rebase migrations

This reverts commit 2851a54c55.

src/pretix/base/email.py

@@ -57,8 +57,6 @@ logger = logging.getLogger('pretix.base.email')
 
 T = TypeVar("T", bound=EmailBackend)
 
-_cgnat_net = ipaddress.ip_network('100.64.0.0/10')
-
 
 def test_custom_smtp_backend(backend: T, from_addr: str) -> None:
     try:
@@ -255,15 +253,12 @@ def create_connection(address, timeout=socket.getdefaulttimeout(),
 
         if not getattr(settings, "MAIL_CUSTOM_SMTP_ALLOW_PRIVATE_NETWORKS", False):
             ip_addr = ipaddress.ip_address(sa[0])
-            check_ip4 = ip_addr.ipv4_mapped if getattr(ip_addr, "ipv4_mapped", None) else ip_addr
             if ip_addr.is_multicast:
                 raise socket.error(f"Request to multicast address {sa[0]} blocked")
             if ip_addr.is_loopback or ip_addr.is_link_local:
                 raise socket.error(f"Request to local address {sa[0]} blocked")
             if ip_addr.is_private:
                 raise socket.error(f"Request to private address {sa[0]} blocked")
-            if check_ip4 in _cgnat_net:
-                raise socket.error(f"Request to RFC 6598 address {sa[0]} blocked")
 
         sock = None
         try:

src/pretix/base/migrations/0302_fixup_eventmetaproperties.py

@@ -0,0 +1,91 @@
+# Generated by Django 5.2.12 on 2026-04-28 11:34
+import logging
+
+from django.db import IntegrityError, migrations, transaction
+from django.db.models import Count, F
+
+logger = logging.getLogger(__name__)
+
+
+def fix_cross_organizer_eventmetavalues(apps, schema_editor):
+    EventMetaProperty = apps.get_model("pretixbase", "EventMetaProperty")
+    EventMetaValue = apps.get_model("pretixbase", "EventMetaValue")
+
+    cross_org_values = EventMetaValue.objects.filter(
+        event__organizer__pk__ne=F('property__organizer__pk')
+    ).order_by('event__organizer__slug', 'event__slug')
+    for emv in cross_org_values:
+        logger.warning("%s", f"Fixing cross-organizer EventMetaValue: {emv.event.organizer.slug}/{emv.event.slug}")
+        logger.warning("  %s", f"{emv.property.name}({emv.property.id}@{emv.property.organizer.slug}) = {repr(emv.value)}")
+        try:
+            emv.property = emv.event.organizer.meta_properties.get(name=emv.property.name)
+            if EventMetaValue.objects.filter(event=emv.event, property=emv.property).exists():
+                correct = EventMetaValue.objects.get(event=emv.event, property=emv.property)
+                if correct.value != emv.value:
+                    logger.warning("  %s", f"WARN: conflicting EventMetaValue with property in correct organizer already exists, deleting the cross-organizer one")
+                else:
+                    logger.warning("  %s", f"OK: same-value EventMetaValue with property in correct organizer already exists, deleting the cross-organizer one")
+                logger.warning("  %s", f"keeping: {correct.property.name}({correct.property.id}@{correct.property.organizer.slug}) = {repr(correct.value)}")
+                emv.delete()
+            else:
+                logger.warning("  %s", f"OK: found existing EventMetaProperty in {emv.event.organizer.slug}, updating reference")
+                logger.warning("  %s", f"after: {emv.property.name}({emv.property.id}@{emv.property.organizer.slug}) = {repr(emv.value)}")
+                emv.save(update_fields=["property"])
+        except EventMetaProperty.DoesNotExist:
+            meta_prop = emv.property
+            meta_prop.pk = None
+            meta_prop.organizer = emv.event.organizer
+            meta_prop.filter_public = False
+            meta_prop.save(force_insert=True)
+            logger.warning("  %s", f"WARN: found no matching EventMetaProperty, creating")
+            logger.warning("  %s", f"after: {emv.property.name}({emv.property.id}@{emv.property.organizer.slug}) = {repr(emv.value)}")
+            emv.save(update_fields=["property"])
+
+
+def make_eventmetaproperties_unique(apps, schema_editor):
+    EventMetaProperty = apps.get_model("pretixbase", "EventMetaProperty")
+    EventMetaValue = apps.get_model("pretixbase", "EventMetaValue")
+
+    duplicates = EventMetaProperty.objects.values('organizer', 'organizer__slug', 'name').annotate(count=Count('id')).filter(count__gt=1)
+    for dup in duplicates:
+        logger.warning("%s", f"Fixup duplicate property {dup['organizer__slug']} {dup['name']}")
+        props = list(EventMetaProperty.objects.filter(organizer=dup['organizer'], name=dup['name']))
+
+        target = props[0]
+        invalid = props[1:]
+
+        try:
+            with transaction.atomic():
+                affected = EventMetaValue.objects.filter(
+                    event__organizer=dup['organizer'], property__in=invalid
+                ).update(
+                    property=target
+                )
+                logger.warning("%s", f"  Switching {affected} value(s) over to {target.name}({target.id}@{target.organizer.slug})")
+
+        except IntegrityError as e:
+            logger.warning("%s", f"  Failed to switch all value(s) over to {target.name}({target.id}@{target.organizer.slug})")
+            logger.warning("%s", f"  {e}")
+            for prop in invalid:
+                newname = f'{prop.name}_DUPLICATE_{prop.id}'
+                logger.warning("%s", f"  Renaming {prop.name}({prop.id}@{prop.organizer.slug}) to {newname}({prop.id}@{prop.organizer.slug})")
+                prop.name = newname
+                prop.filter_public = False
+                prop.save()
+
+        else:
+            for prop in invalid:
+                logger.warning("%s", f"  Deleting {prop.name}({prop.id}@{prop.organizer.slug})")
+                prop.delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("pretixbase", "0301_reusablemedium_remove_orderposition"),
+    ]
+
+    operations = [
+        migrations.RunPython(fix_cross_organizer_eventmetavalues, migrations.RunPython.noop),
+        migrations.RunPython(make_eventmetaproperties_unique, migrations.RunPython.noop),
+    ]

src/pretix/base/migrations/0303_alter_eventmetaproperty_unique_together.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.2.12 on 2026-04-28 11:34
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("pretixbase", "0302_fixup_eventmetaproperties"),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name="eventmetaproperty",
+            unique_together={("organizer", "name")},
+        ),
+    ]

src/pretix/base/models/event.py

@@ -1847,6 +1847,7 @@ class EventMetaProperty(LoggedModel):
 
     class Meta:
         ordering = ("position", "name",)
+        unique_together = ('organizer', 'name')
 
     @property
     def choice_keys(self):

src/pretix/helpers/monkeypatching.py

@@ -151,14 +151,13 @@ def monkeypatch_urllib3_ssrf_protection():
 
             if not getattr(settings, "ALLOW_HTTP_TO_PRIVATE_NETWORKS", False):
                 ip_addr = ipaddress.ip_address(sa[0])
-                check_ip4 = ip_addr.ipv4_mapped if getattr(ip_addr, "ipv4_mapped", None) else ip_addr
                 if ip_addr.is_multicast:
                     raise HTTPError(f"Request to multicast address {sa[0]} blocked")
                 if ip_addr.is_loopback or ip_addr.is_link_local:
                     raise HTTPError(f"Request to local address {sa[0]} blocked")
                 if ip_addr.is_private:
                     raise HTTPError(f"Request to private address {sa[0]} blocked")
-                if check_ip4 in _cgnat_net:
+                if ip_addr in _cgnat_net:
                     raise HTTPError(f"Request to RFC 6598 address {sa[0]} blocked")
 
             sock = None

src/tests/base/test_mail.py

@@ -602,13 +602,10 @@ PRIVATE_IPS_RES = [
     [(socket.AF_INET, socket.SOCK_STREAM, 6, '', ('127.1.1.1', 443))],
     [(socket.AF_INET, socket.SOCK_STREAM, 6, '', ('192.168.5.3', 443))],
     [(socket.AF_INET, socket.SOCK_STREAM, 6, '', ('224.0.0.1', 443))],
-    [(socket.AF_INET, socket.SOCK_STREAM, 6, '', ('100.64.0.1', 443))],
-    [(socket.AF_INET, socket.SOCK_STREAM, 6, '', ('100.100.100.100', 443))],
     [(socket.AF_INET6, socket.SOCK_STREAM, 6, '', ('::1', 443, 0, 0))],
     [(socket.AF_INET6, socket.SOCK_STREAM, 6, '', ('fe80::1', 443, 0, 0))],
     [(socket.AF_INET6, socket.SOCK_STREAM, 6, '', ('ff00::1', 443, 0, 0))],
     [(socket.AF_INET6, socket.SOCK_STREAM, 6, '', ('fc00::1', 443, 0, 0))],
-    [(socket.AF_INET6, socket.SOCK_STREAM, 6, '', ('::ffff:100.64.0.1', 443, 0, 0))],
 ]
 
 

src/tests/helpers/test_urllib.py

@@ -43,8 +43,6 @@ def test_private_ip_blocked():
         requests.get("https://10.0.0.1", timeout=0.1)
     with pytest.raises(HTTPError, match="Request to RFC 6598 address.*"):
         requests.get("https://100.100.100.100", timeout=0.1)
-    with pytest.raises(HTTPError, match="Request to RFC 6598 address.*"):
-        requests.get("https://[::ffff:100.64.0.1]", timeout=0.1)
 
 
 @pytest.mark.django_db
@@ -60,7 +58,6 @@ def test_private_ip_blocked():
     [(AF_INET6, SOCK_STREAM, 6, '', ('fe80::1', 443, 0, 0))],
     [(AF_INET6, SOCK_STREAM, 6, '', ('ff00::1', 443, 0, 0))],
     [(AF_INET6, SOCK_STREAM, 6, '', ('fc00::1', 443, 0, 0))],
-    [(AF_INET6, SOCK_STREAM, 6, "", ("::ffff:100.64.0.1", 443, 0, 0))],
 ])
 def test_dns_resolving_to_local_blocked(res):
     with mock.patch('socket.getaddrinfo') as mock_addr: