From 67729811db84f3900b8ae4927230730eb1f06d62c196e7aa95fe4eb5583e6d17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 8 Aug 2024 10:33:49 +0000 Subject: [PATCH] add bugzilla entries for the CVEs OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=174 --- .gitattributes | 23 + .gitignore | 1 + Django-4.2.13.checksum.txt | 67 + Django-4.2.13.tar.gz | 3 + Django-5.0.7.checksum.txt | 67 + Django-5.0.7.tar.gz | 3 + Django-5.0.8.checksum.txt | 65 + Django-5.0.8.tar.gz | 3 + dirty-hack-remove-assert.patch | 25 + python-Django-rpmlintrc | 5 + python-Django.changes | 2815 ++++++++++++++++++++++++++++++++ python-Django.keyring | 42 + python-Django.spec | 146 ++ sanitize_address.patch | 40 + 14 files changed, 3305 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Django-4.2.13.checksum.txt create mode 100644 Django-4.2.13.tar.gz create mode 100644 Django-5.0.7.checksum.txt create mode 100644 Django-5.0.7.tar.gz create mode 100644 Django-5.0.8.checksum.txt create mode 100644 Django-5.0.8.tar.gz create mode 100644 dirty-hack-remove-assert.patch create mode 100644 python-Django-rpmlintrc create mode 100644 python-Django.changes create mode 100644 python-Django.keyring create mode 100644 python-Django.spec create mode 100644 sanitize_address.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Django-4.2.13.checksum.txt b/Django-4.2.13.checksum.txt new file mode 100644 index 0000000..abd0174 --- /dev/null +++ b/Django-4.2.13.checksum.txt @@ -0,0 +1,67 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 4.2.13, released May 7, 2024. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring. This key has +the ID ``2EE82A8D9470983E`` and can be imported from the MIT +keyserver, for example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E + +or via the GitHub API: + + curl https://github.com/nessita.gpg | gpg --import - + +Once the key is imported, verify this file: + + gpg --verify Django-4.2.13.checksum.txt + +Once you have verified this file, you can use normal MD5, SHA1, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages +================ + +https://www.djangoproject.com/m/releases/4.2/Django-4.2.13-py3-none-any.whl +https://www.djangoproject.com/m/releases/4.2/Django-4.2.13.tar.gz + +MD5 checksums +============= + +449eeffe35a7a748bf9acc4169ea7492 Django-4.2.13-py3-none-any.whl +a243a2c1e7c0752947d16d4ffae30376 Django-4.2.13.tar.gz + +SHA1 checksums +============== + +75a19218f248f0010685b471d1be86cad7602872 Django-4.2.13-py3-none-any.whl +56373bedaef33ee29b2d240b6b06ebe2e1e2fc58 Django-4.2.13.tar.gz + +SHA256 checksums +================ + +a17fcba2aad3fc7d46fdb23215095dbbd64e6174bf4589171e732b18b07e426a Django-4.2.13-py3-none-any.whl +837e3cf1f6c31347a1396a3f6b65688f2b4bb4a11c580dcb628b5afe527b68a5 Django-4.2.13.tar.gz +-----BEGIN PGP SIGNATURE----- + +iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmY6YWsoHDEyNDMwNCtu +ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPtEKD/9S +rZ+yadh7sQGszWtJEIZZS/YBQRcNyM+26aUkpk+3XT1SUDUs0whtX6U/P3tP+h+P +0vIk0wxTc3RhRCp8WETYulekRhPFc5HJFwlD/vh9AkEyDKW8QFuV+IBswvlfG/wK +D+QcuERl31Y1qcrCeFCM+XIRxGR9lQ0DuoCa1FuPl0bvAlNDOfNSmp4OzcPzGm4a +wE9wtsHqKkL8BAc836JIXHj5wdQK+HOkOv30ZcUU+nD3Lp5N44ESzzSe7IOutN02 +PBAixmwMf6EqjHC7JN49EwiPbEDTmg5HNj7LBM1Teqp5Hms11xGMfzxsh3AbEtoT +xeqZjrrcwoVf+wASVCKCv33Gfka45Z5X5f5G2O8//yJdLogwr6994rJ1MB7k18Yd +ObOl17pUctdrNKWuESJXz3l2c1DPbFQNKHiqI66fFm4L/fLMubMzkDlWzWH1jqSo +8tbSH9ATjEp/aLYKuGgr1gdazl4YbpiTkEjzFXYGmyjF7hPLT7xH2rrGCT4J7Bjc +TGnZGXdl4yaGcC8Q0Ma5ybMv3GgEsaa1wRnbNv5nQyNXIWrt9rcMfBDwcaSkq6NR +d7WpYUy5JT0IbR1SAazMY+NjUy+vzq26KkcUcbkoOng3guba0uPuoSphWM607MzK +UVab1KcJwNOC7/Di4Ul9vlh7dLMVg5yG+o7kFEJU/A== +=o/kY +-----END PGP SIGNATURE----- diff --git a/Django-4.2.13.tar.gz b/Django-4.2.13.tar.gz new file mode 100644 index 0000000..dde4fc1 --- /dev/null +++ b/Django-4.2.13.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:837e3cf1f6c31347a1396a3f6b65688f2b4bb4a11c580dcb628b5afe527b68a5 +size 10430886 diff --git a/Django-5.0.7.checksum.txt b/Django-5.0.7.checksum.txt new file mode 100644 index 0000000..c96a8ee --- /dev/null +++ b/Django-5.0.7.checksum.txt @@ -0,0 +1,67 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 5.0.7, released July 9, 2024. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring. This key has +the ID ``2EE82A8D9470983E`` and can be imported from the MIT +keyserver, for example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E + +or via the GitHub API: + + curl https://github.com/nessita.gpg | gpg --import - + +Once the key is imported, verify this file: + + gpg --verify Django-5.0.7.checksum.txt + +Once you have verified this file, you can use normal MD5, SHA1, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages +================ + +https://www.djangoproject.com/m/releases/5.0/Django-5.0.7.tar.gz +https://www.djangoproject.com/m/releases/5.0/Django-5.0.7-py3-none-any.whl + +MD5 checksums +============= + +454d23ea901892fd544541f4a1a33a3e Django-5.0.7.tar.gz +c687175397b8d6d98b8e0e35e6f142fb Django-5.0.7-py3-none-any.whl + +SHA1 checksums +============== + +ed070e21b5bf0b188104338a3b8a495b9d59593d Django-5.0.7.tar.gz +4aecb9aeab348f003c32952906eef7556a5be54b Django-5.0.7-py3-none-any.whl + +SHA256 checksums +================ + +bd4505cae0b9bd642313e8fb71810893df5dc2ffcacaa67a33af2d5cd61888f2 Django-5.0.7.tar.gz +f216510ace3de5de01329463a315a629f33480e893a9024fc93d8c32c22913da Django-5.0.7-py3-none-any.whl +-----BEGIN PGP SIGNATURE----- + +iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmaNPRgoHDEyNDMwNCtu +ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPgnUD/47 +sPedXK17iCelw70BRY7EqWxwVwSbTxKcnw14y2qejS923MlnEEraeOll2HbCqOmL ++O3coVJsTc9GAMrQLyip8sHCwb4SSCWmwRqQZbTdNRrZOWfCPRLsbVccEabdwTNC +7YDyDc+3FQhHIszNI0zkJ1H3G7280euwIrMIhnCbwH1PC/hqAwdlhf1+nc4BiIMg +dz/Bg65abruY/6LM0btMP72avHrM0BRiRs5kOYn7+xgh1cqnI64RHROgrymK7JkT +LxoZDhWvDv68IvyNWEuLU4yDXnv/3ZglhwUA8q+leMqtURwBWs8UMnLhHhR52kie +okrK6eBkYeHls3vMGOTKxe7nJHhfEjl6V9XJShIdU1ir+/iCeaRMzYjpr4H5591H +TMs8Hgm27Wt7U/OT5EsF+vIpLaAR9AnZfNfB1eYU34BUAloZSQCxz+Y65LCN5wKk +jfaG7phOiO33NJMUxhfemjwJIJymw7uZnuRQJ8KUMbr9Q/iCVWsMG+QXhJs96KRO +y1SYVgPgU5Jll9VN/H2WJCj9I1YOVZPDVAbMcB+hKklw6ZhZx2fxgxLO/3/REQJs +iBJ1ETPdCHct5HJyAoBD++NCeioUKd5pXxqMvtuNH7winRC9NMGw4XX1CbpBBB+1 +y1mkGxw+QvBh4rivA6TSQQwTDQXAnoT7ida+Ye2FVw== +=GcbG +-----END PGP SIGNATURE----- diff --git a/Django-5.0.7.tar.gz b/Django-5.0.7.tar.gz new file mode 100644 index 0000000..35d8d66 --- /dev/null +++ b/Django-5.0.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bd4505cae0b9bd642313e8fb71810893df5dc2ffcacaa67a33af2d5cd61888f2 +size 10642686 diff --git a/Django-5.0.8.checksum.txt b/Django-5.0.8.checksum.txt new file mode 100644 index 0000000..2417c88 --- /dev/null +++ b/Django-5.0.8.checksum.txt @@ -0,0 +1,65 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 5.0.8, released August 6, 2024. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring. This key has +the ID ``3955B19851EA96EF`` and can be imported from the MIT +keyserver, for example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key 3955B19851EA96EF + +or via the GitHub API: + + curl https://github.com/sarahboyce.gpg | gpg --import - + +Once the key is imported, verify this file: + + gpg --verify Django-5.0.8.checksum.txt + +Once you have verified this file, you can use normal MD5, SHA1, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages +================ + +https://www.djangoproject.com/m/releases/5.0/Django-5.0.8.tar.gz +https://www.djangoproject.com/m/releases/5.0/Django-5.0.8-py3-none-any.whl + +MD5 checksums +============= + +fb167eef987a98421cad62036868a1ca Django-5.0.8.tar.gz +59c31f54f7e064b9a26152e1d16ac18e Django-5.0.8-py3-none-any.whl + +SHA1 checksums +============== + +b2ec7cbd6e73f9d2259456e5be86156df4d3933e Django-5.0.8.tar.gz +caa744bb5e668e661e0182a5cc3b9a8c6611f029 Django-5.0.8-py3-none-any.whl + +SHA256 checksums +================ + +ebe859c9da6fead9c9ee6dbfa4943b04f41342f4cea2c4d8c978ef0d10694f2b Django-5.0.8.tar.gz +333a7988f7ca4bc14d360d3d8f6b793704517761ae3813b95432043daec22a45 Django-5.0.8-py3-none-any.whl +-----BEGIN PGP SIGNATURE----- + +iQHhBAEBCABLFiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmayI3UtHDQyMjk2NTY2 +K3NhcmFoYm95Y2VAdXNlcnMubm9yZXBseS5naXRodWIuY29tAAoJEDlVsZhR6pbv +msAL/1MlnPMdwmWoHKujgAsF0amxYRQ6dZ9HJLukm7YLGbXDJxTWK8uzRm8bNYqF +PAVAd/N+x7es7d9lhd7XnA9r3npHj03IfvO9Q7f2qMD0YLdUDWD/0ALMhs62VBoc +8eE6npty+t9SS+p0JaqdRmzB95EDIY52ql9Z62fBcYyCQqAQYTQRydgYM57h23ha +G6zNQRTbkaCj9nK/ZyahfrmYsyOWkPWb4LBFJFOV3gbPVHNLPnGjYbcQ8Fh8qMF+ +9eGXHETm5bQRsXsaXgIrCCCfyB5Z7f/Ksd3Pkm9uYB1iTkyhxFPYzcHm4vNPpnx7 +85Yzm5E/VXsScN8XuwdwPbGDqwtRG7Ena3XdSvZdur0NwS+A/qVoG0fKPr3avx8k +28/hpV5nBQaeA6L7VvzRanAtlEHqzh1T+zjfIatAhRL5QE7I4EcEQQIObdvKtAUq +ff5ZFJOdeLTYfF7Gx2zm85hJQR9RO+iB92oUqCZmWy5YQU5KVDRq9Rdv+HEFJB9C +oqY5TQ== +=O103 +-----END PGP SIGNATURE----- diff --git a/Django-5.0.8.tar.gz b/Django-5.0.8.tar.gz new file mode 100644 index 0000000..b3e1f35 --- /dev/null +++ b/Django-5.0.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ebe859c9da6fead9c9ee6dbfa4943b04f41342f4cea2c4d8c978ef0d10694f2b +size 10630791 diff --git a/dirty-hack-remove-assert.patch b/dirty-hack-remove-assert.patch new file mode 100644 index 0000000..fadb3c1 --- /dev/null +++ b/dirty-hack-remove-assert.patch @@ -0,0 +1,25 @@ +From 36736edaf595d2bbf1fe881609b2a4c8e3bac68a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Thu, 29 Jun 2023 12:29:21 +0200 +Subject: [PATCH] Dirty hack: Remove a failing assert, failure does not seem + critical + +--- + tests/settings_tests/tests.py | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tests/settings_tests/tests.py b/tests/settings_tests/tests.py +index 62cbffb..b7432d3 100644 +--- a/tests/settings_tests/tests.py ++++ b/tests/settings_tests/tests.py +@@ -397,7 +397,6 @@ class TestComplexSettingOverride(SimpleTestCase): + with self.assertWarnsMessage(UserWarning, msg) as cm: + with override_settings(TEST_WARN="override"): + self.assertEqual(settings.TEST_WARN, "override") +- self.assertEqual(cm.filename, __file__) + + + class SecureProxySslHeaderTest(SimpleTestCase): +-- +2.40.1 + diff --git a/python-Django-rpmlintrc b/python-Django-rpmlintrc new file mode 100644 index 0000000..0159bae --- /dev/null +++ b/python-Django-rpmlintrc @@ -0,0 +1,5 @@ +addFilter("file-not-in-%lang") +# Empty model.py files should be kept around: +addFilter("zero-length") +# Bash completion isn't config: +# addFilter("non-conffile-in-etc /etc/bash_completion.d/django_bash_completion*") diff --git a/python-Django.changes b/python-Django.changes new file mode 100644 index 0000000..8675165 --- /dev/null +++ b/python-Django.changes @@ -0,0 +1,2815 @@ +------------------------------------------------------------------- +Wed Aug 7 06:07:48 UTC 2024 - Alberto Planas Dominguez + +- Update to 5.0.8 (bsc#1228629, bsc#1228630, bsc#1228631, bsc#1228632) + * CVE-2024-41989: Memory exhaustion in + django.utils.numberformat.floatformat() + * CVE-2024-41990: Potential denial-of-service vulnerability in + django.utils.html.urlize() + * CVE-2024-41991: Potential denial-of-service vulnerability in + django.utils.html.urlize() and AdminURLFieldWidget + * CVE-2024-42005: Potential SQL injection in QuerySet.values() and + values_list() + * Added missing validation for + UniqueConstraint(nulls_distinct=False) when using *expressions + * Fixed a regression in Django 5.0 where ModelAdmin.action_checkbox + could break the admin changelist HTML page when rendering a model + instance with a __html__ method + * Fixed a crash when creating a model with a Field.db_default and a + Meta.constraints constraint composed of __endswith, __startswith, + or __contains lookups + * Fixed a regression in Django 5.0.7 that caused a crash in + LocaleMiddleware when processing a language code over 500 + characters + * Fixed a bug in Django 5.0 that caused a system check crash when + ModelAdmin.date_hierarchy was a GeneratedField with an + output_field of DateField or DateTimeField + * Fixed a bug in Django 5.0 which caused constraint validation to + either crash or incorrectly raise validation errors for + constraints referring to fields using Field.db_default + * Fixed a crash in Django 5.0 when saving a model containing a + FileField with a db_default set + +------------------------------------------------------------------- +Tue Jul 9 14:03:46 UTC 2024 - Markéta Machová + +- Update to 5.0.7 + * Supports Python >= 3.10. + * Facet counts are now shown for applied filters in the admin changelist + when toggled on via the UI. This behavior can be changed via the new + ModelAdmin.show_facets attribute. + * Django 5.0 introduces the concept of a field group, and field group + templates. This simplifies rendering of the related elements of a + Django form field such as its label, widget, help text, and errors. + * The new Field.db_default parameter sets a database-computed default value. + * The new GeneratedField allows creation of database generated columns. + This field can be used on all supported database backends to create + a field that is always computed from other fields. + * More options for declaring field choices + * Few backwards-incompatible changes in the database backend API, + django.contrib.gis and django.contrib.sitemaps + * Dropped support for MySQL < 8.0.11 + * Using create_defaults__exact may now be required with QuerySet.update_or_create() + * Migrating existing UUIDField on MariaDB 10.7+ +- This release also fixes several security issues: + * bsc#1227590 (CVE-2024-38875) + * bsc#1227593 (CVE-2024-39329) + * bsc#1227594 (CVE-2024-39330) + * bsc#1227595 (CVE-2024-39614) +- Drop no-longer-needed patches: + * dirty-hack-remove-assert.patch + * sanitize_address.patch + +------------------------------------------------------------------- +Wed May 8 07:30:48 UTC 2024 - Alberto Planas Dominguez + +- Update to 4.2.13 + + Django 4.2.13 fixes a packaging error in 4.2.12. +- Update to 4.2.12 + + Django 4.2.12 fixes a compatibility issue with Python 3.11.9+ and 3.12.3+. + + Fixed a crash in Django 4.2 when validating email max line lengths + with content decoded using the surrogateescape error handling + scheme +- Drop fix-safemimetext-set_payload.patch, already merged upstream + +------------------------------------------------------------------- +Thu Apr 18 06:39:36 UTC 2024 - Daniel Garcia + +- Add fix-safemimetext-set_payload.patch, to support python 3.11.9+ + (gh#django/django@b231bcd19e57, bsc#1222880) + +------------------------------------------------------------------- +Mon Mar 4 14:05:28 UTC 2024 - Alberto Planas Dominguez + +- Update to 4.2.11 (CVE-2024-27351, bsc#1220358) + * CVE-2024-27351: Potential regular expression denial-of-service in + django.utils.text.Truncator.words() + * Fixed a regression in Django 4.2.10 where intcomma template filter + could return a leading comma for string representation of floats +- Remove python3122.patch, already upstream + +------------------------------------------------------------------- +Fri Feb 9 10:18:37 UTC 2024 - Daniel Garcia + +- Add python3122.patch to fix tests with python 3.12.2 + gh#django/django#17843 +- Update to 4.2.10 (bsc#1219683, CVE-2024-24680): + - Django 4.2.10 fixes a security issue with severity "moderate" in + 4.2.9. + CVE-2024-24680: Potential denial-of-service in intcomma template + filter The intcomma template filter was subject to a potential + denial-of-service attack when used with very long strings. + +------------------------------------------------------------------- +Thu Jan 4 09:27:51 UTC 2024 - Alberto Planas Dominguez + +- Update to 4.2.9: + * Fixed a regression in Django 4.2.8 where admin fields on the same + line could overflow the page and become non-interactive + +------------------------------------------------------------------- +Mon Dec 4 10:21:00 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.2.8 + * Fixed a regression in Django 4.2 that caused makemigrations + --check to stop displaying pending migrations + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.aggregate() with aggregates referencing other aggregates + or window functions through conditional expressions + * Fixed a regression in Django 4.2 that caused a crash when + annotating a QuerySet with a Window expressions composed of a + partition_by clause mixing field types and aggregation expressions + * Fixed a regression in Django 4.2 where the admin’s change list + page had misaligned pagination links and inputs when using + list_editable + * Fixed a regression in Django 4.2 where checkboxes in the admin + would be centered on narrower screen widths + * Fixed a regression in Django 4.2 that caused a crash of querysets + with aggregations on MariaDB when the ONLY_FULL_GROUP_BY SQL mode + was enabled + * Fixed a regression in Django 4.2 where the admin’s read-only + password widget and some help texts were incorrectly aligned at + tablet widths + * Fixed a regression in Django 4.2 that caused a migration crash on + SQLite when altering unsupported Meta.db_table_comment + +------------------------------------------------------------------- +Mon Nov 27 12:20:48 UTC 2023 - Dirk Müller + +- add dirty-hack-remove-assert.patch from fedora to fix + minor test failure with python 3.12 + +------------------------------------------------------------------- +Wed Nov 1 08:12:59 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.2.7 + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.aggregate() with aggregates referencing expressions + containing subqueries + * Restored, following a regression in Django 4.2, creating + varchar/text_pattern_ops indexes on CharField and TextField with + deterministic collations on PostgreSQL + +------------------------------------------------------------------- +Mon Oct 16 08:33:05 UTC 2023 - Daniel Garcia Moreno + +- Update to 4.2.6 (bsc#1215978, CVE-2023-43665) + * CVE-2023-43665: Denial-of-service possibility in + django.utils.text.Truncator + The input processed by Truncator, when operating in HTML mode, has + been limited to the first five million characters in order to + avoid potential performance and memory issues. + * Fixed a regression in Django 4.2.5 where overriding the deprecated + DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings in tests + caused the main STORAGES to mutate (#34821). + * Fixed a regression in Django 4.2 that caused unnecessary casting + of string based fields (CharField, EmailField, TextField, + CICharField, CIEmailField, and CITextField) used with the __isnull + lookup on PostgreSQL. As a consequence, indexes using an __isnull + expression or condition created before Django 4.2 wouldn’t be used + by the query planner, leading to a performance regression + (#34840). + +------------------------------------------------------------------- +Mon Sep 4 12:10:50 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.2.5 (CVE-2023-41164) + + Bugfixes + * Fixed a regression in Django 4.2 that caused an incorrect + validation of CheckConstraints on __isnull lookups against + JSONField + * Fixed a bug in Django 4.2 where the deprecated + DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings were not + synced with STORAGES + * Fixed a regression in Django 4.2.2 that caused an unnecessary + selection of a non-nullable ManyToManyField without a natural + key during serialization + * Fixed a regression in Django 4.2 that caused a crash of a + queryset when filtering against deeply nested OuterRef() + annotations + +------------------------------------------------------------------- +Wed Aug 2 07:35:04 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.2.4 + + Bugfixes + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.aggregate() with aggregates referencing window + functions + * Fixed a regression in Django 4.2 that caused a crash when + grouping by a reference in a subquery + * Fixed a regression in Django 4.2 that caused aggregation over + query that uses explicit grouping by multi-valued annotations to + group against the wrong columns + +------------------------------------------------------------------- +Tue Jul 18 12:50:29 UTC 2023 - Markéta Machová + +- Add upstream sanitize_address.patch + * fixes build with yet another CPython upstream fix (bsc#1210638) + +------------------------------------------------------------------- +Mon Jul 10 09:28:42 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.2.3 (bsc#1212742, CVE-2023-36053) + + CVE-2023-36053: Potential regular expression denial of service + vulnerability in EmailValidator/URLValidator + + Bugfixes + * Fixed a regression in Django 4.2 that caused incorrect alignment + of timezone warnings for DateField and TimeField in the admin + * Fixed a regression in Django 4.2 that caused incorrect + highlighting of rows in the admin changelist view when + ModelAdmin.list_editable contained a BooleanField + +------------------------------------------------------------------- +Fri Jun 9 11:41:19 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Tue Jun 6 06:35:28 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.2.2 + + Bugfixes + * Fixed a regression in Django 4.2 that caused an unnecessary + DBMS_LOB.SUBSTR() wrapping in the __isnull and __exact=None + lookups for TextField()/BinaryField() on Oracle + * Restored, following a regression in Django 4.2, get_prep_value() + call in JSONField subclasses + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.defer() when passing a ManyToManyField or + GenericForeignKey reference. While doing so is a no-op, it was + allowed in older version + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.only() when passing a reverse OneToOneField reference + * Fixed a bug in Django 4.2 where makemigrations --update didn’t + respect the --name option + * Fixed a performance regression in Django 4.2 when compiling + queries without ordering + * Fixed a regression in Django 4.2 where nonexistent stylesheet + was linked on a “Congratulations!” page + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.aggregate() with expressions referencing other + aggregates + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.aggregate() with aggregates referencing subqueries + * Fixed a regression in Django 4.2 that caused a crash of + querysets on SQLite when filtering on DecimalField against + values outside of the defined range + * Fixed a regression in Django 4.2 that caused a serialization + crash on a ManyToManyField without a natural key when its + Manager’s base QuerySet used select_related() + +------------------------------------------------------------------- +Thu May 4 07:02:58 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.2.1 + + CVE-2023-31047: Potential bypass of validation when uploading + multiple files using one form field (bsc#1210866) + + Bugfixes + * Fixed a regression in Django 4.2 that caused a crash of + QuerySet.defer() when deferring fields by attribute names + * Fixed a regression in Django 4.2 that caused a crash of + SearchVector function with % characters + * Fixed a regression in Django 4.2 that caused aggregation over + query that uses explicit grouping to group against the wrong + columns + * Reallowed, following a regression in Django 4.2, setting the + "cursor_factory" option in OPTIONS on PostgreSQL + * Enforced UTF-8 client encoding on PostgreSQL, following a + regression in Django 4.2 + * Fixed a regression in Django 4.2 where i18n_patterns() didn’t + respect the prefix_default_language argument when a fallback + language of the default language was used + * Fixed a regression in Django 4.2 where translated URLs of the + default language from i18n_patterns() with + prefix_default_language set to False raised 404 errors for a + request with a different language + * Fixed a regression in Django 4.2 where creating copies and deep + copies of HttpRequest, HttpResponse, and their subclasses didn’t + always work correctly + * Fixed a regression in Django 4.2 where timesince and timeuntil + template filters returned incorrect results for a datetime with + a non-UTC timezone when a time difference is less than 1 day + * Fixed a regression in Django 4.2 that caused a crash of + SearchHeadline function with psycopg 3 + * Fixed a regression in Django 4.2 that caused incorrect + ClearableFileInput margins in the admin + * Fixed a regression in Django 4.2 where breadcrumbs didn’t appear + on admin site app index views + * Made squashing migrations reduce AddIndex, RemoveIndex, + RenameIndex, and CreateModel operations which allows removing a + deprecated Meta.index_together option from historical migrations + and use Meta.indexes instead + +------------------------------------------------------------------- +Thu Apr 6 06:38:13 UTC 2023 - David Anes + +- Update minimal dependency versions. + +------------------------------------------------------------------- +Tue Apr 4 07:19:56 UTC 2023 - David Anes + +- Update to 4.2: + This is just a summary. Full release notes are available at + https://docs.djangoproject.com/en/4.2/releases/4.2/ + + Psycopg 3 support + + Comments on columns and tables + + Mitigation for the BREACH attack + + In-memory file storage + + Custom file storages + + For backwards incompatible changes in 4.2 see + https://docs.djangoproject.com/en/4.2/releases/4.2/#backwards-incompatible-changes-in-4-2 + +- Update of keyring file + +------------------------------------------------------------------- +Tue Feb 14 09:59:42 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.1.7: + + CVE-2023-24580: Potential denial-of-service vulnerability in file + uploads (bsc#1208082) + + Fixed a bug in Django 4.1 that caused a crash of model validation + on ValidationError with no code + +------------------------------------------------------------------- +Wed Feb 1 12:48:49 UTC 2023 - Alberto Planas Dominguez + +- Update to 4.1.6: + + CVE-2023-23969: Potential denial-of-service via Accept-Language + headers Bugfixes + + Fixed a bug in Django 4.1 that caused a crash of model validation + on UniqueConstraint with ordered expressions + +------------------------------------------------------------------- +Mon Jan 2 19:07:30 UTC 2023 - David Anes + +- Update to 4.1.5: + + Fixed a long standing bug in the __len lookup for ArrayField + that caused a crash of model validation on Meta.constraints. +- Update keyring file. + +------------------------------------------------------------------- +Wed Dec 21 09:39:56 UTC 2022 - Daniel Garcia + +- Recommends python-pymemcache instead of the deprecated + python-python-memcached. This is the module used in Django since 3.2 + https://docs.djangoproject.com/en/3.2/releases/3.2/#pymemcache-support + +------------------------------------------------------------------- +Tue Dec 6 13:30:53 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.1.4 + + Fixed a regression in Django 4.1 that caused an unnecessary table + rebuild when adding a ManyToManyField on SQLite + + Fixed a bug in Django 4.1 that caused a crash of the sitemap index + view with an empty Sitemap.items() and a callable lastmod + + Fixed a bug in Django 4.1 that caused a crash using acreate(), + aget_or_create(), and aupdate_or_create() asynchronous methods of + related managers + + Fixed a bug in Django 4.1 that caused a crash of + QuerySet.bulk_create() with "pk" in unique_fields + + Fixed a bug in Django 4.1 that caused a crash of + QuerySet.bulk_create() on fields with db_column + +------------------------------------------------------------------- +Wed Nov 2 15:50:11 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.1.3 + + Fixed a bug in Django 4.1 that caused non-Python files created by + startproject and startapp management commands from custom + templates to be incorrectly formatted using the black command + +------------------------------------------------------------------- +Tue Oct 4 08:22:42 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.1.2 (bsc#1203793, CVE-2022-41323) + + Fixed a regression in Django 4.1 that caused a migration crash on + PostgreSQL when adding a model with ExclusionConstraint + + Fixed a regression in Django 4.1 that caused aggregation over a + queryset that contained an Exists annotation to crash due to too + many selected columns + + Fixed a bug in Django 4.1 that caused an incorrect validation of + CheckConstraint on NULL values + + Fixed a regression in Django 4.1 that caused a + QuerySet.values()/values_list() crash on ArrayAgg() and JSONBAgg() + + Fixed a bug in Django 4.1 that caused + ModelAdmin.autocomplete_fields to be incorrectly selected after + adding/changing related instances via popups + + Fixed a regression in Django 4.1 where the app registry was not + populated when running parallel tests with the multiprocessing + start method spawn + + Fixed a regression in Django 4.1 where the --debug-mode argument + to test did not work when running parallel tests with the + multiprocessing start method spawn + + Fixed a regression in Django 4.1 that didn’t alter a sequence type + when altering type of pre-Django 4.1 serial columns on PostgreSQL + + Fixed a regression in Django 4.1 that caused a crash for View + subclasses with asynchronous handlers when handling non-allowed + HTTP methods + + Reverted caching related managers for ForeignKey, ManyToManyField, + and GenericRelation that caused the incorrect refreshing of + related objects + + Relaxed the system check added in Django 4.1 for the same name + used for multiple template tag modules to a warning + +------------------------------------------------------------------- +Mon Sep 5 11:14:19 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.1.1 + + Reallowed, following a regression in Django 4.1, using GeoIP2() + when GEOS is not installed + + Fixed a regression in Django 4.1 that caused a crash of admin’s + autocomplete widgets when translations are deactivated + + Fixed a regression in Django 4.1 that caused a crash of the test + management command when running in parallel and multiprocessing + start method is spawn + + Fixed a regression in Django 4.1 that caused an incorrect + redirection to the admin changelist view when using "Save and + continue editing" and "Save and add another" options + + Fixed a regression in Django 4.1 that caused a crash of Window + expressions with ArrayAgg + + Fixed a regression in Django 4.1 that caused a migration crash on + SQLite 3.35.5+ when removing an indexed field + + Fixed a bug in Django 4.1 that caused a crash of model validation + on UniqueConstraint() with field names in expressions + + Fixed a bug in Django 4.1 that caused an incorrect validation of + CheckConstraint() with range fields on PostgreSQL + + Fixed a regression in Django 4.1 that caused an incorrect + migration when adding AutoField, BigAutoField, or SmallAutoField + on PostgreSQL + + Fixed a regression in Django 4.1 that caused a migration crash on + PostgreSQL when altering AutoField, BigAutoField, or + SmallAutoField to OneToOneField + + Fixed a migration crash on ManyToManyField fields with through + referencing models in different apps + + Fixed a regression in Django 4.1 that caused an incorrect + migration when renaming a model with ManyToManyField and db_table + + Reallowed, following a regression in Django 4.1, creating reverse + foreign key managers on unsaved instances + + Fixed a regression in Django 4.1 that caused a migration crash on + SQLite < 3.20 + + Fixed a regression in Django 4.1 that caused an admin crash when + the admindocs app was used +- Remove 0001-Fixed-33887-Added-version-in-asserted-test-URL.patch + (already upstream) +- Verify the tarball with gpg + +------------------------------------------------------------------- +Wed Aug 3 13:20:52 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.1: + This is just a summary. Full release notes are available at + https://docs.djangoproject.com/en/4.1/releases/4.1/ + + Django 4.1 supports Python 3.8, 3.9, and 3.10 + + Asynchronous handlers for class-based views + + Asynchronous ORM interface + + Validation of Constraints + + Form rendering accessibility + + CSRF_COOKIE_MASKED setting +- Drop fix_test_custom_fields_SQLite.patch (already merged) +- Add 0001-Fixed-33887-Added-version-in-asserted-test-URL.patch to fix + test + +------------------------------------------------------------------- +Wed Aug 3 11:48:48 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.0.7 (CVE-2022-36359, bsc#1201923): + + Django 4.0.7 fixes a security issue with severity “high” in 4.0.6. + +------------------------------------------------------------------- +Tue Jul 5 08:04:12 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.0.6 + + CVE-2022-34265: Potential SQL injection via Trunc(kind) and + Extract(lookup_name) arguments + +------------------------------------------------------------------- +Thu Jun 2 07:34:17 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.0.5 + + Fixed a bug in Django 4.0 where not all OPTIONS were passed to a + Redis client + + Fixed a bug in Django 4.0 that caused a crash of QuerySet.filter() + on IsNull() expressions + + Fixed a bug in Django 4.0 where a hidden quick filter toolbar in + the admin’s navigation sidebar was focusable + +------------------------------------------------------------------- +Mon Apr 11 14:21:09 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.0.4 + + CVE-2022-28346: Potential SQL injection in "QuerySet.annotate()", + "aggregate()", and "extra()" + + CVE-2022-28347: Potential SQL injection via + "QuerySet.explain(**options)" on PostgreSQL + +------------------------------------------------------------------- +Tue Mar 1 10:49:51 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.0.3 + + Prevented, following a regression in Django 4.0.1, makemigrations + from generating infinite migrations for a model with + ManyToManyField to a lowercased swappable model such as + 'auth.user' + + Fixed a regression in Django 4.0 that caused a crash when + rendering invalid inlines with readonly_fields in the admin + +------------------------------------------------------------------- +Tue Feb 1 10:15:38 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.0.2 (CVE-2022-22818, bsc#1195086) (CVE-2022-23833, bsc#1195088) + + CVE-2022-22818: Possible XSS via {% debug %} template tag + + CVE-2022-23833: Denial-of-service possibility in file uploads + + Fixed a bug in Django 4.0 where + TestCase.captureOnCommitCallbacks() could execute callbacks + multiple times + + Fixed a regression in Django 4.0 where help_text was HTML-escaped + in automatically-generated forms + + Fixed a regression in Django 4.0 that caused displaying an + incorrect name for class-based views on the technical 404 debug + page + + Fixed a regression in Django 4.0 that caused an incorrect repr of + ResolverMatch for class-based views + + Fixed a regression in Django 4.0 that caused a crash of + makemigrations on models without Meta.order_with_respect_to but + with a field named _order + + Fixed a regression in Django 4.0 that caused incorrect + ModelAdmin.radio_fields layout in the admin + + Fixed a duplicate operation regression in Django 4.0 that caused a + migration crash when altering a primary key type for a concrete + parent model referenced by a foreign key + + Fixed a bug in Django 4.0 that caused a crash of + QuerySet.aggregate() after annotate() on an aggregate function + with a default + + Fixed a regression in Django 4.0 that caused a crash of + makemigrations when renaming a field of a renamed model + +------------------------------------------------------------------- +Wed Jan 12 14:16:23 UTC 2022 - Matej Cepl + +- Add fix_test_custom_fields_SQLite.patch fixing issues with + modern SQLite (gh#django/django#15168). + +------------------------------------------------------------------- +Mon Jan 10 09:27:36 UTC 2022 - Alberto Planas Dominguez + +- Update to 4.0.1 (CVE-2021-45115, CVE-2021-45452, bsc#1194117) + + CVE-2021-45115: Denial-of-service possibility in + UserAttributeSimilarityValidator + + CVE-2021-45452: Potential directory-traversal via Storage.save() + + Fixed a regression in Django 4.0 that caused a crash of + assertFormsetError() on a formset named form + + Fixed a bug in Django 4.0 that caused a crash on booleans with the + RedisCache backend + + Relaxed the check added in Django 4.0 to reallow use of a + duck-typed HttpRequest in + django.views.decorators.cache.cache_control() and never_cache() + decorators + + Fixed a regression in Django 4.0 that caused creating bogus + migrations for models that reference swappable models such as + auth.User + + Fixed a long standing bug in Geometry Collections and Polygon that + caused a crash on some platforms (reported on macOS based on the + ARM64 architecture) + +------------------------------------------------------------------- +Mon Dec 27 12:11:09 UTC 2021 - Ben Greiner + +- Fix u-a scriptlet dependency. +- Remove python36 conditional on numpy dep. + +------------------------------------------------------------------- +Fri Dec 24 02:26:37 UTC 2021 - John Vandenberg + +- Avoid dependency on backports.zoneinfo except on Python 3.8 + +------------------------------------------------------------------- +Mon Dec 20 10:37:10 UTC 2021 - Matej Cepl + +- Clean up PYTHONPATH to make test_extra_tests_build_suite pass. + +------------------------------------------------------------------- +Tue Dec 7 14:09:24 UTC 2021 - Alberto Planas Dominguez + +- Update to 4.0 + This is just a summary. Full release notes are available at + https://docs.djangoproject.com/en/4.0/releases/4.0/. + - Django 4.0 supports Python 3.8, 3.9, and 3.10. We highly + recommend and only officially support the latest release of + each series. + The Django 3.2.x series is the last to support Python 3.6 and + 3.7. + - The Python standard library’s zoneinfo is now the default + timezone implementation in Django. This is the next step in + the migration from using pytz to using zoneinfo. Django 3.2 + allowed the use of non-pytz time zones. Django 4.0 makes + zoneinfo the default implementation. Support for pytz is now + deprecated and will be removed in Django 5.0. + - The new *expressions positional argument of + UniqueConstraint() enables creating functional unique + constraints on expressions and database functions. + - The new scrypt password hasher is more secure and recommended + over PBKDF2. However, it’s not the default as it requires + OpenSSL 1.1+ and more memory. + - Redis cache backend + - Template based form rendering. Forms, Formsets, and ErrorList + are now rendered using the template engine to enhance + customization. + +------------------------------------------------------------------- +Tue Nov 2 12:45:45 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.9 + + Fixed a bug in Django 3.2 that caused a migration crash on SQLite + when altering a field with a functional index + +------------------------------------------------------------------- +Tue Oct 5 14:25:34 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.8 + + Fixed a bug in Django 3.2 that caused incorrect links on read-only + fields in the admin + + Fixed a regression in Django 3.2 that caused incorrect selection + of items across all pages when actions were placed both on the top + and bottom of the admin change-list view +- Drop failing_test_subparser_invalid_option.patch, as is already in + the upstream code. + +------------------------------------------------------------------- +Thu Sep 9 15:21:45 UTC 2021 - Matej Cepl + +- Add failing_test_subparser_invalid_option.patch fixing + https://code.djangoproject.com/ticket/33082 + +------------------------------------------------------------------- +Wed Sep 1 10:13:34 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.7 + + Fixed a regression in Django 3.2 that caused the incorrect offset + extraction from fixed offset timezones + +------------------------------------------------------------------- +Mon Aug 16 08:27:28 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.6 + + Fixed a regression in Django 3.2 that caused a crash validating + "NaN" input with a forms.DecimalField when additional constraints, + e.g. max_value, were specified + + Fixed a bug in Django 3.2 where a system check would crash on a + model with a reverse many-to-many relation inherited from a parent + class + +------------------------------------------------------------------- +Thu Jul 1 07:50:35 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.5 (CVE-2021-35042, bsc#1187785) + + Fixed a regression in Django 3.2 that caused a crash of + QuerySet.values_list(..., named=True) after prefetch_related() + + Fixed a bug in Django 3.2 that caused a migration crash on MySQL + 8.0.13+ when altering BinaryField, JSONField, or TextField to + non-nullable + + Fixed a regression in Django 3.2 that caused a migration crash on + MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or + TextField with a default value + + Fixed a bug in Django 3.2 where a system check would crash on a + model with an invalid app_label + +------------------------------------------------------------------- +Wed Jun 2 10:45:01 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571) + + CVE-2021-33203: Potential directory traversal via admindocs + + CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks + since validators accepted leading zeros in IPv4 addresses + + Fixed a bug in Django 3.2 where a final catch-all view in the + admin didn’t respect the server-provided value of SCRIPT_NAME when + redirecting unauthenticated users to the login page + + Fixed a bug in Django 3.2 where a system check would crash on an + abstract model + + Prevented unnecessary initialization of unused caches following a + regression in Django 3.2 + + Fixed a crash in Django 3.2 that could occur when running mod_wsgi + with the recommended settings while the Windows colorama library + was installed + + Fixed a bug in Django 3.2 that would trigger the auto-reloader for + template changes when directory paths were specified with strings + + Fixed a regression in Django 3.2 that caused a crash of + auto-reloader with AttributeError, e.g. inside a Conda environment + + Fixed a regression in Django 3.2 that caused a loss of precision + for operations with DecimalField on MySQL + +------------------------------------------------------------------- +Mon May 17 07:37:47 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.3 + + Prepared for mysqlclient > 2.0.3 support + + Fixed a regression in Django 3.2 that caused the incorrect + filtering of querysets combined with the | operator + + Fixed a regression in Django 3.2.1 where saving FileField would + raise a SuspiciousFileOperation even when a custom upload_to + returns a valid file path + +------------------------------------------------------------------- +Thu May 6 08:54:41 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.2 (CVE-2021-32052) + + CVE-2021-32052: Header injection possibility since URLValidator + accepted newlines in input on Python 3.9.5+ + + Prevented, following a regression in Django 3.2.1, makemigrations + from generating infinite migrations for a model with Meta.ordering + contained OrderBy expressions + +------------------------------------------------------------------- +Wed May 5 17:25:18 UTC 2021 - Ben Greiner + +- Keep rpm runtime requirements in sync. Downstream packages often + read the egg-info and fail if they are not fulfilled. + +------------------------------------------------------------------- +Wed May 5 08:44:30 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.1 (CVE-2021-31542) + + CVE-2021-31542: Potential directory-traversal via uploaded files + + Corrected detection of GDAL 3.2 on Windows + + Fixed a bug in Django 3.2 where subclasses of BigAutoField and + SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting + + Fixed a regression in Django 3.2 that caused a crash of + QuerySet.values()/values_list() after QuerySet.union(), + intersection(), and difference() when it was ordered by an + unannotated field + + Restored, following a regression in Django 3.2, displaying an + exception message on the technical 404 debug page + + Fixed a bug in Django 3.2 where a system check would crash on a + reverse one-to-one relationships in CheckConstraint.check or + UniqueConstraint.condition + + Fixed a regression in Django 3.2 that caused a crash of + ModelAdmin.search_fields when searching against phrases with + unbalanced quotes + + Fixed a bug in Django 3.2 where variable lookup errors were logged + rendering the sitemap template if alternates were not defined + + Fixed a regression in Django 3.2 that caused a crash when + combining Q() objects which contains boolean expressions + + Fixed a regression in Django 3.2 that caused a crash of + QuerySet.update() on a queryset ordered by inherited or joined + fields on MySQL and MariaDB + + Fixed a regression in Django 3.2 that caused a crash when decoding + a cookie value, used by + django.contrib.messages.storage.cookie.CookieStorage, in the + pre-Django 3.2 format + + Fixed a regression in Django 3.2 that stopped the shift-key + modifier selecting multiple rows in the admin changelist + + Fixed a bug in Django 3.2 where a system check would crash on the + STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path) + + Fixed a long standing bug involving queryset bitwise combination + when used with subqueries that began manifesting in Django 3.2, + due to a separate fix using Exists to exclude() multi-valued + relationships + + Fixed a bug in Django 3.2 where variable lookup errors were logged + when rendering some admin templates + + Fixed a bug in Django 3.2 where an admin changelist would crash + when deleting objects filtered against multi-valued relationships + + Fixed a regression in Django 3.2 where the calling process + environment would not be passed to the dbshell command on PostgreSQL + + Fixed a performance regression in Django 3.2 when building complex + filters with subqueries + +------------------------------------------------------------------- +Tue Apr 6 09:27:50 UTC 2021 - Alberto Planas Dominguez + +- Update to 3.2.0 + + Automatic ~django.apps.AppConfig discovery + + Customizing type of auto-created primary keys + + Functional indexes + + pymemcache support + + New decorators for the admin site + + For a complete description of new features check: + https://github.com/django/django/blob/main/docs/releases/3.2.txt +- Update PYTHOPATH to include the local tests +- Drop i18n_test.patch, i18n_test_extraction.patch, + test_clear_site_cache-sort.patch + +------------------------------------------------------------------- +Sat Feb 13 22:41:42 UTC 2021 - Ben Greiner + +- Don't install python36-numpy for testing. It is no longer + available. (The tests or portions of tests requiring numpy + are skipped automatically in this case.) +- Let the singlespec macro do its job to set the primary provider + for python3-django and python3-South on the primary flavor only. +- Fix mtime of cache file by recompiling. + +------------------------------------------------------------------- +Wed Dec 9 12:16:46 UTC 2020 - Ondřej Súkup + +- Update to 3.1.4 + * Fixed setting the Content-Length HTTP header in AsyncRequestFactory + * Fixed passing extra HTTP headers to AsyncRequestFactory request methods + * Fixed crash of key transforms for JSONField on PostgreSQL when usingi + on a Subquery() annotation + * Fixed a regression in Django 3.1 that caused the incorrect grouping + by a Q object annotation + * Fixed a regression in Django 3.1 that caused suppressing connection errors + when JSONField is used on SQLite + * Fixed a crash on SQLite, when QuerySet.values()/values_list() contained + key transforms for JSONField returning non-string primitive values + +------------------------------------------------------------------- +Mon Nov 2 15:03:13 UTC 2020 - Ondřej Súkup + +- Update to 3.1.3 + * Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin + changelist search bar + * Fixed a regression in Django 3.1.2 that caused the incorrect width of the + admin changelist search bar on a filtered page + * Fixed displaying Unicode characters in forms.JSONField and read-only + models.JSONField values in the admin + * Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg + with ordering on key transforms for JSONField + * Fixed a regression in Django 3.1 that caused a crash of __in lookup when using + key transforms for JSONField in the lookup value + * Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with + key transforms for JSONField + * Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL + when adding an ExclusionConstraint with key transforms for JSONField in expressions + * Fixed a regression in Django 3.1 where ProtectedError.protected_objects + and RestrictedError.restricted_objects attributes returned iterators instead + of set of objects + * Fixed a regression in Django 3.1.2 that caused incorrect form input layout + on small screens in the admin change form view + * Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset tokens + * Added support for asgiref 3.3 + * Fixed a regression in Django 3.1 that caused incorrect textarea layout + on medium-sized screens in the admin change form view with the sidebar open + * Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases + in the GROUP BY clause + * Fixed a bug in Django 3.1 where FileField instances with a callable storage were + not correctly deconstructed + * Fixed a regression in Django 3.1 where the QuerySet.ordered attribute returned + incorrectly True for GROUP BY queries (e.g. .annotate().values()) on models with + Meta.ordering. A model’s Meta.ordering doesn’t affect such queries + * Fixed a regression in Django 3.1 where a queryset would crash if it contained + an aggregation and a Q object annotation + * Fixed a bug in Django 3.1 where a test database was not synced during creation + when using the MIGRATE test database setting + * Fixed a django.contrib.admin.EmptyFieldListFilter crash when using on a GenericRelation + * Fixed a regression in Django 3.1.1 where the admin changelist filter sidebar + would not scroll for a long list of available filters + +------------------------------------------------------------------- +Wed Sep 9 14:14:08 UTC 2020 - Marketa Calabkova + +- Update to 3.1.1 + * CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ + * CVE-2020-24584: Permission escalation in intermediate-level directories of the file + system cache on Python 3.7+ + * Fixed a data loss possibility in the select_for_update(). When using related fields + pointing to a proxy model in the of argument, the corresponding model was not locked + * Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data + * Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite + * Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator + and settings.py + +------------------------------------------------------------------- +Wed Sep 9 03:55:36 UTC 2020 - John Vandenberg + +- Require asgiref >= 3.2.10 per upstream + +------------------------------------------------------------------- +Tue Aug 11 07:48:29 UTC 2020 - Alberto Planas Dominguez + +- Update to 3.1 + * Asynchronous views and middleware support + * JSONField for all supported database backends + * DEFAULT_HASHING_ALGORITHM settings¶ + * Read https://docs.djangoproject.com/en/3.1/releases/3.1/ +- Drop fix-selenium-test.patch. Already upstream. +- Add i18n_test_extraction.patch to support xgettext 0.21 + +------------------------------------------------------------------- +Thu Aug 6 11:36:36 UTC 2020 - Ondřej Súkup + +- update to 3.0.9 + * Allowed setting the SameSite cookie flag in HttpResponse.delete_cookie() + * Fixed crash when sending emails to addresses with display names longer than + 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+ + +------------------------------------------------------------------- +Wed Jul 8 11:52:27 UTC 2020 - Ondřej Súkup + +- update to 3.0.8 + * Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings + raised by cache key validation + * Fixed a regression in Django 3.0.7 that caused a queryset crash + when grouping by a many-to-one relationship + * Reallowed, following a regression in Django 3.0, non-expressions having + a filterable attribute to be used as the right-hand side in queryset filters + * Fixed a regression in Django 3.0.2 that caused a migration crash + on PostgreSQL when adding a foreign key to a model with a namespaced db_table + * Added compatibility for cx_Oracle 8 + +------------------------------------------------------------------- +Thu Jun 4 14:35:25 UTC 2020 - Ondřej Súkup + +- update to 3.0.7 +- drop 32bit.patch + * boo#1172167 - CVE-2020-13254: Potential data leakage via malformed + memcached keys + * boo#1172167 - CVE-2020-13596: Possible XSS via admin + ForeignKeyRawIdWidget + * many other bugfixes + +------------------------------------------------------------------- +Thu Apr 30 05:14:28 UTC 2020 - Tomáš Chvátal + +- Add patch to fix the 32bit build: + * 32bit.patch + +------------------------------------------------------------------- +Thu Apr 23 16:58:12 UTC 2020 - Marcus Rueckert + +- Update to 3.0.5 + https://docs.djangoproject.com/en/3.0/releases/3.0.5/ + https://docs.djangoproject.com/en/3.0/releases/3.0.4/ + https://docs.djangoproject.com/en/3.0/releases/3.0.3/ + https://docs.djangoproject.com/en/3.0/releases/3.0.2/ + https://docs.djangoproject.com/en/3.0/releases/3.0.1/ + https://docs.djangoproject.com/en/3.0/releases/3.0/ +- new dependency: python-asgiref + +------------------------------------------------------------------- +Fri Apr 3 06:55:41 UTC 2020 - Tomáš Chvátal + +- Update to 2.2.12: + * Added the ability to handle .po files containing different plural + equations for the same language (#30439). + +------------------------------------------------------------------- +Wed Mar 18 10:59:36 UTC 2020 - Ondřej Súkup + +- update to 2.2.11 + * fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance + parameter in GIS functions and aggregates on Oracle + +------------------------------------------------------------------- +Tue Feb 4 09:42:08 UTC 2020 - Ondřej Súkup + +- update to 2.2.10 +- drop pyyaml53.patch + * fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)`` + +------------------------------------------------------------------- +Wed Jan 15 15:08:32 UTC 2020 - Ondřej Súkup + +- add pyyaml53.patch - fix tests with PyYAML 5.3 + +------------------------------------------------------------------- +Sun Dec 29 11:00:47 UTC 2019 - Ondřej Súkup + +- Update to 2.2.9 + * CVE-2019-19844: Potential account hijack via password reset form (bsc#1159447) + * Fixed a data loss possibility in SplitArrayField. + +------------------------------------------------------------------- +Mon Dec 2 09:45:57 UTC 2019 - Alberto Planas Dominguez + +- Update to 2.2.8 + * CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705) + * Fixed a data loss possibility in the admin changelist view when a + custom formset’s prefix contains regular expression special + characters, e.g. '$' + * Fixed a regression in Django 2.2.1 that caused a crash when + migrating permissions for proxy models with a multiple database + setup if the default entry was empty + * Fixed a data loss possibility in the select_for_update(). When + using 'self' in the of argument with multi-table inheritance, a + parent model was locked instead of the queryset’s model +- Add patch fix-selenium-test.patch to fix a test when selenium is + missing + +------------------------------------------------------------------- +Fri Nov 15 10:53:24 UTC 2019 - Tomáš Chvátal + +- Update to 2.2.7: + * Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826). + * Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870). + * Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903). + * Restored the ability to override get_FOO_display() (#30931). + +------------------------------------------------------------------- +Fri Nov 15 07:49:06 UTC 2019 - Tomáš Chvátal + +- Require full python interpreter on build and runtime + +------------------------------------------------------------------- +Mon Oct 7 13:15:57 UTC 2019 - Tomáš Chvátal + +- Update to 2.2.6: + * Fixed migrations crash on SQLite when altering a model + containing partial indexes (#30754). + * Fixed a regression in Django 2.2.4 that caused a crash when + filtering with a Subquery() annotation of a queryset containing + JSONField or HStoreField (#30769). + +------------------------------------------------------------------- +Mon Sep 16 10:13:08 UTC 2019 - Tomáš Chvátal + +- Update to 2.2.5: + * Relaxed the system check added in Django 2.2 for models to reallow use of the same db_table by multiple models when database routers are installed (#30673). + * Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672). + * Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign objects don’t respect a model’s Meta.ordering (#30449). + * Fixed a race condition in loading URLconf module that could cause a crash of auto-reloader on Python 3.5 and below (#30500). + +------------------------------------------------------------------- +Thu Aug 1 11:13:37 UTC 2019 - Tomáš Chvátal + +- Update to 2.2.4: + * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 + bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880 + * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628). + * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621). + * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506). + * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647). + +------------------------------------------------------------------- +Thu Jul 18 17:21:59 UTC 2019 - Tomáš Chvátal + +- Update to 2.2.3: + * CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶ + +------------------------------------------------------------------- +Mon Jun 3 11:01:44 UTC 2019 - Ondřej Súkup + +- update to 2.2.2 + * Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468) + * Fixes CVE-2019-11358: Prototype pollution + +------------------------------------------------------------------- +Tue May 7 07:13:09 UTC 2019 - Tomáš Chvátal + +- Update keyring file + +------------------------------------------------------------------- +Mon May 6 14:11:22 UTC 2019 - Alberto Planas Dominguez + +- Update to 2.2.1 + * Fixed a regression in Django 2.1 that caused the incorrect quoting + of database user password when using dbshell on Oracle (#30307). + * Added compatibility for psycopg2 2.8 (#30331). + * Fixed a regression in Django 2.2 that caused a crash when loading + the template for the technical 500 debug page (#30324). + * Fixed crash of ordering argument in ArrayAgg and StringAgg when it + contains an expression with params (#30332). + * Fixed a regression in Django 2.2 that caused a single instance + fast-delete to not set the primary key to None (#30330). + * Prevented makemigrations from generating infinite migrations for + check constraints and partial indexes when condition contains a + range object (#30350). Reverted an optimization in Django 2.2 + (#29725) that caused the inconsistent behavior of count() and + exists() on a reverse many-to-many relationship with a custom + manager (#30325). + * Fixed a regression in Django 2.2 where Paginator crashes if + object_list is a queryset ordered or aggregated over a nested + JSONField key transform (#30335). + * Fixed a regression in Django 2.2 where IntegerField validation of + database limits crashes if limit_value attribute in a custom + validator is callable (#30328). + * Fixed a regression in Django 2.2 where SearchVector generates SQL + that is not indexable (#30385). + * Fixed a regression in Django 2.2 that caused an exception to be + raised when a custom error handler could not be imported (#30318). + * Relaxed the system check added in Django 2.2 for the admin app’s + dependencies to reallow use of SessionMiddleware subclasses, + rather than requiring django.contrib.sessions to be in + INSTALLED_APPS (#30312). + * Increased the default timeout when using Watchman to 5 seconds to + prevent falling back to StatReloader on larger projects and made + it customizable via the DJANGO_WATCHMAN_TIMEOUT environment + variable (#30361). + * Fixed a regression in Django 2.2 that caused a crash when + migrating permissions for proxy models if the target permissions + already existed. For example, when a permission had been created + manually or a model had been migrated from concrete to proxy + (#30351). + * Fixed a regression in Django 2.2 that caused a crash of runserver + when URLConf modules raised exceptions (#30323). + * Fixed a regression in Django 2.2 where changes were not reliably + detected by auto-reloader when using StatReloader (#30323). + * Fixed a migration crash on Oracle and PostgreSQL when adding a + check constraint with a contains, startswith, or endswith lookup + (or their case-insensitive variant) (#30408). + * Fixed a migration crash on Oracle and SQLite when adding a check + constraint with condition contains | (OR) operator (#30412). + +------------------------------------------------------------------- +Wed Apr 10 07:55:46 UTC 2019 - John Vandenberg + +- Add test_clear_site_cache-sort.patch to workaround flaky test +- Add bcond_with for selenium and memcached, as those tests are inactive, + and add missing dependencies and setup for selenium testing +- Move removal of executable bit from a JavaScript file to %prep +- Fix fdupes + +------------------------------------------------------------------- +Wed Apr 3 11:21:56 UTC 2019 - Ondřej Súkup + +- update to 2.2 +- drop pyyaml5.patch +- add i18n_test.patch + * HttpRequest.headers to allow simple access to a request’s headers. + * Database-level constraints on models. + * Watchman compatibility for runserver to improve the performance + +------------------------------------------------------------------- +Sat Mar 23 16:31:46 UTC 2019 - Tomáš Chvátal + +- Add patch to build with PyYAML >5: + * pyyaml5.patch + +------------------------------------------------------------------- +Tue Feb 12 09:24:53 UTC 2019 - Thomas Bechtold + +- update to 2.1.7 (CVE-2019-6975, bsc#1124991): + * Corrected packaging error from 2.1.6 + * Memory exhaustion in django.utils.numberformat.format() + If django.utils.numberformat.format() – used by contrib.admin as well + as the the floatformat, filesizeformat, and intcomma templates + filters – received a Decimal with a large number of digits or a + large exponent, it could lead to significant memory usage + due to a call to '{:f}'.format(). + To avoid this, decimals with more than 200 digits are now formatted + using scientific notation. + * Made the obj argument of InlineModelAdmin.has_add_permission() optional + to restore backwards compatibility with third-party code that doesn’t + provide it + +------------------------------------------------------------------- +Thu Jan 10 12:09:43 UTC 2019 - Thomas Bechtold + +- update to 2.1.5 (CVE-2019-3498, bsc#1120932): + * CVE-2019-3498: Content spoofing possibility in the default 404 page + * Fixed compatibility with mysqlclient 1.3.14 (#30013). + * Fixed a schema corruption issue on SQLite 3.26+. You might have to drop + and rebuild your SQLite database if you applied a migration while using + an older version of Django with SQLite 3.26 or later (#29182). + * Prevented SQLite schema alterations while foreign key checks are enabled + to avoid the possibility of schema corruption (#30023). + * Fixed a regression in Django 2.1.4 (which enabled keep-alive connections) + where request body data isn’t properly consumed for such + connections (#30015). + * Fixed a regression in Django 2.1.4 where + InlineModelAdmin.has_change_permission() is incorrectly called with + a non-None obj argument during an object add (#30050). + +------------------------------------------------------------------- +Mon Dec 10 11:52:42 UTC 2018 - Ondřej Súkup + +- Update to version 2.1.4 + * Corrected the default password list that CommonPasswordValidator uses + by lowercasing all passwords to match the format expected by the validator + * Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in + an attempt to fix a random crash involving LooseVersion + * Fixed keep-alive support in runserver after it was disabled o 2.0 + * Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields + * Fixed “Please correct the errors below” error message when editing an object + in the admin if the user only has the “view” permission on inlines + * Fixed a regression in Django 2.0 where combining Q objects with __in lookups + and lists crashed + * Fixed a regression in Django 2.0 where test databases aren’t reused + with manage.py test --keepdb on MySQL + * Fixed a regression where cached foreign keys that use to_field were + incorrectly cleared in Model.save() + * Fixed a regression in Django 2.0 where FileSystemStorage crashes + with FileExistsError if concurrent saves try to create the same directory + +------------------------------------------------------------------- +Thu Oct 4 13:13:00 UTC 2018 - Alberto Planas Dominguez + +- Update to version 2.1.2 + * CVE-2018-16984: Password hash disclosure to “view only” admin + users + * Fixed a regression where nonexistent joins in F() no longer raised + FieldError (#29727). + * Fixed a regression where files starting with a tilde or underscore + weren’t ignored by the migrations loader (#29749). + * Made migrations detect changes to Meta.default_related_name + (#29755). + * Added compatibility for cx_Oracle 7 (#29759). + * Fixed a regression in Django 2.0 where unique index names weren’t + quoted (#29778). + * Fixed a regression where sliced queries with multiple columns with + the same name crashed on Oracle 12.1 (#29630). + * Fixed a crash when a user with the view (but not change) + permission made a POST request to an admin user change form + (#29809). + +------------------------------------------------------------------- +Tue Sep 18 13:17:15 CEST 2018 - Matěj Cepl + +- Switch of BR selenium for non-Intel platforms. + +------------------------------------------------------------------- +Tue Sep 4 12:24:15 UTC 2018 - Ondřej Súkup + +- update to version 2.1.1 +- drop django-urlencode.patch + * Fixed a race condition in QuerySet.update_or_create() that could result + in data loss + * Fixed a regression where QueryDict.urlencode() crashed if the dictionary + contains a non-string value + * Fixed a regression in Django 2.0 where using manage.py test --keepdb fails + on PostgreSQL if the database exists and the user doesn’t have permission + to create databases + * Fixed a regression in Django 2.0 where combining Q objects with __in + lookups and lists crashed + * Fixed translation failure of DurationField’s “overflow” error message + * Fixed a regression where the admin change form crashed if the user doesn’t + have the ‘add’ permission to a model that uses TabularInline + * Fixed a regression where a related_query_name reverse accessor wasn’t + set up when a GenericRelation is declared on an abstract base model + * Fixed the test client’s JSON serialization of a request data dictionary + for structured content type suffixes + * Made the admin change view redirect to the changelist view after a POST + if the user has the ‘view’ permission + * Fixed admin change view crash for view-only users if the form + has an extra form field + * Fixed a regression in Django 2.0.5 where QuerySet.values() or values_list() + after combining querysets with extra() with union(), difference(), + or intersection() crashed due to mismatching columns + +------------------------------------------------------------------- +Tue Aug 14 07:46:04 UTC 2018 - tchvatal@suse.com + +- Apply patch to fix urlencode nonstring values: + * django-urlencode.patch + +------------------------------------------------------------------- +Wed Aug 8 13:33:57 UTC 2018 - tchvatal@suse.com + +- Enable testsuite + +------------------------------------------------------------------- +Wed Aug 8 09:35:51 UTC 2018 - mimi.vx@gmail.com + +- update to version 2.1 +- move bash completion to right location +- for full chanfges please see https://docs.djangoproject.com/en/2.1/releases/2.1/ + * Dropped support for MySQL 5.5 + * Dropped support for PostgreSQL 9.3 + * Support for SpatiaLite 4.0 is removed + * Support for SQLite < 3.7.15 is removed. + +------------------------------------------------------------------- +Mon Jul 2 13:15:55 UTC 2018 - aplanas@suse.com + +- update to version 2.0.7: + * Fixed admin changelist crash when using a query expression without + asc() or desc() in the page’s ordering (#29428). + * Fixed admin check crash when using a query expression in + ModelAdmin.ordering (#29428). + * Fixed __regex and __iregex lookups with MySQL 8 (#29451). + * Fixed migrations crash with namespace packages on Python 3.7 + (#28814). +- update to version 2.0.6 + * Fixed a regression that broke custom template filters that use + decorators (#29400). + * Fixed detection of custom URL converters in included patterns + (#29415). + * Fixed a regression that added an unnecessary subquery to the GROUP + BY clause on MySQL when using a RawSQL annotation (#29416). + * Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS + 3.6.1+ (#29460). + * Fixed a regression in Django 1.10 that could result in large + memory usage when making edits using ModelAdmin.list_editable + (#28462). +- update to version 2.0.5 + * Corrected the import paths that inspectdb generates for + django.contrib.postgres fields (#29307). + * Fixed a regression in Django 1.11.8 where altering a field with a + unique constraint may drop and rebuild more foreign keys than + necessary (#29193). + * Fixed crashes in django.contrib.admindocs when a view is a + callable object, such as django.contrib.syndication.views.Feed + (#29296). + * Fixed a regression in Django 1.11.12 where QuerySet.values() or + values_list() after combining an annotated and unannotated + queryset with union(), difference(), or intersection() crashed due + to mismatching columns (#29286). + +------------------------------------------------------------------- +Sat Apr 7 19:21:18 UTC 2018 - tbechtold@suse.com + +- update to version 2.0.4: + * Fixed #29265 -- Removed the suggestion to hardcode static URLs. + * Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. + * Fixed #29195 -- Fixed Exists.output_field resolution on single-valued queries. + * Fixed links to Sphinx docs. + * Fixed typo in docs/releases/2.0.4.txt. + * Clarified docs about ISO 8601 week numbering. + * Fixed #29116 -- Fixed OpenLayersWidget deserialization ignoring the widget map's SRID. + * Added CVE-2018-7536,7 to the security release archive. + * Fixed #29221 -- Corrected admin's autocomplete widget to add a space after custom classes. + * Fixed #29273 -- Prevented initial selection of empty choice in multiple choice widgets. + * Added a pagination example to ListView docs. + * Fixed #28514 -- Clarifed docs about idempotence of RelatedManager.add(). + * isorted import statements in tutorial example. + * Fixed #29192 -- Corrected docs regarding overriding fields from abstract base classes. + * Refs #11278 -- Clarified RelatedManager differences between reverse one-to-many and many-to-many relations. + * Added stub release notes for 1.11.12. + * Fixed #29165 -- Clarified how to load initial data with migrations. + * Fixed #29213 -- Fixed autocomplete widget's translations for zh-hans/zh-hant. + * Reverted "Expanded docs for AbstractBaseUser.has_usable_password()." + * Fixed typo in docs/releases/2.0.4/1.11.12.txt. + * Bumped version for 2.0.4 release. + * Fixed #29250 -- Added 'django_version' context to startapp/project docs. + * Added release date for 2.0.4 and 1.11.12. + * Post-release version bump. + * Clarified a sentence in docs/topics/i18n/translation.txt. + * Fixed #29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection(). + * Added stub release notes for 2.0.4. + * Fixed a couple mistakes in docs/ref/forms/widgets.txt. + * Fixed #28655 -- Added more examples for customizing widgets in a form. + +------------------------------------------------------------------- +Mon Mar 19 07:09:53 UTC 2018 - tbechtold@suse.com + +- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537): + * Fixed #29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets. + * Added CVE-2018-6188 to the security release archive. + * Post-release version bump. + * Updated translations from Transifex + * Added stub release notes for security releases. + * Fixed incorrect regex in re_path() example. + * Fixed #29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments. + * Fixed #29126 -- Doc'd the behavior of QuerySet.update_or_create() with manually specified pks. + * Used a CSS positioning in tutorial 6 that doesn't differ across browsers. + * Fixed typo in bulk_create() documentation. + * Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string. + * Removed blank lines per isort 4.3.0. + * Added stub release notes for 2.0.3. + * Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. + * Fixed #29172 -- Fixed crash with Window expression in a subquery. + * Fixed #29166 -- Fixed crash in When() expression with a list argument. + * Fixed #24270 -- Doc'd that django_bash_completion is only in the source distribution. + * Improved clarity of docs/topics/install.txt. + * Refs #29125 -- Made Q.deconstruct() omit 'query_utils' in the path and _connector='AND' since it's a default value. + * Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. + * Bumped version for 2.0.3 release. + * Corrected doc'd type of some parameters from string to str. + * Fixed #29146 -- Readded ^ and $ inadvertently removed from re_path() examples. + * Fixed #29107 -- Doc'd that ModelForm doesn't actually inherit from Form. + * Switched test requirement to new psycopg2-binary package. + * Added backticks around obj argument in admin docs. + * Fixed typo in docs/topics/forms/media.txt. + * Fixed #29109 -- Fixed the admin time picker widget for the Thai locale. + * Fixed #29118 -- Fixed crash with QuerySet.order_by(Exists(...)). + +------------------------------------------------------------------- +Wed Feb 7 13:54:36 UTC 2018 - tbechtold@suse.com + +- update to 2.0.2 (bsc#1077714, CVE-2018-6188): + * Fixed #28883 -- Doc'd that the uuid URL path converter matches lowercase only letters. + * Fixed a GeoIP2 test failure with the latest GeoIP2 database. + * Added stub release notes for 2.0.1. + * Bumped version for 2.0.2 release. + * Fixed location of spatialite_source label. + * Fixed #28958 -- Fixed admin changelist crash when using a query expression in the page's ordering. + * Fixed #28231 -- Doc'd that QuerySet.bulk_create() casts objs to a list. + * Fixed #29032 -- Fixed an example of using expressions in QuerySet.values(). + * Disambiguated "settings" in SpatiaLite note. + * Fixed typo in docs/topics/testing/advanced.txt. + * Post-release version bump. + * Refs #25604 -- Removed docs for makemigrations --exit. + * Fixed #29002 -- Corrected cached template loader docs about when it's automatically enabled. + * Fixed typo in TemplateCommand argument help text. + * Added stub release notes for 1.11.9. + * Fixed #28915 -- Prevented SQLite from truncating trailing zeros in the fractional part of DecimalField. + * Refs #29086 -- Doc'd how to detect bytestring mistakes. + * Fixed #28886 -- Updated prefix for example django.contrib.auth.urls URLs. + * Fixed #29081 -- Clarified comments in QuerySet.select_related() example. + * Refs #27985 -- Reallowed using __exact=None as an alias for __isnull=True if a custom lookup class with lookup_name != None is registered as the exact lookup. + * Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table. + * Removed 'development' word in contributing docs + * Fixed #29055 -- Doc'd that escapejs doesn't make template literals safe. + * Fixed #29016 -- Fixed incorrect foreign key nullification on related instance deletion. + * Fixed grammar in docs/releases/2.0.txt. + * Fixed #29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn't accept a request but a later one does. + * Fixed #28944 -- Fixed crash when chaining values()/values_list() after QuerySet.select_for_update(of=()). + * Fixed #29091 -- Fixed makemigrations crash if migrations directory doesn't have __init__.py. + * Fixed #28898 -- Corrected admin check to allow a OneToOneField in ModelAdmin.autocomplete_fields. + * Fixed #28896 -- Reallowed filtering a queryset with GeometryField=None. + * Fixed #28891 -- Documented Origin's loader attribute. + * Confirmed support for PostGIS 2.4. + * Wrapped an import per isort. + * Added release date for 2.0.1 and 1.11.9. + * Fixed #28884 -- Fixed crash on SQLite when renaming a field in a model referenced by a ManyToManyField. + * Fixed "template tag" spelling in docs. + * Fixed #28947 -- Fixed crash when coercing a translatable URL pattern to str. + * Fixed typo in docs/topics/i18n/translation.txt. + * Refs #28932 -- Skipped the failing test for refs #28915 on Oracle. + * Refs #25181 -- Updated timezone.now() docs about obtaining the time in the current time zone. + * Updated documented mysqlclient requirement to 1.3.7. + * Fixed #28885 -- Fixed hidden content at the bottom of the "The install worked successfully!" page for some languages. + * Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs. + * Fixed #29067 -- Fixed regression in QuerySet.values_list(..., flat=True) followed by annotate(). + * Removed note in tutorial about bypassing manage.py. + * Fixed #28929 -- Corrected QUnit examples. + * Refs #28958 -- Added a test for ModelAdmin with query expressions in ordering. + * Updated various links in docs to use HTTPS. + * Expanded docs for AbstractBaseUser.has_usable_password(). + * Fixed #29017 -- Updated BaseCommand.leave_locale_alone doc per refs #24073. + * Doc'd specifying the ENGINE setting as part of configuring contrib.gis. + * Added stub release notes for 1.11.10. + * Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase. + * Fixed #28784 -- Clarified how migrate --fake works. + * Fixed typo in docs/ref/models/expressions.txt. + * Fixed #29094 -- Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields. + * Refs #28876 -- Fixed incorrect foreign key constraint name for models with quoted db_table. + * Bumped version for 2.0.1 release. + * Fixed #25277 -- Restored test dependency to the original python-memcached. + * Fixed #28761 -- Documented how an inline formset's prefix works. + * Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI. + * Fixed #28966 -- Doc'd that the uuid URL path converter requires dashes + * Fixed #29054 -- Fixed a regression where a queryset that annotates with geometry objects crashes. + * Reverted "[1.11.x] Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI." + * Added "Python 3 Only" trove classifier. + * Fixed #28941 -- Fixed crash in testserver command startup. + * Fixed import in docs/ref/models/conditional-expressions.txt example. + * Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. + * Fixed #28594 -- Removed Jython docs and specific code + * Renamed the "Supported versions" label. + * Fixed #28878 -- Added python_requires in setup.py and a warning for older pips that don't recognize it. + * Fixed typo in docs/ref/contrib/admin/index.txt. + * Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI. + * Added stub release notes for 2.0.2. + * Fixed #28938 -- Corrected Python compatibility in the tutorial. + * Fixed #28890 -- Removed newlines between MultiWidget's subwidgets. + +------------------------------------------------------------------- +Tue Dec 12 21:12:18 UTC 2017 - mimi.vx@gmail.com + +- update to 2.0 + * drop python 2 support + * Simplified URL routing syntax + * Mobile-friendly contrib.admin + * Window expressions + * Removed support for bytestrings in some places + * Dropped support for Oracle 11.2 +- Please read Release Notes - https://docs.djangoproject.com/en/2.0/releases/2.0/ + +------------------------------------------------------------------- +Tue Dec 12 05:16:57 UTC 2017 - tbechtold@suse.com + +- update to 1.11.8: + * Fixed #28488 -- Reallowed error handlers to access CSRF tokens. + * Fixed #28856 -- Fixed a regression in caching of a GenericForeignKey + pointing to a MTI model. + * Fixed #28597 -- Fixed crash with the name of a model's autogenerated primary + key in an Index's fields. + * Added stub release notes for 1.11.7. + * Fixed #28305 -- Fixed "Cannot change column 'x': used in a foreign key constraint" + crash on MySQL with a sequence of AlterField or RenameField operations. + * Fixed #28689 -- Fixed unquoted table names in Subquery SQL when using OuterRef. + * Added assertion helpers for PostgreSQL's server-side cursor tests. + * Fixed #28729 -- Replaced a numbered list with unordered list in TemplatesSetting docs. + * Fixed #28786 -- Doc'd middleware ordering considerations due to + CommonMiddleware setting Content-Length. + * Added release date for 1.11.8. + * Fixed #28702 -- Made query lookups for CIText fields use citext. + * Added 2017-12794 to the security release archive. + * Fixed typo in docs/topics/cache.txt. + * Bumped version for 1.11.6 release. + * Added release date for 1.11.6. + * Fixed #28648 -- Corrected typo in docs/topics/db/queries.txt. + * Bumped version for 1.11.7 release. + * Added stub release notes for 1.11.8. + * Fixed #28848 -- Fixed SQLite/MySQL crash when ordering by a filtered + subquery that uses nulls_first/nulls_last. + * Fixed typo in docs/topics/db/aggregation.txt. + * Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt. + * Fixed typo in docs/topics/forms/media.txt. + * Bumped version for 1.11.8 release. + * Fixed typo in docs/ref/models/querysets.txt. + * Fixed test failures due to ordering differences on PostgreSQL 10. + * Fixed #28710 -- Fixed the Basque DATE_FORMAT string + * Added stub release notes for 1.11.6. + * Fixed #28747 -- Fixed typos in django/conf/global_settings.py comments. + * Fixed #28817 -- Made QuerySet.iterator() use server-side cursors after + values() and values_list(). + * Post-release version bump. + * Fixed #28792 -- Fixed index name truncation of namespaced tables. + * Fixed #28781 -- Added QuerySet.values()/values_list() support for union(), + difference(), and intersection(). + * Fixed #28722 -- Made QuerySet.reverse() affect nulls_first/nulls_last. + * Refs #28710 -- Simplified l10n format test + * Initialized CsrfViewMiddleware once in csrf_tests. + * Added release date for 1.11.7. + * Linked to prefetch_related_objects func in DB optimization docs. + * Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user + error when using ModelBackend. + * Fixed #28653 -- Added missing ForeignKey.on_delete argument in docs. + * Fixed #28561 -- Removed inaccurate docs about QuerySet.order_by() and joins. + * Fixed #28555 -- Made CharField convert whitespace-only values to the + empty_value when strip is enabled. + * Fixed #28601 -- Prevented cache.get_or_set() from caching None if default + is a callable that returns None. + +------------------------------------------------------------------- +Wed Sep 20 21:53:53 UTC 2017 - toddrme2178@gmail.com + +- update to version 1.11.5 + * CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page + * Fixed GEOS version parsing if the version has a commit hash at the end (new + in GEOS 3.6.2) (:ticket:`28441`). + * Added compatibility for ``cx_Oracle`` 6 (:ticket:`28498`). + * Fixed select widget rendering when option values are tuples (:ticket:`28502`). + * Django 1.11 inadvertently changed the sequence and trigger naming scheme on + Oracle. This causes errors on INSERTs for some tables if + ``'use_returning_into': False`` is in the ``OPTIONS`` part of ``DATABASES``. + The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily + requires an update to Oracle tables created with Django 1.11.[1-4]. Use the + upgrade script in :ticket:`28451` comment 8 to update sequence and trigger + names to use the pre-1.11 naming scheme. + * Added POST request support to ``LogoutView``, for equivalence with the + function-based ``logout()`` view (:ticket:`28513`). + * Omitted ``pages_per_range`` from ``BrinIndex.deconstruct()`` if it's ``None`` + (:ticket:`25809`). + * Fixed a regression where ``SelectDateWidget`` localized the years in the + select box (:ticket:`28530`). + * Fixed a regression in 1.11.4 where ``runserver`` crashed with non-Unicode + system encodings on Python 2 + Windows (:ticket:`28487`). + * Fixed a regression in Django 1.10 where changes to a ``ManyToManyField`` + weren't logged in the admin change history (:ticket:`27998`) and prevented + ``ManyToManyField`` initial data in model forms from being affected by + subsequent model changes (:ticket:`28543`). + * Fixed non-deterministic results or an ``AssertionError`` crash in some + queries with multiple joins (:ticket:`26522`). + * Fixed a regression in ``contrib.auth``'s ``login()`` and ``logout()`` views + where they ignored positional arguments (:ticket:`28550`). + +------------------------------------------------------------------- +Thu Aug 10 12:51:56 UTC 2017 - tbechtold@suse.com + +- update to version 1.11.4: + * Fixed #27939 -- Updated OpenLayersWidget.map_srid for OpenLayers 3. + * Fixed #27956 -- Fixed display of errors in an {% extends %} child. + * Updated various links in docs to avoid redirects + * Fixed typo in docs/topics/auth/default.txt. + * Double quoted HTML attributes in widget docs + * Fixed #28303 -- Prevented localization of attribute values in the DTL attrs.html widget template. + * Added stub release notes for 1.11.3. + * Documented OSMWidget.default_lat/lon. + * Fixed #28101 -- Fixed a regression with nested __in subquery lookups and to_field. + * Bumped version for 1.11.4 release. + * Bumped version for 1.11.3 release. + * Updated translations from Transifex + * Fixed #28039 -- Fixed crash in BaseGeometryWidget.subwidgets(). + * Fixed #28242 -- Moved ImageField file extension validation to the form field. + * Made docs/topics/migrations.txt use single quotes consistently. + * Fixed #28355 -- Fixed widget rendering of non-ASCII date/time formats on Python 2. + * Updated name of topics/db/queries link on index. + * Fixed #28025 -- Fixed typo in docs/ref/models/querysets.txt. + * Fixed #28043 -- Prevented AddIndex and RemoveIndex from mutating model state. + * Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request. + * Fixed #28361 -- Fixed possible time-related failure in was_published_recently() tutorial test. + * Fixed #28265 -- Prevented renderer warning on Widget.render() with **kwargs. + * Fixed typo in docs/topics/testing/advanced.txt. + * Fixed #28125 -- Clarified 1.11 release note about Template.render() prohibiting non-dict context. + * Refs #18974 -- Added stacklevel for permalink() deprecation. + * Fixed #28350 -- Fixed UnboundLocalError crash in RenameField with nonexistent field. + * Fixed #28051 -- Made migrations respect Index's name argument. + * Fixed #28420 -- Doc'd 'is' comparison restriction for User.is_authenticated/anonymous. + * Added release date for 1.11.4. + * Refs #28174 -- Fixed autoreload test crash on Python 2/non-ASCII path. + * Fixed #28389 -- Fixed pickling of LazyObject on Python 2 when wrapped object doesn't have __reduce__(). + * Fixed #28148 -- Doc'd ImageField name validation concerns with the test client. + * Added stub release notes for 1.11.2. + * Fixed #27890 -- Fixed FileNotFoundError cleanup exception in runtests.py on Python 3.6+. + * Fixed #28138 -- Used output type handler instead of numbersAsStrings on Oracle cursor. + * Fixed widgets module path in docs/ref/contrib/gis/forms-api.txt. + * Fixed #27947 -- Doc'd that model Field.error_messages often don't propagate to forms. + * Fixed #28067 -- Clarified __str__() return type when using python_2_unicode_compatible(). + * Fixed docstring typo in django/contrib/admin/actions.py. + * Fixed #28102 -- Doc'd how to compute path to built-in widget template directories. + * Fixed #28352 -- Corrected QuerySet.values_list() return type in docs examples. + * Fixed #28181 -- Added detection for GDAL 2.1 and 2.0. + * Refs #23853 -- Updated sql.query.Query.join() docstring. + * Added a test for Model._meta._property_names. + * Refs #27919 -- Changed Widget.get_context() attrs kwarg to an arg. + * Fixed #28415 -- Clarified what characters ASCII/UnicodeUsernameValidator accept. + * Fixed #28074 -- Doc'd template-based widget rendering changes for contrib.gis. + * Fixed #28278 -- Fixed invalid HTML for a required AdminFileWidget. + * Added content_type filtering in Permission querying example. + * Corrected FileExtensionValidator doc regarding the value being validated. + * Fixed #27960 -- Set errcheck=False for GDALAllRegister to prevent crash. + * Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget. + * Fixed #27969 -- Fixed models.Field.formfield() setting 'disabled' for fields with choices. + * Post-release version bump. + * Fixed #28298 -- Prevented a primary key alteration from adding a foreign key constraint if db_constraint=False. + * Refs #28192 -- Fixed documentation of ChoiceField choices requirement + * Fixed #27966 -- Bumped required psycopg2 version to 2.5.4. + * Linked GIS QuerySet API docs to corresponding PostGIS docs. + * Fixed #27974 -- Kept resolved templates constant during one rendering cycle. + * Refs #28100 -- Fixed URL in el, es_MX, and pt auth translations + * Fixed typo in docs/ref/request-response.txt. + * Fixed #27963 -- Removed unneeded docstring example in contributing docs. + * Added stub release notes for security releases. + * Fixed #28349 -- Doc'd how to upgrade Django from LTS to LTS. + * Fixed typo in docs/ref/forms/fields.txt. + * Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve(). + * Fixed #28170 -- Fixed file_move_safe() crash when moving files to a CIFS mount. + * Fixed broken links to Oracle docs. + * Fixed #27554 -- Fixed prefetch_related() crash when fetching relations in nested Prefetches. + * Added links and cosmetic edits to docs/ref/request-response.txt. + * Added stub release notes for 1.11.1. + * Fixed #28079 -- Restored "No POST data" (rather than an empty table) in HTML debug page. + * Removed incorrect "required" attribute in docs/ref/forms/fields.txt. + * Fixed #28176 -- Restored the uncasted option value in ChoiceWidget template context. + * Refs #24423 -- Readded inadvertently deleted i18n tests. + * Fixed #27965 -- Fixed precision comparison in a geoforms test (refs #27939). + * Corrected post-release version bump. + * Made runtests.py run gis_tests only when using a GIS database backend. + * Fixed #28230 -- Allowed DjangoJsonEncoder to serialize CallableBool. + * Fixed broken link to QUnit docs. + * Removed MySQL (unsupported) from Perimeter docs. + * Fixed #28266 -- Fixed typo in docs/ref/models/instances.txt. + * Fixed #28139 -- Added another level of headings in the topics index. + * Fixed #28003 -- Doc'd what an auto-created OneToOneField parent_link looks like. + * Fixed #28160 -- Prevented hiding GDAL exceptions when it's not installed. + * Updated man page for Django 1.11. + * Fixed #27988 -- Fixed typo in docs/ref/django-admin.txt. + * Fixed #28199 -- Fixed Subquery generating unnecessary/invalid CAST. + * Fixed #28122 -- Fixed crash when overriding views.static.directory_index()'s template. + * Fixed AppRegistryNotReady error when running gis_tests in isolation on PostGIS. + * Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD. + * Fixed #28040 -- Updated SplitArrayWidget to use template-based widget rendering. + * Fixed #28269 -- Fixed Model.__init__() crash on models with a field that has an instance only descriptor. + * Tested EmailMessage(attachments=[MIMEText]) + * Clarified return value of NumGeometries GIS function. + * Refs #27935 -- Fixed BrinIndex.max_name_length if a project's default database isn't PostgreSQL. + * Fixed #28058 -- Restored empty BoundFields evaluating to True. + * Replaced "not A== B" with "A != B" in docs/howto/writing-migrations.txt. + * Added CVE-2017-7233,4 to the security release archive. + * Fixed #28204 -- Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if InvalidPage message contains non-ASCII. + * Fixed #27935 -- Fixed crash with BrinIndex name > 30 characters. + * Fixed #28293 -- Fixed union(), intersection(), and difference() when combining with an EmptyQuerySet. + * Fixed #28222 -- Allowed settable properties in QuerySet.update_or_create()/get_or_create() defaults. + * Refs #27556, #27488 -- Updated support backends docs for isvalid lookup. + * Fixed nondeterministic ordering test failure in model_forms. + * Fixed #28345 -- Applied limit_choices_to during ModelForm.__init__(). + * Fixed #27981 -- Doc'd date/time filter l10n changes in refs #25758. + * Made a few cosmetic updates to "Migrations that add unique fields". + * Bumped version for 1.11 release. + * Fixed #28004 -- Doc'd how to create migrations for an app without a migrations directory. + * Fixed #28202 -- Fixed FieldListFilter.get_queryset() crash on invalid input. + * Fixed #27949 -- Doc'd how OpenLayers 3 widgets work. + * Pass type to sql_alter_column_* where it was missing. + * Fixed #27866 -- Made ChoiceWidget.format_value() return a list + * Fixed #28308 -- Doc'd removal of Select.render_option() (refs #15667). + * Fixed #28178 -- Changed contrib.gis to raise ImproperlyConfigured if gdal isn't installed. + * Fixed #28284 -- Prevented Paginator's unordered object list warning from evaluating a QuerySet. + * Fixed #28209 -- Made date-based generic views return a 404 rather than crash when given an out of range date. + * Fixed #28161 -- Fixed return type of ArrayField(CITextField()). + * Corrected docs regarding MySQL support of Length GIS function. + * Fixed #28175 -- Fixed __in lookups on a foreign key when using the foreign key's parent model as the lookup value. + * Refs #18247 -- Fixed SQLite QuerySet filtering on decimal result of Least and Greatest. + * Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials. + * Fixed #27644 -- Doc'd FileSystemStorage.get_created_time(). + * Added test for intersection() when combining with a queryset raising EmptyResultSet. + * Fixed #28197 -- Fixed introspection of index field ordering on PostgreSQL. + * Removed extra characters in docs header underlines. + * Fixed GEOSGeometry reference in GIS tutorial. + * Refs #28066 -- Fixed Python 2 failures in sessions_tests. + * Removed obsolete Widget.format_output() in tests. + * Fixed #28059 -- Restored class attribute in
    of widgets that use multiple_input.html. + * Fixed typo in docs/ref/contrib/postgres/fields.txt. + * Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6. + * Fixed #28031 -- Removed notes about old uWSGI/sentry versions (refs #20537). + * Removed unexpected initial attribute in data migration examples. + * Renamed "Mac OS X" to "macOS" in docs. + * Sorted imports per isort 4.2.9. + * Refs #28138 -- Added release notes for d52577b62b3138674807ac74251fab7faed48331. + * Back to the future. + * Fixed #27993 -- Fixed model form default fallback for SelectMultiple. + * Refs #27866 -- Adapted backport for Python 2 compatibility + * Removed unused links in docs/internals/contributing/triaging-tickets.txt. + * Clarified QuerySet.iterator()'s docs on server-side cursors. + * Fixed #28096 -- Allowed prefetch calls with ModelIterable subclasses + * Fixed #28414 -- Fixed ClearableFileInput rendering as a subwidget of MultiWidget. + * Corrected REPL example in forms docs for Python 3. + * Refs #28181 -- Corrected detection of GDAL 2.1 on Windows. + * Fixed #28075 -- Prevented ChoiceWidget from localizing option values. + * Fixed #28282 -- Fixed class-based indexes name for models that only inherit Model. + * Fixed #28038 -- Restored casting to text of builtin lookups on PostgreSQL. + * Fixed #28418 -- Fixed queryset crash when using a GenericRelation to a proxy model. + * Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL. + * Fixed #28105 -- Fixed crash in BaseGeometryWidget.get_context() when overriding existing attrs. + * Refs #28160 -- Skipped a GeoManager test if not using a GIS database backend. + * Fixed #28157 -- Fixed choice ordering in form fields with grouped and non-grouped options. + * Fixed #28095 -- Doc'd Widget.build_attrs() signature change in Django 1.11. + * Fixed a forms test after updated translations. + * Fixed 403 link in docs/ref/contrib/gis/install/spatialite.txt. + * Simplified schema.tests with assertForeignKeyExists()/assertForeignKeyNotExists(). + * Fixed #28336 -- Fixed typo in docs/ref/settings.txt. + * Fixed #28378 -- Fixed union() and difference() when combining with a queryset raising EmptyResultSet. + * Refs #28052 -- Cleaned up some indexes in schema tests. + * Fixed #28047 -- Fixed QuerySet.filter() crash when it uses the name of a OneToOneField pk. + * Added release date for 1.11.1. + * Fixed #28327 -- Removed contradictory description of mod_wsgi docs. + * Clarified "newly-introduced features" in the supported versions policy. + * Fixed docs build with Sphinx 1.6. + * Fixed #28239 -- Removed docs for a removed arg of template.Context. + * Bumped version for 1.11.2 release. + * Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests. + * Updated postgis.net and gaia-gis.it links to https. + * Fixed typos in docs/topic/db/search.txt. + * Fixed #28174 -- Fixed crash in runserver's autoreload with Python 2 on Windows with non-str environment variables. + * Fixed typos in docs/howto/static-files/index.txt. + * Fixed #28294 -- Doc'd request/args/kwargs attributes of class-based views. + * Fixed #27967 -- Fixed KeyError in admin's inline form with inherited non-editable pk. + * Fixed db backend discovery in admin_scripts tests. + * Fixed outdated TIME_FORMAT in docs/ref/templates/builtins.txt. + * Fixed #26028 -- Added overriding templates howto. + * Updated was_published_recently() tutorial test to check boundary condition. + * Fix a typo in django/db/transaction.py + * Fixed #28109 -- Corrected the stack level of unordered queryset pagination warnings. + * Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. + * Refs #22397 -- Removed model in test cleanup + * Fixed #28052 -- Prevented dropping Meta.indexes when changing db_index to False. + * Fixed #18485 -- Doc'd behavior of PostgreSQL when manually setting AutoField. + * Updated core translations from Transifex + * Fixed #28166 -- Fixed Model._state.db on MTI parent model after saving child model. + * Added missing import in docs/topics/db/queries.txt. + * Refs #27919 -- Passed ChoiceWidget.create_option() kwargs as expected. + * Fixed #28229 -- Fixed the value of LoginView's "next" template variable. + * Fixed #27975 -- Fixed crash if ModelChoiceField's queryset=None. + * Added release date for 1.11.2. + * Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs. + * Fixed #28159 -- Fixed BaseInlineFormSet._construct_form() crash when using save_as_new. + * Removed an obsolete temporal reference in docs/faq/general.txt. + * Fixed #28042 -- Fixed crash when using a two-tuple in EmailMessage's attachments arg. + * Fixed #27945 -- Clarified that RegexValidator searches with the regex. + * Linked GIS functions docs to corresponding PostGIS docs. + * Refs #17453 -- Fixed broken link to #django IRC logs. + * Fixed gis_tests.geoapp test with incorrect geodetic coordinates. + * Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data. + * Fixed #27730 -- Doc'd that template vars created outside a block can't be used in it. + * Fixed #28069 -- Moved setup_test_environment() warning in tutorial 5. + * Fixed #28130 -- Fixed formset min_num validation with initial, unchanged forms. + * Fixed #28091 -- Re-raised original exception when closing cursor cleanup fails + * Clarified backend support of Area GIS function. + * Fixed #28387 -- Fixed has_changed() for disabled form fields that subclass it. + * Fixed #27915 -- Allowed Meta.indexes to be defined in abstract models. + * Fixed #26755 -- Fixed test_middleware_classes_headers if Django source isn't writable. + * Fixed #28188 -- Fixed crash when pickling model fields. + * Fixed typo in docs/ref/models/querysets.txt. + * Pointed Dive into Python links to python3 site + * Refs #25240 -- Added ExtractWeek examples. + * Added some shell output in tutorial 2. + * Removed inappropriate highlighting in committing-code.txt. + * Fixed #28399 -- Fixed QuerySet.count() for union(), difference(), and intersection() queries. + * Fixed #28212 -- Allowed customizing the port that LiveServerTestCase uses. + * Fixed flake8 warning on Python 2. + * Clarified meaning of "Optional" in auth.models.User field docs. + * Clarified HStoreField model/form difference in 1.11 release notes. + * Removed self from method signatures in docs. + * Added stub release notes for 1.11.4. + * Updated tests after French translation update + * Fixed #27603 -- Fixed AsKML when queryset is evaluated more than once. + * Fixed #28262 -- Fixed incorrect DisallowedModelAdminLookup when a nested reverse relation is in list_filter. + * Fixed #27434 -- Doc'd how to raise a model validation error for a field not in a model form. + * Refs #21415 -- Fixed contrib.humanize translations for es_AR + * Fixed #27655 -- Added some guidelines to the coding style docs. + * Updated contrib translations from Transifex + * Removed nonexistent methods from File's docs. + * Doc'd the need to remove default ordering on Subquery aggregates. + * Fixed broken link to mysqlclient docs. + * Fixed #28210 -- Fixed Model._state.adding on MTI parent model after saving child model. + * Removed usage of deprecated sphinx.util.compat.Directive. + * Refs #28100 -- Added 1.11.1 release note for e6bfd3d751278d7cfd09af1120c4bbce509c05da. + * Fixed #28190 -- Clarifed how include/extends treat template names. + * Refs #26294 -- Fixed typo in docs/ref/django-admin.txt. + * Refs #28091 -- Fixed typo and rephrased 1.11.1 release note. + * Fixed typo in docs/ref/class-based-views/mixins-single-object.txt. + * Bumped version for 1.11.1 release. + * Added release date for 1.11.3. + * Bumped version for 1.11 release candidate 1. + * Simplified tutorial's test names and docstrings. + * Fixed typo in django/db/backends/base/schema.py comment. + * Fixed #28233 -- Used a simpler example in the aggregation "cheat sheet" docs. +- Require python-pytz and Recommend python-bcrypt + +------------------------------------------------------------------- +Wed Aug 9 17:58:19 UTC 2017 - toddrme2178@gmail.com + +- Fix building on older Python versions. + +------------------------------------------------------------------- +Mon Jul 10 18:42:12 UTC 2017 - toddrme2178@gmail.com + +- Fix wrong-script-interpreter rpmlint error. + +------------------------------------------------------------------- +Mon May 8 14:32:03 UTC 2017 - toddrme2178@gmail.com + +- django-admin.py should be the master, not django-admin. + +------------------------------------------------------------------- +Sat May 6 03:31:54 UTC 2017 - toddrme2178@gmail.com + +- Don't provide python2-django or python2-South, singlespec + packages should use correct name. + +------------------------------------------------------------------- +Thu May 4 15:33:21 UTC 2017 - toddrme2178@gmail.com + +- Implement single-spec version. + +------------------------------------------------------------------- +Tue Apr 4 14:38:13 UTC 2017 - appleonkel@opensuse.org + +- Update to 1.10.7 + Bugfixes + * Made admin’s RelatedFieldWidgetWrapper use the wrapped widget’s + value_omitted_from_data() method (#27905) + * Fixed model form default fallback for SelectMultiple (#27993) + +------------------------------------------------------------------- +Wed Mar 1 14:24:17 UTC 2017 - appleonkel@opensuse.org + +- Update to 1.10.6 + Bugfixes + * Fixed ClearableFileInput’s “Clear” checkbox on model form fields where the + model field has a default + * Fixed RequestDataTooBig and TooManyFieldsSent exceptions crashing rather than + generating a bad request response + * Fixed a crash on Oracle and PostgreSQL when subtracting DurationField or + IntegerField from DateField + * Fixed query expression date subtraction accuracy on PostgreSQL for differences + large an a month + * Fixed a GDALException raised by GDALClose on GDAL >= 2.0 + +------------------------------------------------------------------- +Tue Jan 31 14:00:11 UTC 2017 - michal@cihar.com + +- Update to 1.10.5 + * See https://docs.djangoproject.com/en/1.10/releases/1.10/ + * Full text search for PostgreSQL + * New-style middleware + * Official support for Unicode usernames + +------------------------------------------------------------------- +Fri Dec 2 10:17:25 UTC 2016 - appleonkel@opensuse.org + +- Update to 1.9.12 + Bugfixes + * Quoted the Oracle test user’s password in queries to fix the “ORA-00922: missing + or invalid option” error when the password starts with a number or + special character (#27420) + * DNS rebinding vulnerability when DEBUG=True + * CSRF protection bypass on a site with Google Analytics + +------------------------------------------------------------------- +Sat Sep 24 16:42:55 UTC 2016 - sbahling@suse.com + +- Change Requires: python-Pillow to python-imaging for compatibility + with SLE-12 which provides PIL instead of Pillow. + +------------------------------------------------------------------- +Tue Aug 9 09:11:24 UTC 2016 - aplanas@suse.com + +- Update to 1.9.9 + Bugfixes + * Fixed invalid HTML in template postmortem on the debug page + (#26938). + * Fixed some GIS database function crashes on MySQL 5.7 (#26657). + +- Update to 1.9.8 + Fix XSS in admin’s add/change related popup (bsc#988420) + Unsafe usage of JavaScript’s Element.innerHTML could result in XSS + in the admin’s add/change related popup. Element.textContent is now + used to prevent execution of the data. + The debug view also used innerHTML. Although a security issue wasn’t + identified there, out of an abundance of caution it’s also updated + to use textContent. + + Bugfixes + * Fixed missing varchar/text_pattern_ops index on CharField and + TextField respectively when using AddField on PostgreSQL (#26889). + * Fixed makemessages crash on Python 2 with non-ASCII file names + (#26897). + +- Update to 1.9.7 + Bugfixes + * Removed the need for the request context processor on the admin + login page to fix a regression in 1.9 (#26558). + * Fixed translation of password validators’ help_text in forms + (#26544). + * Fixed a regression causing the cached template loader to crash + when using lazy template names (#26603). + * Fixed on_commit callbacks execution order when callbacks make + transactions (#26627). + * Fixed HStoreField to raise a ValidationError instead of crashing + on non-dictionary JSON input (#26672). + * Fixed dbshell crash on PostgreSQL with an empty database name + (#26698). + * Fixed a regression in queries on a OneToOneField that has to_field + and primary_key=True (#26667). + +------------------------------------------------------------------- +Tue May 3 08:23:48 UTC 2016 - aplanas@suse.com + +- Update to 1.9.6 + Bugfixes + * Added support for relative path redirects to the test client and + to SimpleTestCase.assertRedirects() because Django 1.9 no longer + converts redirects to absolute URIs (#26428). + * Fixed TimeField microseconds round-tripping on MySQL and SQLite + (#26498). + * Prevented makemigrations from generating infinite migrations for a + model field that references a functools.partial (#26475). + * Fixed a regression where SessionBase.pop() returned None rather + than raising a KeyError for nonexistent values (#26520). + * Fixed a regression causing the cached template loader to crash + when using template names starting with a dash (#26536). + * Restored conversion of an empty string to null when saving values + of GenericIPAddressField on SQLite and MySQL (#26557). + * Fixed a makemessages regression where temporary .py extensions + were leaked in source file paths (#26341). + +------------------------------------------------------------------- +Sun May 1 12:29:52 UTC 2016 - michael@stroeder.com + +- Update to 1.9.5 + +------------------------------------------------------------------- +Tue Feb 2 09:21:43 UTC 2016 - aplanas@suse.com + +- Update to 1.9.2 + Security issue + * User with "change" but not "add" permission can create objects for + ModelAdmin's with save_as=True + Backwards incompatible change + * .py-tpl files rewritten in project/app templates + Bugfixes + * Fixed a regression in ConditionalGetMiddleware causing + If-None-Match checks to always return HTTP 200 (#26024). + * Fixed a regression that caused the "user-tools" items to display + on the admin's logout page (#26035). + * Fixed a crash in the translations system when the current language + has no translations (#26046). + * Fixed a regression that caused the incorrect day to be selected + when opening the admin calendar widget for timezones from GMT+0100 + to GMT+1200 (#24980). + * Fixed a regression in the admin's edit related model popup that + caused an escaped value to be displayed in the select dropdown of + the parent window (#25997). + * Fixed a regression in 1.8.8 causing incorrect index handling in + migrations on PostgreSQL when adding db_index=True or unique=True + to a CharField or TextField that already had the other specified, + or when removing one of them from a field that had both, or when + adding unique=True to a field already listed in unique_together + (#26034). + * Fixed a regression where defining a relation on an abstract + model's field using a string model name without an app_label no + longer resolved that reference to the abstract model's app if + using that model in another application (#25858). + * Fixed a crash when destroying an existing test database on MySQL + or PostgreSQL (#26096). + * Fixed CSRF cookie check on POST requests when + USE_X_FORWARDED_PORT=True (#26094). + * Fixed a QuerySet.order_by() crash when ordering by a relational + field of a ManyToManyField through model (#26092). + * Fixed a regression that caused an exception when making database + queries on SQLite with more than 2000 parameters when DEBUG is + True on distributions that increase the SQLITE_MAX_VARIABLE_NUMBER + compile-time limit to over 2000, such as Debian (#26063). + * Fixed a crash when using a reverse OneToOneField in + ModelAdmin.readonly_fields (#26060). + * Fixed a crash when calling the migrate command in a test case with + the available_apps attribute pointing to an application with + migrations disabled using the MIGRATION_MODULES setting (#26135). + * Restored the ability for testing and debugging tools to determine + the template from which a node came from, even during template + inheritance or inclusion. Prior to Django 1.9, debugging tools + could access the template origin from the node via + Node.token.source[0]. This was an undocumented, private API. The + origin is now available directly on each node using the + Node.origin attribute (#25848). + * Fixed a regression in Django 1.8.5 that broke copying a + SimpleLazyObject with copy.copy() (#26122). + * Always included geometry_field in the GeoJSON serializer output + regardless of the fields parameter (#26138). + * Fixed the contrib.gis map widgets when using + USE_THOUSAND_SEPARATOR=True (#20415). + * Made invalid forms display the initial of values of their disabled + fields (#26129). + +------------------------------------------------------------------- +Wed Jan 27 15:25:25 UTC 2016 - aplanas@suse.com + +- Update to 1.9.1 + Bugfixes + * Fixed BaseCache.get_or_set() with the DummyCache backend (#25840). + * Fixed a regression in FormMixin causing forms to be validated + twice (#25548, #26018). + * Fixed a system check crash with nested ArrayFields (#25867). + * Fixed a state bug when migrating a SeparateDatabaseAndState + operation backwards (#25896). + * Fixed a regression in CommonMiddleware causing If-None-Match + checks to always return HTTP 200 (#25900). + * Fixed missing varchar/text_pattern_ops index on CharField and + TextField respectively when using AlterField on PostgreSQL + (#25412). + * Fixed admin’s delete confirmation page’s summary counts of related + objects (#25883). + * Added from __future__ import unicode_literals to the default + apps.py created by startapp on Python 2 (#25909). Add this line to + your own apps.py files created using Django 1.9 if you want your + migrations to work on both Python 2 and Python 3. + * Prevented QuerySet.delete() from crashing on MySQL when querying + across relations. + * Fixed evaluation of zero-length slices of QuerySet.values() + (#25894). + * ... + * https://docs.djangoproject.com/en/1.9/releases/1.9.1/ + +------------------------------------------------------------------- +Wed Dec 2 15:14:05 UTC 2015 - aplanas@suse.com + +- update to 1.9 (CVE-2016-7401, CVE-2015-8213) + * https://docs.djangoproject.com/en/1.9/releases/1.9/ + * Performing actions after a transaction commit + * Password validation + * Permission mixins for class-based views + * New styling for "contrib.admin" + * Running tests in parallel + +------------------------------------------------------------------- +Tue Nov 10 10:39:22 UTC 2015 - tbechtold@suse.com + +- update to 1.8.6: + * https://docs.djangoproject.com/en/1.8/releases/1.8.5/ + * https://docs.djangoproject.com/en/1.8/releases/1.8.6/ + +------------------------------------------------------------------- +Tue Nov 10 05:36:21 UTC 2015 - tbechtold@suse.com + +- add missing Requires for python-setuptools (bsc#952198) + /usr/bin/django-admin needs the pkg_resources framework from + python-setuptools to run properly. + +------------------------------------------------------------------- +Sun Sep 20 07:51:27 UTC 2015 - tbechtold@suse.com + +- update to 1.8.4 (CVE-2015-5963): + * https://docs.djangoproject.com/en/1.8/releases/1.8.4/ + +------------------------------------------------------------------- +Fri Jul 10 11:51:49 UTC 2015 - astieger@suse.com + +- add keyring and verify source signature + +------------------------------------------------------------------- +Fri Jul 10 10:03:54 UTC 2015 - dmueller@suse.com + +- update to 1.8.3: + * https://docs.djangoproject.com/en/1.8/releases/1.8.3/ + Various bugfixes/security fixes (CVE-2015-5145, bsc#937524) + +------------------------------------------------------------------- +Tue May 26 08:26:56 UTC 2015 - dmueller@suse.com + +- update to 1.8.2 (CVE-2015-3982): + * https://docs.djangoproject.com/en/1.8/releases/1.8.2/ + * https://docs.djangoproject.com/en/1.8/releases/1.8.1/ + +------------------------------------------------------------------- +Thu Apr 2 07:35:07 UTC 2015 - aplanas@suse.com + +- Update to Django 1.8 + * "Long-Term Support" (LTS) release + New features: + * Model._meta API + * Multiple template engines + * Security enhancements + * New PostgreSQL specific functionality + * New data types + * Query Expressions, Conditional Expressions, and Database Functions + * TestCase data setup + Backwards incompatible changes: + * Related object operations are run in a transaction + * Assigning unsaved objects to relations raises an error + * Management commands that only accept positional arguments + * Custom test management command arguments through test runner + * Model check ensures auto-generated column names are within limits + specified by database + * Query relation lookups now check object types + * select_related() now checks given fields + * Default EmailField.max_length increased to 254 + * (DROP) Support for PostgreSQL versions older than 9.0 + * (DROP) Support for MySQL versions older than 5.5 + * (DROP) Support for Oracle versions older than 11.1 + * Specific privileges used instead of roles for tests on Oracle + * ... + +------------------------------------------------------------------- +Mon Mar 23 10:51:37 UTC 2015 - mcihar@suse.cz + +- Update to Django 1.7.7: + Security issues: + * Denial-of-service possibility with strip_tags() + * Mitigated possible XSS attack via user-supplied redirect URLs + Bugfixes: + * Fixed renaming of classes in migrations where renaming a subclass would + cause incorrect state to be recorded for objects that referenced the + superclass (#24354). + * Stopped writing migration files in dry run mode when merging migration + conflicts. When makemigrations --merge is called with verbosity=3 the + migration file is written to stdout (:ticket: 24427). + +------------------------------------------------------------------- +Wed Mar 11 16:18:53 UTC 2015 - aplanas@suse.com + +- Update to Djano 1.7.6: + Bugfixes + * Mitigated an XSS attack via properties in + "ModelAdmin.readonly_fields" + * Fixed crash when coercing "ManyRelatedManager" to a string + (#24352). + * Fixed a bug that prevented migrations from adding a foreign key + constraint when converting an existing field to a foreign key + (#24447). + +------------------------------------------------------------------- +Fri Feb 27 14:36:46 UTC 2015 - aplanas@suse.com + +- Update to Django 1.7.5: + Bugfixes + * Reverted a fix that prevented a migration crash when unapplying + contrib.contenttypes's or contrib.auth's first migration (#24075) + due to severe impact on the test performance (#24251) and problems + in multi-database setups (#24298). + * Fixed a regression that prevented custom fields inheriting from + ManyToManyField from being recognized in migrations (#24236). + * Fixed crash in contrib.sites migrations when a default database + isn't used (#24332). + * Added the ability to set the isolation level on PostgreSQL with + psycopg2 >= 2.4.2 (#24318). It was advertised as a new feature in + Django 1.6 but it didn't work in practice. + * Formats for the Azerbaijani locale (az) have been added. + +------------------------------------------------------------------- +Fri Jan 30 15:13:10 UTC 2015 - aplanas@suse.com + +- Update to Django 1.7.4: + Bugfixes + * Fixed a migration crash when unapplying ``contrib.contenttypes``’s + or ``contrib.auth``’s first migration (:ticket:`24075`). + * Made the migration's ``RenameModel`` operation rename + ``ManyToManyField`` tables (:ticket:`24135`). + * Fixed a migration crash on MySQL when migrating from a + ``OneToOneField`` to a ``ForeignKey`` (:ticket:`24163`). + * Prevented the ``static.serve`` view from producing + ``ResourceWarning``\s in certain circumstances (security fix + regression, :ticket:`24193`). + * Fixed schema check for ManyToManyField to look for internal type + instead of checking class instance, so you can write custom + m2m-like fields with the same behavior. (:ticket:`24104`). + +------------------------------------------------------------------- +Wed Jan 14 07:57:46 UTC 2015 - mcihar@suse.cz + +- Update to Django 1.7.3: + Security fixes: + * WSGI header spoofing via underscore/dash conflation. + * Mitigated possible XSS attack via user-supplied redirect URLs. + * Denial-of-service attack against django.views.static.serve. + * Database denial-of-service with ModelMultipleChoiceField. + Bug fixes: + * The default iteration count for the PBKDF2 password hasher has been + increased by 25%. This part of the normal major release process was + inadvertently omitted in 1.7. This backwards compatible change will not + affect users who have subclassed + django.contrib.auth.hashers.PBKDF2PasswordHasher to change the default + value. + * Fixed a crash in the CSRF middleware when handling non-ASCII referer + header (#23815). + * Fixed a crash in the django.contrib.auth.redirect_to_login view when + passing a reverse_lazy() result on Python 3 (#24097). + * Added correct formats for Greek (el) (#23967). + * Fixed a migration crash when unapplying a migration where multiple + operations interact with the same model (#24110). + +------------------------------------------------------------------- +Sun Jan 11 12:49:28 UTC 2015 - p.drouand@gmail.com + +- South has been merged in main Django; provide and obsolete it + +------------------------------------------------------------------- +Thu Jan 8 11:04:09 UTC 2015 - tbechtold@suse.com + +- Update to Django 1.7.2: + + * Fixed migration’s renaming of auto-created many-to-many tables + when changing Meta.db_table (#23630). + * Fixed a migration crash when adding an explicit id field to a + model on SQLite (#23702). + * Added a warning for duplicate models when a module is + reloaded. Previously a RuntimeError was raised every time two + models clashed in the app registry. (#23621). + * Prevented flush from loading initial data for migrated apps + (#23699). + * Fixed a makemessages regression in 1.7.1 when STATIC_ROOT has the + default None value (#23717). + * Added GeoDjango compatibility with mysqlclient database driver. + * Fixed MySQL 5.6+ crash with GeometryFields in migrations (#23719). + * Fixed a migration crash when removing a field that is referenced + in AlterIndexTogether or AlterUniqueTogether (#23614). + * Updated the first day of the week in the Ukrainian locale to + Monday. + * Added support for transactional spatial metadata initialization on + SpatiaLite 4.1+ (#23152). + * Fixed a migration crash that prevented changing a nullable field + with a default to non-nullable with the same default (#23738). + * Fixed a migration crash when adding GeometryFields with blank=True + on PostGIS (#23731). + * Allowed usage of DateTimeField() as Transform.output_field + (#23420). + * Fixed a migration serializing bug involving float("nan") and + float("inf") (#23770). + * Fixed a regression where custom form fields having a queryset + attribute but no limit_choices_to could not be used in a ModelForm + (#23795). + * Fixed a custom field type validation error with MySQL backend when + db_type returned None (#23761). + * Fixed a migration crash when a field is renamed that is part of an + index_together (#23859). + * Fixed squashmigrations to respect the --no-optimize parameter + (#23799). + * Made RenameModel reversible (#22248) + * Avoided unnecessary rollbacks of migrations from other apps when + migrating backwards (#23410). + * Fixed a rare query error when using deeply nested subqueries + (#23605). + * Fixed a crash in migrations when deleting a field that is part of + a index/unique_together constraint (#23794). + * Fixed django.core.files.File.__repr__() when the file’s name + contains Unicode characters (#23888). + * Added missing context to the admin’s delete_selected view that + prevented custom site header, etc. from appearing (#23898). + * Fixed a regression with dynamically generated inlines and allowed + field references in the admin (#23754). + * Fixed an infinite loop bug for certain cyclic migration + dependencies, and made the error message for cyclic dependencies + much more helpful. + * Added missing index_together handling for SQLite (#23880). + * Fixed a crash when RunSQL SQL content was collected by the schema + editor, typically when using sqlmigrate (#23909). + * Fixed a regression in contrib.admin add/change views which caused + some ModelAdmin methods to receive the incorrect obj value + (#23934). + * Fixed runserver crash when socket error message contained Unicode + characters (#23946). + * Fixed serialization of type when adding a deconstruct() method + (#23950). + * Prevented the SessionAuthenticationMiddleware from setting a + "Vary: Cookie" header on all responses (#23939). + * Fixed a crash when adding blank=True to TextField() on MySQL + (#23920). + * Fixed index creation by the migration infrastructure, particularly + when dealing with PostgreSQL specific {text|varchar}_pattern_ops + indexes (#23954). + * Fixed bug in makemigrations that created broken migration files + when dealing with multiple table inheritance and inheriting from + more than one model (#23956). + * Fixed a crash when a MultiValueField has invalid data (#23674). + * Fixed a crash in the admin when using “Save as new” and also + deleting a related inline (#23857). + * Always converted related_name to text (unicode), since that is + required on Python 3 for interpolation. Removed conversion of + related_name to text in migration deconstruction (#23455 and + #23982). + * Enlarged the sizes of tablespaces which are created by default for + testing on Oracle (the main tablespace was increased from 200M to + 300M and the temporary tablespace from 100M to 150M). This was + required to accommodate growth in Django’s own test suite + (#23969). + * Fixed timesince filter translations in Korean (#23989). + * Fixed the SQLite SchemaEditor to properly add defaults in the + absence of a user specified default. For example, a CharField with + blank=True didn’t set existing rows to an empty string which + resulted in a crash when adding the NOT NULL constraint (#23987). + * makemigrations no longer prompts for a default value when adding + TextField() or CharField() without a default (#23405). + * Fixed a migration crash when adding order_with_respect_to to a + table with existing rows (#23983). + * Restored the pre_migrate signal if all apps have migrations + (#23975). + * Made admin system checks run for custom AdminSites (#23497). + * Ensured the app registry is fully populated when unpickling + models. When an external script (like a queueing infrastructure) + reloads pickled models, it could crash with an AppRegistryNotReady + exception (#24007). + * Added quoting to field indexes in the SQL generated by migrations + to prevent a crash when the index name requires it (##24015). + * Added datetime.time support to migrations questioner (#23998). + * Fixed admindocs crash on apps installed as eggs (#23525). + * Changed migrations autodetector to generate an AlterModelOptions + operation instead of DeleteModel and CreateModel operations when + changing Meta.managed. This prevents data loss when changing + managed from False to True and vice versa (#24037). + * Enabled the sqlsequencereset command on apps with migrations + (#24054). + * Added tablespace SQL to apps with migrations (#24051). + * Corrected contrib.sites default site creation in a multiple + database setup (#24000). + * Restored support for objects that aren’t str or bytes in + mark_for_escaping() on Python 3. + * Supported strings escaped by third-party libraries with the + __html__ convention in the template engine (#23831). + * Prevented extraneous DROP DEFAULT SQL in migrations (#23581). + * Restored the ability to use more than five levels of subqueries + (#23758). + * Fixed crash when ValidationError is initialized with a + ValidationError that is initialized with a dictionary (#24008). + * Prevented a crash on apps without migrations when running migrate + --list (#23366). + +------------------------------------------------------------------- +Thu Oct 23 07:53:57 UTC 2014 - aplanas@suse.com + +- Update to Django 1.7.1 + + * Allowed related many-to-many fields to be referenced in the admin + (#23604). + * Added a more helpful error message if you try to migrate an app + without first creating the contenttypes table (#22411). + * Modified migrations dependency algorithm to avoid possible + infinite recursion. + * Fixed a UnicodeDecodeError when the flush error message contained + Unicode characters (#22882). + * Reinstated missing CHECK SQL clauses which were omitted on some + backends when not using migrations (#23416). + * Fixed serialization of type objects in migrations (#22951). + * Allowed inline and hidden references to admin fields (#23431). + * The @deconstructible decorator now fails with a ValueError if the + decorated object cannot automatically be imported (#23418). + * Fixed a typo in an inlineformset_factory() error message that + caused a crash (#23451). + * Restored the ability to use ABSOLUTE_URL_OVERRIDES with the + 'auth.User' model (#11775). As a side effect, the setting now adds + a get_absolute_url() method to any model that appears in + ABSOLUTE_URL_OVERRIDES but doesn’t define get_absolute_url(). + * Avoided masking some ImportError exceptions during application + loading (#22920). + * Empty index_together or unique_together model options no longer + results in infinite migrations (#23452). + * Fixed crash in contrib.sitemaps if lastmod returned a date rather + than a datetime (#23403). + * Allowed migrations to work with app_labels that have the same last + part (e.g. django.contrib.auth and vendor.auth) (#23483). + * Restored the ability to deepcopy F objects (#23492). + * Formats for Welsh (cy) and several Chinese locales (zh_CN, + zh_Hans, zh_Hant and zh_TW) have been added. Formats for + Macedonian have been fixed (trailing dot removed, #23532). + * Added quoting of constraint names in the SQL generated by + migrations to prevent crash with uppercase characters in the name + (#23065). + * Fixed renaming of models with a self-referential many-to-many + field (ManyToManyField('self')) (#23503). + * Added the get_extra(), get_max_num(), and get_min_num() hooks to + GenericInlineModelAdmin (#23539). + * Made migrations.RunSQL no longer require percent sign + escaping. This is now consistent with cursor.execute() (#23426). + * Made the SERIALIZE entry in the TEST dictionary usable (#23421). + * Fixed bug in migrations that prevented foreign key constraints to + unmanaged models with a custom primary key (#23415). + * Added SchemaEditor for MySQL GIS backend so that spatial indexes + will be created for apps with migrations (#23538). + * Added SchemaEditor for Oracle GIS backend so that spatial metadata + and indexes will be created for apps with migrations (#23537). + * Coerced the related_name model field option to unicode during + migration generation to generate migrations that work with both + Python 2 and 3 (#23455). + * Fixed MigrationWriter to handle builtin types without imports + (#23560). + * Fixed deepcopy on ErrorList (#23594). + * Made the admindocs view to browse view details check if the view + specified in the URL exists in the URLconf. Previously it was + possible to import arbitrary packages from the Python path. This + was not considered a security issue because admindocs is only + accessible to staff users (#23601). + * Fixed UnicodeDecodeError crash in AdminEmailHandler with non-ASCII + characters in the request (#23593). + * Fixed missing get_or_create and update_or_create on related + managers causing IntegrityError (#23611). + * Made urlsafe_base64_decode() return the proper type (byte string) + on Python 3 (#23333). + * makemigrations can now serialize timezone-aware values (#23365). + * Added a prompt to the migrations questioner when removing the null + constraint from a field to prevent an IntegrityError on existing + NULL rows (#23609). + * Fixed generic relations in ModelAdmin.list_filter (#23616). + * Restored RFC compliance for the SMTP backend on Python 3 (#23063). + * Fixed a crash while parsing cookies containing invalid content + (#23638). + * The system check framework now raises error models.E020 when the + class method Model.check() is unreachable (#23615). + * Made the Oracle test database creation drop the test user in the + event of an unclean exit of a previous test run (#23649). + * Fixed makemigrations to detect changes to Meta.db_table (#23629). + * Fixed a regression when feeding the Django test client with an + empty data string (#21740). + * Fixed a regression in makemessages where static files were + unexpectedly ignored (#23583). + +------------------------------------------------------------------- +Wed Sep 24 08:30:00 UTC 2014 - aplanas@suse.com + +- Update to Django 1.7 + + * A new built-in database migration system. Notes on upgrading from + South (a popular third*party application providing migration + functionality) are also available. + * A refactored concept of Django applications. Django applications + are no longer tied to the existence of a models files, and can now + specify both configuration data and code to be executed as Django + starts up. + * Improvements to the model Field API to support migrations and, in + the future, to enable easy addition of composite-key support to + Django's ORM. + * Improvements for custom Manager and QuerySet classes, allowing + reverse relationship traversal to specify the Manager to use, and + creation of a Manager from a custom QuerySet class. + * An extensible system check framework which can assist developers + in detecting and diagnosing errors. + + Please refer to the release notes for all details and migration + instructions: + https://docs.djangoproject.com/en/1.7/releases/1.7/ + +- Added python-setuptools as a BuildRequires. + +- Fixed Source URL from Django Project site. + +- Reordered sources. + +- Fixed deduplication to avoid wrong mtimes in pyc files. + +------------------------------------------------------------------- +Thu Jul 31 16:55:11 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jun 11 12:34:45 UTC 2014 - mcihar@suse.cz + +- Update to version 1.6.5, sercurity and important changes: + + Unexpected code execution using reverse() + + Caching of anonymous pages could reveal CSRF token + + MySQL typecasting + + select_for_update() requires a transaction + + Issue: Caches may incorrectly be allowed to store and serve private data + + Issue: Malformed redirect URLs from user input not correctly validated + +------------------------------------------------------------------- +Fri Feb 14 09:32:07 UTC 2014 - speilicke@suse.com + +- Fix update-alternatives + +------------------------------------------------------------------- +Fri Feb 7 08:30:04 UTC 2014 - speilicke@suse.com + +- Update to version 1.6.2: + + Prevented the base geometry object of a prepared geometry to be garbage + collected, which could lead to crash Django (#21662). + + Fixed a crash when executing the changepassword command when the user + object representation contained non-ASCII characters (#21627). + + The collectstatic command will raise an error rather than default to + using the current working directory if STATIC_ROOT is not set. Combined + with the --clear option, the previous behavior could wipe anything + below the current working directory (#21581). + + Fixed mail encoding on Python 3.3.3+ (#21093). + + Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, + the connection wasn’t in autocommit mode but Django pretended it was. + + Fixed a regression in multiple-table inheritance exclude() queries (#21787). + + Added missing items to django.utils.timezone.__all__ (#21880). + + Fixed a field misalignment issue with select_related() and model inheritance (#21413). + + Fixed join promotion for negated AND conditions (#21748). + + Oracle database introspection now works with boolean and float fields (#19884). + + Fixed an issue where lazy objects weren’t actually marked as safe when + passed through mark_safe() and could end up being double-escaped (#21882). + +------------------------------------------------------------------- +Tue Feb 4 14:33:40 UTC 2014 - mcihar@suse.cz + +- Update to version 1.6.1: + - Most bug fixes are minor; you can find a complete list in the Django 1.6.1 + release notes. + +------------------------------------------------------------------- +Tue Nov 19 10:06:23 UTC 2013 - speilicke@suse.com + +- Update-alternatives also for bash-completion + +------------------------------------------------------------------- +Fri Nov 15 13:33:20 UTC 2013 - speilicke@suse.com + +- Only ghost /etc/alternatives on 12.3 or newer + +------------------------------------------------------------------- +Thu Nov 7 16:36:41 UTC 2013 - speilicke@suse.com + +- Require python-Pillow for image-related functionality +- Package was renamed from python-django +- Drop Django-1.2-completion-only-for-bash.patch: Useless + +------------------------------------------------------------------- +Tue Nov 5 03:27:13 UTC 2013 - alexandre@exatati.com.br + +- Update to version 1.6: + - Please read the release notes + https://docs.djangoproject.com/en/1.6/releases/1.6 +- Removed Patch2 as it is no needed anymore: + Django-1.4-CSRF_COOKIE_HTTPONLY-support.patch + +------------------------------------------------------------------- +Tue Sep 17 12:37:53 UTC 2013 - speilicke@suse.com + +- Update to version 1.5.4: + + Fixed denial-of-service via large passwords +- Changes from version 1.5.3: + + Fixed directory traversal with ssi template tag + +------------------------------------------------------------------- +Wed Aug 14 05:49:54 UTC 2013 - alexandre@exatati.com.br + +- Update to 1.5.2: + - Security release, please check release notes for details: + https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued + +------------------------------------------------------------------- +Thu Mar 28 23:27:01 UTC 2013 - alexandre@exatati.com.br + +- Update to 1.5.1: + - Memory leak fix, please read release announcement at + https://www.djangoproject.com/weblog/2013/mar/28/django-151. + +------------------------------------------------------------------- +Tue Feb 26 19:49:02 UTC 2013 - alexandre@exatati.com.br + +- Update to 1.5: + - Please read the release notes + https://docs.djangoproject.com/en/1.5/releases/1.5 + +------------------------------------------------------------------- +Tue Dec 11 12:27:50 UTC 2012 - alexandre@exatati.com.br + +- Update to 1.4.3: + - Security release: + - Host header poisoning + - Redirect poisoning + - Please check release notes for details: + https://www.djangoproject.com/weblog/2012/dec/10/security + +------------------------------------------------------------------- +Sat Oct 20 13:41:10 UTC 2012 - saschpe@suse.de + +- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin + +------------------------------------------------------------------- +Wed Oct 17 22:51:36 UTC 2012 - alexandre@exatati.com.br + +- Update to 1.4.2: + - Security release: + - Host header poisoning + - Please check release notes for details: + https://www.djangoproject.com/weblog/2012/oct/17/security + +------------------------------------------------------------------- +Mon Jul 30 21:38:31 UTC 2012 - alexandre@exatati.com.br + +- Update to 1.4.1: + - Security release: + - Cross-site scripting in authentication views + - Denial-of-service in image validation + - Denial-of-service via get_image_dimensions() + - Please check release notes for details: + https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued + +------------------------------------------------------------------- +Tue Jun 19 11:27:33 UTC 2012 - saschpe@suse.de + +- Add patch to support CSRF_COOKIE_HTTPONLY config + +------------------------------------------------------------------- +Fri Mar 23 18:39:40 UTC 2012 - alexandre@exatati.com.br + +- Update to 1.4: + - Please read the release notes + https://docs.djangoproject.com/en/dev/releases/1.4 +- Removed Patch2, it was merged on upstream, + +------------------------------------------------------------------- +Thu Nov 24 12:30:40 UTC 2011 - saschpe@suse.de + +- Set license to SDPX style (BSD-3-Clause) +- Package AUTHORS, LICENE and README files +- No CFLAGS for noarch package +- Drop runtime dependency on gettext-tools + +------------------------------------------------------------------- +Sat Sep 10 12:05:07 UTC 2011 - alexandre@exatati.com.br + +- Update to 1.3.1 to fix security issues, please read + https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued. + +------------------------------------------------------------------- +Thu Mar 31 15:09:16 UTC 2011 - alexandre@exatati.com.br + +- Fix build on SLES_9. + +------------------------------------------------------------------- +Wed Mar 23 11:39:53 UTC 2011 - alexandre@exatati.com.br + +- Update to 1.3 final; +- Refresh patch empty-ip-2.diff. + +------------------------------------------------------------------- +Fri Mar 18 03:45:45 UTC 2011 - alexandre@exatati.com.br + +- Update to 1.3-rc1; +- Regenerated spec file with py2pack; +- No more need to fix wrong line endings; +- Refresh patch empty-ip-2.diff with -p0. + +------------------------------------------------------------------- +Thu Mar 3 09:32:52 UTC 2011 - saschpe@suse.de + +- Spec file cleanup: + * Removed empty lines, package authors from description + * Cleanup duplicates + * Corrected wrong file endings + * Added zero-length rpmlint filter +- Added AUTHORS, LICENSE and doc files + +------------------------------------------------------------------- +Wed Feb 9 03:37:29 UTC 2011 - alexandre@exatati.com.br + +- Update to 1.2.5: + - This is a security update that fix: + - Flaw in CSRF handling; + - Potential XSS in file field rendering. + +------------------------------------------------------------------- +Thu Dec 23 10:20:03 UTC 2010 - alexandre@exatati.com.br + +- Update to 1.2.4: + - Information leakage in Django administrative interface; + - Denial-of-service attack in password-reset mechanism. +- This is a mandatory security update. + +------------------------------------------------------------------- +Sat Sep 11 11:46:41 UTC 2010 - alexandre@exatati.com.br + +- Update to 1.2.3: + - The patch applied for the security issue covered in Django + 1.2.2 caused issues with non-ASCII responses using CSRF + tokens. This has been remedied; + - The patch also caused issues with some forms, most notably + the user-editing forms in the Django administrative interface. + This has been remedied. + - The packaging manifest did not contain the full list of + required files. This has been remedied. + +------------------------------------------------------------------- +Thu Sep 9 01:06:43 UTC 2010 - alexandre@exatati.com.br + +- Update to 1.2.2. +- This is a ciritical security update fixing a default XSS bug! + +------------------------------------------------------------------- +Fri Jul 9 11:27:26 UTC 2010 - jfunk@funktronics.ca + +- Added patch to fix upstream bug 5622: Empty ipaddress raises an error + +------------------------------------------------------------------- +Mon May 17 21:14:11 UTC 2010 - alexandre@exatati.com.br + +- Update to 1.2.1. + +------------------------------------------------------------------- +Mon May 17 18:35:20 UTC 2010 - alexandre@exatati.com.br + +- Update to 1.2. + +------------------------------------------------------------------- +Thu May 6 13:46:03 UTC 2010 - alexandre@exatati.com.br + +- Update to 1.2-rc-1. + +------------------------------------------------------------------- +Mon Apr 5 02:21:44 UTC 2010 - alexandre@exatati.com.br + +- Spec file cleaned with spec-cleaner; +- Minor manual adjusts on spec file. + +------------------------------------------------------------------- +Thu Mar 18 17:47:12 UTC 2010 - alexandre@exatati.com.br + +- Moved autocomplete file path from /etc/profile.d to + /etc/bash_completion.d. Then it works with konsole too. + +------------------------------------------------------------------- +Mon Mar 15 01:53:50 UTC 2010 - alexandre@exatati.com.br + +- Update to 1.2-beta-1; +- Using -q option on prep section of spec file; +- Using INSTALLED_FILES instead of declaring files; +- Removed dummy changelog section of spec file; +- Update completion bash patch. + +------------------------------------------------------------------- +Sun Oct 11 07:51:32 UTC 2009 - nix@opensuse.org + +- Update to 1.1.1 due to security issue described at + http://www.djangoproject.com/weblog/2009/oct/09/security/ + +------------------------------------------------------------------- +Sat Oct 10 12:18:31 UTC 2009 - alexandre@exatati.com.br + +- Removed old tarball file (Django-1.1.tar.bz2). + +------------------------------------------------------------------- +Tue Aug 25 12:23:09 CEST 2009 - garloff@suse.de + +- Fix python version check. + +------------------------------------------------------------------- +Sat Aug 22 13:39:35 CEST 2009 - garloff@suse.de + +- Don't require python-sqlite2 for python >= 2.6. + +------------------------------------------------------------------- +Fri Aug 21 11:38:03 CEST 2009 - garloff@suse.de + +- Build as noarch on factory. + +------------------------------------------------------------------- +Wed Aug 19 17:40:46 CEST 2009 - poeml@suse.de + +- don't run bash completion on shells other than bash. Avoiding + error messages produced at login when using other shells. + +------------------------------------------------------------------- +Fri Aug 14 18:05:42 UTC 2009 - alexandre@exatati.com.br + +- Added bash auto-complete to openSUSE. + +------------------------------------------------------------------- +Wed Jul 29 00:00:00 CEST 2009 - listuser@peternixon.net + +- update to version 1.1 +- add python-django-rpmlintrc to quiet rpmlint complaints about -lang + +------------------------------------------------------------------- +Wed Jul 1 19:04:26 CEST 2009 - poeml@suse.de + +- add python-xml to the Requires (./manage.py syncdb crashes + otherwise) + +------------------------------------------------------------------- +Sat Sep 13 00:00:00 UTC 2008 - listuser@peternixon.net + +- update to version 1.0 +- Fix build on SLES9 + +------------------------------------------------------------------- +Thu Sep 4 10:40:58 CEST 2008 - crrodriguez@suse.de + +- update to version 1.0 final + +------------------------------------------------------------------- +Wed May 14 00:00:00 UTC 2008 - listuser@peternixon.net + +- update to version 0.96.2 + +------------------------------------------------------------------- +Thu Feb 21 00:00:00 UTC 2008 - jfunk@funktronics.ca + +- The way simplejson is included in this package is not useful to other + packages. Removed from provides + +------------------------------------------------------------------- +Fri Oct 26 20:20:08 UTC 2007 - crrodriguez@suse.de + +- verion 0.96.1 fixes D.o.S attack in the i18n module + +------------------------------------------------------------------- +Fri Mar 23 00:00:00 UTC 2007 - crrodriguez@suse.de + +- update to version 0.96 + see http://www.djangoproject.com/documentation/release_notes_0.96 for details +- this package provides python-simplejson too. diff --git a/python-Django.keyring b/python-Django.keyring new file mode 100644 index 0000000..87b9f8f --- /dev/null +++ b/python-Django.keyring @@ -0,0 +1,42 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGYTwrUBDADP52ov7O0jqH+QWStcbCwwedsV2syCQXxfhnydhkNvdCILBJ0k +cQdc4E7Q8wGmch9a3bCLR4HIUlv1MMWk+Ty0YY71wczqIPedgM1dBZEtSH6fDOwW +qFcYieCcmsP+FwBk8WWOKnMydEXoXCp6djSru6YOuQH2CZ+EerKjnDaXAj35dloR +vbJ14k7Ghn9UCLDXiNOjn2N8eLe6aeoEQt7iiqStdeFuUGR/pLHHEX4sch4y9uBa +bhC/Ce93VWK8nVna7qWX/cIjZNG6rTo79W7+IiOC5+6r7bLff5qw4BgUX2JPm5Sz +mhPUlsJZGGXPPaTo+WZQOe5P3Fw7RpuURa+MVoih2H/i2Ur51pDEngB64YwBU1mB +a+xwm6GHgD28JUwllHJbUl9/UJTbntS7k/k2uuMkok8jHfYb+rqkfCWqOlmuYTG3 +okseReh2TSkGpWyyaSbCihgm80RE5O6jrEDXJiZOsLIuOlVoErfxEZHpOqw43axl +EXX0VkjFz2IBNPMAEQEAAbROU2FyYWggQm95Y2UgKEdQRyBEamFuZ28gRmVsbG93 +KSA8NDIyOTY1NjYrc2FyYWhib3ljZUB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20+ +iQHOBBMBCAA4FiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmYTwrUCGwMFCwkIBwIG +FQoJCAsCBBYCAwECHgECF4AACgkQOVWxmFHqlu8t+wv9HitJmG5iPs45Qo0nGwGm +j1X6rP6SQENl+jqtjZU6YaxvNqWculCFl0Wa/xODhxM9HNMs3qREc+R4SqPx4epu +NaUERN91gZoO4Ms80uqllPzdCsX5hrFblg+LqqznZWAYi94NMTm3Ft4/+I7780ev +BhxHFBTlqwxZ0eeyaB/qAyb6K9X0cUUFExjYrP3+HAgmrOHK9PUb7vNNKUYMerOK +waFrpPP5oDBn0p2ZunYAcJt7o2DjBOwy5iw5I2Qs50ZLt9EU0DY8Rf5nF2mKNki1 +CAD8ksNo/ohrNuGyi0r2cvVfx52izPd6PxlKf7xfL2lW16nflK/lNbZtCioDA1FC +1dCPGD5rvOUXFASc+FZY4tJ6LbIpzg9llgcb6fSi2joT2bm9BbGrHybrIWd3BF/5 +AnrlsSwDCWtYXkdNr/eNEHNgG+aOAH2vSzue3NbCJsXkK69SzlKKOiD2ZUjJ6tKi +IwcTkotyBaX/FLGhTKLEQE7aztsOpnfJlLU9Zx5IPxJAuQGNBGYTwrUBDACp1f7H +MpzHvAAy7dD1Ow0pgT3NBFFiEk4jKccz9sAHPT7QQbMeIdL5uQ80lNp6Sw+IyptW +4cytl6ovRdRyv3XetSp+KJeaqvWvGkz3L+GUoE8ezxgQXLlVcw7IzkhBNMGi+K3C +aK6ZlZZQG8587dLF9Gbz3Vioc9hyQ/4BOr8pPaAWlSfWQVEGHPSVLh7LToGjrLlS +h1AzVABNXtJbAt/+O7H5mkMopoPKrqgHTzOLGCd0/Tq3z5d+wqVl7JKk6yHxRr5i +SXDqPQPmObUhPH1addNzIe+GRVW1ZbbT6l9VDiC4Lj+BJsLafubMB3rlI2T2mQCU +PTQO0fz5y6oW0HxRtTidoxhvmC72YDFBwvsUTPQ5nt8bcSQprJMLLNL1C5M2LjPu +tf/Csl02Fcwe/RnW2yjeb6qNCDcLpM9wpMMOdZQCRdRIkWQTcLZPQ2+SR3Ih8rAb +pzATjFvif/4zpFlDZ9KFevCqf1M2v32sr/dDgcA3nWJ4CFrBQMhBVTcr7rcAEQEA +AYkBtgQYAQgAIBYhBOsbOA2KxS0AK6zTMjlVsZhR6pbvBQJmE8K1AhsMAAoJEDlV +sZhR6pbvizgL/34++v0b080pCr/0rWspcuTtD91GwQPs0HgrrfMOV2BXoXucTXj7 +G4xFq9yYO8QALrrtz40S/NeGz09hhFHo08phLAYjLZt8xD7i0uXuV8ZouDUHT0bk +334RlKHu9kq3si0lyzu1dkGZgIBXsAURrMOyVKVySZGzsa/dpy/EDardWkTKHedf +07K+KQgomMpVGk4EtKHpfqU9VNN8fdYD4UYtwuegz1nsg28Fa8xkK2ammWncgpVj ++4cJwzFPg11AhhTWs/Ec068ojj70cLD2CodJVAch9RTIOcQ5yKGc483u3bagNqTK +qZYoLWI6NjxrNZQpwha3pO2ueBDOo/fZXUMgPPqyfdmBZvz6DQM85JfULALxKbkL +5dQguy8K8SBcrCnv6iT0FjaWlrqnU0IJDZfi2r6eDlXhYjLSwGq8RHkAYXvsCNm8 +BzeRu0mAvjLkLNegQIvfdVXfYIcwUQQB8OAzoz3qzi8vji82MBQO+gkYrlteivoF +z+gZLcBuv/NdNg== +=B8gH +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/python-Django.spec b/python-Django.spec new file mode 100644 index 0000000..c5c27af --- /dev/null +++ b/python-Django.spec @@ -0,0 +1,146 @@ +# +# spec file for package python-Django +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define skip_python2 1 +%define skip_python36 1 +# Selenium and memcached are not operational +%bcond_with selenium +%bcond_with memcached +%{?sle15_python_module_pythons} +Name: python-Django +Version: 5.0.8 +Release: 0 +Summary: A high-level Python Web framework +License: BSD-3-Clause +URL: https://www.djangoproject.com +Source: https://www.djangoproject.com/m/releases/5.0/Django-%{version}.tar.gz +Source1: https://media.djangoproject.com/pgp/Django-%{version}.checksum.txt +Source2: %{name}.keyring +Source99: python-Django-rpmlintrc +BuildRequires: %{python_module Jinja2 >= 2.9.2} +BuildRequires: %{python_module Pillow >= 6.2.0} +BuildRequires: %{python_module PyYAML} +BuildRequires: %{python_module argon2-cffi >= 19.1.0} +BuildRequires: %{python_module asgiref >= 3.7.0} +BuildRequires: %{python_module base >= 3.8} +BuildRequires: %{python_module bcrypt} +BuildRequires: %{python_module docutils} +BuildRequires: %{python_module geoip2} +BuildRequires: %{python_module numpy} +BuildRequires: %{python_module pytz} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module sqlparse >= 0.3.1} +BuildRequires: %{python_module tblib >= 1.5.0} +BuildRequires: %{pythons} +BuildRequires: fdupes +BuildRequires: gpg2 +BuildRequires: python-rpm-macros +Requires: python +Requires: python-Pillow >= 6.2.0 +Requires: python-asgiref >= 3.7.0 +Requires: python-sqlparse >= 0.3.1 +Requires: python-tzdata +Requires(post): update-alternatives +Requires(postun): update-alternatives +Recommends: python-Jinja2 >= 2.9.2 +Recommends: python-PyYAML +Recommends: python-argon2-cffi >= 19.1.0 +Recommends: python-bcrypt +Recommends: python-geoip2 +Recommends: python-pylibmc +Recommends: python-pymemcache +Provides: python-django = %{version} +Obsoletes: python-django < %{version} +Provides: python-South = %{version} +Obsoletes: python-South < %{version} +BuildArch: noarch +%if %{with memcached} +BuildRequires: %{python_module pylibmc} +BuildRequires: %{python_module pymemcache} +%endif +%if %{with selenium} +# python-selenium is supported only on the Intel architecture. +# Additionally chromedriver is only available on x86_64. +%ifarch %{ix86} x86_64 +BuildRequires: %{python_module selenium} +BuildRequires: chromedriver +BuildRequires: xvfb-run +%endif +%endif +%python_subpackages + +%description +Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. + +%prep +# The publisher doesn't sign the source tarball, but a signatures file +# containing multiple hashes. +gpg --import %{SOURCE2} +gpg --verify %{SOURCE1} +# +# Verify hashes in that file against source tarball. +echo "`grep -e '^[0-9a-f]\{32\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-32` %{SOURCE0}" | md5sum -c +echo "`grep -e '^[0-9a-f]\{40\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-40` %{SOURCE0}" | sha1sum -c +echo "`grep -e '^[0-9a-f]\{64\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-64` %{SOURCE0}" | sha256sum -c + +%autosetup -p1 -n Django-%{version} + +%build +%python_build + +%install +%python_install + +%python_clone -a %{buildroot}%{_bindir}/django-admin + +%{python_expand install -D -m 0644 extras/django_bash_completion %{buildroot}%%{_datadir}/bash-completion/completions/django_bash_completion-%{$python_bin_suffix}.sh +# Fix wrong-script-interpreter +sed -i "s|^#!%{_bindir}/env python$|#!%{_bindir}/$python|" \ + %{buildroot}%{$python_sitelib}/django/conf/project_template/manage.py-tpl +} +%python_compileall +%{python_expand # +%fdupes %{buildroot}%{$python_sitelib}/django/ +%fdupes %{buildroot}%{$python_sitelib}/Django-%{version}-py*.egg-info/ +} + +%check +export LANG=en_US.UTF8 +export PYTHONDONTWRITEBYTECODE=1 +%if %{with selenium} +export PATH=%{_libdir}/chromium:$PATH +%python_expand PYTHONPATH=.:%{buildroot}%{$python_sitelib} xvfb-run $python tests/runtests.py -v 2 --selenium=chrome +%else +%python_expand PYTHONPATH=.:%{buildroot}%{$python_sitelib} $python tests/runtests.py -v 2 +%endif + +%post +%{python_install_alternative django-admin} + +%postun +%{python_uninstall_alternative django-admin} + +%files %{python_files} +%doc AUTHORS README.rst +%license LICENSE +%python_alternative %{_bindir}/django-admin +%{_datadir}/bash-completion/completions/django_bash_completion-%{python_bin_suffix}.sh +%{python_sitelib}/django +%{python_sitelib}/Django-%{version}-py*.egg-info + +%changelog diff --git a/sanitize_address.patch b/sanitize_address.patch new file mode 100644 index 0000000..f9a5916 --- /dev/null +++ b/sanitize_address.patch @@ -0,0 +1,40 @@ +From da2f8e8257d1bea4215381684ca4abfcee333c43 Mon Sep 17 00:00:00 2001 +From: Mariusz Felisiak +Date: Mon, 17 Jul 2023 11:03:36 +0200 +Subject: [PATCH] Refs #34118 -- Improved sanitize_address() error message for + tuple with empty strings. + +--- + django/core/mail/message.py | 2 ++ + tests/mail/tests.py | 3 ++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/django/core/mail/message.py b/django/core/mail/message.py +index f3fe6186c7f5..4f8c93e9e55e 100644 +--- a/django/core/mail/message.py ++++ b/django/core/mail/message.py +@@ -97,6 +97,8 @@ def sanitize_address(addr, encoding): + domain = token.domain or "" + else: + nm, address = addr ++ if "@" not in address: ++ raise ValueError(f'Invalid address "{address}"') + localpart, domain = address.rsplit("@", 1) + + address_parts = nm + localpart + domain +diff --git a/tests/mail/tests.py b/tests/mail/tests.py +index 54a136c1a98b..848ee32e9f80 100644 +--- a/tests/mail/tests.py ++++ b/tests/mail/tests.py +@@ -1084,9 +1084,10 @@ def test_sanitize_address_invalid(self): + "@", + "to@", + "@example.com", ++ ("", ""), + ): + with self.subTest(email_address=email_address): +- with self.assertRaises(ValueError): ++ with self.assertRaisesMessage(ValueError, "Invalid address"): + sanitize_address(email_address, encoding="utf-8") + + def test_sanitize_address_header_injection(self):