nixpkgs/pkgs/development/python-modules/django/1_8.nix

{ stdenv
, buildPythonPackage
, fetchurl
}:

buildPythonPackage rec {
  name = "Django-${version}";
  version = "1.8.19";

  src = fetchurl {
    url = "http://www.djangoproject.com/m/releases/1.8/${name}.tar.gz";
    sha256 = "0iy0ni9j1rnx9b06ycgbg2dkrf3qid3y2jipk9x28cykz5f4mm1k";
  };

  # too complicated to setup
  doCheck = false;

  # patch only $out/bin to avoid problems with starter templates (see #3134)
  postFixup = ''
    wrapPythonProgramsIn $out/bin "$out $pythonPath"
  '';

  meta = with stdenv.lib; {
    description = "A high-level Python Web framework";
    homepage = https://www.djangoproject.com/;
    license = licenses.bsd0;
    knownVulnerabilities = [
      # The patches were not backported due to Django 1.8 having reached EOL
      https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
      https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
      https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
      https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
      https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
    ];
  };

}
pythonPackages.django_1_8: refactor move to python-modules 2018-10-16 18:32:27 +01:00			`{ stdenv`
			`, buildPythonPackage`
			`, fetchurl`
			`}:`

			`buildPythonPackage rec {`
			`name = "Django-${version}";`
python.pkgs.django_1_8: 1.8.18 -> 1.8.19 This fixes CVE-2018-7536 and CVE-2018-7537: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/ cc https://github.com/NixOS/nixpkgs/issues/52679 2018-12-24 10:10:30 +00:00			`version = "1.8.19";`
pythonPackages.django_1_8: refactor move to python-modules 2018-10-16 18:32:27 +01:00
			`src = fetchurl {`
			`url = "http://www.djangoproject.com/m/releases/1.8/${name}.tar.gz";`
python.pkgs.django_1_8: 1.8.18 -> 1.8.19 This fixes CVE-2018-7536 and CVE-2018-7537: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/ cc https://github.com/NixOS/nixpkgs/issues/52679 2018-12-24 10:10:30 +00:00			`sha256 = "0iy0ni9j1rnx9b06ycgbg2dkrf3qid3y2jipk9x28cykz5f4mm1k";`
pythonPackages.django_1_8: refactor move to python-modules 2018-10-16 18:32:27 +01:00			`};`

			`# too complicated to setup`
			`doCheck = false;`

			`# patch only $out/bin to avoid problems with starter templates (see #3134)`
			`postFixup = ''`
			`wrapPythonProgramsIn $out/bin "$out $pythonPath"`
			`'';`

			`meta = with stdenv.lib; {`
			`description = "A high-level Python Web framework";`
			`homepage = https://www.djangoproject.com/;`
			`license = licenses.bsd0;`
python.pkgs.django_1_8: mark as insecure (#54937) Since CVE-2018-14574 and CVE-2019-3498 affect 1.11, it is very likely they also apply to 1.8. However, Django 1.8 has reached EOL in April 2018 and the patches were not backported. 2019-01-30 22:57:50 +00:00			`knownVulnerabilities = [`
			`# The patches were not backported due to Django 1.8 having reached EOL`
			`https://www.djangoproject.com/weblog/2018/aug/01/security-releases/`
			`https://www.djangoproject.com/weblog/2019/jan/04/security-releases/`
python3Packages.django_1_8: add more known vulns I'm just assuming that these affect 1.8, since they affect every later version. 2019-07-04 01:05:22 +01:00			`https://www.djangoproject.com/weblog/2019/feb/11/security-releases/`
			`https://www.djangoproject.com/weblog/2019/jun/03/security-releases/`
			`https://www.djangoproject.com/weblog/2019/jul/01/security-releases/`
python.pkgs.django_1_8: mark as insecure (#54937) Since CVE-2018-14574 and CVE-2019-3498 affect 1.11, it is very likely they also apply to 1.8. However, Django 1.8 has reached EOL in April 2018 and the patches were not backported. 2019-01-30 22:57:50 +00:00			`];`
pythonPackages.django_1_8: refactor move to python-modules 2018-10-16 18:32:27 +01:00			`};`

			`}`