From 4cc7cf9001c836628099b10f358d5d6fac789f77ccb151039b624a5da5a3c0d8 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Wed, 14 Jan 2015 10:45:39 +0000
Subject: [PATCH] Accepting request 281083 from devel:languages:python

1

OBS-URL: https://build.opensuse.org/request/show/281083
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=11
---
 Django-1.7.2.checksum.txt | 63 ---------------------------------------
 Django-1.7.2.tar.gz       |  3 --
 Django-1.7.3.checksum.txt | 63 +++++++++++++++++++++++++++++++++++++++
 Django-1.7.3.tar.gz       |  3 ++
 python-Django.changes     | 24 +++++++++++++++
 python-Django.spec        |  2 +-
 6 files changed, 91 insertions(+), 67 deletions(-)
 delete mode 100644 Django-1.7.2.checksum.txt
 delete mode 100644 Django-1.7.2.tar.gz
 create mode 100644 Django-1.7.3.checksum.txt
 create mode 100644 Django-1.7.3.tar.gz

diff --git a/Django-1.7.2.checksum.txt b/Django-1.7.2.checksum.txt
deleted file mode 100644
index 72cf81d..0000000
--- a/Django-1.7.2.checksum.txt
+++ /dev/null
@@ -1,63 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball of Django 1.7.2, released January 2, 2015.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring; this key has
-the ID ``1E8ABDC773EDE252`` and can be imported from the MIT
-keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP::
-
-    gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252
-
-Once the key is imported, verify this file::
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-================
-
-Django 1.7.2 (tar.gz): https://www.djangoproject.com/m/releases/1.7/Django-1.7.2.tar.gz
-Django 1.7.2 (.whl): https://www.djangoproject.com/m/releases/1.7/Django-1.7.2-py2.py3-none-any.whl
-
-MD5 checksum:
-=============
-
-MD5(Django-1.7.2.tar.gz)= 855a53a9a5581c62b6031c9b3bd80ec5
-MD5(Django-1.7.2-py2.py3-none-any.whl)= b57f9a2dec214b60e338aa80fb902936
-
-SHA1 checksum:
-==============
-
-SHA1(Django-1.7.2.tar.gz)= 142168eef96423d3586d9bd99ca9b3c8d6ae652a
-SHA1(Django-1.7.2-py2.py3-none-any.whl)= b259a071161566a5797af26aa446f9cf127849ce
-
-SHA256 checksum:
-================
-
-SHA256(Django-1.7.2.tar.gz)= 31c6c3c229f8c04b3be87e6afc3492903b57ec8f1188a47b6ae160d90cf653c8
-SHA256(Django-1.7.2-py2.py3-none-any.whl)= b22871edc9ddf3e57b18989c3c7e9174b4c168dc7b8dbe3f31d4101a73bf2006
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAEBCAAGBQJUp0TWAAoJEB6Kvcdz7eJS3P8P/i8ffgRtwTaR/DgYMOa8IR9f
-NRe5hSq2BgS2kxjOBapXkFvR/Zin8OGby9fi7Cv2bvRko1nokXfI+3M0IxjrgnO8
-7WjYtqvL/3HrI6L+81mEzJdWR2kuX28qcEBMTcjplgLvzCKf21Ptvs/+E4sTyQVu
-9kIO8K+tPvG5k9oYJgmZmmC9YY7ipvPzX7MUI9NB2kMVvT3yUvZLZ4IIaC+qecZo
-UHbGhfk1152mqtgVcsOtQEZOSY7KTdXFhgreWd1R9bVzHCjUdSb/PA/ygHTd/cD/
-VusiqilD0SqJqNMDpAFJNhBnjCu9bHjuolUk4fjK+lTR8ADLIXeXPGvA8j2QALlI
-k2AicDH4UjqxV3r8QdWxOlSdoQkEt5jv4LhjxjbyFBmFLrtKEWEsmRZw8gj6HbqP
-z4iX11KaRHiEhNiWwj/iZl84+1KiesQjJFAJQy9Y8k1Hb1qaDh/QT5OSRGIJQAMc
-hHlL8jCHsQRoieRulMw/jMitWBEAcy4otkQyI/grC0t2QXXIMskFy/Xgs+d5IozH
-TCTn7kinjBlGurP3Zg0q7bKZEqlvbD3qxmdr7Q8GIwHrQTcztKQSsyLRGLw75e3F
-s9/yk+cSF5D6BQ7W7prgfQdW01h8fyXGXDYgrE/2u5hDdabYZptBv15bDP6bazh+
-a42qx2m55ko80vcwgooa
-=9WtV
------END PGP SIGNATURE-----
diff --git a/Django-1.7.2.tar.gz b/Django-1.7.2.tar.gz
deleted file mode 100644
index c3d6fee..0000000
--- a/Django-1.7.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:31c6c3c229f8c04b3be87e6afc3492903b57ec8f1188a47b6ae160d90cf653c8
-size 7577911
diff --git a/Django-1.7.3.checksum.txt b/Django-1.7.3.checksum.txt
new file mode 100644
index 0000000..bbbcf7f
--- /dev/null
+++ b/Django-1.7.3.checksum.txt
@@ -0,0 +1,63 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball of Django 1.7.3, released January 13, 2015.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring; this key has
+the ID ``1E8ABDC773EDE252`` and can be imported from the MIT
