rpm/python-Django
SHA256
1
0
Fork 0
forked from pool/python-Django
Code Pull Requests Activity

Accepting request 890932 from home:aplanas:branches:devel:languages:python:django

Browse Source 
- Update to 3.2.2 (CVE-2021-32052)

OBS-URL: https://build.opensuse.org/request/show/890932
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=82
This commit is contained in:
Alberto Planas 2021-05-07 08:11:13 +00:00 committed by Git OBS Bridge
parent bc6d5ae53b
commit 8622f84af6
6 changed files with 81 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Django-3.2.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd
size 9820723

67
Django-3.2.1.tar.gz.asc
View File

@ -1,67 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.2.1, released May 4, 2021.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
or via the GitHub API:
curl https://github.com/carltongibson.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.2/Django-3.2.1-py3-none-any.whl
https://www.djangoproject.com/m/releases/3.2/Django-3.2.1.tar.gz
MD5 checksums
=============
dd5ba0f289ab783e2359a078b569e054 Django-3.2.1-py3-none-any.whl
0ded0d3408c38f4a5cff2128f5a9c4ba Django-3.2.1.tar.gz
SHA1 checksums
==============
6ed6e36a7e5ebf37f0ff0efe2b03d81730fd4c1b Django-3.2.1-py3-none-any.whl
cd6f18967e13a6e67dbee4713116aab9cb348865 Django-3.2.1.tar.gz
SHA256 checksums
================
e2f73790c60188d3f94f08f644de249d956b3789161e7604509d128a13fb2fcc Django-3.2.1-py3-none-any.whl
95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd Django-3.2.1.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmCRCGkbHGNhcmx0b24u
Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50AEOAQALLp01Bu+1LOKrpd3kql
UhgZgD4buu3olr/qPnj6j9wCNyOV3zk/G7CmImY6WAIZdhI8Y8PoxJ3WeirzBsWt
yCdMItlDpjcjvW8BJUHAo80hjeBTETXzkaylJfCkjMdFP/EPmunxWdFr7cWoB32F
uGsPegBjZ3KWUIPsKxUMO81PBtGq0ir5Ht0hs/z/ni+DOUSZixSBNZo/cmECelwR
4ssPd+ixNc1qxUeBGGLzmmrZQF72iINiA4bmyQzVUIBZ/0H72ZyNvkITTH4x7Qab
UwYHJOXNhW+pQGjN7V4RPKUwfVfoauXbRYr/FvcqKfob3iSy4UH59GRZ3xxbt//1
Ox2U+IOiv0Ikck2UZcfQZdwpsTe0V36NONyrYsvnEcCdAy2BZ2zZu51N9vedIIxb
e+3OJNNvMsn+Rt1BhZZNVHPfVeqaYBqeV+ZrDUnfb9gChaxKCwCc/hoet/xP5FKw
2UgkXejevYvVNsaWXY8AN09rD26qruhadN2vx2O0nyiEoot3cC3ufGquBvjphs/I
L/1ftY1pRTR3KKLkKLPcfcQpeeuQjmZewhaGALJ/aeFwPC1Fzp/wJ73omfJpb+2y
PUr9GZBi5vGdgin+x2HjwP1ho00ZpoyIePVWxxC4GrPApmHW/M/GBmt6ns4kVJhL
uOfA7SNMCou79sy7Jy/dZwhs
=5lpt
-----END PGP SIGNATURE-----

3
Django-3.2.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d
size 9796920

67
Django-3.2.2.tar.gz.asc Normal file
View File

@ -0,0 +1,67 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 3.2.2, released May 6, 2021.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
or via the GitHub API:
curl https://github.com/felixxm.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/3.2/Django-3.2.2-py3-none-any.whl
https://www.djangoproject.com/m/releases/3.2/Django-3.2.2.tar.gz
MD5 checksums
=============
abd67e107427fb9b5f68863bf0b384d5 Django-3.2.2-py3-none-any.whl
43784c090a8805605e3d0b768cd21cb2 Django-3.2.2.tar.gz
SHA1 checksums
==============
d2edacc8e6e2a3eaa7a598a3c70761436157c56f Django-3.2.2-py3-none-any.whl
67932014e89b3388eb6df61619ce65ebe49cd620 Django-3.2.2.tar.gz
SHA256 checksums
================
18dd3145ddbd04bf189ff79b9954d08fda5171ea7b57bf705789fea766a07d50 Django-3.2.2-py3-none-any.whl
0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d Django-3.2.2.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAmCTlDMbHGZlbGlzaWFr
Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bpS4QAISsBwHgTdsgdtC/qJbM
kUvw3W2l00B0GBbm14W2jdwXBftn31V8zP6DcfTEKmBjkHlEvnfmd/IvHR+poFKR
q6Pz43+xNcT7r6UIgB5Qftd9KDQmUGKp7Be3FzZ3Q3+EwduMWGRReOjHLC25Ed+z
Wetdg2IsR/6FF2+fSgMuYSSWjQ83Y1Pb2t2EWyEhTwRnM5wYhY7ZrNwnNa3mZaIJ
/8tvCKQrqAZpjxyJT6wmvCNT1IZH6GwEJ5jAqFNQM89sxgNyi68gDiO11K3oFkxZ
Eyeo3i32FKKcHhqrGJnoC1mwuYIFbB2e2K347smcwrc670dVuj1IdQ5PFAQBdyXZ
6YCNznWXM1nZ6NovOXO2DiT2QpKb0olKsdlENeCLM9oqSrhP1YYlVeRRpzgg3GCh
J7RFnuileSEu2fl1kVofdsDa2/FFNn+3IJFgdEAXSI1ITwrMMMNFCkNh4h0JR/Cn
LJw7+LCYxm8qJeY+LzzW3bGjAXZs1eM1DfquvQKqE65hRr93LKXjFn4FHmUvIIeg
Ke1G4VPCmKD+vRo8uvE32lkevW81aycCujdn3ssQe4lP/QEOfZVEEKpMQ+wjt3JK
gD6Ogxgdd+ZRgzuycBv1ZDD6vdgX6onBoFYDxJEWDQ8ZKpRbZ03oZgT6cZCX1Zwm
5Z26wvw98synt63VvV5Pg2eC
=T6ja
-----END PGP SIGNATURE-----

10
python-Django.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Thu May 6 08:54:41 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Update to 3.2.2 (CVE-2021-32052)
+ CVE-2021-32052: Header injection possibility since URLValidator
accepted newlines in input on Python 3.9.5+
+ Prevented, following a regression in Django 3.2.1, makemigrations
from generating infinite migrations for a model with Meta.ordering
contained OrderBy expressions
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 5 17:25:18 UTC 2021 - Ben Greiner <code@bnavigator.de> Wed May 5 17:25:18 UTC 2021 - Ben Greiner <code@bnavigator.de>

2
python-Django.spec
View File

@ -23,7 +23,7 @@
%bcond_with memcached %bcond_with memcached
Name: python-Django Name: python-Django
# We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc # We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc
Version: 3.2.1 Version: 3.2.2
Release: 0 Release: 0
Summary: A high-level Python Web framework Summary: A high-level Python Web framework
License: BSD-3-Clause License: BSD-3-Clause