dgarcia/python-Django
SHA256
1
0
Fork 0
forked from pool/python-Django
Code Pull Requests Activity

Compare commits

merge into: dgarcia:factory
Branches Tags
dgarcia:factory dgarcia:leap-16.0 dgarcia:leap-16.1 pool:factory pool:leap-16.0 pool:leap-16.1
...
pull from: pool:factory
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1 dgarcia:factory dgarcia:leap-16.0 dgarcia:leap-16.1

4 Commits
factory ... factory

Author SHA256 Message Date
Ana Guerrero
5b160c9df9 Accepting request 1324665 from devel:languages:python:django 
OBS-URL: https://build.opensuse.org/request/show/1324665
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=142
 2025-12-29 14:15:47 +00:00
Markéta Machová
d1f5740358 - Add test_strip_tags_incomplete.patch to fix behaviour with changes 
in the Python interpreter
- Rebase test_strip_tags.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=222
 2025-12-29 09:49:28 +00:00
Ana Guerrero
a08c10b5c3 Accepting request 1321589 from devel:languages:python:django 
OBS-URL: https://build.opensuse.org/request/show/1321589
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=141
 2025-12-09 11:46:45 +00:00
Markéta Machová
a1efaf50e9 - Update to 5.2.9 (bsc#1254437) 
* CVE-2025-13372: Potential SQL injection in FilteredRelation column
    aliases on PostgreSQL
  * CVE-2025-64460: Potential denial-of-service vulnerability in XML
    Deserializer
  * Fixed a crash on Python 3.14+ that prevented template tag functions
    from being registered
  * Fixed more bugs and regressions, see upstream release notes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=220
 2025-12-08 13:35:41 +00:00
8 changed files with 187 additions and 85 deletions
Expand all files Collapse all files

68
Django-5.2.8.checksum.txt
View File

@@ -1,68 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the
source-code tarball and wheel files of Django 5.2.8, released November 5, 2025.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``2EE82A8D9470983E`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
or via the GitHub API:
curl https://github.com/nessita.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify Django-5.2.8.checksum.txt
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages
================
https://www.djangoproject.com/download/5.2.8/tarball/
https://www.djangoproject.com/download/5.2.8/wheel/
MD5 checksums
=============
0268c52cb99bb764490fdd90502def32 django-5.2.8.tar.gz
60ed4555e2f91cc881b2293ad78bf423 django-5.2.8-py3-none-any.whl
SHA1 checksums
==============
41d50f7b49e3c60ad0e3e873c1474f883640d179 django-5.2.8.tar.gz
50d9ad23cef8ebe6cc7d17004e65ae6b5dbabc37 django-5.2.8-py3-none-any.whl
SHA256 checksums
================
23254866a5bb9a2cfa6004e8b809ec6246eba4b58a7589bc2772f1bcc8456c7f django-5.2.8.tar.gz
37e687f7bd73ddf043e2b6b97cfe02fcbb11f2dbb3adccc6a2b18c6daa054d7f django-5.2.8-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmkLRQooHDEyNDMwNCtu
ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPsFxD/4h
zgUToQHe7WgIhVOHKe2ARgXDhA/4yooteYTLoFl6vFzt4r+h+7/3LH8/XucJwYWa
O9SimNT0MhtcWKM0l3jczGMhr3pH7zeBUExtzyPVyycTyQ5KgbDVEgf+w4ua+Jo3
BzQBnUkJN9Ofc/uQqIAj0X3zjp9NE7uNZpOLzpRUwulrUQ7ieFAAhs3JrCM2mmTF
KnudQkY50zIHy9OX8mSvF8OslFQ9Z84ZPlHfqaQzN6uDNIRujMu9sSbvbiWgpQ9h
Tp/MVRppmlKXcZjM5M+vT0sqT4Ac/OepkSSVMSKAKHNPOpsG3wC/ouclkgG6Wv2Z
6r6Ea2LND8HoMHUhScir558g3pF6p9NW5vrK3Qd7cS4G6idv2eVzzHqYH8WORG9s
5HnldOGhRF6ONAwSveEbViQ6/fzWYsROrCa5+IOfELtg7Uc+ji3eQSqFvyR7rPxt
Ux+LVvgWfODNEjTlrqZQDaPDU4P7gy6So5vzXe+eciyyNxgftmlpWSHMliXcYjxo
gxUh6EPjklxFQ8fmFecCz57CJ0oXT2qB3iNDyTft3qqetgWeJ72d9rVMLLXmHLOe
oRKFS3QXXBr+sIdxWB2Fgu2g8X5ky3O9wIgN7OzQ2p4pCja+NSmxlhJxJwUomgjA
UHvOPP6hwSp1TQdcoauXD72A+t0TkYLuZ03Dfzkh1Q==
=ci0h
-----END PGP SIGNATURE-----

67
Django-5.2.9.checksum.txt Normal file
View File

@@ -0,0 +1,67 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the
source-code tarball and wheel files of Django 5.2.9, released December 2, 2025.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``2EE82A8D9470983E`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
or via the GitHub API:
curl https://github.com/nessita.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify Django-5.2.9.checksum.txt
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages
================
https://www.djangoproject.com/download/5.2.9/tarball/
https://www.djangoproject.com/download/5.2.9/wheel/
MD5 checksums
=============
e7d89ddfdca79542039dbab31e4bede8 django-5.2.9.tar.gz
42dd57f28b8dd5750ef76b64277d3e9e django-5.2.9-py3-none-any.whl
SHA1 checksums
==============
7a086625e45275159590da36818923da76beeb8d django-5.2.9.tar.gz
c0808a610ea903a17736634e9c21556ea9d675e4 django-5.2.9-py3-none-any.whl
SHA256 checksums
================
16b5ccfc5e8c27e6c0561af551d2ea32852d7352c67d452ae3e76b4f6b2ca495 django-5.2.9.tar.gz
3a4ea88a70370557ab1930b332fd2887a9f48654261cdffda663fef5976bb00a django-5.2.9-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmku3VwACgkQLugqjZRw
mD5F3g//dIdnKXZmSm2DAUNOKK97RSceCWzcbL9GAEclVz2F1Nnj8ZkXM+T060Lk
yYZnWVpfwyux/ak1tjWWKfI28jrZ8TQBq5l/MHELYL4s2exel9oQXFqkfyqUlwga
S/OdhXZavabW+aAdVe/OMC7AnFbCRo5dbM1XF9U5KOtEG2FsU0RkqOyIpXZvZ/Tk
jQD7DzGco7lWEbtiZSe9sAPzImW3hRWKHkxo+IRiAPqNNRjIlK9o/voiqWzEYco6
A3wWLSmAgUDTXfkcSbkVsETev7dpzhlBQZN1CDTMR3fzsLevdvqxMZYaENwg+K/x
ARtUaMBsVhbB/Z4NO0OYrHe4aQbDxS/e2RjBWQG5hIXWwhbNNtrfZ9kxnJRcRgur
xyl3GBuN9vLC0BgGpdmg0FTBwpervJiHYcmcxY93IxcM7/WMb3qFEN7XZxJIrwW/
5qBa3+q1sjoqI1RF7MIhCUAhDO56MRFx1dn1iF8iokXjrKpOmf4pKr/1qujaC8rs
KN+Fs99PHGmbXgpb/AfP9nVDPTZFFO2iLbpwICOqTmT9yiFI7lYRt2N4ozb0hcI4
o/1LkjE9JDpYKa1DeoIwlMnC18EJJfI3NMDIHzUFzS0jLGtIoM5A7xf4fK0+t26U
AMZIegmynfVhyfMHUaVwPL9LFtiFqdUX7fPTrFlO2pmtCAFMgy8=
=kZfB
-----END PGP SIGNATURE-----

3
django-5.2.8.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:23254866a5bb9a2cfa6004e8b809ec6246eba4b58a7589bc2772f1bcc8456c7f
size 10849032

3
django-5.2.9.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:16b5ccfc5e8c27e6c0561af551d2ea32852d7352c67d452ae3e76b4f6b2ca495
size 10848762

19
python-Django.changes
View File

@@ -1,3 +1,22 @@
-------------------------------------------------------------------
Mon Dec 29 09:10:21 UTC 2025 - Markéta Machová <mmachova@suse.com>
- Add test_strip_tags_incomplete.patch to fix behaviour with changes
in the Python interpreter
- Rebase test_strip_tags.patch
-------------------------------------------------------------------
Mon Dec 8 11:54:46 UTC 2025 - Markéta Machová <mmachova@suse.com>
- Update to 5.2.9 (bsc#1254437)
* CVE-2025-13372: Potential SQL injection in FilteredRelation column
aliases on PostgreSQL
* CVE-2025-64460: Potential denial-of-service vulnerability in XML
Deserializer
* Fixed a crash on Python 3.14+ that prevented template tag functions
from being registered
* Fixed more bugs and regressions, see upstream release notes
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 6 07:20:08 UTC 2025 - Markéta Machová <mmachova@suse.com> Thu Nov 6 07:20:08 UTC 2025 - Markéta Machová <mmachova@suse.com>

10
python-Django.spec
View File

@@ -26,7 +26,7 @@
%bcond_with libalternatives %bcond_with libalternatives
%endif %endif
Name: python-Django Name: python-Django
Version: 5.2.8 Version: 5.2.9
Release: 0 Release: 0
Summary: A high-level Python Web framework Summary: A high-level Python Web framework
License: BSD-3-Clause License: BSD-3-Clause
@@ -35,11 +35,13 @@ Source: https://www.djangoproject.com/m/releases/5.2/django-%{version}.t
Source1: https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.txt Source1: https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.txt
Source2: %{name}.keyring Source2: %{name}.keyring
Source99: python-Django-rpmlintrc Source99: python-Django-rpmlintrc
# PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19639 Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior.
# fixed and refined upstream, but some of our interpreters weren't updated to a new version yet and still only carry the patch, so providing the non-conditional version
Patch0: test_strip_tags.patch
# PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19530 Fixed #36421 -- Made test_msgfmt_error_including_non_ascii compatible with with msgfmt 0.25. # PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19530 Fixed #36421 -- Made test_msgfmt_error_including_non_ascii compatible with with msgfmt 0.25.
Patch1: support-msgfmt-0.25.patch Patch1: support-msgfmt-0.25.patch
# PATCH-FIX-UPSTREAM https://github.com/django/django/pull/20390 Refs #36499 -- Adjusted test_strip_tags following Python behavior change for incomplete entities.
Patch2: test_strip_tags_incomplete.patch
# PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19639 Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior.
# fixed and refined upstream, but some of our interpreters weren't updated to a new version yet and still only carry the patch, so providing the non-conditional version
Patch3: test_strip_tags.patch
BuildRequires: %{python_module Jinja2 >= 2.9.2} BuildRequires: %{python_module Jinja2 >= 2.9.2}
BuildRequires: %{python_module Pillow >= 6.2.0} BuildRequires: %{python_module Pillow >= 6.2.0}
BuildRequires: %{python_module PyYAML} BuildRequires: %{python_module PyYAML}

20
test_strip_tags.patch
View File

@@ -10,10 +10,10 @@ Subject: [PATCH] Fixed #36499 -- Adjusted
tests/utils_tests/test_html.py | 4 ++-- tests/utils_tests/test_html.py | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-) 2 files changed, 4 insertions(+), 4 deletions(-)
Index: django-5.2.6/tests/test_utils/tests.py Index: django-5.2.9/tests/test_utils/tests.py
=================================================================== ===================================================================
--- django-5.2.6.orig/tests/test_utils/tests.py --- django-5.2.9.orig/tests/test_utils/tests.py
+++ django-5.2.6/tests/test_utils/tests.py +++ django-5.2.9/tests/test_utils/tests.py
@@ -945,10 +945,10 @@ class HTMLEqualTests(SimpleTestCase): @@ -945,10 +945,10 @@ class HTMLEqualTests(SimpleTestCase):
self.assertHTMLEqual("", "<p>") self.assertHTMLEqual("", "<p>")
error_msg = ( error_msg = (
@@ -27,22 +27,22 @@ Index: django-5.2.6/tests/test_utils/tests.py
with self.assertRaises(HTMLParseError): with self.assertRaises(HTMLParseError):
parse_html("</p>") parse_html("</p>")
Index: django-5.2.6/tests/utils_tests/test_html.py Index: django-5.2.9/tests/utils_tests/test_html.py
=================================================================== ===================================================================
--- django-5.2.6.orig/tests/utils_tests/test_html.py --- django-5.2.9.orig/tests/utils_tests/test_html.py
+++ django-5.2.6/tests/utils_tests/test_html.py +++ django-5.2.9/tests/utils_tests/test_html.py
@@ -162,13 +162,13 @@ class TestUtilsHtml(SimpleTestCase): @@ -187,13 +187,13 @@ class TestUtilsHtml(SimpleTestCase):
("<script>alert()</script>&h", "alert()h"), ),
( (
"><!" + ("&" * 16000) + "D", "><!" + ("&" * 16000) + "D",
- ">" if htmlparser_fixed else "><!" + ("&" * 16000) + "D", - ">" if htmlparser_fixed_security else "><!" + ("&" * 16000) + "D",
+ ">", + ">",
), ),
("X<<<<br>br>br>br>X", "XX"), ("X<<<<br>br>br>br>X", "XX"),
("<" * 50 + "a>" * 50, ""), ("<" * 50 + "a>" * 50, ""),
( (
">" + "<a" * 500 + "a", ">" + "<a" * 500 + "a",
- ">" if htmlparser_fixed else ">" + "<a" * 500 + "a", - ">" if htmlparser_fixed_security else ">" + "<a" * 500 + "a",
+ ">", + ">",
), ),
("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951), ("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),

82
test_strip_tags_incomplete.patch Normal file
View File

@@ -0,0 +1,82 @@
From 5ca0f62213911a77dd4a62e843db7e420cc98b78 Mon Sep 17 00:00:00 2001
From: Jacob Walls <jacobtylerwalls@gmail.com>
Date: Thu, 11 Dec 2025 08:44:19 -0500
Subject: [PATCH] [5.2.x] Refs #36499 -- Adjusted test_strip_tags following
Python behavior change for incomplete entities.
Backport of 7b80b2186300620931009fd62c2969f108fe7a62 from main.
---
tests/utils_tests/test_html.py | 35 +++++++++++++++++++++++++++++-----
1 file changed, 30 insertions(+), 5 deletions(-)
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index 681071bf0313..89c97cee03a5 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -1,3 +1,4 @@
+import math
import os
import sys
from datetime import datetime
@@ -124,7 +125,7 @@ def test_strip_tags(self):
# old and new results. The check below is temporary until all supported
# Python versions and CI workers include the fix. See:
# https://github.com/python/cpython/commit/6eb6c5db
- min_fixed = {
+ min_fixed_security = {
(3, 14): (3, 14),
(3, 13): (3, 13, 6),
(3, 12): (3, 12, 12),
@@ -132,7 +133,28 @@ def test_strip_tags(self):
(3, 10): (3, 10, 19),
(3, 9): (3, 9, 24),
}
- htmlparser_fixed = sys.version_info >= min_fixed[sys.version_info[:2]]
+ htmlparser_fixed_security = (
+ sys.version_info >= min_fixed_security[sys.version_info[:2]]
+ )
+ # Similarly, there was a fix for terminating incomplete entities. See:
+ # https://github.com/python/cpython/commit/95296a9d
+ min_fixed_incomplete_entities = {
+ (3, 14): (3, 14, 1),
+ (3, 13): (3, 13, 10),
+ # Not fixed in the following versions.
+ (3, 12): (3, 12, math.inf),
+ (3, 11): (3, 11, math.inf),
+ (3, 10): (3, 10, math.inf),
+ (3, 9): (3, 9, math.inf),
+ }
+ major_version = sys.version_info[:2]
+ htmlparser_fixed_security = sys.version_info >= min_fixed_security.get(
+ major_version, major_version
+ )
+ htmlparser_fixed_incomplete_entities = (
+ sys.version_info
+ >= min_fixed_incomplete_entities.get(major_version, major_version)
+ )
items = (
(
"<p>See: &#39;&eacute; is an apostrophe followed by e acute</p>",
@@ -159,16 +181,19 @@ def test_strip_tags(self):
# https://bugs.python.org/issue20288
("&gotcha&#;<>", "&gotcha&#;<>"),
("<sc<!-- -->ript>test<<!-- -->/script>", "ript>test"),
- ("<script>alert()</script>&h", "alert()h"),
+ (
+ "<script>alert()</script>&h",
+ "alert()&h;" if htmlparser_fixed_incomplete_entities else "alert()h",
+ ),
(
"><!" + ("&" * 16000) + "D",
- ">" if htmlparser_fixed else "><!" + ("&" * 16000) + "D",
+ ">" if htmlparser_fixed_security else "><!" + ("&" * 16000) + "D",
),
("X<<<<br>br>br>br>X", "XX"),
("<" * 50 + "a>" * 50, ""),
(
">" + "<a" * 500 + "a",
- ">" if htmlparser_fixed else ">" + "<a" * 500 + "a",
+ ">" if htmlparser_fixed_security else ">" + "<a" * 500 + "a",
),
("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
("<" + "a" * 1_002, "<" + "a" * 1_002),