Sync from SUSE:SLFO:Main python-Django revision fb4dfe21e6fe0c7578e7172d216dfe99

2024-05-03 19:45:59 +02:00 · 2024-05-03 19:45:59 +02:00 · e1462fda93
commit e1462fda93
9 changed files with 3172 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/CVE-2024-27351.patch
+++ b/CVE-2024-27351.patch
@ -0,0 +1,121 @@
+From 2d173757922183f7e9b79d31fd4ccd9086cc6ce2 Mon Sep 17 00:00:00 2001
+From: Shai Berger <shai@platonix.com>
+Date: Mon, 19 Feb 2024 13:56:37 +0100
+Subject: [PATCH] [4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in
+ Truncator.words().
+
+Thanks Seokchan Yoon for the report.
+
+Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+---
+ django/utils/text.py           | 57 ++++++++++++++++++++++++++++++++--
+ docs/releases/3.2.25.txt       |  8 +++++
+ docs/releases/4.2.11.txt       |  8 +++++
+ tests/utils_tests/test_text.py | 26 ++++++++++++++++
+ 4 files changed, 97 insertions(+), 2 deletions(-)
+
+Index: Django-4.2.6/django/utils/text.py
+===================================================================
+--- Django-4.2.6.orig/django/utils/text.py
+++ Django-4.2.6/django/utils/text.py
+@@ -23,8 +23,61 @@ def capfirst(x):
+     return x[0].upper() + x[1:]
+ 
+ 
+-# Set up regular expressions
+-re_words = _lazy_re_compile(r"<[^>]+?>|([^<>\s]+)", re.S)
+# ----- Begin security-related performance workaround -----
+
+# We used to have, below
+#
+# re_words = _lazy_re_compile(r"<[^>]+?>|([^<>\s]+)", re.S)
+#
+# But it was shown that this regex, in the way we use it here, has some
+# catastrophic edge-case performance features. Namely, when it is applied to
+# text with only open brackets "<<<...". The class below provides the services
+# and correct answers for the use cases, but in these edge cases does it much
+# faster.
+re_notag = _lazy_re_compile(r"([^<>\s]+)", re.S)
+re_prt = _lazy_re_compile(r"<|([^<>\s]+)", re.S)
+
+
+class WordsRegex:
+    @staticmethod
+    def search(text, pos):
+        # Look for "<" or a non-tag word.
+        partial = re_prt.search(text, pos)
+        if partial is None or partial[1] is not None:
+            return partial
+
+        # "<" was found, look for a closing ">".
+        end = text.find(">", partial.end(0))
+        if end < 0:
+            # ">" cannot be found, look for a word.
+            return re_notag.search(text, pos + 1)
+        else:
+            # "<" followed by a ">" was found -- fake a match.
+            end += 1
+            return FakeMatch(text[partial.start(0) : end], end)
+
+
+class FakeMatch:
+    __slots__ = ["_text", "_end"]
+
+    def end(self, group=0):
+        assert group == 0, "This specific object takes only group=0"
+        return self._end
+
+    def __getitem__(self, group):
+        if group == 1:
+            return None
+        assert group == 0, "This specific object takes only group in {0,1}"
+        return self._text
+
+    def __init__(self, text, end):
+        self._text, self._end = text, end
+
+
+# ----- End security-related performance workaround -----
+
+# Set up regular expressions.
+re_words = WordsRegex
+ re_chars = _lazy_re_compile(r"<[^>]+?>|(.)", re.S)
+ re_tag = _lazy_re_compile(r"<(/)?(\S+?)(?:(\s*/)|\s.*?)?>", re.S)
+ re_newlines = _lazy_re_compile(r"\r\n|\r")  # Used in normalize_newlines
+Index: Django-4.2.6/tests/utils_tests/test_text.py
+===================================================================
+--- Django-4.2.6.orig/tests/utils_tests/test_text.py
+++ Django-4.2.6/tests/utils_tests/test_text.py
+@@ -183,6 +183,32 @@ class TestUtilsText(SimpleTestCase):
+         truncator = text.Truncator("<p>I &lt;3 python, what about you?</p>")
+         self.assertEqual("<p>I &lt;3 python,…</p>", truncator.words(3, html=True))
+ 
+        # Only open brackets.
