Accepting request 1302720 from devel:languages:python:django

OBS-URL: https://build.opensuse.org/request/show/1302720
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=138

Django-5.2.4.checksum.txt

@@ -1,68 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the
-source-code tarball and wheel files of Django 5.2.4, released July 2, 2025.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring. This key has
-the ID ``2EE82A8D9470983E`` and can be imported from the MIT
-keyserver, for example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
-
-or via the GitHub API:
-
-    curl https://github.com/nessita.gpg | gpg --import -
-
-Once the key is imported, verify this file:
-
-    gpg --verify Django-5.2.4.checksum.txt
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages
-================
-
-https://www.djangoproject.com/download/5.2.4/tarball/
-https://www.djangoproject.com/download/5.2.4/wheel/
-
-MD5 checksums
-=============
-
-6ecc4875e8cdc08706faea1cc4740fdf  django-5.2.4.tar.gz
-fee657f7686462d388f274c5f92b634a  django-5.2.4-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-de45d44e1bb2ceb1c08b8fd0846de920874f71a1  django-5.2.4.tar.gz
-a6a7904e3749a0e8937a50643293889929b4b6f7  django-5.2.4-py3-none-any.whl
-
-SHA256 checksums
-================
-
-a1228c384f8fa13eebc015196db7b3e08722c5058d4758d20cb287503a540d8f  django-5.2.4.tar.gz
-60c35bd96201b10c6e7a78121bd0da51084733efa303cc19ead021ab179cef5e  django-5.2.4-py3-none-any.whl
-
------BEGIN PGP SIGNATURE-----
-
-iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmhlfcIoHDEyNDMwNCtu
-ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPj5DD/94
-KOuOZ5JHtZWknqi1JeV1akzB/RpY7lhL9SbJbVXhdAxOY9Cn4eUG7NsPWa9JnhX1
-F/2geBE5mjOZen4ARtGHWxa5vqidqUbscrU9AkqPLn6aecEKi2jXXNkYmmWw/37K
-wb92BQtuWkaXyiZ4E6Sledx9yFhcqMDFg27CdNYfAqUWofI6zzSmLIzOlOSVR9Sc
-uDrfRqQ4GXlRGT5pIkcIxE0ZKToUYrKgn99PZOmBcLfJgQ4VBt62J6SzZAhhElb3
-DUMcVhG2XNIhg7v7DwlVodowDYQdRi2H/ahAa7/m1+uugRbysoGSLLwP+50tDjlj
-07zxoJsrL5R9zaMp4pcXQN4bUy3rDz94DkjlXO51f8LwDdStvk4VOYan1W5S9BhP
-R0conCFfcg4+iK0pV5e/GeeTwBRHQw8p5RuWfrEpKFi/XQtT0u01hqUGppeuZ9wI
-f+Ud9RA8Nrw0ouli4WvfH0RVFuMgUFqScwO88oatuUH5CDPjlV+5usNb7FrmZXv6
-AWRopONOcYGF07+FYh0nsoE8enWyxE+JWTJzxT5PGZ3buUO0hlnJ+auoJv8yOVii
-ELCSUyi93glWonCBrS41XrNO6+6K/8V9V6iv9/PdGwF1GszbX5Rx4e2lDMA7crYh
-1qKGaV3+iAO+Y+vXt6VTy6h5GLg9hun+RQ8TU3Guyg==
-=d9C5
------END PGP SIGNATURE-----

Django-5.2.6.checksum.txt

@@ -0,0 +1,66 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the
+source-code tarball and wheel files of Django 5.2.6, released September 3, 2025.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``3955B19851EA96EF`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 3955B19851EA96EF
+
+or via the GitHub API:
+
+    curl https://github.com/sarahboyce.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-5.2.6.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/download/5.2.6/tarball/
+https://www.djangoproject.com/download/5.2.6/wheel/
+
+MD5 checksums
+=============
+
+1f0327293cc3768903ce8cd390ec3f47  django-5.2.6.tar.gz
+fca0005922f8db95eb97108e3d8e0b24  django-5.2.6-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+ada4c057790d255039ac5fe3a31378e5fde0417a  django-5.2.6.tar.gz
+f92e94e9ab2e21f3d681918d67b15e7e54d348f6  django-5.2.6-py3-none-any.whl
+
+SHA256 checksums
+================
+
+da5e00372763193d73cecbf71084a3848458cecf4cee36b9a1e8d318d114a87b  django-5.2.6.tar.gz
+60549579b1174a304b77e24a93d8d9fafe6b6c03ac16311f3e25918ea5a20058  django-5.2.6-py3-none-any.whl
+
+-----BEGIN PGP SIGNATURE-----
+
+iQHhBAEBCABLFiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmi4JLQtHDQyMjk2NTY2
+K3NhcmFoYm95Y2VAdXNlcnMubm9yZXBseS5naXRodWIuY29tAAoJEDlVsZhR6pbv
+rLQL/AmvGY0A1mnf22ZarnqGyH1pRyC7ZrhX2XtoCN6rOjYHleXDqjCIRnbJPnSP
+QoKVj6C0xiWsueetEWdrQd2iwgwuAir2dZ0x4TR9ejmVqUUb/R5BakqjZ7g46lsy
+GOvU+MlQjzbu1sh0T2G7DC/z019v3+/3lHGpI4HkUFpIb6EOybKW61+MbZZqQMyY
+EC/bYEIzfmoJN0Hyi9FoFx0aE/kMpeEYn6wXmEVUfpW7xqXy5AsA2VpU1/nbu0xS
+2R+rOljxTSTvqZknDQhr3WbS6D8m/odlcF59pVNzuBwPChz78o6PtwKLitaUy1sp
+LOiunKvQYU7Syt4yz+ro+5S+4bcCsIArOe4SKvkMOCi6pFxyXNz0a8PYXpCbg5ER
+PQD6RhUbpz2FFMBTeGjPM4JhrIA06A4goX0Q6PHvOLDPg1WlopSKMu5BBGL7fr/O
+7jfGeDf5qKIIJ9ZfZS/flS/ebxm8cG9sF7gpbganJC0TnOWmKLdPYQzLia4zFx3f
+pj+RwA==
+=g/HH
+-----END PGP SIGNATURE-----

django-5.2.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a1228c384f8fa13eebc015196db7b3e08722c5058d4758d20cb287503a540d8f
-size 10831909

django-5.2.6.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:da5e00372763193d73cecbf71084a3848458cecf4cee36b9a1e8d318d114a87b
+size 10858861

python-Django.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Thu Sep  4 10:02:00 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 5.2.6 (bsc#1248810)
+  * CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases
+  * Fixed a bug where using QuerySet.values() or values_list() with a ForeignObject
+    composed of multiple fields returned incorrect results instead of tuples of
+    the referenced fields
+- Rebased test_strip_tags.patch
+
+-------------------------------------------------------------------
+Tue Aug 12 10:52:26 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 5.2.5
+  * Fixed a regression in Django 5.2.1 that prevented the usage of UNNEST
+    PostgreSQL strategy of QuerySet.bulk_create() with foreign keys
+  * Fixed a crash in Django 5.2 when filtering against a composite primary key
+    using a tuple containing expressions
+  * Fixed a crash in Django 5.2 when validating a model that uses
+    GeneratedField or constraints composed of Q and Case lookups
+  * Added compatibility for docutils 0.22
+  * Fixed a crash in Django 5.2 when using a ManyToManyField on a model with
+    a composite primary key, by extending the fields.E347 system check
+- Convert to libalternatives on SLE-16-based and newer systems
+
+-------------------------------------------------------------------
+Fri Aug  1 02:09:01 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Reinstate Requires on tzdata, a lot of packages use it.
+
+-------------------------------------------------------------------
+Wed Jul 30 06:03:44 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add patch support-msgfmt-0.25.patch:
+  * Support msgfmt 0.25 error messages changes. (bsc#1246966)
+- Remove unneeded Requires on tzdata.
+
 -------------------------------------------------------------------
 Sat Jul 19 06:51:37 UTC 2025 - Markéta Machová <mmachova@suse.com>
 

python-Django.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-Django
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,8 +20,13 @@
 %bcond_with selenium
 %bcond_with memcached
 %{?sle15_python_module_pythons}
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
 Name:           python-Django
-Version:        5.2.4
+Version:        5.2.6
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause
@@ -31,7 +36,10 @@ Source1:        https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.t
 Source2:        %{name}.keyring
 Source99:       python-Django-rpmlintrc
 # PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19639 Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior.
+# fixed and refined upstream, but some of our interpreters weren't updated to a new version yet and still only carry the patch, so providing the non-conditional version
 Patch0:         test_strip_tags.patch
+# PATCH-FIX-UPSTREAM https://github.com/django/django/pull/19530 Fixed #36421 -- Made test_msgfmt_error_including_non_ascii compatible with with msgfmt 0.25.
+Patch1:         support-msgfmt-0.25.patch
 BuildRequires:  %{python_module Jinja2 >= 2.9.2}
 BuildRequires:  %{python_module Pillow >= 6.2.0}
 BuildRequires:  %{python_module PyYAML}
@@ -56,8 +64,6 @@ Requires:       python
 Requires:       python-asgiref >= 3.7.0
 Requires:       python-sqlparse >= 0.3.1
 Requires:       python-tzdata
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
 Recommends:     python-Jinja2 >= 2.9.2
 Recommends:     python-Pillow >= 6.2.0
 Recommends:     python-PyYAML
@@ -71,6 +77,13 @@ Obsoletes:      python-django < %{version}
 Provides:       python-South = %{version}
 Obsoletes:      python-South < %{version}
 BuildArch:      noarch
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
+%endif
 %if %{with memcached}
 BuildRequires:  %{python_module pylibmc}
 BuildRequires:  %{python_module pymemcache}
@@ -131,6 +144,9 @@ export PATH=%{_libdir}/chromium:$PATH
 %python_expand PYTHONPATH=.:%{buildroot}%{$python_sitelib} $python tests/runtests.py -v 2
 %endif
 
+%pre
+%python_libalternatives_reset_alternative django-admin
+
 %post
 %{python_install_alternative django-admin}
 

support-msgfmt-0.25.patch

@@ -0,0 +1,69 @@
+From 3609c463a4cfc5a7e76f4d4ba008c5096b1f1437 Mon Sep 17 00:00:00 2001
+From: Jericho Serrano <118679068+jericho1050@users.noreply.github.com>
+Date: Fri, 6 Jun 2025 04:58:29 +0800
+Subject: [PATCH] Fixed #36421 -- Made test_msgfmt_error_including_non_ascii
+ compatible with msgfmt 0.25.
+
+---
+ tests/i18n/test_compilation.py | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/tests/i18n/test_compilation.py b/tests/i18n/test_compilation.py
+index 4b0bb9f6bb1..3a57dbf0765 100644
+--- a/tests/i18n/test_compilation.py
++++ b/tests/i18n/test_compilation.py
+@@ -1,5 +1,6 @@
+ import gettext as gettext_module
+ import os
++import re
+ import stat
+ import unittest
+ from io import StringIO
+@@ -8,10 +9,12 @@
+ from unittest import mock
+ 
+ from django.core.management import CommandError, call_command, execute_from_command_line
+-from django.core.management.utils import find_command
++from django.core.management.utils import find_command, popen_wrapper
+ from django.test import SimpleTestCase, override_settings
+ from django.test.utils import captured_stderr, captured_stdout
+ from django.utils import translation
++from django.utils.encoding import DEFAULT_LOCALE_ENCODING
++from django.utils.functional import cached_property
+ from django.utils.translation import gettext
+ 
+ from .utils import RunInTmpDirMixin, copytree
+@@ -254,6 +257,17 @@ def test_no_dirs_accidentally_skipped(self):
+ 
+ 
+ class CompilationErrorHandling(MessageCompilationTests):
++    @cached_property
++    def msgfmt_version(self):
++        # Note that msgfmt is installed via GNU gettext tools, hence the msgfmt
++        # version should align to gettext.
++        out, err, status = popen_wrapper(
++            ["msgfmt", "--version"],
++            stdout_encoding=DEFAULT_LOCALE_ENCODING,
++        )
++        m = re.search(r"(\d+)\.(\d+)\.?(\d+)?", out)
++        return tuple(int(d) for d in m.groups() if d is not None)
++
+     def test_error_reported_by_msgfmt(self):
+         # po file contains wrong po formatting.
+         with self.assertRaises(CommandError):
+@@ -278,7 +292,14 @@ def test_msgfmt_error_including_non_ascii(self):
+                 call_command(
+                     "compilemessages", locale=["ko"], stdout=StringIO(), stderr=stderr
+                 )
+-            self.assertIn("' cannot start a field name", stderr.getvalue())
++            if self.msgfmt_version < (0, 25):
++                error_msg = "' cannot start a field name"
++            else:
++                error_msg = (
++                    "a field name starts with a character that is not alphanumerical "
++                    "or underscore"
++                )
++            self.assertIn(error_msg, stderr.getvalue())
+ 
+ 
+ class ProjectAndAppTests(MessageCompilationTests):

test_strip_tags.patch

@@ -10,11 +10,11 @@ Subject: [PATCH] Fixed #36499 -- Adjusted
  tests/utils_tests/test_html.py | 4 ++--
  2 files changed, 4 insertions(+), 4 deletions(-)
 
-diff --git a/tests/test_utils/tests.py b/tests/test_utils/tests.py
-index 494a0ea8d384..0de19eae9072 100644
---- a/tests/test_utils/tests.py
-+++ b/tests/test_utils/tests.py
-@@ -959,10 +959,10 @@ def test_parsing_errors(self):
+Index: django-5.2.6/tests/test_utils/tests.py
+===================================================================
+--- django-5.2.6.orig/tests/test_utils/tests.py
++++ django-5.2.6/tests/test_utils/tests.py
+@@ -945,10 +945,10 @@ class HTMLEqualTests(SimpleTestCase):
              self.assertHTMLEqual("", "<p>")
          error_msg = (
              "First argument is not valid HTML:\n"
@@ -22,25 +22,28 @@ index 494a0ea8d384..0de19eae9072 100644
 +            "('Unexpected end tag `div` (Line 1, Column 0)', (1, 0))"
          )
          with self.assertRaisesMessage(AssertionError, error_msg):
--            self.assertHTMLEqual("< div></ div>", "<div></div>")
+-            self.assertHTMLEqual("< div></div>", "<div></div>")
 +            self.assertHTMLEqual("</div>", "<div></div>")
          with self.assertRaises(HTMLParseError):
              parse_html("</p>")
  
-diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
-index 4ce552e79a0d..205eaeca1668 100644
---- a/tests/utils_tests/test_html.py
-+++ b/tests/utils_tests/test_html.py
-@@ -142,10 +142,10 @@ def test_strip_tags(self):
-             ("&gotcha&#;<>", "&gotcha&#;<>"),
-             ("<sc<!-- -->ript>test<<!-- -->/script>", "ript>test"),
+Index: django-5.2.6/tests/utils_tests/test_html.py
+===================================================================
+--- django-5.2.6.orig/tests/utils_tests/test_html.py
++++ django-5.2.6/tests/utils_tests/test_html.py
+@@ -162,13 +162,13 @@ class TestUtilsHtml(SimpleTestCase):
              ("<script>alert()</script>&h", "alert()h"),
--            ("><!" + ("&" * 16000) + "D", "><!" + ("&" * 16000) + "D"),
-+            ("><!" + ("&" * 16000) + "D", ">"),
+             (
+                 "><!" + ("&" * 16000) + "D",
+-                ">" if htmlparser_fixed else "><!" + ("&" * 16000) + "D",
++                ">",
+             ),
              ("X<<<<br>br>br>br>X", "XX"),
              ("<" * 50 + "a>" * 50, ""),
--            (">" + "<a" * 500 + "a", ">" + "<a" * 500 + "a"),
-+            (">" + "<a" * 500 + "a", ">"),
+             (
+                 ">" + "<a" * 500 + "a",
+-                ">" if htmlparser_fixed else ">" + "<a" * 500 + "a",
++                ">",
+             ),
              ("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
              ("<" + "a" * 1_002, "<" + "a" * 1_002),
-         )