Accepting request 716616 from devel:languages:python:django

- Update to 2.2.3: * CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶ OBS-URL: https://build.opensuse.org/request/show/716616 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=53
2019-07-21 09:32:24 +00:00 · 2019-07-21 09:32:24 +00:00 · 7ded7dedff
commit 7ded7dedff
parent 73b34dcdb3 1975509111
6 changed files with 73 additions and 66 deletions
--- a/Django-2.2.2.tar.gz
+++ b/Django-2.2.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:753d30d3eb078064d2ddadfea65083c9848074a7f93d7b4dc7fa6b1380d278f5
-size 8841523
--- a/Django-2.2.2.tar.gz.asc
+++ b/Django-2.2.2.tar.gz.asc
@ -1,62 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 2.2.2, released June 3, 2019.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring; this key has
-the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
-keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
-
-Once the key is imported, verify this file::
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.2.tar.gz
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.2-py3-none-any.whl
-
-MD5 checksums
-=============
-
-c52b05c2bc4898bd68dc0359347fff69  Django-2.2.2.tar.gz
-41fdd9254fcbce92001c6881ba5af68d  Django-2.2.2-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-2d8de20bbc3c2864fb095341ecea8cb095bce7ed  Django-2.2.2.tar.gz
-3ebc7aee84574513a88d7ae765a532cfbcb88c71  Django-2.2.2-py3-none-any.whl
-
-SHA256 checksums
-================
-
-753d30d3eb078064d2ddadfea65083c9848074a7f93d7b4dc7fa6b1380d278f5  Django-2.2.2.tar.gz
-7cb67e8b934fab23b6daed7144da52e8a25a47eba7f360ca43d2b448506b01ad  Django-2.2.2-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAlz07+wACgkQ4X31yCtP
-nQAp9g//QtCzWnDfLOgFMg6yX/ZXN6XPzTfehjq1oMkEfluXwZrrCUPL3vzLkRiL
-2ftqmuvYO16qR0XU+U0939fdXkP22ESStuHJR5Ynj9NXbX2DZy39ccH6vEMD/m1p
-5nIz7iS6bOcjz3ocJK/gL1LLp5lZ7q6PXkXYNYzRPMQwfbmjG2ZQHAm+6UE4f1dY
-CpdMKOHDeCg6abdOsnD8CBXz5HMS2IfJAQThFJ82ZpiIRnXRs2P0dIWsovN+yIdX
-EgcGNsrefNQs9/QQ9N//5ee2g1PrxUaHg2bCu5afiiHRfAFTx9StikhHK/hYvt2l
-UW+i2zIPWbS3I33YE5uIROyydOHtcL0pAgmw7OkKYLnmn3KYyVaY6uZ+8WVbjFaq
-KSrnFu0qsZFr8p32k95BCYHWcAhcZNIlZKgUFB9gtgmAtkheLqqpG4PYV+BwD9Ff
-ipBNIzUBNLBXOuaXm4BOuDjNjklycP/trTbK+VbZyKQrNRNPhnccoYT2qWw/zZVS
-wpjpZULznMoc1BvMzMMXkDyhB/y7ov92rCcIj/LRzmYNMLyh0jQygO2ej5Ij7V3U
-+nLf3I2702KDYB52/KZdtsLXyWfYmYONGJUgq+P67SuV923kftL4WfXOh/3xLpVJ
-MPXK+ivBkyVTRRYhkV3Ouh5AN74sJV71Isz/lCCxK7goWwzFg/8=
-=QQ53
-----END PGP SIGNATURE-----
--- a/Django-2.2.3.tar.gz
+++ b/Django-2.2.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4d23f61b26892bac785f07401bc38cbf8fa4cec993f400e9cd9ddf28fd51c0ea
+size 8992109
--- a/Django-2.2.3.tar.gz.asc
+++ b/Django-2.2.3.tar.gz.asc
@ -0,0 +1,63 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 2.2.3, released July 1, 2019.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring; this key has
+the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
+keyserver. For example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
+
+Once the key is imported, verify this file::
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.3.tar.gz
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.3-py3-none-any.whl
+
+MD5 checksums
+=============
+
+f152164e77d38460ee06c42c210d2f57  Django-2.2.3.tar.gz
+32c2feb280afee531389ec8fa38f49d8  Django-2.2.3-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+1d4eca8884b601e8e7dc06705b9644fb579c57f9  Django-2.2.3.tar.gz
+eeb00e26dfae7f98a6e188bae71ef243732e9dfe  Django-2.2.3-py3-none-any.whl
+
+SHA256 checksums
+================
+
+4d23f61b26892bac785f07401bc38cbf8fa4cec993f400e9cd9ddf28fd51c0ea  Django-2.2.3.tar.gz
+6e974d4b57e3b29e4882b244d40171d6a75202ab8d2402b8e8adbd182e25cf0c  Django-2.2.3-py3-none-any.whl
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl0Zom4bHGZlbGlzaWFr
+Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bZyIP/RaqvtvbI0NmPideK4O1
+juNqk1Np5+3cCJ+xbL1jtenrGnvSC6VwR/nV08ES/PSjJzk2AXi2GPBT7rjunJJA
+iGnL9OR9TWAZqH2fMCywL2/EqTqcFJQPxLw5p3FrDfpijPn2G8zYh9F9TpXpnQIX
+bfjkLoDjAgS4zSYl8bst0XCCl7E3qU+USJDl93PG4GnSwXLupDpU6jCm0o/x9e5k
+sz8wjGsTijRUXRSvyOupMMtf7HiWTDGGUmKO9fXUup7SJXzLvndw9xTfBsj1K3C1
+rGXv4N2ZUBN88O61rcDJSp8fq6y6KhB0U+h6eC+vSZqIq+uKumF7cQW+qid/K7rj
+rLtxMKZHK5yBbdzteNXRuQAs0ujcv8hTKRC9H40gixAXJhvMAjZV+8vwWJuRGTDT
+OSJFJOPrvZIDtUybr0AkYwJ0EplOplJAB83Auh8DCeGlsBvlFk8vjSV0p+OxNblz
+jD4oltjIrs6wJEq5onN7MGBlrcX4ghfYFyEElq0KcfjOi/MH4vUDpP3d7oIc/DoZ
+Xq45tcRHmmp6MdAT0HOHoX2ovH9bEMuiqAs27692MRNtfc173tEhg4k37fCzftyH
+qcz0xFNfNZaM9AhG2089grStJwn2PnRHAUxBHcqnFMIaiw8J+yJkx/YMqKprv/5C
+KVqSZV56G5L0tdJMBq/AAkua
+=kD67
+-----END PGP SIGNATURE-----
--- a/python-Django.changes
+++ b/python-Django.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jul 18 17:21:59 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Update to 2.2.3:
+  * CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶
+
 -------------------------------------------------------------------
 Mon Jun  3 11:01:44 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>

--- a/python-Django.spec
+++ b/python-Django.spec
@ -23,7 +23,7 @@
 %define skip_python2 1
 Name:           python-Django
 # We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc
-Version:        2.2.2
+Version:        2.2.3
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause