From 20a596158816099cd9a416e01438cd596164f7cf Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 3 Jul 2019 23:56:44 +0000 Subject: [PATCH 1/4] python3Packages.django: 1.11.21 -> 1.11.22 CVE-2019-12781 --- pkgs/development/python-modules/django/1_11.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/django/1_11.nix b/pkgs/development/python-modules/django/1_11.nix index e2db6bbfc6d4..30db075bcf38 100644 --- a/pkgs/development/python-modules/django/1_11.nix +++ b/pkgs/development/python-modules/django/1_11.nix @@ -5,11 +5,11 @@ buildPythonPackage rec { pname = "Django"; - version = "1.11.21"; + version = "1.11.22"; src = fetchurl { url = "https://www.djangoproject.com/m/releases/1.11/${pname}-${version}.tar.gz"; - sha256 = "0adhcw8sx2mgwk9y2j760y96pqbip1ni3sf2v2ls5zxc9x93wwms"; + sha256 = "0if8p7sgbvpy3m8d25pw1x232s14ndd60w5s5d88jl3hl505s3c3"; }; patches = stdenv.lib.optionals withGdal [ From 26b6cbad4b66796582f71252f8f0b4675f94511a Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 3 Jul 2019 23:57:23 +0000 Subject: [PATCH 2/4] python3Packages.django_2_1: 2.1.9 -> 2.1.10 CVE-2019-12781 --- pkgs/development/python-modules/django/2_1.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/django/2_1.nix b/pkgs/development/python-modules/django/2_1.nix index 9432a19b35fc..da14dd4bd9c0 100644 --- a/pkgs/development/python-modules/django/2_1.nix +++ b/pkgs/development/python-modules/django/2_1.nix @@ -6,13 +6,13 @@ buildPythonPackage rec { pname = "Django"; - version = "2.1.9"; + version = "2.1.10"; disabled = !isPy3k; src = fetchPypi { inherit pname version; - sha256 = "1nkqylj6hz7k45mvwch2y5cc06ncnzbxnzw2d7vbv10azzsdwljh"; + sha256 = "0n794x17x8q2jzjm12glb900y53r3bxg8dafvl65djiglm4abqk5"; }; patches = stdenv.lib.optionals withGdal [ From b37c76fa7fd5e83d2931e09a99154afa302260ae Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 3 Jul 2019 23:58:16 +0000 Subject: [PATCH 3/4] python3Packages.django_2_2: 2.2.2 -> 2.2.3 --- pkgs/development/python-modules/django/2_2.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/django/2_2.nix b/pkgs/development/python-modules/django/2_2.nix index d2d8682ade22..34b31bb35aba 100644 --- a/pkgs/development/python-modules/django/2_2.nix +++ b/pkgs/development/python-modules/django/2_2.nix @@ -6,13 +6,13 @@ buildPythonPackage rec { pname = "Django"; - version = "2.2.2"; + version = "2.2.3"; disabled = !isPy3k; src = fetchPypi { inherit pname version; - sha256 = "1xbqsa016szsqx6pnggrlxs81169hd8adzmdvp969007xg9k0gbm"; + sha256 = "1sn0a7yjipwxrplh1x4kr77a93xzik1inh07bxwaqaw94qdzc8sd"; }; patches = stdenv.lib.optional withGdal From 6bbeeb629e2be4d0099cb5c141adf09af3b86f11 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Thu, 4 Jul 2019 00:05:22 +0000 Subject: [PATCH 4/4] python3Packages.django_1_8: add more known vulns I'm just assuming that these affect 1.8, since they affect every later version. --- pkgs/development/python-modules/django/1_8.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/python-modules/django/1_8.nix b/pkgs/development/python-modules/django/1_8.nix index b6b51a07e9f6..a459e3c0e10b 100644 --- a/pkgs/development/python-modules/django/1_8.nix +++ b/pkgs/development/python-modules/django/1_8.nix @@ -28,6 +28,9 @@ buildPythonPackage rec { # The patches were not backported due to Django 1.8 having reached EOL https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ + https://www.djangoproject.com/weblog/2019/feb/11/security-releases/ + https://www.djangoproject.com/weblog/2019/jun/03/security-releases/ + https://www.djangoproject.com/weblog/2019/jul/01/security-releases/ ]; };