[Python-modules-commits] r10021 - in packages/python-django/branches/lenny-backports/debian (5 files)

debacle at users.alioth.debian.org debacle at users.alioth.debian.org
Sun Oct 11 12:22:32 UTC 2009 

    Date: Sunday, October 11, 2009 @ 12:22:28
  Author: debacle
Revision: 10021

Prepare lenny backport of 1.1.1-1 (includes DoS fix).

Added:
  packages/python-django/branches/lenny-backports/debian/patches/01_disable_url_verify_regression_tests.diff
Modified:
  packages/python-django/branches/lenny-backports/debian/changelog
  packages/python-django/branches/lenny-backports/debian/control
  packages/python-django/branches/lenny-backports/debian/patches/series
  packages/python-django/branches/lenny-backports/debian/rules

Modified: packages/python-django/branches/lenny-backports/debian/changelog
===================================================================
--- packages/python-django/branches/lenny-backports/debian/changelog	2009-10-11 03:52:53 UTC (rev 10020)
+++ packages/python-django/branches/lenny-backports/debian/changelog	2009-10-11 12:22:28 UTC (rev 10021)
@@ -1,12 +1,21 @@
-python-django (1.1-4~bpo50+1) lenny-backports; urgency=low
+python-django (1.1.1-1~bpo50+1) lenny-backports; urgency=low
 
   * Rebuild for lenny-backports.
-  * Build-Depends on python-support and debhelper from lenny-backports,
-    Depends on python-support from lenny-backports, two lines change in
-    debian/rules to prevent Build-Depends on new python and debhelper.
+  * One line change in debian/rules to prevent Build-Depends on new python.
 
- -- W. Martin Borgert <debacle at debian.org>  Tue, 15 Sep 2009 22:33:08 +0000
+ -- W. Martin Borgert <debacle at debian.org>  Sun, 11 Oct 2009 11:34:21 +0000
 
+python-django (1.1.1-1) unstable; urgency=high
+
+  * New upstream security release - fixes pathological regular expression
+    backtracking performance in URL and email fields which can be used as part
+    of a denial of service attack.
+  * Set Maintainer: to myself with thanks to Brett Parker.
+  * Bump versioned build dependency on quilt to help backporters.
+    (Closes: #547955)
+
+ -- Chris Lamb <lamby at debian.org>  Sat, 10 Oct 2009 10:17:52 +0100
+
 python-django (1.1-4) unstable; urgency=low
 
   * Sourceful upload to drop dependency on Python 2.4.

Modified: packages/python-django/branches/lenny-backports/debian/control
===================================================================
--- packages/python-django/branches/lenny-backports/debian/control	2009-10-11 03:52:53 UTC (rev 10020)
+++ packages/python-django/branches/lenny-backports/debian/control	2009-10-11 12:22:28 UTC (rev 10021)
@@ -1,10 +1,10 @@
 Source: python-django
 Section: python
 Priority: optional
-Maintainer: Brett Parker <iDunno at sommitrealweird.co.uk>
-Uploaders: Raphael Hertzog <hertzog at debian.org>, Gustavo Noronha Silva <kov at debian.org>, David Spreen <netzwurm at debian.org>, Chris Lamb <lamby at debian.org>, Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
-Standards-Version: 3.8.2
-Build-Depends: debhelper (>= 7.0.50), python-support, quilt, python (>= 2.5) | python-sqlite
+Maintainer: Chris Lamb <lamby at debian.org>
+Uploaders: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>, Raphaël Hertzog <hertzog at debian.org>
+Standards-Version: 3.8.3
+Build-Depends: debhelper (>= 7.0.50), python-support, quilt (>= 0.46-7~), python (>= 2.5) | python-sqlite
 Build-Depends-Indep: python-sphinx, libjs-jquery
 Homepage: http://www.djangoproject.com/
 Vcs-Svn: svn://svn.debian.org/python-modules/packages/python-django/trunk/

Added: packages/python-django/branches/lenny-backports/debian/patches/01_disable_url_verify_regression_tests.diff
===================================================================
--- packages/python-django/branches/lenny-backports/debian/patches/01_disable_url_verify_regression_tests.diff	                        (rev 0)
+++ packages/python-django/branches/lenny-backports/debian/patches/01_disable_url_verify_regression_tests.diff	2009-10-11 12:22:28 UTC (rev 10021)
@@ -0,0 +1,41 @@
+Forwarded-Upstream: not needed
+Author: Krzysztof Klimonda <kklimonda at syntaxhighlighted.com>
+Comment:
+ Disable regression tests that require an internet connection.
+ .
+ This is a Debian specific patch.
+
+Index: python-django-1.1/tests/regressiontests/forms/fields.py
+===================================================================
+--- python-django-1.1.orig/tests/regressiontests/forms/fields.py	2009-08-15 21:03:21.248330080 +0200
++++ python-django-1.1/tests/regressiontests/forms/fields.py	2009-08-15 21:03:45.709392050 +0200
+@@ -977,29 +977,6 @@
+ ...
+ ValidationError: [u'Enter a valid URL.']
+ 
+-URLField takes an optional verify_exists parameter, which is False by default.
+-This verifies that the URL is live on the Internet and doesn't return a 404 or 500:
+->>> f = URLField(verify_exists=True)
+->>> f.clean('http://www.google.com') # This will fail if there's no Internet connection
+-u'http://www.google.com/'
+->>> f.clean('http://example')
+-Traceback (most recent call last):
+-...
+-ValidationError: [u'Enter a valid URL.']
+->>> f.clean('http://www.broken.djangoproject.com') # bad domain
+-Traceback (most recent call last):
+-...
+-ValidationError: [u'This URL appears to be a broken link.']
+->>> f.clean('http://google.com/we-love-microsoft.html') # good domain, bad page
+-Traceback (most recent call last):
+-...
+-ValidationError: [u'This URL appears to be a broken link.']
+->>> f = URLField(verify_exists=True, required=False)
+->>> f.clean('')
+-u''
+->>> f.clean('http://www.google.com') # This will fail if there's no Internet connection
+-u'http://www.google.com/'
+-
+ URLField also access min_length and max_length parameters, for convenience.
+ >>> f = URLField(min_length=15, max_length=20)
+ >>> f.clean('http://f.com')

Modified: packages/python-django/branches/lenny-backports/debian/patches/series
===================================================================
--- packages/python-django/branches/lenny-backports/debian/patches/series	2009-10-11 03:52:53 UTC (rev 10020)
+++ packages/python-django/branches/lenny-backports/debian/patches/series	2009-10-11 12:22:28 UTC (rev 10021)
@@ -1,2 +1,3 @@
+01_disable_url_verify_regression_tests.diff
 03_manpage.diff
 04_hyphen-manpage.diff

Modified: packages/python-django/branches/lenny-backports/debian/rules
===================================================================
--- packages/python-django/branches/lenny-backports/debian/rules	2009-10-11 03:52:53 UTC (rev 10020)
+++ packages/python-django/branches/lenny-backports/debian/rules	2009-10-11 12:22:28 UTC (rev 10021)
@@ -6,7 +6,7 @@
 DJANGO_DIR = $(PREFIX)/$(call py_libdir_sh,`pyversions -d`)/django
 
 %:
-	dh $@
+	dh --with quilt $@
 
 override_dh_auto_clean:
 	rm -rf docs.debian testproject

More information about the Python-modules-commits mailing list