1
0
forked from pool/python-Django

Accepting request 752866 from home:aplanas:branches:devel:languages:python:django

- Update to 2.2.8
  * CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705)
  * Fixed a data loss possibility in the admin changelist view when a
    custom formset’s prefix contains regular expression special
    characters, e.g. '$'
  * Fixed a regression in Django 2.2.1 that caused a crash when
    migrating permissions for proxy models with a multiple database
    setup if the default entry was empty
  * Fixed a data loss possibility in the select_for_update(). When
    using 'self' in the of argument with multi-table inheritance, a
    parent model was locked instead of the queryset’s model
- Add patch fix-selenium-test.patch to fix a test when selenium is
  missing

OBS-URL: https://build.opensuse.org/request/show/752866
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=45
This commit is contained in:
Tomáš Chvátal 2019-12-02 11:27:04 +00:00 committed by Git OBS Bridge
parent 5824a53f04
commit 1a863ea358
7 changed files with 105 additions and 68 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:16040e1288c6c9f68c6da2fe75ebde83c0a158f6f5d54f4c5177b0c1478c5b86
size 8999415

View File

@ -1,63 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 2.2.7, released November 4, 2019.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
Once the key is imported, verify this file::
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/2.2/Django-2.2.7-py3-none-any.whl
https://www.djangoproject.com/m/releases/2.2/Django-2.2.7.tar.gz
MD5 checksums
=============
501704dd5d29b597763a8e9dd7737f6b Django-2.2.7-py3-none-any.whl
b0833024aac4c8240467e4dc91a12e9b Django-2.2.7.tar.gz
SHA1 checksums
==============
40fc8e32c8d002cf44d9abebe57c24019fcda3ba Django-2.2.7-py3-none-any.whl
ef69a17d8547070880aba9171f2471eb4b921fed Django-2.2.7.tar.gz
SHA256 checksums
================
89c2007ca4fa5b351a51a279eccff298520783b713bf28efb89dfb81c80ea49b Django-2.2.7-py3-none-any.whl
16040e1288c6c9f68c6da2fe75ebde83c0a158f6f5d54f4c5177b0c1478c5b86 Django-2.2.7.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl2/2JUbHGZlbGlzaWFr
Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bzCIQAKaFzUHrxUJeFrgrkcUZ
LvCa3IjyuDJlHWzavSSjf7ZXQR3de52VUDtNwdD5yByMQpn/s/UWqKlKu8c7fh2V
+xagzCXYAbYbFyjoinZiZib7SPAffDITyFyy3FgxHNMS/g7pmuBPxic4oYyL0poP
OA1H26x4TpOWDCRLh9FncTWIkJusSekqsjjDKbfRr9GvkbAR9ueRfOFZn96PuOTF
JUcpkbntdZzVChl90LHDMuJywSURChcoOci66fmaMXMoTblbBpdX1gTwNJeW4//d
WZb3LMbB9vq41XEnjttlcYXHrWNqsDSqkOB6kqa+dh6TLe0mmDpiphnDotHCHL6V
1PII9yVLUZ1l6vL36iXoWQaOPIeLbtRDYzk/IURY3QKE69FGxTOsVqbwMnS5jJvn
maOGtaYch/NWnRHVMoIO5+bh9SRkS+1wO3a6EFzl69TuVW5fm6vqfuDnknd24UEA
6UCsWhEQoG9ot6AyTXDTARQVrE5K2ujDheMiNXKqbAv+QUcjf3BzECdwBGC9LvAi
j3FkXTJ/Q1XUQaYZRJsELRNMs5DOrBTZ8/6EEVuP6gOQosbHaCzlcyGxqF6JpcYy
NOxAmKDVyvBS/N5WsgAQCVO7jeV7ytUN7rgUtruKW7GMUhUqq1h+Mg1QFy53lqip
U4wWM0jrmAxNBCw3hbqiaQQZ
=xLL3
-----END PGP SIGNATURE-----

3
Django-2.2.8.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a4ad4f6f9c6a4b7af7e2deec8d0cbff28501852e5010d6c2dc695d3d1fae7ca0
size 8870662

62
Django-2.2.8.tar.gz.asc Normal file
View File

@ -0,0 +1,62 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 2.2.8, released December 2, 2019.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
Once the key is imported, verify this file::
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/2.2/Django-2.2.8-py3-none-any.whl
https://www.djangoproject.com/m/releases/2.2/Django-2.2.8.tar.gz
MD5 checksums
=============
2dd61e8dfadc3754e35f927d4142fc0f Django-2.2.8-py3-none-any.whl
57d965818410a4e00e2267eef66aa9c9 Django-2.2.8.tar.gz
SHA1 checksums
==============
ad9d4b417d4b99ec19548d7339b345d807de5000 Django-2.2.8-py3-none-any.whl
0a631fe2237fea6a60cdd5d02b618632b6e49a1b Django-2.2.8.tar.gz
SHA256 checksums
================
fa98ec9cc9bf5d72a08ebf3654a9452e761fbb8566e3f80de199cbc15477e891 Django-2.2.8-py3-none-any.whl
a4ad4f6f9c6a4b7af7e2deec8d0cbff28501852e5010d6c2dc695d3d1fae7ca0 Django-2.2.8.tar.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl3ky/QACgkQ4X31yCtP
nQBi8w//S+ZVGHyo35gekAy3j11PmUuiD2nhGlrmfZgiBsAepcxIpXH/ZYS+OWUY
ZYdyUYb9308YGiKzkOxOMmsqrZeEwzImQcf844MCbQcFkPe0NWc9FZ/RphCaStVN
pxoGHZOfV6bOyLVJO8jV4YqDl/MBWdvtFDMhrrJlZSmgmVDAfpSV+BFUmoFaiC2i
vd1fKKVLxTVZrr6L6ov0h8JM2gMPVoGp4P/WDofk1LuWRKLZmwtrp7PRdBeyf5jO
itoQD00qAt2IsdaXYuPkaCMdQWzCJDGiFFUjcRkzdZtLaKugTnuHMol9/lCcXkW1
NL//xq+rh8YfyTkNk4rDHuu98urPz46z1kgvNOSJlgpTf4RWjk/va1s+/Cc28QSa
KVA4CcD+2+we781USYJG0B10+OsgzWbPV+50IOejVqrhj5QCSa6LRG37hp6iJThp
+2ZqM8DthouFdjliT1W3pEzcyII/nWqIibyWo7zMrQQk5N9f5E628KHIFlOeB7+8
pinSTmfUpTS5leVBRIzc2LhdE9WYoPaFdQOm2AD7vHDIwYxy5l9uStyN25xi+Jp1
EvsFmIKj9COc21L4nDujpgKdLJ0eiGAL6fJ6UQydvMaBsdbPXO8kTk/lXooQx1X/
LhbnxqLG1Yzh9bxNHCGOGPDnWswGeTFNpAhRwtryCBASeItQzAE=
=xo2Q
-----END PGP SIGNATURE-----

19
fix-selenium-test.patch Normal file
View File

@ -0,0 +1,19 @@
Index: Django-2.2.8/tests/admin_inlines/tests.py
===================================================================
--- Django-2.2.8.orig/tests/admin_inlines/tests.py
+++ Django-2.2.8/tests/admin_inlines/tests.py
@@ -1,5 +1,3 @@
-from selenium.common.exceptions import NoSuchElementException
-
from django.contrib.admin import ModelAdmin, TabularInline
from django.contrib.admin.helpers import InlineAdminForm
from django.contrib.admin.tests import AdminSeleniumTestCase
@@ -1050,6 +1048,8 @@ class SeleniumTests(AdminSeleniumTestCas
self.assertEqual(Profile.objects.all().count(), 3)
def test_add_inline_link_absent_for_view_only_parent_model(self):
+ from selenium.common.exceptions import NoSuchElementException
+
user = User.objects.create_user('testing', password='password', is_staff=True)
user.user_permissions.add(
Permission.objects.get(codename='view_poll', content_type=ContentType.objects.get_for_model(Poll))

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Mon Dec 2 09:45:57 UTC 2019 - Alberto Planas Dominguez <aplanas@suse.com>
- Update to 2.2.8
* CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705)
* Fixed a data loss possibility in the admin changelist view when a
custom formsets prefix contains regular expression special
characters, e.g. '$'
* Fixed a regression in Django 2.2.1 that caused a crash when
migrating permissions for proxy models with a multiple database
setup if the default entry was empty
* Fixed a data loss possibility in the select_for_update(). When
using 'self' in the of argument with multi-table inheritance, a
parent model was locked instead of the querysets model
- Add patch fix-selenium-test.patch to fix a test when selenium is
missing
-------------------------------------------------------------------
Fri Nov 15 10:53:24 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package python-Django
#
# Copyright (c) 2019 SUSE LLC.
# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -23,7 +23,7 @@
%bcond_with memcached
Name: python-Django
# We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc
Version: 2.2.7
Version: 2.2.8
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause
@ -34,6 +34,7 @@ Source2: %{name}.keyring
Source99: python-Django-rpmlintrc
Patch0: i18n_test.patch
Patch1: test_clear_site_cache-sort.patch
Patch2: fix-selenium-test.patch
BuildRequires: %{python_module Jinja2 >= 2.9.2}
BuildRequires: %{python_module Pillow}
BuildRequires: %{python_module PyYAML}
@ -98,6 +99,7 @@ echo "`grep -e '^[0-9a-f]\{64\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-
%setup -q -n Django-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
chmod a-x django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js
%build