Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

django: CVE-2019-3498 #54940

Merged
merged 2 commits into from
Jan 31, 2019
Merged

django: CVE-2019-3498 #54940

merged 2 commits into from
Jan 31, 2019

Conversation

dotlambda
Copy link
Member

@dotlambda dotlambda commented Jan 30, 2019

Motivation for this change

https://www.djangoproject.com/weblog/2019/jan/04/security-releases/

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

cc @georgewhewell

@dotlambda dotlambda added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Jan 30, 2019
@dotlambda dotlambda requested a review from FRidh as a code owner January 30, 2019 13:49
@dotlambda dotlambda requested a review from lsix January 30, 2019 13:54
@grahamc grahamc changed the title CVE-2019-3498 django: CVE-2019-3498 Jan 30, 2019
@dotlambda dotlambda mentioned this pull request Jan 30, 2019
10 tasks
Copy link
Member

@lsix lsix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. I have built locally the different versions, not tested them.

@dotlambda
Copy link
Member Author

Tested every dependency except sage (to which this change shouldn't make any difference) using nix-review. The reported failures (python27Packages.buildbot python27Packages.buildbot-full python27Packages.buildbot-plugins.console-view python27Packages.buildbot-plugins.grid-view python27Packages.buildbot-plugins.waterfall-view python27Packages.buildbot-plugins.wsgi-dashboards python27Packages.buildbot-ui python27Packages.django-sites python27Packages.django_evolution python27Packages.django_silk python37Packages.buildbot python37Packages.buildbot-full python37Packages.buildbot-plugins.console-view python37Packages.buildbot-plugins.grid-view python37Packages.buildbot-plugins.waterfall-view python37Packages.buildbot-plugins.wsgi-dashboards python37Packages.buildbot-ui python37Packages.django-sites python37Packages.django_silk python37Packages.djmail) are also present in the master branch. I can also confirm that sage.quicktest builds fine.

@dotlambda dotlambda merged commit c270798 into NixOS:master Jan 31, 2019
@dotlambda dotlambda deleted the CVE-2019-3498 branch March 21, 2019 09:32
@TredwellGit TredwellGit added 8.has: port to stable A PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. labels Aug 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants