In addition to ALLOWED_HOSTS, we now must have CSRF_TRUSTED_ORIGINS defined.
This variable requires the scheme (http:// or https://).
Like ALLOWED_HOSTS, CSRF_TRUSTED_ORIGINS is a list of strings, with one
entry for each host which is trusted for POST requests.
https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Wrap the is_pagination usage of bootstrap_pagination with comment/endcomment
to avoid incompatible module.
We will need to re-write the pagination code.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
https://raw.githubusercontent.com/mbi/django-simple-captcha/master/CHANGES
Version 0.5.20
--------------
* Still support Django 3.2 (#222, thanks @petrklus)
Version 0.5.19
--------------
* SECURITY ISSUE: reset the random seed after an image was generated (#221, thanks @ibuler)
Version 0.5.18
--------------
* Fix some typos in documentation (#210, thanks @stweil)
* Test against Django 4.2
* Stopped testing Django < 3.2
* BaseCaptchaTextInput should set autocomplete=off on the hashkey HiddenInput (#201, thanks @eerotal)
* Test against Django 4.2a
* Fix some deprecation warnings in Pillow 9.2+
* Removed old unused conditional imports
* Format code with pre-commit and black
Version 0.5.17
--------------
* English translation created from Spanish ones (#209, thanks @tpazderka)
Version 0.5.16
--------------
* Adds a migration missing from 0.5.15 (#208, thanks @atodorov)
Version 0.5.15
--------------
* Updated test matrix, drop tests against Python3.6, test against Python3.9
* Remove dependency on six
* Test against Django 4.0a1
* Test with Python 3.10 (Django 3.2 and Django 4.0)
* Remove warning for django 3.2 (#206, thanks @MiStErLu)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
zstd compression and decompression are significantly faster than gzip.
zstd is also "splittable" and is streaming/real-time friendly.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
The url returned by the reverse lookup ends in /submit/thanks/ but
the regex was improperly searching for a string without the terminating "/".
Thank you to Pawel Zalewski for reporting the 404 error.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
bump gitpython and pillow to version with fixes for these CVEs
pillow: CVE-2022-22817 CVE-2022-24303 CVE-2022-45198
gitpython: CVE-2022-24439
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Bitbake's api has been changed via:
afb8478d3 parse: Add support for addpylib conf file directive and BB_GLOBAL_PYMODULES
The conf file won't be parsed without baseconfig=True:
bb.parse.ParseError: ParseError at /path/to/oe-core/meta/conf/layer.conf:132: unparsed line: 'addpylib ${LAYERDIR}/lib oe'
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
ubuntu:jammy provides python 3.10.6 which supports current bitbake.
Dropped unneeded python2 packages.
Moved locale generation high to reduce error messages during image building.
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
The runcmd() would print an "ERROR" on failure which causes confusion since
the failure is expected on old branches, so subprocess.getstatusoutput to fix
the problem.
Minor rewording.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
The following commit has added on_delete=models.CASCADE to the ForeignKey:
===
commit 2d526f9b0d
Author: Amber Elliot <amber.n.elliot@intel.com>
Date: Thu Jun 25 15:57:34 2020 -0700
Updating models and imports for Django 2.2 upgrade.
===
The on_delete=models.CASCADE will remove the objects which reference the
removed objects, so there will be errors when removing a LayerBranch
with admin permissions:
===
Cannot delete layer branch
Deleting the selected layer branch would result in deleting related objects, but your account doesn't have permission to delete the following types of objects:
Append
distro
===
This is because has_delete_permission() always return False, remove it to use
Django's implementation to fix the problem.
Minor rewording.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
The commit 38e6288c7d has added oe-core to
BBLAYERS by default, and then there will be multiple BBFILE_COLLECTIONS which
causes update.py failure to update layers (most of the dependencies or
recommends are missing), use get_layer_var() to get BBFILE_COLLECTIONS to fix
the problem since it can ignore the extra oe-core from BBFILE_COLLECTIONS.
Fix minor typos. Minor rewording.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
The current version of django-simple-captcha requires libz and freetype
development libraries.
Refactor to apply. Fix typo. Fix previous mixed use of space vs tab.
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Many layers append BBFILE_COLLECTIONS and therefore have 'core <layer>'
During update.py, this means we are likely not handling the collection we
expect:
WARNING: /opt/workdir/git___git_openembedded_org_meta-openembedded/meta-oe: multiple collections found, handling first one (core) only
BBFILE_COLLECTIONS = "core"
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
ERROR: Variable BB_ENV_EXTRAWHITE has been renamed to BB_ENV_PASSTHROUGH_ADDITIONS
ERROR: Variable BB_ENV_EXTRAWHITE from the shell environment has been renamed to BB_ENV_PASSTHROUGH_ADDITIONS
ERROR: Exiting to allow enviroment variables to be corrected
Replace BB_ENV_EXTRAWHITE with new variable BB_ENV_PASSTHROUGH_ADDITIONS
In order to be backward compatible with older branches, we must first check
for the presence of the bitbake commit which implemented the variable name
change, using layerindex.utils.is_commit_ancestor().
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Add a helper function to check if a given SHA1 hash is an ancestor in
the currently checked out branch, using:
git merge-branch --is-ancestor <commit> HEAD
NOTE: This will not match commits which have been cherry-picked.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
We have some layers and especially older releases that still support
python2. Add python2 dependencies back to the container so that the
older releases still function.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
* Define LANGUAGE to quiet perl warnings
* Set DEBIAN_FRONTEND=noninteractive before apt call to quiet TERM/Dialog
warnings
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
This updated code-base should be compatible with
Django 3.1 and obviously 3.2 (but not 3.0 or earlier).
Django 3.2 requires Python 3.6+.
With the upgrade to Celery 5, it is safer to recommend
RabbitMQ 3.8.x, since that is what we are using.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
In celery 5, the --workdir argument must come
before the 'worker' subcommand.
Without this, celery cannot load the layerindex
module and this causes the celery container to
continually restart.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
New in Django 3.2
To quiet warnings, set DEFAULT_AUTO_FIELD to the
default value 'django.db.models.AutoField'
NOTE: The default value for newly created Django 3.2
projects is django.db.models.BigAutoField, but
this causes the need for a migration in 'captcha'.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Since we are on a "modern" version of Python in
Debian buster container (3.7) and a modern version
of Django (3.1.x) we should be able to run with
the latest of all dependencies.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
10.2 was based on Ubuntu bionic 18.04,
bumping to 10.3 as it is the first release
on Ubuntu focal 20.04
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
