- update to 2.2.2

* Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468) * Fixes CVE-2019-11358: Prototype pollution OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=31
2019-06-03 11:04:26 +00:00 · 2019-06-03 11:04:26 +00:00 · 0edf726470
commit 0edf726470
parent 3758282993
6 changed files with 73 additions and 67 deletions
--- a/Django-2.2.1.tar.gz
+++ b/Django-2.2.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6fcc3cbd55b16f9a01f37de8bcbe286e0ea22e87096557f1511051780338eaea
-size 8973889
--- a/Django-2.2.1.tar.gz.asc
+++ b/Django-2.2.1.tar.gz.asc
@ -1,63 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 2.2.1, released May 1, 2019.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring; this key has
-the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
-keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
-
-Once the key is imported, verify this file::
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.1-py3-none-any.whl
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.1.tar.gz
-
-MD5 checksums
-=============
-
-8a2f51f779351edcbceda98719e07254  Django-2.2.1-py3-none-any.whl
-3b1721c1b5014316e1af8b10613c7592  Django-2.2.1.tar.gz
-
-SHA1 checksums
-==============
-
-aa28ed3cff3d5c599537bd3913a3ceed76de1a69  Django-2.2.1-py3-none-any.whl
-11612623ffbaa5aa2860775b44652d75687cb982  Django-2.2.1.tar.gz
-
-SHA256 checksums
-================
-
-bb407d0bb46395ca1241f829f5bd03f7e482f97f7d1936e26e98dacb201ed4ec  Django-2.2.1-py3-none-any.whl
-6fcc3cbd55b16f9a01f37de8bcbe286e0ea22e87096557f1511051780338eaea  Django-2.2.1.tar.gz
-----BEGIN PGP SIGNATURE-----
-
-iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAlzJNPAbHGZlbGlzaWFr
-Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bnyEP/2VAdw6zsG3cu7YEqoMj
-cJChSaLPjRmVT6mWnxRJRLeVgnktCUxgsdriUhEZJ471wn9iZbLaeTQrQwmwli7c
-nwK9NIuKSLVePjDd6FlW6yrxzpCp3AMqK3f9vYNVOFJJgZjQAYaFqjI2J/2iU5zS
-44UsA8z/P43mx+QVtiKKPGk9brwtLjq4v0Ga1N8fsJz0DPvz3DNdethhKhubowS3
-ozx4pENpCIfldvCsFHE0sVB42h3exeOVEsjEp14n9RbAATHkRmkcAL6gyVOV01ao
-klLwejMWM+d5hqN4Ewpy+uF+CD1r/ipc2vXBns3cPJYx2Nyf5FpR8wp8TViWjv3a
-pjMJELUpVh0PyiSZjFCwuU3dg75iKQruS/kXme6Y9sYYxtFrSME5ethX2c12YO/2
-HP9807wXy9bAY4g2FCc1oY+qQvYjLuCWQViCbeDUvIRN8g9e9wLAKOWoTRcWR9/7
-+VI+xTsEQdisIhD93zXbD7Z5/OuiwZ+NL/AxZNP+VXzEf5/TvvkOxnFrJuMt1s+S
-NNSyLaW+exqEPuu6fHV9y0AqQhqT3wEMPo4cLf5053RQ6igH156t/Lw0kwAFeSP4
-18bkdfKizHM7okNkKULOizWM4xKWZfBaPcN6F+14wBbjE1tEEFa/nk9+WK48biFB
-8SC9AU5SQjCsYs0yu/Eh3mOf
-=eGQf
-----END PGP SIGNATURE-----
--- a/Django-2.2.2.tar.gz
+++ b/Django-2.2.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:753d30d3eb078064d2ddadfea65083c9848074a7f93d7b4dc7fa6b1380d278f5
+size 8841523
--- a/Django-2.2.2.tar.gz.asc
+++ b/Django-2.2.2.tar.gz.asc
@ -0,0 +1,62 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 2.2.2, released June 3, 2019.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring; this key has
+the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
+keyserver. For example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
+
+Once the key is imported, verify this file::
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.2.tar.gz
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.2-py3-none-any.whl
+
+MD5 checksums
+=============
+
+c52b05c2bc4898bd68dc0359347fff69  Django-2.2.2.tar.gz
+41fdd9254fcbce92001c6881ba5af68d  Django-2.2.2-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+2d8de20bbc3c2864fb095341ecea8cb095bce7ed  Django-2.2.2.tar.gz
+3ebc7aee84574513a88d7ae765a532cfbcb88c71  Django-2.2.2-py3-none-any.whl
+
+SHA256 checksums
+================
+
+753d30d3eb078064d2ddadfea65083c9848074a7f93d7b4dc7fa6b1380d278f5  Django-2.2.2.tar.gz
+7cb67e8b934fab23b6daed7144da52e8a25a47eba7f360ca43d2b448506b01ad  Django-2.2.2-py3-none-any.whl
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAlz07+wACgkQ4X31yCtP
+nQAp9g//QtCzWnDfLOgFMg6yX/ZXN6XPzTfehjq1oMkEfluXwZrrCUPL3vzLkRiL
+2ftqmuvYO16qR0XU+U0939fdXkP22ESStuHJR5Ynj9NXbX2DZy39ccH6vEMD/m1p
+5nIz7iS6bOcjz3ocJK/gL1LLp5lZ7q6PXkXYNYzRPMQwfbmjG2ZQHAm+6UE4f1dY
+CpdMKOHDeCg6abdOsnD8CBXz5HMS2IfJAQThFJ82ZpiIRnXRs2P0dIWsovN+yIdX
+EgcGNsrefNQs9/QQ9N//5ee2g1PrxUaHg2bCu5afiiHRfAFTx9StikhHK/hYvt2l
+UW+i2zIPWbS3I33YE5uIROyydOHtcL0pAgmw7OkKYLnmn3KYyVaY6uZ+8WVbjFaq
+KSrnFu0qsZFr8p32k95BCYHWcAhcZNIlZKgUFB9gtgmAtkheLqqpG4PYV+BwD9Ff
+ipBNIzUBNLBXOuaXm4BOuDjNjklycP/trTbK+VbZyKQrNRNPhnccoYT2qWw/zZVS
+wpjpZULznMoc1BvMzMMXkDyhB/y7ov92rCcIj/LRzmYNMLyh0jQygO2ej5Ij7V3U
+nLf3I2702KDYB52/KZdtsLXyWfYmYONGJUgq+P67SuV923kftL4WfXOh/3xLpVJ
+MPXK+ivBkyVTRRYhkV3Ouh5AN74sJV71Isz/lCCxK7goWwzFg/8=
+=QQ53
+-----END PGP SIGNATURE-----
--- a/python-Django.changes
+++ b/python-Django.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jun  3 11:01:44 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 2.2.2
+ * Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468)
+ * Fixes CVE-2019-11358: Prototype pollution
+
 -------------------------------------------------------------------
 Tue May  7 07:13:09 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

--- a/python-Django.spec
+++ b/python-Django.spec
@ -23,7 +23,7 @@
 %define skip_python2 1
 Name:           python-Django
 # We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc
-Version:        2.2.1
+Version:        2.2.2
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause