diff --git a/Django-3.2.3.tar.gz b/Django-3.2.3.tar.gz deleted file mode 100644 index dd378a0..0000000 --- a/Django-3.2.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:13ac78dbfd189532cad8f383a27e58e18b3d33f80009ceb476d7fcbfc5dcebd8 -size 9798957 diff --git a/Django-3.2.3.tar.gz.asc b/Django-3.2.3.tar.gz.asc deleted file mode 100644 index 7f7cc50..0000000 --- a/Django-3.2.3.tar.gz.asc +++ /dev/null @@ -1,67 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - -This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 3.2.3, released May 13, 2021. - -To use this file, you will need a working install of PGP or other -compatible public-key encryption software. You will also need to have -the Django release manager's public key in your keyring. This key has -the ID ``2EF56372BA48CD1B`` and can be imported from the MIT -keyserver, for example, if using the open-source GNU Privacy Guard -implementation of PGP: - - gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B - -or via the GitHub API: - - curl https://github.com/felixxm.gpg | gpg --import - - -Once the key is imported, verify this file: - - gpg --verify <> - -Once you have verified this file, you can use normal MD5, SHA1, or SHA256 -checksumming applications to generate the checksums of the Django -package and compare them to the checksums listed below. - -Release packages: -================= - -https://www.djangoproject.com/m/releases/3.2/Django-3.2.3-py3-none-any.whl -https://www.djangoproject.com/m/releases/3.2/Django-3.2.3.tar.gz - -MD5 checksums -============= - -5a33b1123433c5df329de05d92148730 Django-3.2.3-py3-none-any.whl -ec5fc12eabe33d0ccacc2f12ee43d1fe Django-3.2.3.tar.gz - -SHA1 checksums -============== - -4249f86c7aeffbdee61b23696d1e3adc19b3a2df Django-3.2.3-py3-none-any.whl -577af5cf8f756e2693ea0e7f7bb94e835e2ba7e3 Django-3.2.3.tar.gz - -SHA256 checksums -================ - -7e0a1393d18c16b503663752a8b6790880c5084412618990ce8a81cc908b4962 Django-3.2.3-py3-none-any.whl -13ac78dbfd189532cad8f383a27e58e18b3d33f80009ceb476d7fcbfc5dcebd8 Django-3.2.3.tar.gz ------BEGIN PGP SIGNATURE----- - -iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAmCc0XYbHGZlbGlzaWFr -Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bMhwP/0Qx4bpnWCwqksEPGVSR -cKddgOfbhloXi1o7pr+EhZZB0K4+AYX3ffHG7gowanvmIR7s0RR7ojCM+f9BlSgc -i8zbXcgCD74pqon8eo4VdCoTG3v4+6JTNLZxBze3bu7+invtKPMnI4oSSWEmwBkG -kEXmQ6ymPflQVfAv6wMBlCji9ATK75XSyf6rknPjVYS99Uf92Es6SVUofY7sgVeW -2ZjDeEh7z4XOgEoIxE4FE1SMnKZNYD5DwUR+HccGFmCTGNqlNOfaZIxHr2P1ifw/ -RpKQ9d9ucvQBOHJovvBtMTT9v3+gUJlrVoGIAswwRgs9fczr7ASJP2QP7koPXKcj -Z0D6PtAXzf4nj9ltaiyXdKXNTIfCzEhrWGxnonNL2rhB/C6ZFrB4lnGFcs/aiYif -C6JblHEDy9305WLQYBTHDQfdZZFAs7tfKyppm4b7y4xHPI0vnIf2g/QFD/71JN9q -mwsM2rUh705ckTO640u+IJIR8FYeEN86CEm/rKwqbWUlkPI+f9dbdT/xrlqO0gUB -L0VPH7g31OovSSiJ1UAGmdAc2sr5VhzLW/9FL5q2OtaWiqNaGHTsCjYviJfU6BI9 -Frf6jWHeDrIS9K574ECU68EFPfAA14rUAfDX4+cSjzwGewEiN3Yp/MyRFWHzcF7N -GP5avhw1OHijJlD8h7IAVmA0 -=3wWa ------END PGP SIGNATURE----- diff --git a/Django-3.2.4.tar.gz b/Django-3.2.4.tar.gz new file mode 100644 index 0000000..8cfb93b --- /dev/null +++ b/Django-3.2.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296 +size 9824343 diff --git a/Django-3.2.4.tar.gz.asc b/Django-3.2.4.tar.gz.asc new file mode 100644 index 0000000..3ccb817 --- /dev/null +++ b/Django-3.2.4.tar.gz.asc @@ -0,0 +1,67 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 3.2.4, released June 2, 2021. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring. This key has +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT +keyserver, for example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 + +or via the GitHub API: + + curl https://github.com/carltongibson.gpg | gpg --import - + +Once the key is imported, verify this file: + + gpg --verify <> + +Once you have verified this file, you can use normal MD5, SHA1, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages: +================= + +https://www.djangoproject.com/m/releases/3.2/Django-3.2.4-py3-none-any.whl +https://www.djangoproject.com/m/releases/3.2/Django-3.2.4.tar.gz + +MD5 checksums +============= + +d2975d6084b5740de5838ccf7db3e823 Django-3.2.4-py3-none-any.whl +2f30db9154efb8c9ed891781d29fae2a Django-3.2.4.tar.gz + +SHA1 checksums +============== + +a6a264af7bcc8906488f72d740022e006e0aeef8 Django-3.2.4-py3-none-any.whl +7b0875627bfd044cbfd3c9dc4b87c653a3cbe2dc Django-3.2.4.tar.gz + +SHA256 checksums +================ + +ea735cbbbb3b2fba6d4da4784a0043d84c67c92f1fdf15ad6db69900e792c10f Django-3.2.4-py3-none-any.whl +66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296 Django-3.2.4.tar.gz +-----BEGIN PGP SIGNATURE----- + +iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmC3RawbHGNhcmx0b24u +Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50A8EsQAMabgJbrooZSgFkbW+eA +ZG9scgSr4bLaFxlELTmfNCR7+9XgJ01Zp5XSd8sclyY2U+pS3ENo8k/BPJLxUCmN +FbVgIJjy5KA+PoWZZtmmztlKqAL2mOGXmlzDjm8Y1U/LxaE1CgzgUOrWaD7zFWi6 +N6uCYdlA09O7D9Ea8cb//WEZi3DXkBYGgqMx8Xwe873+NUe42u4iFm/fG4VYz/Et +F9wfixawD6N1LAUtU/RITZi8jYV7ucHuPa/GggV3jFAKeLSJLakrc2dU9FQKvYl1 +GpVS2r008O1TomyOVRgyyiOrigH5UjjjT9X7gfw788dTGLwDeqWEeCc3cLUC9WYv +bsXdC4em/U04B069UB1ClECDTxykPnlY1oHpqhvpq6h5XJ0Ij9xGaRI0PGKhA/YG +lVgYkn9pOaYijrf1aYB7QMzz2sgmn/D7yBYsZGpYxTAP1PRXOBmPbe8Ja6vJZHrm +2n42qP5+0eejVmXqgzmQTBPFkFw31ypBQxEj9ivN8W8/LbnbeS4OCl9N/Qi3+LcS +wj5MYfuqBW1DaDbYiGGwpyo19yHsiy4OmLDLN3VTHxYzhp5WdcPDir7bw0zIzvCH +fsCkIsdDmYxLbb/c3jYQmjb363/6IUQ2z10MGIIcRbibBBPA3hjZNMfTFDs9D/pq +dlF/xCthoQA1INDsebQ0Any/ +=gTYU +-----END PGP SIGNATURE----- diff --git a/python-Django.changes b/python-Django.changes index b1a51f9..22671e2 100644 --- a/python-Django.changes +++ b/python-Django.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Wed Jun 2 10:45:01 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571) + + CVE-2021-33203: Potential directory traversal via admindocs + + CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks + since validators accepted leading zeros in IPv4 addresses + + Fixed a bug in Django 3.2 where a final catch-all view in the + admin didn’t respect the server-provided value of SCRIPT_NAME when + redirecting unauthenticated users to the login page + + Fixed a bug in Django 3.2 where a system check would crash on an + abstract model + + Prevented unnecessary initialization of unused caches following a + regression in Django 3.2 + + Fixed a crash in Django 3.2 that could occur when running mod_wsgi + with the recommended settings while the Windows colorama library + was installed + + Fixed a bug in Django 3.2 that would trigger the auto-reloader for + template changes when directory paths were specified with strings + + Fixed a regression in Django 3.2 that caused a crash of + auto-reloader with AttributeError, e.g. inside a Conda environment + + Fixed a regression in Django 3.2 that caused a loss of precision + for operations with DecimalField on MySQL + ------------------------------------------------------------------- Mon May 17 07:37:47 UTC 2021 - Alberto Planas Dominguez diff --git a/python-Django.spec b/python-Django.spec index 60bb9c7..cdac1c6 100644 --- a/python-Django.spec +++ b/python-Django.spec @@ -23,7 +23,7 @@ %bcond_with memcached Name: python-Django # We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc -Version: 3.2.3 +Version: 3.2.4 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause