gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

python3Packages.django_4: 4.2.23 -> 4.2.24

Browse Source 
https://docs.djangoproject.com/en/4.2/releases/4.2.24/
https://www.djangoproject.com/weblog/2025/sep/03/security-releases/

Fixes: CVE-2025-57833
This commit is contained in:
Martin Weinelt
2025-09-03 23:01:42 +02:00
parent fa2f6adfe6
commit 4523b24a08
2 changed files with 2 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
pkgs/development/python-modules/django/3.13.6-html-parser.patch
View File

@@ -1,58 +0,0 @@
From e0a1e8d549e7be25960b8ad060c63def3dc35d1d Mon Sep 17 00:00:00 2001
From: Natalia <124304+nessita@users.noreply.github.com>
Date: Mon, 21 Jul 2025 15:23:32 -0300
Subject: [PATCH 1/2] Fixed test_utils.tests.HTMLEqualTests.test_parsing_errors
following Python's HTMLParser fixed parsing.
Further details about Python changes can be found in:
https://github.com/python/cpython/commit/0243f97cbadec8d985e63b1daec5d1cbc850cae3.
Thank you Clifford Gama for the thorough review!
---
tests/test_utils/tests.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test_utils/tests.py b/tests/test_utils/tests.py
index 37e87aa1022c..9c22b61b4ff2 100644
--- a/tests/test_utils/tests.py
+++ b/tests/test_utils/tests.py
@@ -962,7 +962,7 @@ def test_parsing_errors(self):
"('Unexpected end tag `div` (Line 1, Column 6)', (1, 6))"
)
with self.assertRaisesMessage(AssertionError, error_msg):
- self.assertHTMLEqual("< div></ div>", "<div></div>")
+ self.assertHTMLEqual("< div></div>", "<div></div>")
with self.assertRaises(HTMLParseError):
parse_html("</p>")
From e8afcf0e644553bcba3e5f931266963bffc46748 Mon Sep 17 00:00:00 2001
From: Natalia <124304+nessita@users.noreply.github.com>
Date: Mon, 14 Jul 2025 14:45:03 -0300
Subject: [PATCH 2/2] Fixed #36499 -- Adjusted
utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's
HTMLParser new behavior.
Python fixed a quadratic complexity processing for HTMLParser in:
https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41.
---
tests/utils_tests/test_html.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index 284f33aedcfb..51573b81eb9d 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -142,10 +142,10 @@ def test_strip_tags(self):
("&gotcha&#;<>", "&gotcha&#;<>"),
("<sc<!-- -->ript>test<<!-- -->/script>", "ript>test"),
("<script>alert()</script>&h", "alert()h"),
- ("><!" + ("&" * 16000) + "D", "><!" + ("&" * 16000) + "D"),
+ ("><!" + ("&" * 16000) + "D", ">"),
("X<<<<br>br>br>br>X", "XX"),
("<" * 50 + "a>" * 50, ""),
- (">" + "<a" * 500 + "a", ">" + "<a" * 500 + "a"),
+ (">" + "<a" * 500 + "a", ">"),
("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
("<" + "a" * 1_002, "<" + "a" * 1_002),
)

9
pkgs/development/python-modules/django/4.nix
View File

@@ -45,7 +45,7 @@
buildPythonPackage rec { buildPythonPackage rec {
pname = "django"; pname = "django";
version = "4.2.23"; version = "4.2.24";
format = "pyproject"; format = "pyproject";
disabled = pythonOlder "3.8"; disabled = pythonOlder "3.8";
@@ -54,7 +54,7 @@ buildPythonPackage rec {
owner = "django"; owner = "django";
repo = "django"; repo = "django";
rev = "refs/tags/${version}"; rev = "refs/tags/${version}";
hash = "sha256-h6VkMLg2XAVC0p+ItTs/2EqpYdZn9uNvv6ZwQHXP0bI="; hash = "sha256-zDPK30u2QFbHCqnlTMqF1w9iN2sPDphhyKU1u+Mp5ho=";
}; };
patches = [ patches = [
@@ -81,11 +81,6 @@ buildPythonPackage rec {
}) })
] ]
++ lib.optionals (pythonAtLeast "3.13") [
# https://code.djangoproject.com/ticket/36499
# https://github.com/django/django/pull/19639
./3.13.6-html-parser.patch
]
++ lib.optionals withGdal [ ++ lib.optionals withGdal [
(replaceVars ./django_4_set_geos_gdal_lib.patch { (replaceVars ./django_4_set_geos_gdal_lib.patch {
geos = geos; geos = geos;