+        test = "<" * 60_000
+        truncator = text.Truncator(test)
+        self.assertEqual(truncator.words(1, html=True), test)
+
+        # Tags with special chars in attrs.
+        truncator = text.Truncator(
+            """<i style="margin: 5%; font: *;">Hello, my dear lady!</i>"""
+        )
+        self.assertEqual(
+            """<i style="margin: 5%; font: *;">Hello, my dear…</i>""",
+            truncator.words(3, html=True),
+        )
+
+        # Tags with special non-latin chars in attrs.
+        truncator = text.Truncator("""<p data-x="א">Hello, my dear lady!</p>""")
+        self.assertEqual(
+            """<p data-x="א">Hello, my dear…</p>""",
+            truncator.words(3, html=True),
+        )
+
+        # Misplaced brackets.
+        truncator = text.Truncator("hello >< world")
+        self.assertEqual(truncator.words(1, html=True), "hello…")
+        self.assertEqual(truncator.words(2, html=True), "hello >< world")
+
+     @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
+     def test_truncate_words_html_size_limit(self):
+         max_len = text.Truncator.MAX_LENGTH_HTML
--- a/Django-4.2.6.checksum.txt
+++ b/Django-4.2.6.checksum.txt
@ -0,0 +1,67 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 4.2.6, released October 4, 2023.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``2EE82A8D9470983E`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
+
+or via the GitHub API:
+
+    curl https://github.com/nessita.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-4.2.6.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.6-py3-none-any.whl
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.6.tar.gz
+
+MD5 checksums
+=============
+
+db83d48600d6afff838e53f42f9ebebb  Django-4.2.6-py3-none-any.whl
+ad84c2b9bbebaa26427a2a656fe5ceea  Django-4.2.6.tar.gz
+
+SHA1 checksums
+==============
+
+36650eb323bd34afbe47936bd3e7bf62ed4d929c  Django-4.2.6-py3-none-any.whl
+6e912eeabd1df0b652e0da44cd3a556a496a1811  Django-4.2.6.tar.gz
+
+SHA256 checksums
+================
+
+a64d2487cdb00ad7461434320ccc38e60af9c404773a2f95ab0093b4453a3215  Django-4.2.6-py3-none-any.whl
+08f41f468b63335aea0d904c5729e0250300f6a1907bf293a65499496cdbc68f  Django-4.2.6.tar.gz
+-----BEGIN PGP SIGNATURE-----
+
+iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmUdYL4oHDEyNDMwNCtu
+ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPsQzEACE
+1e0nWDjh2RkV0nLraeEOd8DkyeCAMhFsiWGVkNY7chpeoXnF0YksHg9z2MiTDDJ9
+12EyYLFZPMCzqt3gO1/4iWYu/zx7Pb8gPTeg5NTLUnezZt4QT6FSv3fY7ByubqXQ
+lUp0jJJd8B3uc5zdZNLyg9OGBOHG7lqv7Eg7H3YUwXFo7VOkerLLgASTScE22Guo
+jyQYlnnLtse70l/MTTdmJYwJxbNM7LP4RXSovHV34nL2HCI5vDWyNlOgVeU+MT9F
+AQCW8Lb0H+GvrhL6Hc1D8xQl7OOvpo/5/53J1i/M2Ml60qeYbjWkqEByPI5d/9oS
+oHMzZcbnhlWcePy7zEYfyzQ0qFv3m/qIIf2rcd3mnrusMScWGsCFSSjqWLdoT2eO
+Cvz5Q+FGH8g2ce+DyfEDjDTzceReNL81lArmSPqntByYfp8COUuqBwe5PZ7T0yx7
+w2LWWICVmCfjKgQ12Rk7ElxcliIILFgETJVuPtjx6SrkDEzNDpiTVQH2E9LXZYsV
+5Qd7QEfTh0oEBBTPxHtSskTnfP/mJWAk62uLWYEcbmHTTcw4wQdnncwJS01tG+BD
+sd4iY0UeL4cof3sxkwGkvC6Sr0H5fgYCJs4AgAmcWBCzwFvtUp/J3+/WEr9wExBH
+/Fveza/vFJifyN1FwiemueuOqG/tvy1XJL6jCRH3gQ==
+=cttz
+-----END PGP SIGNATURE-----
--- a/Django-4.2.6.tar.gz
+++ b/Django-4.2.6.tar.gz
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+addFilter("file-not-in-%lang")
+# Empty model.py files should be kept around:
+addFilter("zero-length")
+# Bash completion isn't config:
+# addFilter("non-conffile-in-etc /etc/bash_completion.d/django_bash_completion*")
--- a/python-Django.changes
+++ b/python-Django.changes
--- a/python-Django.keyring
+++ b/python-Django.keyring
@ -0,0 +1,90 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGiBErcoVkRBACt1HBsLQQ9HeRHrqMbYfWEW3d0KoWzjKU9ZW59oq8ceVCYfhyT
+ZKxyLobyed+NhL3SJCE5e4hs5UfyBdS4c8I97MFDKCA5TBu3pMnYGxWje3fSwP6o
+RGcP8Ji4/tISclyGrkMruDNzpT93R8H/SixPGFcH7kCp4xQxPBc0esdU4wCg1azF
+kUuFijNryusT+i58hVE3dMkD/iAfCh4bcLyZ8aygLZxg3bn3YauJASEjuqVXUgTB
+diBdhXnldq0xs2IwQJY1paAajXf5FsjlTVQrQWMtTQ5qWKpQr0lAanufnEDNu6GW
+orWBzLaSWQWEkcRALmZS6MBkmVCx/JiIvt0sUxrG4boQ6qYlQYZsaHaAMUZT997v
+1ktqA/4kPUfV2gqJuVzWwbhrKhAyhSivmhhe+1lUFa7phRmoMNw7/jXi9OV1lmL2
+ty+0LkeCXUChrXarey4AnPI58aR0xshiAxGEI2jPi+vWkgGblOG3TBoZBH5jV+d2
+/5mmlCs/KkJkdsN+LXR3m5o/oFs7MgGD8pxa1jwK9xcu1xKIqrQyTmF0YWxpYSBC
+aWRhcnQgKG5lc3NpdGEpIDxuYXRhbGlhYmlkYXJ0QGdtYWlsLmNvbT6IYgQTEQIA
+IgUCTG1snwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQrlwdYDo57Zf7
+lQCeIHmWQQek0zboTqMuy60phrUIzowAn0ONlnzzL0oWiNUpbY8nDsernILWiGAE
+ExECACAFAkrcoVkCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCuXB1gOjnt
+l5FdAKCSLwUJNZXs3WXqKabi2adRcdqZ8gCeLgbbqJ2Dqqaeb3tXK6zWC7ZO9CK0
+NE5hdGFsaWEgQmlkYXJ0IChuZXNzaXRhKSA8bmF0YWxpYS5iaWRhcnRAdWJ1bnR1
+LmNvbT6IZQQTEQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAk8oONcC
+GQEACgkQrlwdYDo57ZejrgCdFyBg4VipDYmoQ5eOpXe4Vegiwl4AoK00YytEeMvO
+EFqZY+qVvqaV3It6iGIEExECACIFAkvrLFwCGwMGCwkIBwMCBhUIAgkKCwQWAgMB
+Ah4BAheAAAoJEK5cHWA6Oe2XD+QAoK02osWaLzROXg54drLpJMNLs/DGAJ9XlSak
+dQv6uX5QFT1QZCp/WwozIrQzTmF0YWxpYSBCaWRhcnQgKG5lc3NpdGEpIDxuYXRh
