Accepting request 752866 from home:aplanas:branches:devel:languages:python:django

- Update to 2.2.8 * CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705) * Fixed a data loss possibility in the admin changelist view when a custom formset’s prefix contains regular expression special characters, e.g. '$' * Fixed a regression in Django 2.2.1 that caused a crash when migrating permissions for proxy models with a multiple database setup if the default entry was empty * Fixed a data loss possibility in the select_for_update(). When using 'self' in the of argument with multi-table inheritance, a parent model was locked instead of the queryset’s model - Add patch fix-selenium-test.patch to fix a test when selenium is missing OBS-URL: https://build.opensuse.org/request/show/752866 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=45
2019-12-02 11:27:04 +00:00 · 2019-12-02 11:27:04 +00:00 · 1a863ea358
commit 1a863ea358
parent 5824a53f04
7 changed files with 105 additions and 68 deletions
--- a/Django-2.2.7.tar.gz
+++ b/Django-2.2.7.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:16040e1288c6c9f68c6da2fe75ebde83c0a158f6f5d54f4c5177b0c1478c5b86
 size 8999415
--- a/Django-2.2.7.tar.gz.asc
+++ b/Django-2.2.7.tar.gz.asc
@ -1,63 +0,0 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 2.2.7, released November 4, 2019.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring; this key has
 the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
 keyserver. For example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
 Once the key is imported, verify this file::
    gpg --verify <<THIS FILENAME>>
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages:
 =================
 https://www.djangoproject.com/m/releases/2.2/Django-2.2.7-py3-none-any.whl
 https://www.djangoproject.com/m/releases/2.2/Django-2.2.7.tar.gz
 MD5 checksums
 =============
 501704dd5d29b597763a8e9dd7737f6b  Django-2.2.7-py3-none-any.whl
 b0833024aac4c8240467e4dc91a12e9b  Django-2.2.7.tar.gz
 SHA1 checksums
 ==============
 40fc8e32c8d002cf44d9abebe57c24019fcda3ba  Django-2.2.7-py3-none-any.whl
 ef69a17d8547070880aba9171f2471eb4b921fed  Django-2.2.7.tar.gz
 SHA256 checksums
 ================
 89c2007ca4fa5b351a51a279eccff298520783b713bf28efb89dfb81c80ea49b  Django-2.2.7-py3-none-any.whl
 16040e1288c6c9f68c6da2fe75ebde83c0a158f6f5d54f4c5177b0c1478c5b86  Django-2.2.7.tar.gz
 -----BEGIN PGP SIGNATURE-----
 iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl2/2JUbHGZlbGlzaWFr
 Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bzCIQAKaFzUHrxUJeFrgrkcUZ
 LvCa3IjyuDJlHWzavSSjf7ZXQR3de52VUDtNwdD5yByMQpn/s/UWqKlKu8c7fh2V
 +xagzCXYAbYbFyjoinZiZib7SPAffDITyFyy3FgxHNMS/g7pmuBPxic4oYyL0poP
 OA1H26x4TpOWDCRLh9FncTWIkJusSekqsjjDKbfRr9GvkbAR9ueRfOFZn96PuOTF
 JUcpkbntdZzVChl90LHDMuJywSURChcoOci66fmaMXMoTblbBpdX1gTwNJeW4//d
 WZb3LMbB9vq41XEnjttlcYXHrWNqsDSqkOB6kqa+dh6TLe0mmDpiphnDotHCHL6V
 1PII9yVLUZ1l6vL36iXoWQaOPIeLbtRDYzk/IURY3QKE69FGxTOsVqbwMnS5jJvn
 maOGtaYch/NWnRHVMoIO5+bh9SRkS+1wO3a6EFzl69TuVW5fm6vqfuDnknd24UEA
 6UCsWhEQoG9ot6AyTXDTARQVrE5K2ujDheMiNXKqbAv+QUcjf3BzECdwBGC9LvAi
 j3FkXTJ/Q1XUQaYZRJsELRNMs5DOrBTZ8/6EEVuP6gOQosbHaCzlcyGxqF6JpcYy
 NOxAmKDVyvBS/N5WsgAQCVO7jeV7ytUN7rgUtruKW7GMUhUqq1h+Mg1QFy53lqip
 U4wWM0jrmAxNBCw3hbqiaQQZ
 =xLL3
 -----END PGP SIGNATURE-----
--- a/Django-2.2.8.tar.gz
+++ b/Django-2.2.8.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a4ad4f6f9c6a4b7af7e2deec8d0cbff28501852e5010d6c2dc695d3d1fae7ca0
 size 8870662
--- a/Django-2.2.8.tar.gz.asc
+++ b/Django-2.2.8.tar.gz.asc
@ -0,0 +1,62 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 2.2.8, released December 2, 2019.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring; this key has
 the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
 keyserver. For example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
 Once the key is imported, verify this file::
    gpg --verify <<THIS FILENAME>>
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages:
 =================
 https://www.djangoproject.com/m/releases/2.2/Django-2.2.8-py3-none-any.whl
 https://www.djangoproject.com/m/releases/2.2/Django-2.2.8.tar.gz
 MD5 checksums
 =============
 2dd61e8dfadc3754e35f927d4142fc0f  Django-2.2.8-py3-none-any.whl
 57d965818410a4e00e2267eef66aa9c9  Django-2.2.8.tar.gz
 SHA1 checksums
 ==============
 ad9d4b417d4b99ec19548d7339b345d807de5000  Django-2.2.8-py3-none-any.whl
 0a631fe2237fea6a60cdd5d02b618632b6e49a1b  Django-2.2.8.tar.gz
 SHA256 checksums
 ================
 fa98ec9cc9bf5d72a08ebf3654a9452e761fbb8566e3f80de199cbc15477e891  Django-2.2.8-py3-none-any.whl
 a4ad4f6f9c6a4b7af7e2deec8d0cbff28501852e5010d6c2dc695d3d1fae7ca0  Django-2.2.8.tar.gz
 -----BEGIN PGP SIGNATURE-----
 iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl3ky/QACgkQ4X31yCtP
 nQBi8w//S+ZVGHyo35gekAy3j11PmUuiD2nhGlrmfZgiBsAepcxIpXH/ZYS+OWUY
 ZYdyUYb9308YGiKzkOxOMmsqrZeEwzImQcf844MCbQcFkPe0NWc9FZ/RphCaStVN
 pxoGHZOfV6bOyLVJO8jV4YqDl/MBWdvtFDMhrrJlZSmgmVDAfpSV+BFUmoFaiC2i
 vd1fKKVLxTVZrr6L6ov0h8JM2gMPVoGp4P/WDofk1LuWRKLZmwtrp7PRdBeyf5jO
 itoQD00qAt2IsdaXYuPkaCMdQWzCJDGiFFUjcRkzdZtLaKugTnuHMol9/lCcXkW1
 NL//xq+rh8YfyTkNk4rDHuu98urPz46z1kgvNOSJlgpTf4RWjk/va1s+/Cc28QSa
 KVA4CcD+2+we781USYJG0B10+OsgzWbPV+50IOejVqrhj5QCSa6LRG37hp6iJThp
 +2ZqM8DthouFdjliT1W3pEzcyII/nWqIibyWo7zMrQQk5N9f5E628KHIFlOeB7+8
 pinSTmfUpTS5leVBRIzc2LhdE9WYoPaFdQOm2AD7vHDIwYxy5l9uStyN25xi+Jp1
 EvsFmIKj9COc21L4nDujpgKdLJ0eiGAL6fJ6UQydvMaBsdbPXO8kTk/lXooQx1X/
 LhbnxqLG1Yzh9bxNHCGOGPDnWswGeTFNpAhRwtryCBASeItQzAE=
 =xo2Q
 -----END PGP SIGNATURE-----
--- a/fix-selenium-test.patch
+++ b/fix-selenium-test.patch
@ -0,0 +1,19 @@
 Index: Django-2.2.8/tests/admin_inlines/tests.py
 ===================================================================
 --- Django-2.2.8.orig/tests/admin_inlines/tests.py
 +++ Django-2.2.8/tests/admin_inlines/tests.py
@@ -1,5 +1,3 @@
 -from selenium.common.exceptions import NoSuchElementException
 -
 from django.contrib.admin import ModelAdmin, TabularInline
 from django.contrib.admin.helpers import InlineAdminForm
 from django.contrib.admin.tests import AdminSeleniumTestCase
@@ -1050,6 +1048,8 @@ class SeleniumTests(AdminSeleniumTestCas
         self.assertEqual(Profile.objects.all().count(), 3)
     def test_add_inline_link_absent_for_view_only_parent_model(self):
 +        from selenium.common.exceptions import NoSuchElementException
 +
         user = User.objects.create_user('testing', password='password', is_staff=True)
         user.user_permissions.add(
             Permission.objects.get(codename='view_poll', content_type=ContentType.objects.get_for_model(Poll))
--- a/python-Django.changes
+++ b/python-Django.changes
@ -1,3 +1,20 @@
 -------------------------------------------------------------------
 Mon Dec  2 09:45:57 UTC 2019 - Alberto Planas Dominguez <aplanas@suse.com>
 - Update to 2.2.8
  * CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705)
  * Fixed a data loss possibility in the admin changelist view when a
    custom formset’s prefix contains regular expression special
    characters, e.g. '$'
  * Fixed a regression in Django 2.2.1 that caused a crash when
    migrating permissions for proxy models with a multiple database
    setup if the default entry was empty
  * Fixed a data loss possibility in the select_for_update(). When
    using 'self' in the of argument with multi-table inheritance, a
    parent model was locked instead of the queryset’s model
 - Add patch fix-selenium-test.patch to fix a test when selenium is
  missing
 -------------------------------------------------------------------
 Fri Nov 15 10:53:24 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
--- a/python-Django.spec
+++ b/python-Django.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-Django
 #
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -23,7 +23,7 @@
 %bcond_with memcached
 Name:           python-Django
 # We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc
-Version:        2.2.7
+Version:        2.2.8
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause
@ -34,6 +34,7 @@ Source2:        %{name}.keyring
 Source99:       python-Django-rpmlintrc
 Patch0:         i18n_test.patch
 Patch1:         test_clear_site_cache-sort.patch
 Patch2:         fix-selenium-test.patch
 BuildRequires:  %{python_module Jinja2 >= 2.9.2}
 BuildRequires:  %{python_module Pillow}
 BuildRequires:  %{python_module PyYAML}
@ -98,6 +99,7 @@ echo "`grep -e '^[0-9a-f]\{64\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-
 %setup -q -n Django-%{version}
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 chmod a-x django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js
 %build