- update to 3.0.7

- drop 32bit.patch
 *  boo#1172167 - CVE-2020-13254: Potential data leakage via malformed
      memcached keys
 * boo#1172164 -  CVE-2020-13596: Possible XSS via admin
      ForeignKeyRawIdWidget
 * many other bugfixes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=61

32bit.patch

@@ -1,27 +0,0 @@
-From f12162107327b88a2f1faaab15d048e2535ec642 Mon Sep 17 00:00:00 2001
-From: Hasan Ramezani <hasan.r67@gmail.com>
-Date: Wed, 29 Apr 2020 23:22:41 +0200
-Subject: [PATCH] Fixed #31521 -- Skipped test_parsing_rfc850 test on 32-bit
- systems.
-
----
- tests/utils_tests/test_http.py | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tests/utils_tests/test_http.py b/tests/utils_tests/test_http.py
-index ed6824429d51..aa9f194a8a53 100644
---- a/tests/utils_tests/test_http.py
-+++ b/tests/utils_tests/test_http.py
-@@ -1,3 +1,4 @@
-+import platform
- import unittest
- from datetime import datetime
- from unittest import mock
-@@ -317,6 +318,7 @@ def test_parsing_rfc1123(self):
-         parsed = parse_http_date('Sun, 06 Nov 1994 08:49:37 GMT')
-         self.assertEqual(datetime.utcfromtimestamp(parsed), datetime(1994, 11, 6, 8, 49, 37))
- 
-+    @unittest.skipIf(platform.architecture()[0] == '32bit', 'The Year 2038 problem.')
-     @mock.patch('django.utils.http.datetime.datetime')
-     def test_parsing_rfc850(self, mocked_datetime):
-         mocked_datetime.side_effect = datetime

Django-3.0.5.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d4666c2edefa38c5ede0ec1655424c56dc47ceb04b6d8d62a7eac09db89545c1
-size 8943850

Django-3.0.5.tar.gz.asc

@@ -1,62 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 3.0.5, released April 1, 2020.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring; this key has
-the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
-keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
-
-Once the key is imported, verify this file::
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/3.0/Django-3.0.5.tar.gz
-https://www.djangoproject.com/m/releases/3.0/Django-3.0.5-py3-none-any.whl
-
-MD5 checksums
-=============
-
-592912b4d708ef45e6cc85b44a24fcc2  Django-3.0.5.tar.gz
-d9ef2b8c88dae4b65b789c6821c36114  Django-3.0.5-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-89094ee833129ece09dc27d2e59cc61462733d4a  Django-3.0.5.tar.gz
-0ed097747564888d42e94bb2b1fbada6216b7236  Django-3.0.5-py3-none-any.whl
-
-SHA256 checksums
-================
-
-d4666c2edefa38c5ede0ec1655424c56dc47ceb04b6d8d62a7eac09db89545c1  Django-3.0.5.tar.gz
-642d8eceab321ca743ae71e0f985ff8fdca59f07aab3a9fb362c617d23e33a76  Django-3.0.5-py3-none-any.whl
------BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl6ESAYACgkQ4X31yCtP
-nQC0rxAAifyGMFDcaG7opGljMsBLzGbYJNVthOM2VGdDIcrGooyX1E9ilft/RJRS
-vQngq5C8mHsEfKJJKPztTevtbxRSRqZBn2sb+foGnzKDFJXWJ+RUosBencKPBQ6d
-aJtu5D2NMobKrvp/jkHWsU/FGLmcWxF/CsTeomR+deYFAk6Lp6HhDeGmENK2t7WI
-SFMApIecOJ6Qg8nPcq9GCSWJhDXJjZnkwLeel4D3erKzxw7O+/FBIgiz58YklQpj
-CCTJQTO5aOsDJH8Nb1qcclMsjU2aq6HwQreu1wde0KuTTGqp7GNjbXW6Dag+gEwc
-NBrQrLb/7jGRaXO6+0NMvzXr+52O30nRzgtjSiqPRS/onpsMytG0B0F9DuxTjBdZ
-a5Iamtutjik3ncq36szXAU6QfYqiZSlWCcrvYlzNlAP3tHarvgiNC4+diDKCqHVp
-3aI9WAjI8ycQzHGTwvubP7PsrJ1aqHEjVT5MUj/9+EFJIREfbfr7n/6Psx040ZCG
-DH+gG77xA4FHsIiD+GQF3rKuO0FBX8XDzt67ZYAbKh6J80bDCOJCzArGvbv7z0H1
-AyLdLCLzkQz2WpFkFKxwy4kc8E7IUOIB5kB+xEpA2zjhSLsPmidkGyygsGYVNq1w
-VLplygxTltPnuMasPpHdYRYgozMP7k5vlAN/tjNMUxN1A5DHR6Q=
-=UCTY
------END PGP SIGNATURE-----

Django-3.0.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5052b34b34b3425233c682e0e11d658fd6efd587d11335a0203d827224ada8f2
+size 8947502

Django-3.0.7.tar.gz.asc

@@ -0,0 +1,62 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 3.0.7, released June 3, 2020.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring; this key has
+the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
+keyserver. For example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
+
+Once the key is imported, verify this file::
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/3.0/Django-3.0.7-py3-none-any.whl
+https://www.djangoproject.com/m/releases/3.0/Django-3.0.7.tar.gz
+
+MD5 checksums
+=============
+
+fbe615d79cebdd75bb057b729e6f1224  Django-3.0.7-py3-none-any.whl
+c3ac98d5503c671d316cf78ded3c9809  Django-3.0.7.tar.gz
+
+SHA1 checksums
+==============
+
+ab0642b1b00c6c0f8410f0705e9f4230a69fb0c9  Django-3.0.7-py3-none-any.whl
+71938dec22f3f6adae6f3edac6a288fee69def24  Django-3.0.7.tar.gz
+
+SHA256 checksums
+================
+
+e1630333248c9b3d4e38f02093a26f1e07b271ca896d73097457996e0fae12e8  Django-3.0.7-py3-none-any.whl
+5052b34b34b3425233c682e0e11d658fd6efd587d11335a0203d827224ada8f2  Django-3.0.7.tar.gz
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl7XXlgACgkQ4X31yCtP
+nQCPlxAAwj8oU47ooKt/+Cgz6VUyf053O5jI1OwD52CJWV055isXBrTichqZ7ZgB
+UEdLpzmoUSBTzdN2q03yKsnBo8USZxs8kqBuHoCDbfIlMVE43pOa3/BtwMsUWA00
+0hzwosS8wURCcOJRYum7py/PxQ2N64s/lUxtaxVHmSc37nYpgmJEjABTf8PlwPTb
+Iq0e0sGyJbLNjGB3P9T5B/QAwXswM7KbLfH/9YqiTenyAm1sQ82vTJBSDBM6ywcy
+gB918nCrIEbQzRiPwDznPWp85e3Gx7WUdohC5jdW5GPpFbjBQc5lp4pJ0WRqbV7N
+NAQKEk5qQ/g0uZB3NIRKPkEm2L6XPslpRtA2LkaDWBMmyeK3x4YpHJqNqNxCw7NS
+Ir3M/gAlMqi49zEQw9orJEfavbxs0QLF4CK2SfxH+Fo2r6Vk2neaio2K+gFlg5iX
+xdKO/DzZszgLs9QadLDtAtffWm3BWaJLhVWdC+gtghQMDiUm+e/a+APb3ARhkktw
+ivzduaT5tEZZg0Nkp6EKWOD8g6SXBQDmSVWp0khjXtfP+GfRXsKeVwfsjPpjybj+
+7HZ1wtBIMlajFZIHEmb5tgowaangdhP/YredZFNmjNCcyHuw8vRXKcA4buLgkPZL
+s/eGMnK4WXSip5eTqmxi/WD0x68WULqbUVse4HziuALXLeWtEeE=
+=7Lzb
+-----END PGP SIGNATURE-----

python-Django.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Thu Jun  4 14:35:25 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 3.0.7
+- drop 32bit.patch
+ *  boo#1172167 - CVE-2020-13254: Potential data leakage via malformed
+      memcached keys
+ * boo#1172164 -  CVE-2020-13596: Possible XSS via admin
+      ForeignKeyRawIdWidget
+ * many other bugfixes 
+
 -------------------------------------------------------------------
 Thu Apr 30 05:14:28 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
 

python-Django.spec

@@ -23,7 +23,7 @@
 %bcond_with memcached
 Name:           python-Django
 # We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
-Version:        3.0.5
+Version:        3.0.7
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause
@@ -35,7 +35,6 @@ Source99:       python-Django-rpmlintrc
 Patch0:         i18n_test.patch
 Patch1:         test_clear_site_cache-sort.patch
 Patch2:         fix-selenium-test.patch
-Patch3:         32bit.patch
 BuildRequires:  %{python_module Jinja2 >= 2.9.2}
 BuildRequires:  %{python_module Pillow}
 BuildRequires:  %{python_module PyYAML}