Accepting request 1330889 from devel:languages:python:django

OBS-URL: https://build.opensuse.org/request/show/1330889 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django6?expand=0&rev=3
2026-02-04 20:08:38 +00:00
parent c63c8ebd08 9356993ff3
commit 5f217953ca
6 changed files with 96 additions and 71 deletions
--- a/Django-6.0.1.checksum.txt
+++ b/Django-6.0.1.checksum.txt
@@ -1,67 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the
-source-code tarball and wheel files of Django 6.0.1, released January 6, 2026.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring. This key has
-the ID ``131403F4D16D8DC7`` and can be imported from the MIT
-keyserver, for example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7
-
-or via the GitHub API:
-
-    curl https://github.com/jacobtylerwalls.gpg | gpg --import -
-
-Once the key is imported, verify this file:
-
-    gpg --verify Django-6.0.1.checksum.txt
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages
-================
-
-https://www.djangoproject.com/download/6.0.1/tarball/
-https://www.djangoproject.com/download/6.0.1/wheel/
-
-MD5 checksums
-=============
-
-08fe66b67df5e0c958acdfdb2177f81d  django-6.0.1.tar.gz
-e0d69597f37472a27ce895460db01580  django-6.0.1-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-72575360c0eae95e2d780009e400c8f17d23cd2a  django-6.0.1.tar.gz
-116bdcf93d6a463012c24461608fab05c310085f  django-6.0.1-py3-none-any.whl
-
-SHA256 checksums
-================
-
-ed76a7af4da21551573b3d9dfc1f53e20dd2e6c7d70a3adc93eedb6338130a5f  django-6.0.1.tar.gz
-a92a4ff14f664a896f9849009cb8afaca7abe0d6fc53325f3d1895a15253433d  django-6.0.1-py3-none-any.whl
-
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmldWBQACgkQExQD9NFt
-jce4rw/+NzNKpgdWfztlhoyUu16vGifGblxJyXxP4mziSFqTRw9+VWn2EQgCF+6w
-yFWt3Uc9uSk/qu6IHETnzenSKJVfWz/Np7emGxRD1V4+WE82iJLVFSMkNHPyoadf
-FjqX/5OD0kJXqvbIpNAdg24OpjQqnm/JT8QP2+Jy+xct3Oycvm2wm7HyM88ifLwQ
-E26g4UW66rkG1Q3/7bJWwIWQWjTieCwwlZq3qakOpOkv6Bl8BNAQrcyblnwUbxec
-rl9QMv1ynQpHSEHKIrIeRoHczDT8rSiy4NoAIDTztLQEFFU7JNT46jX1+zcoPPSt
-ayyScSb6qXvV7Cg1vwOdkDClCqtL4Q+B1boHj1IJFOiV+A33uPPh919kPyzmbfwa
-9LcVYdmNBaoXkX2oTApSJpGW47w2ypCH8tcroVFvbkq+/Yhwv6bOuPHtb3hkpvnO
-s+2GUkYrtRZB6/r3+KLlNdRa0yAbZSyTpA1TxQDzEx1U+piAslpNB0vd4sivoJ1Q
-WwtTbirGjIGKAX3Cd9yOAXivFEhPj4+2HoLQys3KOUCzbC+GEgq8SICm2sU/tM11
-O0cmHV2MGbGRUldZ9K4+XWbwVa1UFecIwvu7mlfYz0Ql1AAoEj4nDcwkGXCzsS6t
-R7iIBjGQJjljVKun85YN5D+9sNPdQlvCoHLIXHUA45bhj5kc1G0=
-=clZC
-----END PGP SIGNATURE-----
--- a/Django-6.0.2.checksum.txt
+++ b/Django-6.0.2.checksum.txt
@@ -0,0 +1,67 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the
+source-code tarball and wheel files of Django 6.0.2, released February 3, 2026.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``131403F4D16D8DC7`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7
+
+or via the GitHub API:
+
+    curl https://github.com/jacobtylerwalls.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-6.0.2.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/download/6.0.2/tarball/
+https://www.djangoproject.com/download/6.0.2/wheel/
+
+MD5 checksums
+=============
+
+0836ceb8f1f4694f87f0a698c64bd00e  django-6.0.2.tar.gz
+5e170a7a20b0edbb794228a20895cf17  django-6.0.2-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+350bfde2ee630b03dde6daf87ad06fac7a8a5642  django-6.0.2.tar.gz
+70f23a750efce9d525a94dc2d4a15ce016a1e42b  django-6.0.2-py3-none-any.whl
+
+SHA256 checksums
+================
+
+3046a53b0e40d4b676c3b774c73411d7184ae2745fe8ce5e45c0f33d3ddb71a7  django-6.0.2.tar.gz
+610dd3b13d15ec3f1e1d257caedd751db8033c5ad8ea0e2d1219a8acf446ecc6  django-6.0.2-py3-none-any.whl
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmmB894ACgkQExQD9NFt
+jcdrdxAAitAeW6C9Glt4TzkgDakqiXaqsYsBNZxLMVsIDytjy8x8hrXZ0VqvM3Oa
+wtr3EHjazgfVxBiXH8/BIneT6RyInMGlLPdXijJfNDSYUs+nRDavVYIvwt0jJOJy
+oyaH0yQv1dxVibo94sXlMvshfCGpmF1V+963P/t+EciHjuyrxpvEQCXTPFU16exz
+TQFt7Jr2f5VYo4LUl4D24CDGwS1F3PUDkjvbm+ZVT6o8x9Sm1del7fpYBA/iP6g5
+UrnIWlvz1cOXIrijJixcGT93q6Zvr3XEIENDs5eIzDlyzi2sL3ZRG/4Aq0ipCiLo
+WfjTkMwWlQyyLod6rpNKtlYyMz8hVRLEDHZkYl0jo5sSWYn3uHn8mxAPcz7PYM2l
+n6J5e55ISWYmIvH1jbFplv4pa/EmHOyM+VW/fwVvpuboBi9tKFqM+shMSctpDkeO
+bXcK0y+1tVoOBsjnkM82PdTcF9KFUajje0xQ+Bs+n5rLDqV0hJ15qCqd78V/1s+U
+RxTbnypFcNifwkFoM0kGIJfaJ9jVDAzSoSJUg4tGwbmf2Nvgw2MT4clz8ZccEfJv
+KQbHKwMKEzCF2pvjB3codgbpPSZZEHMRcYfV6tgUrPwJRVqWgoqGcePCXDvd/6S6
+dUo/CwINTBY8yxJELuHEn0wr5I69SD7yzUCpIa3HPYR4jl8/mYk=
+=Trbt
+-----END PGP SIGNATURE-----
--- a/django-6.0.1.tar.gz
+++ b/django-6.0.1.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ed76a7af4da21551573b3d9dfc1f53e20dd2e6c7d70a3adc93eedb6338130a5f
-size 11069565
--- a/django-6.0.2.tar.gz
+++ b/django-6.0.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3046a53b0e40d4b676c3b774c73411d7184ae2745fe8ce5e45c0f33d3ddb71a7
+size 10886874
--- a/python-Django6.changes
+++ b/python-Django6.changes
@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Wed Feb  4 09:14:47 UTC 2026 - Markéta Machová <mmachova@suse.com>
+
+- Update to 6.0.2 
+  * CVE-2025-13473: Username enumeration through timing difference
+    in mod_wsgi authentication handler (bsc#1257401)
+  * CVE-2025-14550: Potential denial-of-service vulnerability via
+    repeated headers when using ASGI (bsc#1257403)
+  * CVE-2026-1207: Potential SQL injection via raster lookups on
+    PostGIS (bsc#1257405)
+  * CVE-2026-1285: Potential denial-of-service vulnerability in
+    django.utils.text.Truncator HTML methods (bsc#1257406)
+  * CVE-2026-1287: Potential SQL injection in column aliases via
+    control characters (bsc#1257407)
+  * CVE-2026-1312: Potential SQL injection via QuerySet.order_by
+    and FilteredRelation (bsc#1257408)
+  * Fixed a visual regression in Django 6.0 that caused the admin
+    filter sidebar to wrap below the changelist when filter elements
+    contained long text
+  * Fixed a visual regression in Django 6.0 for admin form fields
+    grouped under a <fieldset> aligned horizontally
+  * Fixed a regression in Django 6.0 where auto_now_add field values
+    were not populated during INSERT operations, due to incorrect
+    parameters passed to field.pre_save()
+
 -------------------------------------------------------------------
 Fri Jan  9 10:21:45 UTC 2026 - Markéta Machová <mmachova@suse.com>

--- a/python-Django6.spec
+++ b/python-Django6.spec
@@ -27,7 +27,7 @@
 %endif
 %define skip_python311 1
 Name:           python-Django6
-Version:        6.0.1
+Version:        6.0.2
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause