Accepting request 1326319 from devel:languages:python:django

OBS-URL: https://build.opensuse.org/request/show/1326319 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=143
- Update to 5.2.10
2026-01-12 09:16:08 +00:00 · 2026-01-09 10:19:53 +00:00 · 2025-12-29 14:15:47 +00:00 · 2025-12-29 09:49:28 +00:00 · 2025-12-09 11:46:45 +00:00 · 2025-12-08 13:35:41 +00:00
7 changed files with 115 additions and 86 deletions
--- a/Django-5.2.10.checksum.txt
+++ b/Django-5.2.10.checksum.txt
@@ -0,0 +1,67 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the
 source-code tarball and wheel files of Django 5.2.10, released January 6, 2026.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring. This key has
 the ID ``131403F4D16D8DC7`` and can be imported from the MIT
 keyserver, for example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7
 or via the GitHub API:
    curl https://github.com/jacobtylerwalls.gpg | gpg --import -
 Once the key is imported, verify this file:
    gpg --verify Django-5.2.10.checksum.txt
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages
 ================
 https://www.djangoproject.com/download/5.2.10/tarball/
 https://www.djangoproject.com/download/5.2.10/wheel/
 MD5 checksums
 =============
 98e667c17123f7bbd2d7d1db32f9ccdd  django-5.2.10.tar.gz
 18c82b021ddfeae5703023a784e46945  django-5.2.10-py3-none-any.whl
 SHA1 checksums
 ==============
 a215351eb827f0f8dbab6a83db334dfd45a040d8  django-5.2.10.tar.gz
 363f7332c354a91cfd40cbcd4a1df4291064fc64  django-5.2.10-py3-none-any.whl
 SHA256 checksums
 ================
 74df100784c288c50a2b5cad59631d71214f40f72051d5af3fdf220c20bdbbbe  django-5.2.10.tar.gz
 cf85067a64250c95d5f9067b056c5eaa80591929f7e16fbcd997746e40d6c45c  django-5.2.10-py3-none-any.whl
 -----BEGIN PGP SIGNATURE-----
 iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmldU1gACgkQExQD9NFt
 jccJlA//cN08kKwniqRtHV7cxkqugTTP11AiZirz/QDjWnzmyTT9cUEv7sbHF3An
 uJQyVaqHuOITbi437vuLyBR4Z+tN1XA3AGe+TdXeHWmmHhDS2xMzuDUuBzrACfVp
 +H1pFSCVtp0koLJHUOtOHmxAsjsBirCJDawY8x2t5cpAiHH1bUn/NkpcNbSKJnUV
 FhdbygZnV9ZLbnhsyu++Ym7XT3QdoL4V2GsYsqru3hlwei3jexVZx9RjIUC/krqs
 hgC3NyOs0KvHyehjAKZdvcIjFa38mpMxmpXdWpMMPyoN0p6SdBQ8cE+oa83jsrzK
 YeHQgGXhbB3ALJ4mIwJirIyyMmEQdTx/Zeh++IayGUUzuoNWi88b3IGCNOOhGRPp
 tr0EqM4YKr1pgmNibr5UGwHk1bW3ugT2nUEIs2XnQUb3ItQMEyeh2scuL2IpSkVW
 EWJb7CT3WomxSc8xWRm39/g9voXBhQt3dtUBv/VL+MdBBqsK5fL14A0tKd8HagBJ
 jo1xVnO6730CIsM61ydHhi5ZGCoXADBS1IFPYPGeaTN3xsMsRPjEkf8KFI/idmkE
 HnvuZq3Z0h6ipTR+zdzzNhpP+6VOKBaxgDeU64DGYlSEMvdFJE8HQhmzz9Pks0va
 k6qCiXOskgozRGFuiFj2KUQ+a4Qj3UwSOgg6Z5ztbU2aTytgG38=
 =GJeZ
 -----END PGP SIGNATURE-----
--- a/Django-5.2.8.checksum.txt
+++ b/Django-5.2.8.checksum.txt
@@ -1,68 +0,0 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the
 source-code tarball and wheel files of Django 5.2.8, released November 5, 2025.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring. This key has
 the ID ``2EE82A8D9470983E`` and can be imported from the MIT
 keyserver, for example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
 or via the GitHub API:
    curl https://github.com/nessita.gpg | gpg --import -
 Once the key is imported, verify this file:
    gpg --verify Django-5.2.8.checksum.txt
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages
 ================
 https://www.djangoproject.com/download/5.2.8/tarball/
 https://www.djangoproject.com/download/5.2.8/wheel/
 MD5 checksums
 =============
 0268c52cb99bb764490fdd90502def32  django-5.2.8.tar.gz
 60ed4555e2f91cc881b2293ad78bf423  django-5.2.8-py3-none-any.whl
 SHA1 checksums
 ==============
 41d50f7b49e3c60ad0e3e873c1474f883640d179  django-5.2.8.tar.gz
 50d9ad23cef8ebe6cc7d17004e65ae6b5dbabc37  django-5.2.8-py3-none-any.whl
 SHA256 checksums
 ================
 23254866a5bb9a2cfa6004e8b809ec6246eba4b58a7589bc2772f1bcc8456c7f  django-5.2.8.tar.gz
 37e687f7bd73ddf043e2b6b97cfe02fcbb11f2dbb3adccc6a2b18c6daa054d7f  django-5.2.8-py3-none-any.whl
 -----BEGIN PGP SIGNATURE-----
 iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmkLRQooHDEyNDMwNCtu
 ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPsFxD/4h
 zgUToQHe7WgIhVOHKe2ARgXDhA/4yooteYTLoFl6vFzt4r+h+7/3LH8/XucJwYWa
 O9SimNT0MhtcWKM0l3jczGMhr3pH7zeBUExtzyPVyycTyQ5KgbDVEgf+w4ua+Jo3
 BzQBnUkJN9Ofc/uQqIAj0X3zjp9NE7uNZpOLzpRUwulrUQ7ieFAAhs3JrCM2mmTF
 KnudQkY50zIHy9OX8mSvF8OslFQ9Z84ZPlHfqaQzN6uDNIRujMu9sSbvbiWgpQ9h
 Tp/MVRppmlKXcZjM5M+vT0sqT4Ac/OepkSSVMSKAKHNPOpsG3wC/ouclkgG6Wv2Z
 6r6Ea2LND8HoMHUhScir558g3pF6p9NW5vrK3Qd7cS4G6idv2eVzzHqYH8WORG9s
 5HnldOGhRF6ONAwSveEbViQ6/fzWYsROrCa5+IOfELtg7Uc+ji3eQSqFvyR7rPxt
 Ux+LVvgWfODNEjTlrqZQDaPDU4P7gy6So5vzXe+eciyyNxgftmlpWSHMliXcYjxo
 gxUh6EPjklxFQ8fmFecCz57CJ0oXT2qB3iNDyTft3qqetgWeJ72d9rVMLLXmHLOe
 oRKFS3QXXBr+sIdxWB2Fgu2g8X5ky3O9wIgN7OzQ2p4pCja+NSmxlhJxJwUomgjA
 UHvOPP6hwSp1TQdcoauXD72A+t0TkYLuZ03Dfzkh1Q==
 =ci0h
 -----END PGP SIGNATURE-----
--- a/django-5.2.10.tar.gz
+++ b/django-5.2.10.tar.gz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:74df100784c288c50a2b5cad59631d71214f40f72051d5af3fdf220c20bdbbbe
 size 10880754
--- a/django-5.2.8.tar.gz
+++ b/django-5.2.8.tar.gz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:23254866a5bb9a2cfa6004e8b809ec6246eba4b58a7589bc2772f1bcc8456c7f
 size 10849032
--- a/python-Django.changes
+++ b/python-Django.changes
@@ -1,3 +1,33 @@
 -------------------------------------------------------------------
 Fri Jan  9 09:41:44 UTC 2026 - Markéta Machová <mmachova@suse.com>
 - Update to 5.2.10
  * Fixed a bug in Django 5.2 where data exceeding max_length was
    silently truncated by QuerySet.bulk_create() on PostgreSQL
  * Fixed a bug where management command colorized help (introduced
    in Python 3.14) ignored the --no-color option and the DJANGO_COLORS
    setting
 - Drop merged test_strip_tags_incomplete.patch
 -------------------------------------------------------------------
 Mon Dec 29 09:10:21 UTC 2025 - Markéta Machová <mmachova@suse.com>
 - Add test_strip_tags_incomplete.patch to fix behaviour with changes
  in the Python interpreter
 - Rebase test_strip_tags.patch
 -------------------------------------------------------------------
 Mon Dec  8 11:54:46 UTC 2025 - Markéta Machová <mmachova@suse.com>
 - Update to 5.2.9 (bsc#1254437)
  * CVE-2025-13372: Potential SQL injection in FilteredRelation column
    aliases on PostgreSQL
  * CVE-2025-64460: Potential denial-of-service vulnerability in XML
    Deserializer
  * Fixed a crash on Python 3.14+ that prevented template tag functions
    from being registered
  * Fixed more bugs and regressions, see upstream release notes
 -------------------------------------------------------------------
 Thu Nov  6 07:20:08 UTC 2025 - Markéta Machová <mmachova@suse.com>
--- a/python-Django.spec
+++ b/python-Django.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-Django
 #
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
 %bcond_with libalternatives
 %endif
 Name:           python-Django
-Version:        5.2.8
+Version:        5.2.10
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause
@@ -35,11 +35,11 @@ Source:         https://www.djangoproject.com/m/releases/5.2/django-%{version}.t
 Source1:        https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.txt
 Source2:        %{name}.keyring
 Source99:       python-Django-rpmlintrc
 # PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19639 Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior.
 # fixed and refined upstream, but some of our interpreters weren't updated to a new version yet and still only carry the patch, so providing the non-conditional version
 Patch0:         test_strip_tags.patch
 # PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19530 Fixed #36421 -- Made test_msgfmt_error_including_non_ascii compatible with with msgfmt 0.25.
 Patch1:         support-msgfmt-0.25.patch
 # PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19639 Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior.
 # fixed and refined upstream, but some of our interpreters weren't updated to a new version yet and still only carry the patch, so providing the non-conditional version
 Patch2:         test_strip_tags.patch
 BuildRequires:  %{python_module Jinja2 >= 2.9.2}
 BuildRequires:  %{python_module Pillow >= 6.2.0}
 BuildRequires:  %{python_module PyYAML}
--- a/test_strip_tags.patch
+++ b/test_strip_tags.patch
@@ -10,10 +10,10 @@ Subject: [PATCH] Fixed #36499 -- Adjusted
 tests/utils_tests/test_html.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
-Index: django-5.2.6/tests/test_utils/tests.py
+Index: django-5.2.9/tests/test_utils/tests.py
 ===================================================================
--- django-5.2.6.orig/tests/test_utils/tests.py
+--- django-5.2.9.orig/tests/test_utils/tests.py
-+++ django-5.2.6/tests/test_utils/tests.py
+++ django-5.2.9/tests/test_utils/tests.py
@@ -945,10 +945,10 @@ class HTMLEqualTests(SimpleTestCase):
             self.assertHTMLEqual("", "<p>")
         error_msg = (
@@ -27,22 +27,22 @@ Index: django-5.2.6/tests/test_utils/tests.py
         with self.assertRaises(HTMLParseError):
             parse_html("</p>")
-Index: django-5.2.6/tests/utils_tests/test_html.py
+Index: django-5.2.9/tests/utils_tests/test_html.py
 ===================================================================
--- django-5.2.6.orig/tests/utils_tests/test_html.py
+--- django-5.2.9.orig/tests/utils_tests/test_html.py
-+++ django-5.2.6/tests/utils_tests/test_html.py
+++ django-5.2.9/tests/utils_tests/test_html.py
-@@ -162,13 +162,13 @@ class TestUtilsHtml(SimpleTestCase):
+@@ -187,13 +187,13 @@ class TestUtilsHtml(SimpleTestCase):
-             ("<script>alert()</script>&h", "alert()h"),
+             ),
             (
                 "><!" + ("&" * 16000) + "D",
-                ">" if htmlparser_fixed else "><!" + ("&" * 16000) + "D",
+-                ">" if htmlparser_fixed_security else "><!" + ("&" * 16000) + "D",
 +                ">",
             ),
             ("X<<<<br>br>br>br>X", "XX"),
             ("<" * 50 + "a>" * 50, ""),
             (
                 ">" + "<a" * 500 + "a",
-                ">" if htmlparser_fixed else ">" + "<a" * 500 + "a",
+-                ">" if htmlparser_fixed_security else ">" + "<a" * 500 + "a",
 +                ">",
             ),
             ("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
Author	SHA256	Message	Date
Ana Guerrero	296190542e	Accepting request 1326319 from devel:languages:python:django OBS-URL: https://build.opensuse.org/request/show/1326319 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=143	2026-01-12 09:16:08 +00:00
Markéta Machová	509b653a93	- Update to 5.2.10 * Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL * Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting - Drop merged test_strip_tags_incomplete.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=224	2026-01-09 10:19:53 +00:00
Ana Guerrero	5b160c9df9	Accepting request 1324665 from devel:languages:python:django OBS-URL: https://build.opensuse.org/request/show/1324665 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=142	2025-12-29 14:15:47 +00:00
Markéta Machová	d1f5740358	- Add test_strip_tags_incomplete.patch to fix behaviour with changes in the Python interpreter - Rebase test_strip_tags.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=222	2025-12-29 09:49:28 +00:00
Ana Guerrero	a08c10b5c3	Accepting request 1321589 from devel:languages:python:django OBS-URL: https://build.opensuse.org/request/show/1321589 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=141	2025-12-09 11:46:45 +00:00
Markéta Machová	a1efaf50e9	- Update to 5.2.9 (bsc#1254437) * CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL * CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer * Fixed a crash on Python 3.14+ that prevented template tag functions from being registered * Fixed more bugs and regressions, see upstream release notes OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=220	2025-12-08 13:35:41 +00:00