10:41:34 2020	(r530965)
@@ -0,0 +1,10 @@
+Basic/extra mitigation against the BREACH attack for Django projects.
+
+django-debreach provides additional protection to Django's built in CSRF token
+masking by randomizing the content length of each response.
+
+This is achieved by adding a random string of between 12 and 25 characters as a
+comment to the end of the HTML content.  Note that this will only be applied to
+responses with a content type of text/html.
+
+WWW: https://github.com/lpomfrey/django-debreach



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004071041.037AfZmA028175>