Accepting request 1290998 from devel:languages:python:django

OBS-URL: https://build.opensuse.org/request/show/1290998 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=133
2025-07-08 13:28:05 +00:00
parent 94416b615b d027a9fa92
commit 48f0ae5840
6 changed files with 88 additions and 72 deletions
--- a/Django-5.2.2.checksum.txt
+++ b/Django-5.2.2.checksum.txt
@@ -1,68 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the
-source-code tarball and wheel files of Django 5.2.2, released June 4, 2025.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring. This key has
-the ID ``2EE82A8D9470983E`` and can be imported from the MIT
-keyserver, for example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
-
-or via the GitHub API:
-
-    curl https://github.com/nessita.gpg | gpg --import -
-
-Once the key is imported, verify this file:
-
-    gpg --verify Django-5.2.2.checksum.txt
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages
-================
-
-https://www.djangoproject.com/download/5.2.2/tarball/
-https://www.djangoproject.com/download/5.2.2/wheel/
-
-MD5 checksums
-=============
-
-782577f532efab32f8119a7071f55d04  django-5.2.2.tar.gz
-5d85fa7778bd65981714e562012a5626  django-5.2.2-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-87dff3ef8d00b15491d5bb64b2404caf66d8ae59  django-5.2.2.tar.gz
-7964171a3e17b3e3e8aeb2d2bff763d128836d74  django-5.2.2-py3-none-any.whl
-
-SHA256 checksums
-================
-
-85852e517f84435e9b13421379cd6c43ef5b48a9c8b391d29a26f7900967e952  django-5.2.2.tar.gz
-997ef2162d04ead6869551b22cde4e06da1f94cf595f4af3f3d3afeae1f3f6fe  django-5.2.2-py3-none-any.whl
-
-----BEGIN PGP SIGNATURE-----
-
-iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmhAMRIoHDEyNDMwNCtu
-ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPmgqD/9b
-ON8sroesSKb2lAdjUe2XFKceWBpSjySACsPwLko5gPhfxJ9gn0XEDQccYw6U4KkJ
-PbRlrKKNr1zqX3IfRoggg3E6GU/rw9LUqgB2GByuBRjyZe29bF0KWiLWVmjLL6c8
-WszgKZxYu73vBfHcY1StLVSGMHxMlolvWikhpS4taHKOsYLmYxFnPdDeLjC/hYyb
-tYjfdaKgDm5czpy9Put+Kzu15KcW0PqHAuPJtcGHo3l7lfRSd/m9X6iNtUXmsN8J
-H8kLEzfG91tUuHl7UgFpZpSEGqnRV/dM+s+fKeVJC9t6Jsu8lbQp3omMaBl/SCwV
-qicA9Go9cqUoDLz8JSkv0YCOGAyUZyOvjlW8zAkoRQuCcEkDxLh2VsdRRB7Z0E7K
-SvDq03XZwXeBUpQAbkoZ+TpS4EoiydY7I7PTq5k+yzMEoid+k7sRclfndeTpAmPf
-7Xtq3KDPnIKo+7maECiKVeEfCUIgxXygEz3fbrYTn9LcDcFnGWKA9/DH/9yD4+zR
-AS4RI0k0PUWzbq/6+A+3BqQTo75dLxm/BHpyd9NoddYIsuhwlLq3IU+SopR8vG2/
-bydqaovZuiyHS59vGgMuAFJIaeW5/TW8zoLvRVekVG0nCVgcj17pR7zqa6EGKefS
-6ydabjbxzeFC3qdYiOIneghfIUnk3HeVQRLd0Vw58w==
-=Pk1M
-----END PGP SIGNATURE-----
--- a/Django-5.2.4.checksum.txt
+++ b/Django-5.2.4.checksum.txt
@@ -0,0 +1,68 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the
+source-code tarball and wheel files of Django 5.2.4, released July 2, 2025.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``2EE82A8D9470983E`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
+
+or via the GitHub API:
+
+    curl https://github.com/nessita.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-5.2.4.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/download/5.2.4/tarball/
+https://www.djangoproject.com/download/5.2.4/wheel/
+
+MD5 checksums
+=============
+
+6ecc4875e8cdc08706faea1cc4740fdf  django-5.2.4.tar.gz
+fee657f7686462d388f274c5f92b634a  django-5.2.4-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+de45d44e1bb2ceb1c08b8fd0846de920874f71a1  django-5.2.4.tar.gz
+a6a7904e3749a0e8937a50643293889929b4b6f7  django-5.2.4-py3-none-any.whl
+
+SHA256 checksums
+================
+
+a1228c384f8fa13eebc015196db7b3e08722c5058d4758d20cb287503a540d8f  django-5.2.4.tar.gz
+60c35bd96201b10c6e7a78121bd0da51084733efa303cc19ead021ab179cef5e  django-5.2.4-py3-none-any.whl
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmhlfcIoHDEyNDMwNCtu
+ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPj5DD/94
+KOuOZ5JHtZWknqi1JeV1akzB/RpY7lhL9SbJbVXhdAxOY9Cn4eUG7NsPWa9JnhX1
+F/2geBE5mjOZen4ARtGHWxa5vqidqUbscrU9AkqPLn6aecEKi2jXXNkYmmWw/37K
+wb92BQtuWkaXyiZ4E6Sledx9yFhcqMDFg27CdNYfAqUWofI6zzSmLIzOlOSVR9Sc
+uDrfRqQ4GXlRGT5pIkcIxE0ZKToUYrKgn99PZOmBcLfJgQ4VBt62J6SzZAhhElb3
+DUMcVhG2XNIhg7v7DwlVodowDYQdRi2H/ahAa7/m1+uugRbysoGSLLwP+50tDjlj
+07zxoJsrL5R9zaMp4pcXQN4bUy3rDz94DkjlXO51f8LwDdStvk4VOYan1W5S9BhP
+R0conCFfcg4+iK0pV5e/GeeTwBRHQw8p5RuWfrEpKFi/XQtT0u01hqUGppeuZ9wI
+f+Ud9RA8Nrw0ouli4WvfH0RVFuMgUFqScwO88oatuUH5CDPjlV+5usNb7FrmZXv6
+AWRopONOcYGF07+FYh0nsoE8enWyxE+JWTJzxT5PGZ3buUO0hlnJ+auoJv8yOVii
+ELCSUyi93glWonCBrS41XrNO6+6K/8V9V6iv9/PdGwF1GszbX5Rx4e2lDMA7crYh
+1qKGaV3+iAO+Y+vXt6VTy6h5GLg9hun+RQ8TU3Guyg==
+=d9C5
+-----END PGP SIGNATURE-----
--- a/django-5.2.2.tar.gz
+++ b/django-5.2.2.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:85852e517f84435e9b13421379cd6c43ef5b48a9c8b391d29a26f7900967e952
-size 10827542
--- a/django-5.2.4.tar.gz
+++ b/django-5.2.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a1228c384f8fa13eebc015196db7b3e08722c5058d4758d20cb287503a540d8f
+size 10831909
--- a/python-Django.changes
+++ b/python-Django.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Jul  3 12:47:34 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 5.2.4
+  * Fixed a log injection possibility by migrating remaining response logging
+    to django.utils.log.log_response(), which safely escapes arguments
+    such as the request path to prevent unsafe log output (CVE 2025-48432).
+  * Fixed a regression in Django 5.2 that caused QuerySet.bulk_update() to
+    incorrectly convert None to JSON null instead of SQL NULL for JSONField
+  * Fixed a regression in Django 5.2.2 where the q parameter was removed from
+    the internal django.http.MediaType.params property
+  * Fixed a regression in Django 5.2.2 where HttpRequest.get_preferred_type()
+    incorrectly preferred more specific media types with a lower quality
+  * Fixed a crash in Django 5.2 when performing an __in lookup involving a
+    composite primary key and a subquery on certain backends
+
 -------------------------------------------------------------------
 Thu Jun  5 11:53:48 UTC 2025 - Markéta Machová <mmachova@suse.com>

--- a/python-Django.spec
+++ b/python-Django.spec
@@ -21,7 +21,7 @@
 %bcond_with memcached
 %{?sle15_python_module_pythons}
 Name:           python-Django
-Version:        5.2.2
+Version:        5.2.4
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause