1
0
forked from pool/python-Django

Accepting request 891227 from devel:languages:python:django

OBS-URL: https://build.opensuse.org/request/show/891227
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=73
This commit is contained in:
Dominique Leuenberger 2021-05-12 17:31:09 +00:00 committed by Git OBS Bridge
commit 33d1c7a60d
6 changed files with 137 additions and 73 deletions

3
Django-3.2.2.tar.gz Normal file

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d
size 9796920

67
Django-3.2.2.tar.gz.asc Normal file

@ -0,0 +1,67 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.2.2, released May 6, 2021.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
or via the GitHub API:
curl https://github.com/felixxm.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.2/Django-3.2.2-py3-none-any.whl
https://www.djangoproject.com/m/releases/3.2/Django-3.2.2.tar.gz
MD5 checksums
=============
abd67e107427fb9b5f68863bf0b384d5 Django-3.2.2-py3-none-any.whl
43784c090a8805605e3d0b768cd21cb2 Django-3.2.2.tar.gz
SHA1 checksums
==============
d2edacc8e6e2a3eaa7a598a3c70761436157c56f Django-3.2.2-py3-none-any.whl
67932014e89b3388eb6df61619ce65ebe49cd620 Django-3.2.2.tar.gz
SHA256 checksums
================
18dd3145ddbd04bf189ff79b9954d08fda5171ea7b57bf705789fea766a07d50 Django-3.2.2-py3-none-any.whl
0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d Django-3.2.2.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAmCTlDMbHGZlbGlzaWFr
Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bpS4QAISsBwHgTdsgdtC/qJbM
kUvw3W2l00B0GBbm14W2jdwXBftn31V8zP6DcfTEKmBjkHlEvnfmd/IvHR+poFKR
q6Pz43+xNcT7r6UIgB5Qftd9KDQmUGKp7Be3FzZ3Q3+EwduMWGRReOjHLC25Ed+z
Wetdg2IsR/6FF2+fSgMuYSSWjQ83Y1Pb2t2EWyEhTwRnM5wYhY7ZrNwnNa3mZaIJ
/8tvCKQrqAZpjxyJT6wmvCNT1IZH6GwEJ5jAqFNQM89sxgNyi68gDiO11K3oFkxZ
Eyeo3i32FKKcHhqrGJnoC1mwuYIFbB2e2K347smcwrc670dVuj1IdQ5PFAQBdyXZ
6YCNznWXM1nZ6NovOXO2DiT2QpKb0olKsdlENeCLM9oqSrhP1YYlVeRRpzgg3GCh
J7RFnuileSEu2fl1kVofdsDa2/FFNn+3IJFgdEAXSI1ITwrMMMNFCkNh4h0JR/Cn
LJw7+LCYxm8qJeY+LzzW3bGjAXZs1eM1DfquvQKqE65hRr93LKXjFn4FHmUvIIeg
Ke1G4VPCmKD+vRo8uvE32lkevW81aycCujdn3ssQe4lP/QEOfZVEEKpMQ+wjt3JK
gD6Ogxgdd+ZRgzuycBv1ZDD6vdgX6onBoFYDxJEWDQ8ZKpRbZ03oZgT6cZCX1Zwm
5Z26wvw98synt63VvV5Pg2eC
=T6ja
-----END PGP SIGNATURE-----

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d
size 9819119

@ -1,67 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.2, released April 6, 2021.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
or via the GitHub API:
curl https://github.com/carltongibson.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.2/Django-3.2.tar.gz
https://www.djangoproject.com/m/releases/3.2/Django-3.2-py3-none-any.whl
MD5 checksums
=============
0db580470a6a1dc20ccb805f94479ffa Django-3.2.tar.gz
e2cfd14ad74a389429bec15cd8b7391b Django-3.2-py3-none-any.whl
SHA1 checksums
==============
00abafe8e50230aa41892b28456c35ae18c16b8b Django-3.2.tar.gz
07015dcabc200f09266991978f611bdca56ce93f Django-3.2-py3-none-any.whl
SHA256 checksums
================
21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d Django-3.2.tar.gz
0604e84c4fb698a5e53e5857b5aea945b2f19a18f25f10b8748dbdf935788927 Django-3.2-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmBsKcQbHGNhcmx0b24u
Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50APIkP/1pmxTi40TM+EKi/PuGv
rv7ft9gXDbCkgnS0BMr5qnqi3allE7x7JJ0qEXN7mvo2ZEevVntR3gLRV8y6h9H6
zYprz4iEs/+tfnEzcuZhCbkqDidY4SaoClNh9rqXBcMCWR2/CkR9GLNYDvMAYK9S
g/bRQBH3iy1Naw6TCum9fLcTqhpQgkbgN1qdxfDE12QsHTcxfIrkB54Jd1TSswWt
QzYwhhIdLkot785UBRsFk7rcNTsPCSXUDIlNUHxqMx6ubJXKPLLiDoaxZqXFyYAi
Pqhak9Itj7Q34emm+BkMpFj2fKAcdS8ufDtrTjiS3gmjNJ1Pw+A6+eamanVNFfYb
4eTbr2+X7Ttp9rUrJdMmBUNN+hEM8HwdShcjp94w+8ExDk2j80ZDGfjdxSwEh1Dj
drIFAyewXQ1umsK333gtI+xJS7bXak+6XjRg44PtfNH3WbSnKNuJ1u2wHYNFmARA
undAOhBiEsCz/TOKo3Rd2jb14j84J0x/ksiEQRfNWhjRAUvuFJohMtlV3/ig53Vw
icGvRwp0X3zst4I4p/SK+e/XAuOU+Cwc6GTP5yKBJZhtZIFAG8BZ2Z8CWYjNViQT
o43K7QtZlit6mmGXDEvONJhSXl3W7CQ0Wrwd3xI0ySE9fFRq1RQLOhjSpiidIXfE
oP/d3xyNLl4s58C0irBMrg9j
=Aeit
-----END PGP SIGNATURE-----

@ -1,3 +1,67 @@
-------------------------------------------------------------------
Thu May 6 08:54:41 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Update to 3.2.2 (CVE-2021-32052)
+ CVE-2021-32052: Header injection possibility since URLValidator
accepted newlines in input on Python 3.9.5+
+ Prevented, following a regression in Django 3.2.1, makemigrations
from generating infinite migrations for a model with Meta.ordering
contained OrderBy expressions
-------------------------------------------------------------------
Wed May 5 17:25:18 UTC 2021 - Ben Greiner <code@bnavigator.de>
- Keep rpm runtime requirements in sync. Downstream packages often
read the egg-info and fail if they are not fulfilled.
-------------------------------------------------------------------
Wed May 5 08:44:30 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Update to 3.2.1 (CVE-2021-31542)
+ CVE-2021-31542: Potential directory-traversal via uploaded files
+ Corrected detection of GDAL 3.2 on Windows
+ Fixed a bug in Django 3.2 where subclasses of BigAutoField and
SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting
+ Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values()/values_list() after QuerySet.union(),
intersection(), and difference() when it was ordered by an
unannotated field
+ Restored, following a regression in Django 3.2, displaying an
exception message on the technical 404 debug page
+ Fixed a bug in Django 3.2 where a system check would crash on a
reverse one-to-one relationships in CheckConstraint.check or
UniqueConstraint.condition
+ Fixed a regression in Django 3.2 that caused a crash of
ModelAdmin.search_fields when searching against phrases with
unbalanced quotes
+ Fixed a bug in Django 3.2 where variable lookup errors were logged
rendering the sitemap template if alternates were not defined
+ Fixed a regression in Django 3.2 that caused a crash when
combining Q() objects which contains boolean expressions
+ Fixed a regression in Django 3.2 that caused a crash of
QuerySet.update() on a queryset ordered by inherited or joined
fields on MySQL and MariaDB
+ Fixed a regression in Django 3.2 that caused a crash when decoding
a cookie value, used by
django.contrib.messages.storage.cookie.CookieStorage, in the
pre-Django 3.2 format
+ Fixed a regression in Django 3.2 that stopped the shift-key
modifier selecting multiple rows in the admin changelist
+ Fixed a bug in Django 3.2 where a system check would crash on the
STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path)
+ Fixed a long standing bug involving queryset bitwise combination
when used with subqueries that began manifesting in Django 3.2,
due to a separate fix using Exists to exclude() multi-valued
relationships
+ Fixed a bug in Django 3.2 where variable lookup errors were logged
when rendering some admin templates
+ Fixed a bug in Django 3.2 where an admin changelist would crash
when deleting objects filtered against multi-valued relationships
+ Fixed a regression in Django 3.2 where the calling process
environment would not be passed to the dbshell command on PostgreSQL
+ Fixed a performance regression in Django 3.2 when building complex
filters with subqueries
-------------------------------------------------------------------
Tue Apr 6 09:27:50 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>

@ -23,7 +23,7 @@
%bcond_with memcached
Name: python-Django
# We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc
Version: 3.2
Version: 3.2.2
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause
@ -36,7 +36,7 @@ BuildRequires: %{python_module Jinja2 >= 2.9.2}
BuildRequires: %{python_module Pillow}
BuildRequires: %{python_module PyYAML}
BuildRequires: %{python_module argon2-cffi >= 16.1.0}
BuildRequires: %{python_module asgiref >= 3.2.10}
BuildRequires: %{python_module asgiref >= 3.3.2}
BuildRequires: %{python_module base >= 3.6}
BuildRequires: %{python_module bcrypt}
BuildRequires: %{python_module docutils}
@ -52,7 +52,7 @@ BuildRequires: %{python_module numpy if (%python-base without python36-base)}
Requires: python
Requires: python-Pillow
Requires: python-argon2-cffi >= 16.1.0
Requires: python-asgiref >= 3.2.10
Requires: python-asgiref >= 3.3.2
Requires: python-pytz
Requires: python-setuptools
Requires: python-sqlparse >= 0.2.2