Accepting request 833246 from home:mcalabkova:branches:devel:languages:python:django

- Update to 3.1.1 * CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ * CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+ * Fixed a data loss possibility in the select_for_update(). When using related fields pointing to a proxy model in the of argument, the corresponding model was not locked * Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data * Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite * Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator and settings.py OBS-URL: https://build.opensuse.org/request/show/833246 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=70
2020-09-09 14:32:25 +00:00 · 2020-09-09 14:32:25 +00:00 · 5240b99e4a
commit 5240b99e4a
parent cfac3943a3
6 changed files with 80 additions and 67 deletions
--- a/Django-3.1.1.tar.gz
+++ b/Django-3.1.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:59c8125ca873ed3bdae9c12b146fbbd6ed8d0f743e4cf5f5817af50c51f1fc2f
 size 9250616
--- a/Django-3.1.1.tar.gz.asc
+++ b/Django-3.1.1.tar.gz.asc
@ -0,0 +1,62 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 3.1.1, released September 1, 2020.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring; this key has
 the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
 keyserver. For example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
 Once the key is imported, verify this file::
    gpg --verify <<THIS FILENAME>>
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages:
 =================
 https://www.djangoproject.com/m/releases/3.1/Django-3.1.1.tar.gz
 https://www.djangoproject.com/m/releases/3.1/Django-3.1.1-py3-none-any.whl
 MD5 checksums
 =============
 d5e894fb3c46064e84e9dc68a08a46d0  Django-3.1.1.tar.gz
 f4eb53dd67fc64f9b62514fb21a95949  Django-3.1.1-py3-none-any.whl
 SHA1 checksums
 ==============
 85b27794ddeea5b127563ba6cae0f35b59d78289  Django-3.1.1.tar.gz
 65c131f4e90c914a52bca1543e70678a64ffad93  Django-3.1.1-py3-none-any.whl
 SHA256 checksums
 ================
 59c8125ca873ed3bdae9c12b146fbbd6ed8d0f743e4cf5f5817af50c51f1fc2f  Django-3.1.1.tar.gz
 b5fbb818e751f660fa2d576d9f40c34a4c615c8b48dd383f5216e609f383371f  Django-3.1.1-py3-none-any.whl
 -----BEGIN PGP SIGNATURE-----
 iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl9OASwACgkQ4X31yCtP
 nQC97Q//V1gnXYEsqn2UOz1JJ16I3M8LSDKpma1FY4BJ9EtKjB+JgiGkjwLUAJZP
 sOyDeNkTOnLk0sNn7LTpSnOhjfb5vgbeFrGiXaCL3njJjSqZl6M6HnsePuanOTAA
 ufGKyFhk5TJ243oHMuKAfcqWOQegSHi3ZXgD0NJOTH6dGsKNsvcNaPlwlGAPc0EH
 wokz/ikDIV8q10/uquOP+AUew3lClCuncI+YCsGVUs/wnniiqxxoY9V2uxP/8/mt
 OfL5/VRAkXNk0kBxu5lLPGOLNdJfgskpQbhZFXAAtWjbQw2D0s1/HCB2XXfiiztU
 j34o/CD1USOzTZA3uv8zoCiLjWON/FXwvdvJFNo3J79DGdeqJmjdCFEpnLNzLBUW
 kliy9i+OVCR3eWfx6UEu4WwsSOLuyDP38J0V57FzRzZAXSyVYpvTKToHWMkDi7eU
 CrCkhUkWTWIS9C73V42FUChReFkHfZ00RVR+g21rz6wEp4UFu1IRPcxLsir1Uy63
 7VSHydexXllr0/BS1Ii1V5z1Vk8eUx4qE10yiRAtxBEjaGMJkVsvJXVmA2MINrxI
 mYO1Q2j7FkXLA3AHcH1FPHjYiPZDfEHX4MADNXU0YVoRWDiWXZRp2bCuM2Q6PmkW
 l5WhxbfllVcy1xJMmqwsTu0Wvr27x7hyU/nA348+9I6SV3uh3cQ=
 =Q2LD
 -----END PGP SIGNATURE-----
--- a/Django-3.1.tar.gz
+++ b/Django-3.1.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2d390268a13c655c97e0e2ede9d117007996db692c1bb93eabebd4fb7ea7012b
 size 9382872
--- a/Django-3.1.tar.gz.asc
+++ b/Django-3.1.tar.gz.asc
@ -1,63 +0,0 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 3.1, released August 4, 2020.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring; this key has
 the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
 keyserver. For example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
 Once the key is imported, verify this file::
    gpg --verify <<THIS FILENAME>>
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages:
 =================
 https://www.djangoproject.com/m/releases/3.1/Django-3.1-py3-none-any.whl
 https://www.djangoproject.com/m/releases/3.1/Django-3.1.tar.gz
 MD5 checksums
 =============
 281c2e919cb60fd09a64fd068cf152fb  Django-3.1-py3-none-any.whl
 2001ba40467d61a2b90570a68c657e35  Django-3.1.tar.gz
 SHA1 checksums
 ==============
 078f1ca04e2a85b33061b573eb60f653fe3af6ed  Django-3.1-py3-none-any.whl
 e337b9d012e55fef0e2ebd40df2f594973be090f  Django-3.1.tar.gz
 SHA256 checksums
 ================
 1a63f5bb6ff4d7c42f62a519edc2adbb37f9b78068a5a862beff858b68e3dc8b  Django-3.1-py3-none-any.whl
 2d390268a13c655c97e0e2ede9d117007996db692c1bb93eabebd4fb7ea7012b  Django-3.1.tar.gz
 -----BEGIN PGP SIGNATURE-----
 iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl8pFPIbHGZlbGlzaWFr
 Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0b6vkP/32JhaDGV29bTaxKnaSH
 LGtLADGlIBKueTjiWGJtRGHiYqCrTg5wnqs9VDlgnskhXJqTN3dCEmX9TXrrUOAv
 Mujog0bXm1iQbD3Y/pv8RCuWUZPLbTKTbQn2OlONIHPbbTeeUFIAhu7P7t8g/Jjl
 UIKM+CjgrAluHHQf+texdN0qiddd6gajf+Re+znWuT4COo1b0urcXHUGbCyJx0Ae
 Kb/U9asLxB+Z8O+4gSxphb9Eo8dt5d3HpmnmAJ/Lfx47TCi4jmoHEHV/BNvQoYBF
 fCqLRelGWWjkPbDoCX2JAAalvNDAk4fVe9ZQkFTD6uiur1jHn/nD3Dgt+zfdhTNb
 0kQZ4WIawiH1VwQQ1GqkvDu04sToafKstdtRrgf/WbgwNivfxui531/niF30E6nd
 8svHLA+a63KFx6sQPv7v4430g6uLvvEEyqIA5tjB2MjGFgmcOhnsykYmT/bidwIy
 A0tEJ0/iNsS0WyYCqwoQ3op0+wnx1voCgN5Rt5MaBVAcwl3Lzp8StUJTC5o2QDUM
 qDdFrr1Mp4JBj992i33vu8QqQsgbUDozZJOedH3j5E47PRx74XAUHNmaAbcAKB9y
 v5XV4ueNKEyI1bP/wuUKqm6QqYRcjEnxAq08OkiBHvsqr8L0EXS+5enyaQsRNOA6
 WyWATW0ae02i6KMPWn4owW5L
 =nCOU
 -----END PGP SIGNATURE-----
--- a/python-Django.changes
+++ b/python-Django.changes
@ -1,3 +1,17 @@
 -------------------------------------------------------------------
 Wed Sep  9 14:14:08 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
 - Update to 3.1.1
  * CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
  * CVE-2020-24584: Permission escalation in intermediate-level directories of the file 
    system cache on Python 3.7+
  * Fixed a data loss possibility in the select_for_update(). When using related fields 
    pointing to a proxy model in the of argument, the corresponding model was not locked
  * Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data
  * Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite
  * Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator 
    and settings.py
 -------------------------------------------------------------------
 Wed Sep  9 03:55:36 UTC 2020 - John Vandenberg <jayvdb@gmail.com>
--- a/python-Django.spec
+++ b/python-Django.spec
@ -23,7 +23,7 @@
 %bcond_with memcached
 Name:           python-Django
 # We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
-Version:        3.1
+Version:        3.1.1
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause