Date: Thu, 24 Apr 2014 16:20:31 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r352014 - in branches/2014Q2: security/vuxml www/py-django www/py-django-devel www/py-django14 www/py-django15 Message-ID: <201404241620.s3OGKVux016139@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Thu Apr 24 16:20:30 2014 New Revision: 352014 URL: http://svnweb.freebsd.org/changeset/ports/352014 QAT: https://qat.redports.org/buildarchive/r352014/ Log: MFH: r351931 Document Django 2014-04-21 vulnerabilty MFH: r351932 - Update to 1.6.3 Security: 59e72db2-cae6-11e3-8420-00e0814cab4e MFH: r351933 - Update to 1.5.6 Security: 59e72db2-cae6-11e3-8420-00e0814cab4e MFH: r351934 - Update to 1.4.11 Security: 59e72db2-cae6-11e3-8420-00e0814cab4e MFH: r351935 - Update to 20140423 snapshot Security: 59e72db2-cae6-11e3-8420-00e0814cab4e MFH: r351938 Fix Django package names Submitted by: mat MFH: r351944 - Add missing distinfo [1] - Trim unneeded PYDISTUTILS_PKGNAME Notified by: swills [1] MFH: r352013 Add back pakcage ranges for people have ancient packages Notified by: mat Approved by: portmgr (mat) Deleted: branches/2014Q2/www/py-django-devel/pkg-plist branches/2014Q2/www/py-django14/pkg-plist branches/2014Q2/www/py-django15/pkg-plist Modified: branches/2014Q2/security/vuxml/vuln.xml branches/2014Q2/www/py-django-devel/Makefile branches/2014Q2/www/py-django-devel/distinfo branches/2014Q2/www/py-django/Makefile branches/2014Q2/www/py-django/distinfo branches/2014Q2/www/py-django14/Makefile branches/2014Q2/www/py-django14/distinfo branches/2014Q2/www/py-django15/Makefile branches/2014Q2/www/py-django15/distinfo Directory Properties: branches/2014Q2/ (props changed) Modified: branches/2014Q2/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q2/security/vuxml/vuln.xml Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/security/vuxml/vuln.xml Thu Apr 24 16:20:30 2014 (r352014) @@ -51,6 +51,86 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="59e72db2-cae6-11e3-8420-00e0814cab4e"> + <topic>django -- multiple vulnerabilities</topic> + <affects> + <package> + <name>py26-django</name> + <name>py27-django</name> + <name>py31-django</name> + <name>py32-django</name> + <name>py33-django</name> + <name>py34-django</name> + <range><ge>1.6</ge><lt>1.6.3</lt></range> + <range><ge>1.5</ge><lt>1.5.6</lt></range> + <range><ge>1.4</ge><lt>1.4.11</lt></range> + </package> + <package> + <name>py26-django15</name> + <name>py27-django15</name> + <name>py31-django15</name> + <name>py32-django15</name> + <name>py33-django15</name> + <name>py34-django15</name> + <range><ge>1.5</ge><lt>1.5.6</lt></range> + </package> + <package> + <name>py26-django14</name> + <name>py27-django14</name> + <name>py31-django14</name> + <name>py32-django14</name> + <name>py33-django14</name> + <name>py34-django14</name> + <range><ge>1.4</ge><lt>1.4.11</lt></range> + </package> + <package> + <name>py26-django15</name> + <name>py27-django15</name> + <name>py31-django15</name> + <name>py32-django15</name> + <name>py33-django15</name> + <name>py34-django15</name> + <range><ge>1.5</ge><lt>1.5.6</lt></range> + </package> + <package> + <name>py26-django14</name> + <name>py27-django14</name> + <name>py31-django14</name> + <name>py32-django14</name> + <name>py33-django14</name> + <name>py34-django14</name> + <range><ge>1.4</ge><lt>1.4.11</lt></range> + </package> + <package> + <name>py26-django-devel</name> + <name>py27-django-devel</name> + <range><lt>20140423,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Django project reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2014/apr/21/security/">; + <p>These releases address an unexpected code-execution issue, a + caching issue which can expose CSRF tokens and a MySQL typecasting + issue. While these issues present limited risk and may not affect + all Django users, we encourage all users to evaluate their own + risk and upgrade as soon as possible.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.djangoproject.com/weblog/2014/apr/21/security/</url>; + <cvename>CVE-2014-0472</cvename> + <cvename>CVE-2014-0473</cvename> + <cvename>CVE-2014-0474</cvename> + </references> + <dates> + <discovery>2014-04-21</discovery> + <entry>2014-04-23</entry> + <modified>2014-04-24</modified> + </dates> + </vuln> <vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978"> <topic>OpenSSL -- Multiple vulnerabilities - private data exposure</topic> <affects> Modified: branches/2014Q2/www/py-django-devel/Makefile ============================================================================== --- branches/2014Q2/www/py-django-devel/Makefile Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django-devel/Makefile Thu Apr 24 16:20:30 2014 (r352014) @@ -14,16 +14,14 @@ DIST_SUBDIR= python MAINTAINER= lwhsu@FreeBSD.org COMMENT= High-level Python Web framework -LICENSE= BSD +LICENSE= BSD3CLAUSE -SNAPSHOTDATE= 20131025 +SNAPSHOTDATE= 20140423 -USE_XZ= yes -USES= gettext +USES= gettext tar:xz USE_PYTHON= yes USE_PYDISTUTILS= yes -PYTHON_PY3K_PLIST_HACK= yes -PYDISTUTILS_PKGNAME= Django +PYDISTUTILS_AUTOPLIST= yes PYDISTUTILS_PKGVERSION= 1.7 CONFLICTS= py2[0-9]-django-[0-9]* @@ -38,6 +36,9 @@ OPTIONS_GROUP= DATABASE OPTIONS_GROUP_DATABASE= PGSQL MYSQL SQLITE HTMLDOCS_DESC= Install the HTML documentation (requires Sphinx) +PLIST_FILES= man/man1/django-admin.1.gz \ + man/man1/gather_profile_stats.1.gz + .include <bsd.port.options.mk> .if ${PORT_OPTIONS:MPGSQL} @@ -57,7 +58,7 @@ RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}flu .endif .if ${PORT_OPTIONS:MHTMLDOCS} -. if empty(PORT_OPTIONS:MDOCS) +. if ! ${PORT_OPTIONS:MDOCS} IGNORE= you cannot build documentation while setting NOPORTDOCS . endif BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}sphinx>0:${PORTSDIR}/textproc/py-sphinx Modified: branches/2014Q2/www/py-django-devel/distinfo ============================================================================== --- branches/2014Q2/www/py-django-devel/distinfo Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django-devel/distinfo Thu Apr 24 16:20:30 2014 (r352014) @@ -1,2 +1,2 @@ -SHA256 (python/Django-20131025.tar.xz) = 56393be35977e9f106f085bb4a0025da5c4a4de3908eb40b22aef45c29c74cbe -SIZE (python/Django-20131025.tar.xz) = 4618532 +SHA256 (python/Django-20140423.tar.xz) = d40b8d98cac40d40844c552953aa7a6d1faba10b21aebffd765684d54f85cc29 +SIZE (python/Django-20140423.tar.xz) = 4540492 Modified: branches/2014Q2/www/py-django/Makefile ============================================================================== --- branches/2014Q2/www/py-django/Makefile Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django/Makefile Thu Apr 24 16:20:30 2014 (r352014) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= django -PORTVERSION= 1.6.2 +PORTVERSION= 1.6.3 CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION}/ \ CHEESESHOP @@ -18,7 +18,6 @@ LICENSE= BSD3CLAUSE USE_PYTHON= yes USE_PYDISTUTILS= yes PYDISTUTILS_AUTOPLIST= yes -PYDISTUTILS_PKGNAME= Django CONFLICTS= py[23][0-9]-django-devel-[0-9]* py[23][0-9]-django-1.[0-57-9].