rpm/python-Django
SHA256
1
0
Fork 0
forked from pool/python-Django
Code Pull Requests Activity

Accepting request 890638 from home:aplanas:branches:devel:languages:python:django

Browse Source 
- Update to 3.2.1 (CVE-2021-31542)
  + CVE-2021-31542: Potential directory-traversal via uploaded files
  + Corrected detection of GDAL 3.2 on Windows
  + Fixed a bug in Django 3.2 where subclasses of BigAutoField and
    SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting
  + Fixed a regression in Django 3.2 that caused a crash of
    QuerySet.values()/values_list() after QuerySet.union(),
    intersection(), and difference() when it was ordered by an
    unannotated field
  + Restored, following a regression in Django 3.2, displaying an
    exception message on the technical 404 debug page
  + Fixed a bug in Django 3.2 where a system check would crash on a
    reverse one-to-one relationships in CheckConstraint.check or
    UniqueConstraint.condition
  + Fixed a regression in Django 3.2 that caused a crash of
    ModelAdmin.search_fields when searching against phrases with
    unbalanced quotes
  + Fixed a bug in Django 3.2 where variable lookup errors were logged
    rendering the sitemap template if alternates were not defined
  + Fixed a regression in Django 3.2 that caused a crash when
    combining Q() objects which contains boolean expressions
  + Fixed a regression in Django 3.2 that caused a crash of
    QuerySet.update() on a queryset ordered by inherited or joined
    fields on MySQL and MariaDB
  + Fixed a regression in Django 3.2 that caused a crash when decoding
    a cookie value, used by
    django.contrib.messages.storage.cookie.CookieStorage, in the
    pre-Django 3.2 format
  + Fixed a regression in Django 3.2 that stopped the shift-key
    modifier selecting multiple rows in the admin changelist
  + Fixed a bug in Django 3.2 where a system check would crash on the
    STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path)
  + Fixed a long standing bug involving queryset bitwise combination
    when used with subqueries that began manifesting in Django 3.2,
    due to a separate fix using Exists to exclude() multi-valued
    relationships
  + Fixed a bug in Django 3.2 where variable lookup errors were logged
    when rendering some admin templates
  + Fixed a bug in Django 3.2 where an admin changelist would crash
    when deleting objects filtered against multi-valued relationships
  + Fixed a regression in Django 3.2 where the calling process
    environment would not be passed to the dbshell command on PostgreSQL
  + Fixed a performance regression in Django 3.2 when building complex
    filters with subqueries

OBS-URL: https://build.opensuse.org/request/show/890638
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=80
This commit is contained in:
Alberto Planas 2021-05-05 09:20:33 +00:00 committed by Git OBS Bridge
parent 74ea9e2062
commit 215700684a
6 changed files with 119 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Django-3.2.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd
size 9820723

67
Django-3.2.1.tar.gz.asc Normal file
View File

@ -0,0 +1,67 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.2.1, released May 4, 2021.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
or via the GitHub API:
curl https://github.com/carltongibson.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.2/Django-3.2.1-py3-none-any.whl
https://www.djangoproject.com/m/releases/3.2/Django-3.2.1.tar.gz
MD5 checksums
=============
dd5ba0f289ab783e2359a078b569e054 Django-3.2.1-py3-none-any.whl
0ded0d3408c38f4a5cff2128f5a9c4ba Django-3.2.1.tar.gz
SHA1 checksums
==============
6ed6e36a7e5ebf37f0ff0efe2b03d81730fd4c1b Django-3.2.1-py3-none-any.whl
cd6f18967e13a6e67dbee4713116aab9cb348865 Django-3.2.1.tar.gz
SHA256 checksums
================
e2f73790c60188d3f94f08f644de249d956b3789161e7604509d128a13fb2fcc Django-3.2.1-py3-none-any.whl
95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd Django-3.2.1.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmCRCGkbHGNhcmx0b24u
Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50AEOAQALLp01Bu+1LOKrpd3kql
UhgZgD4buu3olr/qPnj6j9wCNyOV3zk/G7CmImY6WAIZdhI8Y8PoxJ3WeirzBsWt
yCdMItlDpjcjvW8BJUHAo80hjeBTETXzkaylJfCkjMdFP/EPmunxWdFr7cWoB32F
uGsPegBjZ3KWUIPsKxUMO81PBtGq0ir5Ht0hs/z/ni+DOUSZixSBNZo/cmECelwR
4ssPd+ixNc1qxUeBGGLzmmrZQF72iINiA4bmyQzVUIBZ/0H72ZyNvkITTH4x7Qab
UwYHJOXNhW+pQGjN7V4RPKUwfVfoauXbRYr/FvcqKfob3iSy4UH59GRZ3xxbt//1
Ox2U+IOiv0Ikck2UZcfQZdwpsTe0V36NONyrYsvnEcCdAy2BZ2zZu51N9vedIIxb
e+3OJNNvMsn+Rt1BhZZNVHPfVeqaYBqeV+ZrDUnfb9gChaxKCwCc/hoet/xP5FKw
2UgkXejevYvVNsaWXY8AN09rD26qruhadN2vx2O0nyiEoot3cC3ufGquBvjphs/I
L/1ftY1pRTR3KKLkKLPcfcQpeeuQjmZewhaGALJ/aeFwPC1Fzp/wJ73omfJpb+2y
PUr9GZBi5vGdgin+x2HjwP1ho00ZpoyIePVWxxC4GrPApmHW/M/GBmt6ns4kVJhL
uOfA7SNMCou79sy7Jy/dZwhs
=5lpt
-----END PGP SIGNATURE-----

3
Django-3.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d
size 9819119

67
Django-3.2.tar.gz.asc
View File

@ -1,67 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.2, released April 6, 2021.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
or via the GitHub API:
curl https://github.com/carltongibson.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.2/Django-3.2.tar.gz
https://www.djangoproject.com/m/releases/3.2/Django-3.2-py3-none-any.whl
MD5 checksums
=============
0db580470a6a1dc20ccb805f94479ffa Django-3.2.tar.gz
e2cfd14ad74a389429bec15cd8b7391b Django-3.2-py3-none-any.whl
SHA1 checksums
==============
00abafe8e50230aa41892b28456c35ae18c16b8b Django-3.2.tar.gz
07015dcabc200f09266991978f611bdca56ce93f Django-3.2-py3-none-any.whl
SHA256 checksums
================
21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d Django-3.2.tar.gz
0604e84c4fb698a5e53e5857b5aea945b2f19a18f25f10b8748dbdf935788927 Django-3.2-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmBsKcQbHGNhcmx0b24u
Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50APIkP/1pmxTi40TM+EKi/PuGv
rv7ft9gXDbCkgnS0BMr5qnqi3allE7x7JJ0qEXN7mvo2ZEevVntR3gLRV8y6h9H6
zYprz4iEs/+tfnEzcuZhCbkqDidY4SaoClNh9rqXBcMCWR2/CkR9GLNYDvMAYK9S
g/bRQBH3iy1Naw6TCum9fLcTqhpQgkbgN1qdxfDE12QsHTcxfIrkB54Jd1TSswWt
QzYwhhIdLkot785UBRsFk7rcNTsPCSXUDIlNUHxqMx6ubJXKPLLiDoaxZqXFyYAi
Pqhak9Itj7Q34emm+BkMpFj2fKAcdS8ufDtrTjiS3gmjNJ1Pw+A6+eamanVNFfYb
4eTbr2+X7Ttp9rUrJdMmBUNN+hEM8HwdShcjp94w+8ExDk2j80ZDGfjdxSwEh1Dj
drIFAyewXQ1umsK333gtI+xJS7bXak+6XjRg44PtfNH3WbSnKNuJ1u2wHYNFmARA
undAOhBiEsCz/TOKo3Rd2jb14j84J0x/ksiEQRfNWhjRAUvuFJohMtlV3/ig53Vw
icGvRwp0X3zst4I4p/SK+e/XAuOU+Cwc6GTP5yKBJZhtZIFAG8BZ2Z8CWYjNViQT
o43K7QtZlit6mmGXDEvONJhSXl3W7CQ0Wrwd3xI0ySE9fFRq1RQLOhjSpiidIXfE
oP/d3xyNLl4s58C0irBMrg9j
=Aeit
-----END PGP SIGNATURE-----

48
python-Django.changes
View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Wed May 5 08:44:30 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Update to 3.2.1 (CVE-2021-31542)
+ CVE-2021-31542: Potential directory-traversal via uploaded files
+ Corrected detection of GDAL 3.2 on Windows
+ Fixed a bug in Django 3.2 where subclasses of BigAutoField and
SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting
+ Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values()/values_list() after QuerySet.union(),
intersection(), and difference() when it was ordered by an
unannotated field
+ Restored, following a regression in Django 3.2, displaying an
exception message on the technical 404 debug page
+ Fixed a bug in Django 3.2 where a system check would crash on a
reverse one-to-one relationships in CheckConstraint.check or
UniqueConstraint.condition
+ Fixed a regression in Django 3.2 that caused a crash of
ModelAdmin.search_fields when searching against phrases with
unbalanced quotes
+ Fixed a bug in Django 3.2 where variable lookup errors were logged
rendering the sitemap template if alternates were not defined
+ Fixed a regression in Django 3.2 that caused a crash when
combining Q() objects which contains boolean expressions
+ Fixed a regression in Django 3.2 that caused a crash of
QuerySet.update() on a queryset ordered by inherited or joined
fields on MySQL and MariaDB
+ Fixed a regression in Django 3.2 that caused a crash when decoding
a cookie value, used by
django.contrib.messages.storage.cookie.CookieStorage, in the
pre-Django 3.2 format
+ Fixed a regression in Django 3.2 that stopped the shift-key
modifier selecting multiple rows in the admin changelist
+ Fixed a bug in Django 3.2 where a system check would crash on the
STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path)
+ Fixed a long standing bug involving queryset bitwise combination
when used with subqueries that began manifesting in Django 3.2,
due to a separate fix using Exists to exclude() multi-valued
relationships
+ Fixed a bug in Django 3.2 where variable lookup errors were logged
when rendering some admin templates
+ Fixed a bug in Django 3.2 where an admin changelist would crash
when deleting objects filtered against multi-valued relationships
+ Fixed a regression in Django 3.2 where the calling process
environment would not be passed to the dbshell command on PostgreSQL
+ Fixed a performance regression in Django 3.2 when building complex
filters with subqueries
-------------------------------------------------------------------
Tue Apr 6 09:27:50 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>

2
python-Django.spec
View File

@ -23,7 +23,7 @@
%bcond_with memcached
Name: python-Django
# We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc
Version: 3.2
Version: 3.2.1
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause