From 8622f84af6d79e99e14c9ea9c3dc69b7b6f5dfda80c54a638f5eeac6fd246b2d Mon Sep 17 00:00:00 2001
From: Alberto Planas Dominguez <aplanas@suse.com>
Date: Fri, 7 May 2021 08:11:13 +0000
Subject: [PATCH] Accepting request 890932 from
 home:aplanas:branches:devel:languages:python:django

- Update to 3.2.2 (CVE-2021-32052)

OBS-URL: https://build.opensuse.org/request/show/890932
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=82
---
 Django-3.2.1.tar.gz     |  3 --
 Django-3.2.1.tar.gz.asc | 67 -----------------------------------------
 Django-3.2.2.tar.gz     |  3 ++
 Django-3.2.2.tar.gz.asc | 67 +++++++++++++++++++++++++++++++++++++++++
 python-Django.changes   | 10 ++++++
 python-Django.spec      |  2 +-
 6 files changed, 81 insertions(+), 71 deletions(-)
 delete mode 100644 Django-3.2.1.tar.gz
 delete mode 100644 Django-3.2.1.tar.gz.asc
 create mode 100644 Django-3.2.2.tar.gz
 create mode 100644 Django-3.2.2.tar.gz.asc

diff --git a/Django-3.2.1.tar.gz b/Django-3.2.1.tar.gz
deleted file mode 100644
index dc407f2..0000000
--- a/Django-3.2.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd
-size 9820723
diff --git a/Django-3.2.1.tar.gz.asc b/Django-3.2.1.tar.gz.asc
deleted file mode 100644
index 1fc8c3e..0000000
--- a/Django-3.2.1.tar.gz.asc
+++ /dev/null
@@ -1,67 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 3.2.1, released May 4, 2021.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring. This key has
-the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
-keyserver, for example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
-
-or via the GitHub API:
-
-    curl https://github.com/carltongibson.gpg | gpg --import -
-
-Once the key is imported, verify this file:
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/3.2/Django-3.2.1-py3-none-any.whl
-https://www.djangoproject.com/m/releases/3.2/Django-3.2.1.tar.gz
-
-MD5 checksums
-=============
-
-dd5ba0f289ab783e2359a078b569e054  Django-3.2.1-py3-none-any.whl
-0ded0d3408c38f4a5cff2128f5a9c4ba  Django-3.2.1.tar.gz
-
-SHA1 checksums
-==============
-
-6ed6e36a7e5ebf37f0ff0efe2b03d81730fd4c1b  Django-3.2.1-py3-none-any.whl
-cd6f18967e13a6e67dbee4713116aab9cb348865  Django-3.2.1.tar.gz
-
-SHA256 checksums
-================
-
-e2f73790c60188d3f94f08f644de249d956b3789161e7604509d128a13fb2fcc  Django-3.2.1-py3-none-any.whl
-95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd  Django-3.2.1.tar.gz
------BEGIN PGP SIGNATURE-----
-
-iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmCRCGkbHGNhcmx0b24u
-Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50AEOAQALLp01Bu+1LOKrpd3kql
-UhgZgD4buu3olr/qPnj6j9wCNyOV3zk/G7CmImY6WAIZdhI8Y8PoxJ3WeirzBsWt
-yCdMItlDpjcjvW8BJUHAo80hjeBTETXzkaylJfCkjMdFP/EPmunxWdFr7cWoB32F
-uGsPegBjZ3KWUIPsKxUMO81PBtGq0ir5Ht0hs/z/ni+DOUSZixSBNZo/cmECelwR
-4ssPd+ixNc1qxUeBGGLzmmrZQF72iINiA4bmyQzVUIBZ/0H72ZyNvkITTH4x7Qab
-UwYHJOXNhW+pQGjN7V4RPKUwfVfoauXbRYr/FvcqKfob3iSy4UH59GRZ3xxbt//1
-Ox2U+IOiv0Ikck2UZcfQZdwpsTe0V36NONyrYsvnEcCdAy2BZ2zZu51N9vedIIxb
-e+3OJNNvMsn+Rt1BhZZNVHPfVeqaYBqeV+ZrDUnfb9gChaxKCwCc/hoet/xP5FKw
-2UgkXejevYvVNsaWXY8AN09rD26qruhadN2vx2O0nyiEoot3cC3ufGquBvjphs/I
-L/1ftY1pRTR3KKLkKLPcfcQpeeuQjmZewhaGALJ/aeFwPC1Fzp/wJ73omfJpb+2y
-PUr9GZBi5vGdgin+x2HjwP1ho00ZpoyIePVWxxC4GrPApmHW/M/GBmt6ns4kVJhL
