python3-django: update to 6.0.4

Update package to 6.0.4.

Security fixes:
- CVE-2026-33033: DoS fix in MultiPartParser -- base64-encoded multipart
  uploads with excessive whitespace could cause repeated memory copying
- CVE-2026-3902: ASGI header spoofing fixed -- headers containing underscores
  are now ignored by ASGIRequest to prevent hyphen/underscore conflation
  attacks
- CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin -- add permissions
  on inline model instances were not validated against forged POST data
- CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable -- changelist
  forms incorrectly allowed new instances to be created via forged POST data
- CVE-2026-33034: DoS via ASGI memory upload limit bypass -- missing or
  understated Content-Length could bypass DATA_UPLOAD_MAX_MEMORY_SIZE

Bug fixes:
- alogin/alogout regression where request.user was not set/cleared if already
  materialized by sync middleware
- RelatedFieldWidgetWrapper regression incorrectly wrapping all widgets in a
  fieldset in admin forms

Signed-off-by: Alexandru Ardelean <redacted>

diff --git a/lang/python/django/Makefile b/lang/python/django/Makefile
index cf38ceee4ad2a6c2b119ac9add6cd0a2d7b2cfe1..316efeba441c42662181d850dbe531cb40457f11 100644 (file)
--- a/lang/python/django/Makefile
+++ b/lang/python/django/Makefile
@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=django
-PKG_VERSION:=6.0.3
+PKG_VERSION:=6.0.4
 PKG_RELEASE:=1
 
 PYPI_NAME:=django
-PKG_HASH:=90be765ee756af8a6cbd6693e56452404b5ad15294f4d5e40c0a55a0f4870fe1
+PKG_HASH:=8cfa2572b3f2768b2e84983cf3c4811877a01edb64e817986ec5d60751c113ac
 
 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>, Peter Stadler <peter.stadler@student.uibk.ac.at>
 PKG_LICENSE:=BSD-3-Clause