+bGlhLmJpZGFydEBnbWFpbC5jb20+iGIEExECACIFAkvrLBMCGwMGCwkIBwMCBhUI
+AgkKCwQWAgMBAh4BAheAAAoJEK5cHWA6Oe2XrQoAoIpzDPsuwhwuVcelVh3F8q3w
+qhk2AKCj6rF6x+kzUwtT6lM8wkUj4x+CgLQ3TmF0YWxpYSBCaWRhcnQgKG5lc3Np
+dGEpIDxuYXRhbGlhLmJpZGFydEBjYW5vbmljYWwuY29tPohgBBMRAgAgBQJK3gu6
+AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQrlwdYDo57ZfaNgCfXhjx28H4
+WQ8CjWsdyJU2Kmh44qoAn0zp3TeEFuSPCEBZ0jAR4dwuSrpguQINBErcoVkQCACX
+mxZ+acE5irfOe09OclJ+vKxqrnaEpveyLJZzKiWz5GlZLV3gPEMs3Pu0tGtTjadG
+CRck2xIYArDz1aPwvM4dHswIy3TyzoSTgW1ybz5TXzkxWDcdwukYm1gKlWMb8JQW
+v76KtoiNuY/EIUAaO9M7ZyUPSWunh5CK+ttYKs+KrD8wt8Te7PdsrstUMP2uplOt
+I0zKK8P+gcCNZQTZh71Z8WAhZF/tn9LpkE9p0Au3pVEVk7Z8492TO4DySFhBNVEM
+IY9KVNiZoEMAaiRUFgG3gPj3MD4wDyaiWp+5b8XQylXcfWsPx3nujLJNUiaJlV4u
+Wjv0ZgwMHHLgORAlOJ2rAAMFB/94QWkhOmIzzx0iCob4fILZ2lqTt1fAAbaQxyq/
+LIaI6iSHqebEVVR9OUVTzqNtc0yDifxsbDZXEHmU2qx+aARoYmonxNmNoUS/U6Io
+2iPgP1Jwt13dbd284xlgDTx8QO/TjX9lFyvt7AEHIrcHaomwVS0Il7wIfzG24kqX
+j17VhD2j/2V6uA7ADAh8u0WFO93i30qNSCaCRphCU4K7gLdHLIp8TsGLdx/gf2mB
+5SyhNOkHwEx80kSiFt+H5fER7XQep/w51XybqAt7SsWaIjYLsyMYXyiVdQChwzBd
+vusRKv9qjg9eiyHI6aOw6foOUFlpfMx1oeknFDJrjJ3PKUPyiEkEGBECAAkFAkrc
+oVkCGwwACgkQrlwdYDo57ZffZACfS9pUk1P5poP86jh8K2K6jpjU0y0AoNQ4ejtn
+mpJC4x7FruZyi1wVdkMxmQINBGQu6XIBEADAnmu8HNENZh7UTuu5GfTeFhpmyj5K
+yz//txfrm0/b6uTW5TXPgLjuvMzGG8PtaZHRIgZ0gzA+x7T5zKMTaoKs3EvgR5D3
+Y9NjteUWpf8FjvPhN01HZfaZ7yChwHwKobW0JYinNpBh0Cz51unGdLIDtELMaEFO
+D8qdcpe63qG111S4G+4hcJUkXt4ALBpSnY9GOhlYQDn+ZDRGk1M9rjeMo+QsIJns
+UZRlvBroJyg0toUXclw5QXFGp1+mrjOzKqdD0DmSN7LWlU0yCJB8H5bWZTiPAPOE
+SW1Kb3kEW+Qy8YkcH7SkQ7N72wsuIwKJNiddMLZnXeR0Lcvt0t7ftUfs44VEZSwm
+V0I7lyZZWr+Pei8nGaLxxCI4OtASXcQ+VVKF/HoR/necD1QmqmuCeiMLmYT5jEPZ
+oovOri5onkWIQfjfWeUVErxNi9Uz18mi9P7PfAWOzNCmdkuVqsPtpymyDcKYYh9u
+D/CTH9w1B69CRjld6NOfal05fIrfKuVgPvmQnPeCn+KgTBwv8T+mgGVjkBlDGpYy
+6Y24s13R6WoawJnjIEjA/Q5QOSDXYtpgF8D3cMW+LUlD9lu2A6OO64H33rInIaut
+8IFgKcTf3pXbzh1J6Zs+fcjOryitM7t4Fo1ClJ+DSn4yoUHxP2UEZL6LL0DF6LrE
+kJjKxwRp20lPwwARAQABtDFOYXRhbGlhIDwxMjQzMDQrbmVzc2l0YUB1c2Vycy5u
+b3JlcGx5LmdpdGh1Yi5jb20+iQJOBBMBCAA4FiEEW1sboQ2FrHxcduOPLugqjZRw
+mD4FAmQu6XICGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQLugqjZRwmD56
+rQ//UvzX9/4Eo3HPBMDEIwExjmYGyTqiQQm2KW9Z4U0zQVdeLVF8ZOdaIKn1RBUw
+M02RJWI2HjovdLN3LbXpTtQtamSvvU6fv7vy5zLBJdVL9eKXXG+3MPCWDHOqwp/u
+L/4lq0pUy5ejb4AnIQw1RIQiz6/pprDzgF0celWLhL3krxEqts76X1Jv9wCIYMXV
+3reCBqpcfIqWQETLP/NdPVcOIRv0al1qcBw2hUOvEyx72n+17Hb30rFQp+35BaZZ
+IjnL3H6pATgjk52EiDdRkyWL9CFrbJ/wkbAvEO29GcUPg1+bT6UZq8LKXyDs/WSL