-uOfA7SNMCou79sy7Jy/dZwhs
-=5lpt
------END PGP SIGNATURE-----
diff --git a/Django-3.2.2.tar.gz b/Django-3.2.2.tar.gz
new file mode 100644
index 0000000..b2a2eb0
--- /dev/null
+++ b/Django-3.2.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d
+size 9796920
diff --git a/Django-3.2.2.tar.gz.asc b/Django-3.2.2.tar.gz.asc
new file mode 100644
index 0000000..144a32e
--- /dev/null
+++ b/Django-3.2.2.tar.gz.asc
@@ -0,0 +1,67 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 3.2.2, released May 6, 2021.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
+
+or via the GitHub API:
+
+    curl https://github.com/felixxm.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/3.2/Django-3.2.2-py3-none-any.whl
+https://www.djangoproject.com/m/releases/3.2/Django-3.2.2.tar.gz
+
+MD5 checksums
+=============
+
+abd67e107427fb9b5f68863bf0b384d5  Django-3.2.2-py3-none-any.whl
+43784c090a8805605e3d0b768cd21cb2  Django-3.2.2.tar.gz
+
+SHA1 checksums
+==============
+
+d2edacc8e6e2a3eaa7a598a3c70761436157c56f  Django-3.2.2-py3-none-any.whl
+67932014e89b3388eb6df61619ce65ebe49cd620  Django-3.2.2.tar.gz
+
+SHA256 checksums
+================
+
+18dd3145ddbd04bf189ff79b9954d08fda5171ea7b57bf705789fea766a07d50  Django-3.2.2-py3-none-any.whl
+0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d  Django-3.2.2.tar.gz
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAmCTlDMbHGZlbGlzaWFr
+Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bpS4QAISsBwHgTdsgdtC/qJbM
+kUvw3W2l00B0GBbm14W2jdwXBftn31V8zP6DcfTEKmBjkHlEvnfmd/IvHR+poFKR
+q6Pz43+xNcT7r6UIgB5Qftd9KDQmUGKp7Be3FzZ3Q3+EwduMWGRReOjHLC25Ed+z
+Wetdg2IsR/6FF2+fSgMuYSSWjQ83Y1Pb2t2EWyEhTwRnM5wYhY7ZrNwnNa3mZaIJ
+/8tvCKQrqAZpjxyJT6wmvCNT1IZH6GwEJ5jAqFNQM89sxgNyi68gDiO11K3oFkxZ
+Eyeo3i32FKKcHhqrGJnoC1mwuYIFbB2e2K347smcwrc670dVuj1IdQ5PFAQBdyXZ
+6YCNznWXM1nZ6NovOXO2DiT2QpKb0olKsdlENeCLM9oqSrhP1YYlVeRRpzgg3GCh
+J7RFnuileSEu2fl1kVofdsDa2/FFNn+3IJFgdEAXSI1ITwrMMMNFCkNh4h0JR/Cn
+LJw7+LCYxm8qJeY+LzzW3bGjAXZs1eM1DfquvQKqE65hRr93LKXjFn4FHmUvIIeg
+Ke1G4VPCmKD+vRo8uvE32lkevW81aycCujdn3ssQe4lP/QEOfZVEEKpMQ+wjt3JK
+gD6Ogxgdd+ZRgzuycBv1ZDD6vdgX6onBoFYDxJEWDQ8ZKpRbZ03oZgT6cZCX1Zwm
+5Z26wvw98synt63VvV5Pg2eC
+=T6ja
+-----END PGP SIGNATURE-----
diff --git a/python-Django.changes b/python-Django.changes
index b539a76..5b1646d 100644
--- a/python-Django.changes
+++ b/python-Django.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu May  6 08:54:41 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 3.2.2 (CVE-2021-32052)
+  + CVE-2021-32052: Header injection possibility since URLValidator
+    accepted newlines in input on Python 3.9.5+
+  + Prevented, following a regression in Django 3.2.1, makemigrations
+    from generating infinite migrations for a model with Meta.ordering
+    contained OrderBy expressions
+
 -------------------------------------------------------------------
 Wed May  5 17:25:18 UTC 2021 - Ben Greiner <code@bnavigator.de>
 
diff --git a/python-Django.spec b/python-Django.spec
index 9c803a0..21c1eb7 100644
--- a/python-Django.spec
+++ b/python-Django.spec
@@ -23,7 +23,7 @@
 %bcond_with memcached
 Name:           python-Django
 # We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
-Version:        3.2.1
+Version:        3.2.2
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause