Date: Thu, 28 May 2026 12:15:26 +0000 From: Kai Knoblich <kai@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 201d1b190d6f - main - www/py-social-auth-app-django: Update to 5.9.0 Message-ID: <6a1831de.42b7f.3eb4cd81@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by kai: URL: https://cgit.FreeBSD.org/ports/commit/?id=201d1b190d6f8592251d5310c47134c4de78b1ba commit 201d1b190d6f8592251d5310c47134c4de78b1ba Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2026-05-28 12:12:11 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2026-05-28 12:12:11 +0000 www/py-social-auth-app-django: Update to 5.9.0 * Remove no longer required patch. Changelog since 5.4.3: https://github.com/python-social-auth/social-app-django/blob/5.9.0/CHANGELOG.md --- www/py-social-auth-app-django/Makefile | 8 +- www/py-social-auth-app-django/distinfo | 6 +- .../files/patch-cve-2025-61783 | 101 --------------------- .../files/patch-pyproject.toml | 23 +++++ 4 files changed, 30 insertions(+), 108 deletions(-) diff --git a/www/py-social-auth-app-django/Makefile b/www/py-social-auth-app-django/Makefile index d9e0e8b06a51..ee3313c3514f 100644 --- a/www/py-social-auth-app-django/Makefile +++ b/www/py-social-auth-app-django/Makefile @@ -1,6 +1,5 @@ PORTNAME= social-auth-app-django -DISTVERSION= 5.4.3 -PORTREVISION= 2 +DISTVERSION= 5.9.0 CATEGORIES= www security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -13,8 +12,9 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PY_SETUPTOOLS} \ ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}django52>=3.2:www/py-django52@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}social-auth-core>=4.4<5:security/py-social-auth-core@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}django52>=5.2:www/py-django52@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}asgiref>=3.8.1:www/py-asgiref@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}social-auth-core>=4.8.3<5:security/py-social-auth-core@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}mock>0:devel/py-mock@${PY_FLAVOR} USES= python diff --git a/www/py-social-auth-app-django/distinfo b/www/py-social-auth-app-django/distinfo index 68863aa8bae5..85f199dbb38a 100644 --- a/www/py-social-auth-app-django/distinfo +++ b/www/py-social-auth-app-django/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1740213116 -SHA256 (python-social-auth-social-app-django-5.4.3_GH0.tar.gz) = 4dd02d76ffa390e6a2d7fe319869384c81d32c73b826eb09a10023cf66738389 -SIZE (python-social-auth-social-app-django-5.4.3_GH0.tar.gz) = 25327 +TIMESTAMP = 1777959621 +SHA256 (python-social-auth-social-app-django-5.9.0_GH0.tar.gz) = 020fbdfd97101fd3bbc179770f9d76e9fd6cfc61a4a4cca2b04b7fbd558beb96 +SIZE (python-social-auth-social-app-django-5.9.0_GH0.tar.gz) = 31904 diff --git a/www/py-social-auth-app-django/files/patch-cve-2025-61783 b/www/py-social-auth-app-django/files/patch-cve-2025-61783 deleted file mode 100644 index 941b9e2cd4b4..000000000000 --- a/www/py-social-auth-app-django/files/patch-cve-2025-61783 +++ /dev/null @@ -1,101 +0,0 @@ -Backported and adapted patch for py-social-auth-core 5.4.3 to fix -CVE-2025-61783. - -Obtained from: - -From 10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com> -Date: Tue, 30 Sep 2025 13:38:21 +0200 -Subject: [PATCH] fix: avoid associating with existing user when creating fails - -This behavior was introduced in 9f86059e9d8070bc5ecd7ba069fadab1c9bf502a -to workaround concurrency issues, but the only safe way to deal with -this is to restart the pipeline to make sure that all possible policies -apply. This is currently not possible, so let's fail with -AuthAlreadyAssociated and let user restart the authentication pipeline -manually. - ---- social_django/storage.py.orig 2025-02-13 13:06:56 UTC -+++ social_django/storage.py -@@ -5,6 +5,7 @@ from django.db.utils import IntegrityError - from django.core.exceptions import FieldDoesNotExist - from django.db import router, transaction - from django.db.utils import IntegrityError -+from social_core.exceptions import AuthAlreadyAssociated - from social_core.storage import ( - AssociationMixin, - BaseStorage, -@@ -75,26 +76,24 @@ class DjangoUserMixin(UserMixin): - cls.user_model()._meta.get_field("username") - except FieldDoesNotExist: - kwargs.pop("username") -+ -+ if hasattr(transaction, "atomic"): -+ # In Django versions that have an "atomic" transaction decorator / context -+ # manager, there's a transaction wrapped around this call. -+ # If the create fails below due to an IntegrityError, ensure that the transaction -+ # stays undamaged by wrapping the create in an atomic. -+ using = router.db_for_write(cls.user_model()) -+ - try: - if hasattr(transaction, "atomic"): -- # In Django versions that have an "atomic" transaction decorator / context -- # manager, there's a transaction wrapped around this call. -- # If the create fails below due to an IntegrityError, ensure that the transaction -- # stays undamaged by wrapping the create in an atomic. -- using = router.db_for_write(cls.user_model()) - with transaction.atomic(using=using): - user = cls.user_model()._default_manager.create_user(*args, **kwargs) - else: - user = cls.user_model()._default_manager.create_user(*args, **kwargs) -+ -+ return user - except IntegrityError as exc: -- # If email comes in as None it won't get found in the get -- if kwargs.get("email", True) is None: -- kwargs["email"] = "" -- try: -- user = cls.user_model()._default_manager.get(*args, **kwargs) -- except cls.user_model().DoesNotExist: -- raise exc -- return user -+ raise AuthAlreadyAssociated(None) from exc - - @classmethod - def get_user(cls, pk=None, **kwargs): ---- tests/test_models.py.orig 2025-02-13 13:06:56 UTC -+++ tests/test_models.py -@@ -5,6 +5,7 @@ from django.test import TestCase - from django.core.management import call_command - from django.db import IntegrityError - from django.test import TestCase -+from social_core.exceptions import AuthAlreadyAssociated - - from social_django.models import ( - AbstractUserSocialAuth, -@@ -101,17 +102,21 @@ class TestUserSocialAuth(TestCase): - self.assertEqual(UserSocialAuth.get_username(self.user), self.user.username) - - def test_create_user(self): -- # Catch integrity error and find existing user -- UserSocialAuth.create_user(username=self.user.username) -+ UserSocialAuth.create_user(username="testuser") - - def test_create_user_reraise(self): -- with self.assertRaises(IntegrityError): -+ with self.assertRaises(AuthAlreadyAssociated): - UserSocialAuth.create_user(username=self.user.username, email=None) - - @mock.patch("social_django.models.UserSocialAuth.username_field", return_value="email") -- @mock.patch("django.contrib.auth.models.UserManager.create_user", side_effect=IntegrityError) -+ @mock.patch("django.contrib.auth.models.UserManager.create_user", return_value="<User>") - def test_create_user_custom_username(self, *args): - UserSocialAuth.create_user(username=self.user.email) -+ -+ @mock.patch("django.contrib.auth.models.UserManager.create_user", side_effect=IntegrityError) -+ def test_create_user_existing(self, *args): -+ with self.assertRaises(AuthAlreadyAssociated): -+ UserSocialAuth.create_user(username=self.user.email) - - @mock.patch("social_django.storage.transaction", spec=[]) - def test_create_user_without_transaction_atomic(self, *args): diff --git a/www/py-social-auth-app-django/files/patch-pyproject.toml b/www/py-social-auth-app-django/files/patch-pyproject.toml new file mode 100644 index 000000000000..f868181c8ecd --- /dev/null +++ b/www/py-social-auth-app-django/files/patch-pyproject.toml @@ -0,0 +1,23 @@ +* Relax version requirements for py-setuptools and enable build for + older versions of it + +--- pyproject.toml.orig 2025-07-18 11:13:36 UTC ++++ pyproject.toml +@@ -1,6 +1,6 @@ build-backend = "setuptools.build_meta" + [build-system] + build-backend = "setuptools.build_meta" +-requires = ["setuptools>=78.0.2"] ++requires = ["setuptools"] + + [dependency-groups] + dev = [ +@@ -36,8 +36,7 @@ keywords = ["django", "oauth", "openid", "saml", "soci + ] + description = "Python Social Authentication, Django integration." + keywords = ["django", "oauth", "openid", "saml", "social auth"] +-license = "BSD-3-Clause" +-license-files = ["LICENSE"] ++license = { text="BSD-3-Clause" } + name = "social-auth-app-django" + readme = "README.md" + requires-python = ">=3.10"home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a1831de.42b7f.3eb4cd81>