* Modified: branches/2014Q2/www/py-django/distinfo ============================================================================== --- branches/2014Q2/www/py-django/distinfo Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django/distinfo Thu Apr 24 16:20:30 2014 (r352014) @@ -1,2 +1,2 @@ -SHA256 (python/Django-1.6.2.tar.gz) = d1b3f8460e936f47846e7c4f80af951eda82a41c253c3a51ff3389863ff1c03a -SIZE (python/Django-1.6.2.tar.gz) = 6615116 +SHA256 (python/Django-1.6.3.tar.gz) = 6d9d3c468f9a09470d00e85fe492ba35edfc72cee7fb65ad0281010eba58b8f1 +SIZE (python/Django-1.6.3.tar.gz) = 6628812 Modified: branches/2014Q2/www/py-django14/Makefile ============================================================================== --- branches/2014Q2/www/py-django14/Makefile Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django14/Makefile Thu Apr 24 16:20:30 2014 (r352014) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= django -PORTVERSION= 1.4.10 +PORTVERSION= 1.4.11 CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION:R}/ \ CHEESESHOP @@ -14,11 +14,11 @@ DIST_SUBDIR= python MAINTAINER= lwhsu@FreeBSD.org COMMENT= High-level Python Web framework -LICENSE= BSD +LICENSE= BSD3CLAUSE USE_PYTHON= 2 USE_PYDISTUTILS= yes -PYDISTUTILS_PKGNAME= Django +PYDISTUTILS_AUTOPLIST= yes CONFLICTS= py[23][0-9]-django-devel-[0-9]* py[23][0-9]-django-1.[0-35-9].* @@ -32,6 +32,10 @@ OPTIONS_GROUP= DATABASE OPTIONS_GROUP_DATABASE= PGSQL MYSQL SQLITE HTMLDOCS_DESC= Install the HTML documentation (requires Sphinx) +PLIST_FILES= man/man1/daily_cleanup.1.gz \ + man/man1/django-admin.1.gz \ + man/man1/gather_profile_stats.1.gz + .include <bsd.port.options.mk> .if ${PORT_OPTIONS:MPGSQL} Modified: branches/2014Q2/www/py-django14/distinfo ============================================================================== --- branches/2014Q2/www/py-django14/distinfo Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django14/distinfo Thu Apr 24 16:20:30 2014 (r352014) @@ -1,2 +1,2 @@ -SHA256 (python/Django-1.4.10.tar.gz) = 3d1f083c039fdab1400c32b5406a60891c9dd16f880999c4a53d054742ac29de -SIZE (python/Django-1.4.10.tar.gz) = 7745002 +SHA256 (python/Django-1.4.11.tar.gz) = 4819d8b37405b33f4f0d156f60918094d566249f52137c5e6e0dbaa12995c201 +SIZE (python/Django-1.4.11.tar.gz) = 7752172 Modified: branches/2014Q2/www/py-django15/Makefile ============================================================================== --- branches/2014Q2/www/py-django15/Makefile Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django15/Makefile Thu Apr 24 16:20:30 2014 (r352014) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= django -PORTVERSION= 1.5.5 -PORTREVISION= 2 +PORTVERSION= 1.5.6 CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION:R}/ \ CHEESESHOP @@ -15,12 +14,11 @@ DIST_SUBDIR= python MAINTAINER= lwhsu@FreeBSD.org COMMENT= High-level Python Web framework -LICENSE= BSD +LICENSE= BSD3CLAUSE USE_PYTHON= yes USE_PYDISTUTILS= yes -PYTHON_PY3K_PLIST_HACK= yes -PYDISTUTILS_PKGNAME= Django +PYDISTUTILS_AUTOPLIST= yes CONFLICTS= py[23][0-9]-django-devel-[0-9]* py[23][0-9]-django-1.[0-46-9].* @@ -34,6 +32,10 @@ OPTIONS_GROUP= DATABASE OPTIONS_GROUP_DATABASE= PGSQL MYSQL SQLITE HTMLDOCS_DESC= Install the HTML documentation (requires Sphinx) +PLIST_FILES= man/man1/daily_cleanup.1.gz \ + man/man1/django-admin.1.gz \ + man/man1/gather_profile_stats.1.gz + .include <bsd.port.options.mk> .if ${PORT_OPTIONS:MPGSQL} Modified: branches/2014Q2/www/py-django15/distinfo ============================================================================== --- branches/2014Q2/www/py-django15/distinfo Thu Apr 24 15:54:50 2014 (r352013) +++ branches/2014Q2/www/py-django15/distinfo Thu Apr 24 16:20:30 2014 (r352014) @@ -1,2 +1,2 @@ -SHA256 (python/Django-1.5.5.tar.gz) = 6ae69c1dfbfc9d0c44ae80e2fbe48e59bbbbb70e8df66ad2b7029bd39947d71d -SIZE (python/Django-1.5.5.tar.gz) = 8060441 +SHA256 (python/Django-1.5.6.tar.gz) = 9b7fcb99d20289189ec0f1e06d1d2bed3b4772e3a393fddbfb006ea7c3f9bfaf +SIZE (python/Django-1.5.6.tar.gz) = 8068359
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404241620.s3OGKVux016139>