rpm/python-Django
SHA256
1
0
Fork 0
forked from pool/python-Django
Code Pull Requests Activity

Accepting request 833246 from home:mcalabkova:branches:devel:languages:python:django

Browse Source 
- Update to 3.1.1
  * CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
  * CVE-2020-24584: Permission escalation in intermediate-level directories of the file 
    system cache on Python 3.7+
  * Fixed a data loss possibility in the select_for_update(). When using related fields 
    pointing to a proxy model in the of argument, the corresponding model was not locked
  * Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data
  * Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite
  * Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator 
    and settings.py

OBS-URL: https://build.opensuse.org/request/show/833246
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=70
This commit is contained in:
Markéta Machová 2020-09-09 14:32:25 +00:00 committed by Git OBS Bridge
parent cfac3943a3
commit 5240b99e4a
6 changed files with 80 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Django-3.1.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:59c8125ca873ed3bdae9c12b146fbbd6ed8d0f743e4cf5f5817af50c51f1fc2f
size 9250616

62
Django-3.1.1.tar.gz.asc Normal file
View File

@ -0,0 +1,62 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.1.1, released September 1, 2020.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
Once the key is imported, verify this file::
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.1/Django-3.1.1.tar.gz
https://www.djangoproject.com/m/releases/3.1/Django-3.1.1-py3-none-any.whl
MD5 checksums
=============
d5e894fb3c46064e84e9dc68a08a46d0 Django-3.1.1.tar.gz
f4eb53dd67fc64f9b62514fb21a95949 Django-3.1.1-py3-none-any.whl
SHA1 checksums
==============
85b27794ddeea5b127563ba6cae0f35b59d78289 Django-3.1.1.tar.gz
65c131f4e90c914a52bca1543e70678a64ffad93 Django-3.1.1-py3-none-any.whl
SHA256 checksums
================
59c8125ca873ed3bdae9c12b146fbbd6ed8d0f743e4cf5f5817af50c51f1fc2f Django-3.1.1.tar.gz
b5fbb818e751f660fa2d576d9f40c34a4c615c8b48dd383f5216e609f383371f Django-3.1.1-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl9OASwACgkQ4X31yCtP
nQC97Q//V1gnXYEsqn2UOz1JJ16I3M8LSDKpma1FY4BJ9EtKjB+JgiGkjwLUAJZP
sOyDeNkTOnLk0sNn7LTpSnOhjfb5vgbeFrGiXaCL3njJjSqZl6M6HnsePuanOTAA
ufGKyFhk5TJ243oHMuKAfcqWOQegSHi3ZXgD0NJOTH6dGsKNsvcNaPlwlGAPc0EH
wokz/ikDIV8q10/uquOP+AUew3lClCuncI+YCsGVUs/wnniiqxxoY9V2uxP/8/mt
OfL5/VRAkXNk0kBxu5lLPGOLNdJfgskpQbhZFXAAtWjbQw2D0s1/HCB2XXfiiztU
j34o/CD1USOzTZA3uv8zoCiLjWON/FXwvdvJFNo3J79DGdeqJmjdCFEpnLNzLBUW
kliy9i+OVCR3eWfx6UEu4WwsSOLuyDP38J0V57FzRzZAXSyVYpvTKToHWMkDi7eU
CrCkhUkWTWIS9C73V42FUChReFkHfZ00RVR+g21rz6wEp4UFu1IRPcxLsir1Uy63
7VSHydexXllr0/BS1Ii1V5z1Vk8eUx4qE10yiRAtxBEjaGMJkVsvJXVmA2MINrxI
mYO1Q2j7FkXLA3AHcH1FPHjYiPZDfEHX4MADNXU0YVoRWDiWXZRp2bCuM2Q6PmkW
l5WhxbfllVcy1xJMmqwsTu0Wvr27x7hyU/nA348+9I6SV3uh3cQ=
=Q2LD
-----END PGP SIGNATURE-----

3
Django-3.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2d390268a13c655c97e0e2ede9d117007996db692c1bb93eabebd4fb7ea7012b
size 9382872

63
Django-3.1.tar.gz.asc
View File

@ -1,63 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.1, released August 4, 2020.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
Once the key is imported, verify this file::
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.1/Django-3.1-py3-none-any.whl
https://www.djangoproject.com/m/releases/3.1/Django-3.1.tar.gz
MD5 checksums
=============
281c2e919cb60fd09a64fd068cf152fb Django-3.1-py3-none-any.whl
2001ba40467d61a2b90570a68c657e35 Django-3.1.tar.gz
SHA1 checksums
==============
078f1ca04e2a85b33061b573eb60f653fe3af6ed Django-3.1-py3-none-any.whl
e337b9d012e55fef0e2ebd40df2f594973be090f Django-3.1.tar.gz
SHA256 checksums
================
1a63f5bb6ff4d7c42f62a519edc2adbb37f9b78068a5a862beff858b68e3dc8b Django-3.1-py3-none-any.whl
2d390268a13c655c97e0e2ede9d117007996db692c1bb93eabebd4fb7ea7012b Django-3.1.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl8pFPIbHGZlbGlzaWFr
Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0b6vkP/32JhaDGV29bTaxKnaSH
LGtLADGlIBKueTjiWGJtRGHiYqCrTg5wnqs9VDlgnskhXJqTN3dCEmX9TXrrUOAv
Mujog0bXm1iQbD3Y/pv8RCuWUZPLbTKTbQn2OlONIHPbbTeeUFIAhu7P7t8g/Jjl
UIKM+CjgrAluHHQf+texdN0qiddd6gajf+Re+znWuT4COo1b0urcXHUGbCyJx0Ae
Kb/U9asLxB+Z8O+4gSxphb9Eo8dt5d3HpmnmAJ/Lfx47TCi4jmoHEHV/BNvQoYBF
fCqLRelGWWjkPbDoCX2JAAalvNDAk4fVe9ZQkFTD6uiur1jHn/nD3Dgt+zfdhTNb
0kQZ4WIawiH1VwQQ1GqkvDu04sToafKstdtRrgf/WbgwNivfxui531/niF30E6nd
8svHLA+a63KFx6sQPv7v4430g6uLvvEEyqIA5tjB2MjGFgmcOhnsykYmT/bidwIy
A0tEJ0/iNsS0WyYCqwoQ3op0+wnx1voCgN5Rt5MaBVAcwl3Lzp8StUJTC5o2QDUM
qDdFrr1Mp4JBj992i33vu8QqQsgbUDozZJOedH3j5E47PRx74XAUHNmaAbcAKB9y
v5XV4ueNKEyI1bP/wuUKqm6QqYRcjEnxAq08OkiBHvsqr8L0EXS+5enyaQsRNOA6
WyWATW0ae02i6KMPWn4owW5L
=nCOU
-----END PGP SIGNATURE-----

14
python-Django.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Wed Sep 9 14:14:08 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
- Update to 3.1.1
* CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
* CVE-2020-24584: Permission escalation in intermediate-level directories of the file
system cache on Python 3.7+
* Fixed a data loss possibility in the select_for_update(). When using related fields
pointing to a proxy model in the of argument, the corresponding model was not locked
* Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data
* Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite
* Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator
and settings.py
-------------------------------------------------------------------
Wed Sep 9 03:55:36 UTC 2020 - John Vandenberg <jayvdb@gmail.com>

2
python-Django.spec
View File

@ -23,7 +23,7 @@
%bcond_with memcached
Name: python-Django
# We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc
Version: 3.1
Version: 3.1.1
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause