XPost: linux.debian.bugs.dist
Hi,
Andreas Henriksson <
[email protected]> (2025-02-17):
[ Impact ]
djoser has a very low popcon, so impact should thus be low.
[ Tests ]
not covered by testsuite.
[ Risks ]
The patch cherry-picked from upstream is a revert to a previous state of
the code (before introducing the breakage which wasn't know to have
security implications).
The risks should thus be very low, since it's not "new" code.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
(except debian/gbp.conf branch name, which I think is changelog
clutter)
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
(via a new upstream release)
[ Changes ]
Revert validation code to previous working code with proper
auth validation.
I was curious to see apt install a new package and I had a quick look.
While debian/control received no modifications, the binary package is
getting new dependencies compared to the version in bookworm:
Before:
Depends: python3-django, python3-djangorestframework (>= 3), python3-asgiref, python3-coreapi, python3-social-django, python3:any
After:
Depends: python3-django, python3-djangorestframework (>= 3), python3-asgiref, python3-coreapi, python3-djangorestframework-simplejwt, python3-importlib-metadata | python3 (>> 3.8), python3-social-django, python3:any
For reference, debian/control has:
Depends:
python3-django,
python3-djangorestframework (>= 3),
${misc:Depends},
${python3:Depends},
and the extra dependencies flow through ${python3:Depends}:
python3:Depends=python3-asgiref, python3-coreapi, python3-djangorestframework-simplejwt, python3-importlib-metadata | python3 (>> 3.8), python3-social-django, python3:any
I thought that's curious enough to leave a note here, just in case
someone else wonders whether that's known and/or expected.
Cheers,
--
Cyril Brulebois (
[email protected]) <
https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmfCzWwACgkQ/5FK8MKz VSBZrQ//RL+nl/1w2XitisicLCOIUKyzhjweat+foDRpLj9Y4BFLGX6vr5oHzjf0 sYaTreLicncKnTmUmB4SRtzgTzHKTtG83rRsHoAYwQiav8qa391B3ElsB7A/3TsU /380OcH1i02ysJJ5wY9TEB57GgN2AFidtRlTB40hy+vEMyuSXXnHD2jT/Li9qgxF LSeGypBaawQic4oQagiCeVSrcbMUE+3tw+FAX8HM10P/6ESdpzJO7+XVEaTySf0z sGKGN1QImfgbpW3Bvt7p+0WbyhIrh99M1qvAJojaQlaLU0m900XwMjcUug95IOOm wZCL47H9oSxRkonHtdtZFMzsQ9D+OZO+e/OAv9LIjFUX7x1+dnxTGrllWWWTz7w3 WMuqRCSgJ98b29h4inwR604BcvtT679kS7s+62I59KvIRSQQ+qV73jmnsQ/ySZBL jUV5ld0ZmALkGRZfq6uTaEu3BllBby0ZkGOLxUvaCHRcifegOslXxZk8qcciAjNH rDI0iV0SK7MeTLlcmcX2UDOPnI5obM1B7qAC/+f6+lpvCUBKkST3+cRy92OZcxeb IeFoWXcG6WaGZY3sEbE8We3IP6PgsoWYx9oQQSBCITnUZEMIibSjunfxNWQvv8f7 mJMgHqN3K+lx/E4oHcLgjxnD+spnFL3de9ohIpfz28M4JZ6uteU=
=3lgU
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
*