+UkxQ/6w8DzicBiFj/oT7GSMr8KfO4YUMzh/kAFA4v8Q+a53Dq1Icbk9LqkWpu1pA
+Hopw3lpGdADuC0z/iYO/U04uUSN5YGyUUOgk5w+CkV8NuL/g2yniNf9AXrbt4ByI
+V7cqBt9qdS6z6leuW1M8yrPhX1IcKKqj25sPKAgzp3A6Bt7orr1NZGOVJ4alR4ff
+pYvq+wfmIPKf0AbzHGOkYjF4BMvkLRchhi28q+qX5cCuMr+aoqKUtJ2IFiXsvbFN
+k0aYWUr5y5qSJoAVf0GMkByQW6+F6bXRRdCpS/JX5JA8qrYp+oV8VhveOOslHVqj
+ILAlkMMXoTx6G79DdvQ87fdb4+aIQ96U4T8B6zMxazvmU1i5Ag0EZC7pcgEQAL9n
+X/eaWY+v4GgeGjRIWmmrjMBYyeeyJIyL9Mk3iyH/gIOnTDmlX+njjyvyWKfMYIl1
+HmMtzlF3OgsuLeekwbDrXA8xvslp1xmiKLOamPvXwPG/XqkJrYtzVUDEFCtRpEJ0
+c38d+P8WEMjbviyIwJ9PxLllamEK61dRtj1NCMc/Ix4+b54UHxi44Jz1bqQxfgjj
+u2o8sPnyZio+DRFWVE3Eocp0rdZ3rlKjUsBXKEElTuIScoKjGwKwaMfxoBgwRhzx
+oESwk8CqlH7WzNookx1M1/JjKYdrwln2aNuChtlKLRmUqT7qqTNtett2vy73VM3b
+zfXdor94S3q+YtMEvNbo9QCzn6La7HOx+PMm8XM2d9aC7Hz4FBK0xIQB+HLZEIhP
+7KQ7GJ2Xn3LStyoO5K64uqi2X2YjsYUcPzvI3uUK+gtH3H1SSIazh7UAUbcEuo7N
+K8vF9Vtqp6S2qkjoeV6Dnvy+6735b1WIBZieAmbKaz74IW1IP0lZn3pXeRFo2Wjq
+Ojf8zkNacf61exysAkGU2fubsXSZxuxc8DVXKbkpK69tXDSOUmSKTBPVzzmIM79S
+yYH1MMRZqQ52Y471qiEZxEPasJXIEVcWbdJxEC/eEiuptPAtojRQH6kJ/AF3Z9Xd
+eBaxyuMQ249jqTYwjCehfumTbhP5VhO3QOxs31G/ABEBAAGJAjYEGAEIACAWIQRb
+WxuhDYWsfFx2448u6CqNlHCYPgUCZC7pcgIbDAAKCRAu6CqNlHCYPhz3EACx3Hqf
+KUMeqUTVOiDyHguBr1FrhMtU5m/nkjdbLWlBHOGHkM4RNDNQTPyQb/C8vcuHYv5l
+DPFrzOawdjTyFCuo6f0TMIx38Bbjxo9C8XTnvKbUpyTEQ3dJm67ppF4n6cui+0IC
+UefzPkkCbdIPzt2pYopMDB4Hv4Yv6hqeq987Iz1erh7dQe1TDTxIv9PXLYZT60Ro
+K0+g+caU9LwVjYiLoeCM1Zhndy6fDV5mu3ctEzcqr/YVH9kDZAuF0O1SX9y42neJ
+7hictnE0KrRymVL5d9pp2WKtPny+itSax/a///Q43m1gA9KFuKHtOuGUpYzf76FS
+Ld0cC4xjDpPcVTGc8To4+CjNTIrjzbBYa3JU/3J2kwyEw/k1EucRb/RFPbklUSph
+Kmd2ewcDLUvcasTwoR/0uplA8gAuV1x7wPBgAW7kmpjiQevl1KLj08HA/jTdfrdx
+Yd1GGiNjBmHGu9C8YZ/7fJU50dhv4jWF4dw8OyXtAI4wk5aoJHsJ5iGIMVOVzNLe
+mF4yM4XSBBno1mWgaSb42LInsYv/ti1VrOrBVzmAYAoUTZL0tfEXeyzHEmWGWVHe
+SQMBvCqUmh/EcQDzPtkqjQQ1LyE5s2fyt5u+jE9JdK/61yKzbKI2UbpPtAaKSlDv
+eAgTzM5bOOqtGR7VR2hlCM4I4k2D0Y/snh2HzA==
+=ul9f
+-----END PGP PUBLIC KEY BLOCK-----
--- a/python-Django.spec
+++ b/python-Django.spec
@ -0,0 +1,156 @@
+#
+# spec file for package python-Django
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define skip_python2 1
+%define skip_python36 1
+# Selenium and memcached are not operational
+%bcond_with selenium
+%bcond_with memcached
+%{?sle15_python_module_pythons}
+Name:           python-Django
+# We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
+Version:        4.2.6
+Release:        0
+Summary:        A high-level Python Web framework
+License:        BSD-3-Clause
+URL:            https://www.djangoproject.com
+Source:         https://www.djangoproject.com/m/releases/4.2/Django-%{version}.tar.gz
+Source1:        https://media.djangoproject.com/pgp/Django-%{version}.checksum.txt
+Source2:        %{name}.keyring
+Source99:       python-Django-rpmlintrc
+# PATCH-FIX-UPSTREAM https://github.com/django/django/commit/da2f8e8257d1bea4215381684ca4abfcee333c43  Refs #34118 -- Improved sanitize_address() error message for tuple with empty strings.
+Patch:          sanitize_address.patch
+# PATCH-FIX-UPSTREAM CVE-2024-27351.patch bsc#1220358
+Patch1:         CVE-2024-27351.patch
+BuildRequires:  %{python_module Jinja2 >= 2.9.2}
+BuildRequires:  %{python_module Pillow >= 6.2.0}
+BuildRequires:  %{python_module PyYAML}
+BuildRequires:  %{python_module argon2-cffi >= 19.1.0}
+BuildRequires:  %{python_module asgiref >= 3.6.0}
+BuildRequires:  %{python_module base >= 3.8}
+BuildRequires:  %{python_module bcrypt}
+BuildRequires:  %{python_module docutils}
+BuildRequires:  %{python_module geoip2}
+BuildRequires:  %{python_module numpy}
+BuildRequires:  %{python_module pytz}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module sqlparse >= 0.3.1}
+BuildRequires:  %{python_module tblib >= 1.5.0}
+BuildRequires:  %{pythons}
+BuildRequires:  fdupes
+BuildRequires:  gpg2
+BuildRequires:  python-rpm-macros
+BuildRequires:  %{python_module backports.zoneinfo if (%python-base with python38-base)}
+Requires:       python
+Requires:       python-Pillow >= 6.2.0
+Requires:       python-argon2-cffi >= 19.1.0
+Requires:       python-asgiref >= 3.6.0
+%if "%{python_flavor}" == "python38"
+Requires:       python-backports.zoneinfo
+%endif
+Requires:       python-bcrypt
+Requires:       python-pytz
+Requires:       python-setuptools
+Requires:       python-sqlparse >= 0.3.1
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
+Recommends:     python-Jinja2 >= 2.9.2
+Recommends:     python-PyYAML
+Recommends:     python-geoip2
+Recommends:     python-pylibmc
+Recommends:     python-pymemcache
+Provides:       python-django = %{version}
+Obsoletes:      python-django < %{version}
+Provides:       python-South = %{version}
+Obsoletes:      python-South < %{version}
+BuildArch:      noarch
+%if %{with memcached}
+BuildRequires:  %{python_module pylibmc}
+BuildRequires:  %{python_module pymemcache}
+%endif
+%if %{with selenium}
+# python-selenium is supported only on the Intel architecture.
+# Additionally chromedriver is only available on x86_64.
+%ifarch %{ix86} x86_64
+BuildRequires:  %{python_module selenium}
+BuildRequires:  chromedriver
+BuildRequires:  xvfb-run
+%endif
+%endif
+%python_subpackages
+
+%description
+Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
+
+%prep
+# The publisher doesn't sign the source tarball, but a signatures file
+# containing multiple hashes.
+gpg --import %{SOURCE2}
+gpg --verify %{SOURCE1}
+#
+# Verify hashes in that file against source tarball.
+echo "`grep -e '^[0-9a-f]\{32\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-32`  %{SOURCE0}" | md5sum -c
+echo "`grep -e '^[0-9a-f]\{40\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-40`  %{SOURCE0}" | sha1sum -c
+echo "`grep -e '^[0-9a-f]\{64\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-64`  %{SOURCE0}" | sha256sum -c
+
+%autosetup -p1 -n Django-%{version}
+
+%build
+%python_build
+
+%install
+%python_install
+
+%python_clone -a %{buildroot}%{_bindir}/django-admin
+
+%{python_expand install -D -m 0644 extras/django_bash_completion %{buildroot}%%{_datadir}/bash-completion/completions/django_bash_completion-%{$python_bin_suffix}.sh
+# Fix wrong-script-interpreter
+sed -i "s|^#!%{_bindir}/env python$|#!%{_bindir}/$python|" \
+  %{buildroot}%{$python_sitelib}/django/conf/project_template/manage.py-tpl
+}
+%python_compileall
+%{python_expand #
+%fdupes %{buildroot}%{$python_sitelib}/django/
+%fdupes %{buildroot}%{$python_sitelib}/Django-%{version}-py*.egg-info/
+}
+
+%check
+export LANG=en_US.UTF8
+export PYTHONDONTWRITEBYTECODE=1
+%if %{with selenium}
+export PATH=%{_libdir}/chromium:$PATH
+%python_expand PYTHONPATH=.:%{buildroot}%{$python_sitelib} xvfb-run $python tests/runtests.py -v 2 --selenium=chrome
+%else
+%python_expand PYTHONPATH=.:%{buildroot}%{$python_sitelib} $python tests/runtests.py -v 2
+%endif
+
+%post
+%{python_install_alternative django-admin}
+
+%postun
+%{python_uninstall_alternative django-admin}
+
+%files %{python_files}
+%doc AUTHORS README.rst
+%license LICENSE
+%python_alternative %{_bindir}/django-admin
+%{_datadir}/bash-completion/completions/django_bash_completion-%{python_bin_suffix}.sh
+%{python_sitelib}/django
+%{python_sitelib}/Django-%{version}-py*.egg-info
+
+%changelog
--- a/sanitize_address.patch
+++ b/sanitize_address.patch
@ -0,0 +1,40 @@
+From da2f8e8257d1bea4215381684ca4abfcee333c43 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Mon, 17 Jul 2023 11:03:36 +0200
+Subject: [PATCH] Refs #34118 -- Improved sanitize_address() error message for
+ tuple with empty strings.
+
+---
+ django/core/mail/message.py | 2 ++
+ tests/mail/tests.py         | 3 ++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/django/core/mail/message.py b/django/core/mail/message.py
+index f3fe6186c7f5..4f8c93e9e55e 100644
+--- a/django/core/mail/message.py
+++ b/django/core/mail/message.py
+@@ -97,6 +97,8 @@ def sanitize_address(addr, encoding):
+             domain = token.domain or ""
+     else:
+         nm, address = addr
+        if "@" not in address:
+            raise ValueError(f'Invalid address "{address}"')
+         localpart, domain = address.rsplit("@", 1)
+ 
+     address_parts = nm + localpart + domain
+diff --git a/tests/mail/tests.py b/tests/mail/tests.py
+index 54a136c1a98b..848ee32e9f80 100644
+--- a/tests/mail/tests.py
+++ b/tests/mail/tests.py
+@@ -1084,9 +1084,10 @@ def test_sanitize_address_invalid(self):
+             "@",
+             "to@",
+             "@example.com",
+            ("", ""),
+         ):
+             with self.subTest(email_address=email_address):
+-                with self.assertRaises(ValueError):
+                with self.assertRaisesMessage(ValueError, "Invalid address"):
+                     sanitize_address(email_address, encoding="utf-8")
+ 
+     def test_sanitize_address_header_injection(self):