+keyserver. For example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252
+
+Once the key is imported, verify this file::
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+Django 1.7.3 (tar.tgz): https://www.djangoproject.com/m/releases/1.7/Django-1.7.3.tar.gz
+Django 1.7.3 (.whl): https://www.djangoproject.com/m/releases/1.7/Django-1.7.3-py2.py3-none-any.whl
+
+MD5 checksums:
+==============
+
+bd24beec81e161d30ad925aef9d23e57  Django-1.7.3-py2.py3-none-any.whl
+ea9a3fe7eca2280b233938a98c4a35a0  Django-1.7.3.tar.gz
+
+SHA1 checksums:
+===============
+
+74a977b77880818335cf6ff3ae8d5d28bfadaaf6  Django-1.7.3-py2.py3-none-any.whl
+2577e8e40999f5120b091c17e8cabfb518917ca2  Django-1.7.3.tar.gz
+
+SHA256 checksums:
+=================
+
+72edd47b55ae748d29f1a71d5ca4b86e785c9fb974407cf242b3168e6f1b177e  Django-1.7.3-py2.py3-none-any.whl
+f226fb8aa438456968d403f6739de1cf2dad128db86f66ee2b41dfebe3645c5b  Django-1.7.3.tar.gz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIbBAEBCAAGBQJUtWTMAAoJEB6Kvcdz7eJSrX0P91/cNLe5oISzWH/viWQpj3C7
+khbTl61sRakbx45mEqhW6GJqNxJwsyZuVDzL8sxXGvyRqRsLE2nd5stM2xHqXxMN
+vZJUYeyUCBaH1ozCzhvA4k8mXSX7twy6puYKgk0FcuMbgFepkuqnqep6cryAmgOk
+5tcTgxwF/bxUZ7YGa3AdQsIvLU6rGLupDIqMmG+8W94VwKg2+PhOEAv3iB6e1DxA
+aOKI/leMbkxF3eG4HnvPTdO80cM63Sp+654Kj9d+Q94nMQY/pAp5q6j9lCxZFwYj
+eak/joly9UZwlRMO1HeV8jCzcq/7xDe4OIQR1o2YY1hWK89yA1I1fT4TQTTlbBk3
+lPKrdkSxievYy7Ggs0+3f4534A5g3I05sd/w5R68L6QuXxZt/yZDQzpxkdE+bT4D
+ZO0nVc3fZ0qlmTJIohtHjKK6MBcG9igAWz7VYmr/iDeUCdK1Y/b1TN+i4pmth2tX
+NJJw9c0bev/A4+Qe1WCRodqd9Ipcs4MLKJMzIho75rhOLfUyC8JQWrISqSNc9PmQ
+lj7sITcASQL7T55CdNalB1XRZig/Il0Qhoil7Mwae7/gwqz9IHMlW1VDntfaCdTN
+83Nm80mDhgdm0i0lJHbUmlNAAgYT3W0mEyH3+5uep0PNn02ZhTTTPL7wzfZmCs+N
+7PWSYlGP8/4JjD65yqw=
+=/LA8
+-----END PGP SIGNATURE-----
diff --git a/Django-1.7.3.tar.gz b/Django-1.7.3.tar.gz
new file mode 100644
index 0000000..311df65
--- /dev/null
+++ b/Django-1.7.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f226fb8aa438456968d403f6739de1cf2dad128db86f66ee2b41dfebe3645c5b
+size 7589559
diff --git a/python-Django.changes b/python-Django.changes
index 5c5fb6d..938fd33 100644
--- a/python-Django.changes
+++ b/python-Django.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed Jan 14 07:57:46 UTC 2015 - mcihar@suse.cz
+
+- Update to Django 1.7.3:
+  Security fixes:
+  * WSGI header spoofing via underscore/dash conflation.
+  * Mitigated possible XSS attack via user-supplied redirect URLs.
+  * Denial-of-service attack against django.views.static.serve.
+  * Database denial-of-service with ModelMultipleChoiceField.
+  Bug fixes:
+  * The default iteration count for the PBKDF2 password hasher has been
+    increased by 25%. This part of the normal major release process was
+    inadvertently omitted in 1.7. This backwards compatible change will not
+    affect users who have subclassed
+    django.contrib.auth.hashers.PBKDF2PasswordHasher to change the default
+    value.
+  * Fixed a crash in the CSRF middleware when handling non-ASCII referer 
+    header (#23815).
+  * Fixed a crash in the django.contrib.auth.redirect_to_login view when 
+    passing a reverse_lazy() result on Python 3 (#24097).
+  * Added correct formats for Greek (el) (#23967).
+  * Fixed a migration crash when unapplying a migration where multiple 
+    operations interact with the same model (#24110).
+
 -------------------------------------------------------------------
 Sun Jan 11 12:49:28 UTC 2015 - p.drouand@gmail.com
 
diff --git a/python-Django.spec b/python-Django.spec
index d927b5f..53147b2 100644
--- a/python-Django.spec
+++ b/python-Django.spec
@@ -17,7 +17,7 @@
 
 
 Name:           python-Django
-Version:        1.7.2
+Version:        1.7.3
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause