buildroot/package/python-django, branch 2016.02

Remove trailing slash from all package site URLs

2015-03-10T19:40:08+00:00

The recommended form is without the trailing slash. Buildroot will add a slash between FOO_SITE and FOO_SOURCE as appropriate. Reported-by: Arnout Vandecappelle Signed-off-by: Luca Ceresoli Signed-off-by: Peter Korsgaard

python-django: security bump to version 1.7.3

2015-01-14T18:26:12+00:00

Fixes: CVE-2015-0219 - incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. CVE-2015-0220 - incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2015-0221 - incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. CVE-2015-0222 - incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

python-django: be more specific about the license

2015-01-04T21:08:44+00:00

The license is really a 3 clauses BSD license, so let's specify this in python-django.mk. Signed-off-by: Thomas Petazzoni

python-django: new package

2015-01-04T21:04:35+00:00

[Thomas: - Bump to Django 1.7.2, the latest available version; - Support Python 3 in addition to Python 2. - Use a download location from pypi.python.org since the download location from djangoproject.com didn't work as is and is impractical to use with Buildroot: the full URL of the tarball is https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does not end with the tarball file name.] Signed-off-by: oli vogt Signed-off-by: Thomas Petazzoni