From 78064dc5d5795fcae9ebaedd7034217599be115d0a8eca9a8df0ac55e960acea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= <mmachova@suse.com>
Date: Fri, 6 Jun 2025 08:51:39 +0000
Subject: [PATCH] Accepting request 1283359 from
 home:mcalabkova:branches:devel:languages:python:django

- Update to 5.2.2 (bsc#1244095)
  * CVE-2025-48432: Potential log injection via unescaped request path
  * Fixed a crash when using select_related against a ForeignObject
    originating from a model with a CompositePrimaryKey
  * Fixed a regression in Django 5.2 that caused a crash when no
    arguments were passed into QuerySet.union().
  * Fixed a regression in Django 5.2 that caused a crash when using OuterRef
    in PostgreSQL aggregate functions ArrayAgg, StringAgg, and JSONBAgg.
  * Fixed a bug in Django 5.2 where HttpRequest.get_preferred_type() did not
    account for media type parameters in Accept headers, reducing specificity
    in content negotiation.

OBS-URL: https://build.opensuse.org/request/show/1283359
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=201
---
 Django-5.2.1.checksum.txt | 68 ---------------------------------------
 Django-5.2.2.checksum.txt | 68 +++++++++++++++++++++++++++++++++++++++
 django-5.2.1.tar.gz       |  3 --
 django-5.2.2.tar.gz       |  3 ++
 python-Django.changes     | 15 +++++++++
 python-Django.spec        |  2 +-
 6 files changed, 87 insertions(+), 72 deletions(-)
 delete mode 100644 Django-5.2.1.checksum.txt
 create mode 100644 Django-5.2.2.checksum.txt
 delete mode 100644 django-5.2.1.tar.gz
 create mode 100644 django-5.2.2.tar.gz

diff --git a/Django-5.2.1.checksum.txt b/Django-5.2.1.checksum.txt
deleted file mode 100644
index 88bd451..0000000
--- a/Django-5.2.1.checksum.txt
+++ /dev/null
@@ -1,68 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 5.2.1, released May 6, 2025.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring. This key has
-the ID ``2EE82A8D9470983E`` and can be imported from the MIT
-keyserver, for example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
-
-or via the GitHub API:
-
-    curl https://github.com/nessita.gpg | gpg --import -
-
-Once the key is imported, verify this file:
-
-    gpg --verify Django-5.2.1.checksum.txt
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages
-================
-
-https://www.djangoproject.com/download/5.2.1/tarball/
-https://www.djangoproject.com/download/5.2.1/wheel/
-
-MD5 checksums
-=============
-
-317174c6e0593c40e58ec1bd428b1091  django-5.2.1.tar.gz
-7821a8fa6b4193707af79c9b4bc64236  django-5.2.1-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-c8c6571401bede943be6b1ca4babe93cf2612e16  django-5.2.1.tar.gz
-0c2f04440b66d67223e74146ff94b577c7da2dff  django-5.2.1-py3-none-any.whl
-
-SHA256 checksums
-================
-
-57fe1f1b59462caed092c80b3dd324fd92161b620d59a9ba9181c34746c97284  django-5.2.1.tar.gz
-a9b680e84f9a0e71da83e399f1e922e1ab37b2173ced046b541c72e1589a5961  django-5.2.1-py3-none-any.whl
-
------BEGIN PGP SIGNATURE-----
-
-iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmgatvooHDEyNDMwNCtu
-ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPo5pEACE
-tPY3ZQqbCCvhD17CXkDKU2S/4kJPtQbbvd183nj1MMOwWhNBR5VV15Gvgf9v4sp1
-QaufUfaCUdrbuOsaapU2lf61Q3XKSTZZ6EoBlsmAjfcMbJrV3DzW2dK2L4awGi0/
-bm4tI+94qapSLQAwLK8IJai7Z9kpuptQeeBlNFo52XXuzESL4+ZpvIgqQzbjRU8x
-fMM7+1Wf3mS2wt5vG5araxVovYAJvgXYnlHoGbu8DM9tmO0x2iFCkUuGbCcxTAiJ
-CwSuZOOPiHdIZWgu6M/WR8jZ8c67YMgamb4kukfP3NnNScqvUi+rPCyGGFpnrMwj
-iVHFmKulSI7lBnbjAgkwNNQ1asTiZO/W76MQKgFecUU592RGZKV/oH1rt5vbXeWu
-MkBcaVL6GEgV66bXb13a3P/XB1PQKiCSOO28DJyhYj9eIJnQsuOKN43UUZzrmvEB
-1cJ2/dHj+wJGWs8D9Bx2Yl5bcTgxFoSjb1gt6Vth0NgQuLb8aRP5/DuoNEIAxDdb
-Dv7O2uSE5JFK0P1GxF/N7DIHzSoyUr7vkm5cb1bGBVhxtCa2XPdluojEDKqduxjR
-4jZjB8nswRdZY63V6n4pEVQdkbIgFJdyFaWmoylfqGfZ3JiIGz8WyQQ+jw17V2L1
-sjRHd1y1JPOZKyb2g+QGR0H+AQvqedWZ95XJGirNtw==
-=b+2b
------END PGP SIGNATURE-----
diff --git a/Django-5.2.2.checksum.txt b/Django-5.2.2.checksum.txt
new file mode 100644
index 0000000..2c9ffc7
--- /dev/null
+++ b/Django-5.2.2.checksum.txt
@@ -0,0 +1,68 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the
+source-code tarball and wheel files of Django 5.2.2, released June 4, 2025.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``2EE82A8D9470983E`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
+
+or via the GitHub API:
+
+    curl https://github.com/nessita.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-5.2.2.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/download/5.2.2/tarball/
+https://www.djangoproject.com/download/5.2.2/wheel/
+
+MD5 checksums
+=============
+
+782577f532efab32f8119a7071f55d04  django-5.2.2.tar.gz
+5d85fa7778bd65981714e562012a5626  django-5.2.2-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+87dff3ef8d00b15491d5bb64b2404caf66d8ae59  django-5.2.2.tar.gz
+7964171a3e17b3e3e8aeb2d2bff763d128836d74  django-5.2.2-py3-none-any.whl
+
+SHA256 checksums
+================
+
+85852e517f84435e9b13421379cd6c43ef5b48a9c8b391d29a26f7900967e952  django-5.2.2.tar.gz
+997ef2162d04ead6869551b22cde4e06da1f94cf595f4af3f3d3afeae1f3f6fe  django-5.2.2-py3-none-any.whl
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmhAMRIoHDEyNDMwNCtu
+ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPmgqD/9b
+ON8sroesSKb2lAdjUe2XFKceWBpSjySACsPwLko5gPhfxJ9gn0XEDQccYw6U4KkJ
+PbRlrKKNr1zqX3IfRoggg3E6GU/rw9LUqgB2GByuBRjyZe29bF0KWiLWVmjLL6c8
+WszgKZxYu73vBfHcY1StLVSGMHxMlolvWikhpS4taHKOsYLmYxFnPdDeLjC/hYyb
+tYjfdaKgDm5czpy9Put+Kzu15KcW0PqHAuPJtcGHo3l7lfRSd/m9X6iNtUXmsN8J
+H8kLEzfG91tUuHl7UgFpZpSEGqnRV/dM+s+fKeVJC9t6Jsu8lbQp3omMaBl/SCwV
+qicA9Go9cqUoDLz8JSkv0YCOGAyUZyOvjlW8zAkoRQuCcEkDxLh2VsdRRB7Z0E7K
+SvDq03XZwXeBUpQAbkoZ+TpS4EoiydY7I7PTq5k+yzMEoid+k7sRclfndeTpAmPf
+7Xtq3KDPnIKo+7maECiKVeEfCUIgxXygEz3fbrYTn9LcDcFnGWKA9/DH/9yD4+zR
+AS4RI0k0PUWzbq/6+A+3BqQTo75dLxm/BHpyd9NoddYIsuhwlLq3IU+SopR8vG2/
+bydqaovZuiyHS59vGgMuAFJIaeW5/TW8zoLvRVekVG0nCVgcj17pR7zqa6EGKefS
+6ydabjbxzeFC3qdYiOIneghfIUnk3HeVQRLd0Vw58w==
+=Pk1M
+-----END PGP SIGNATURE-----
diff --git a/django-5.2.1.tar.gz b/django-5.2.1.tar.gz
deleted file mode 100644
index 47f140b..0000000
--- a/django-5.2.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:57fe1f1b59462caed092c80b3dd324fd92161b620d59a9ba9181c34746c97284
-size 10818735
diff --git a/django-5.2.2.tar.gz b/django-5.2.2.tar.gz
new file mode 100644
index 0000000..6192ba9
--- /dev/null
+++ b/django-5.2.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:85852e517f84435e9b13421379cd6c43ef5b48a9c8b391d29a26f7900967e952
+size 10827542
diff --git a/python-Django.changes b/python-Django.changes
index 9b00729..fe80ce9 100644
--- a/python-Django.changes
+++ b/python-Django.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Jun  5 11:53:48 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 5.2.2 (bsc#1244095)
+  * CVE-2025-48432: Potential log injection via unescaped request path
+  * Fixed a crash when using select_related against a ForeignObject
+    originating from a model with a CompositePrimaryKey
+  * Fixed a regression in Django 5.2 that caused a crash when no
+    arguments were passed into QuerySet.union().
+  * Fixed a regression in Django 5.2 that caused a crash when using OuterRef
+    in PostgreSQL aggregate functions ArrayAgg, StringAgg, and JSONBAgg.
+  * Fixed a bug in Django 5.2 where HttpRequest.get_preferred_type() did not
+    account for media type parameters in Accept headers, reducing specificity
+    in content negotiation.
+
 -------------------------------------------------------------------
 Mon May 12 08:20:40 UTC 2025 - Markéta Machová <mmachova@suse.com>
 
diff --git a/python-Django.spec b/python-Django.spec
index f795933..b382b06 100644
--- a/python-Django.spec
+++ b/python-Django.spec
@@ -21,7 +21,7 @@
 %bcond_with memcached
 %{?sle15_python_module_pythons}
 Name:           python-Django
-Version:        5.2.1
+Version:        5.2.2
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause