- add sqlite330.patch - fix sqlite 3.30 support

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=52
2020-02-04 09:59:22 +00:00 · 2020-02-04 09:59:22 +00:00 · 9f6f318436
commit 9f6f318436
parent 7da22ed73a
7 changed files with 75 additions and 146 deletions
--- a/Django-2.2.10.tar.gz
+++ b/Django-2.2.10.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1226168be1b1c7efd0e66ee79b0e0b58b2caa7ed87717909cd8a57bb13a7079a
+size 8865888
--- a/Django-2.2.10.tar.gz.asc
+++ b/Django-2.2.10.tar.gz.asc
@ -0,0 +1,62 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 2.2.10, released February 3, 2020.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring; this key has
+the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
+keyserver. For example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
+
+Once the key is imported, verify this file::
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.10-py3-none-any.whl
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.10.tar.gz
+
+MD5 checksums
+=============
+
+d24676ee3a4e112abc46f5363a608cd6  Django-2.2.10-py3-none-any.whl
+10f192f8565ab137aea2dda4a4cb3d26  Django-2.2.10.tar.gz
+
+SHA1 checksums
+==============
+
+084cdc5c5e2041b0d202cd9cfc2d272f978a244b  Django-2.2.10-py3-none-any.whl
+86b0f5160b52cc4330d17cd69090f7f240c9fb47  Django-2.2.10.tar.gz
+
+SHA256 checksums
+================
+
+9a4635813e2d498a3c01b10c701fe4a515d76dd290aaa792ccb65ca4ccb6b038  Django-2.2.10-py3-none-any.whl
+1226168be1b1c7efd0e66ee79b0e0b58b2caa7ed87717909cd8a57bb13a7079a  Django-2.2.10.tar.gz
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl432l4ACgkQ4X31yCtP
+nQDn1BAAn6zw5gnrDYDq1l3EOu5msL93pTt4vlRQP398taGwmytUdlpiDBtzRwUC
+wDRqOIwAoExhoxRbg5vn4oYkb+V5mYBr3ExWQpDvVRS3j4Pt+sldOUUF66JpfUEV
+iyo982VN0x91Ddx1Q+KGiEd3i+p5w2VFMDh+FDM+ySBzv86t0g0errCxb6+9Je4P
+MxtLgVzeGhAigoiQzJcGjr3uYxOZSNwNuxYiw/3vHpi8KmET3Bst+zLhYtr3LiAz
+3+K1qWek/Wwbv/Ycj4S+6TaVjaUkeNN3LlU7JCS8HFh2FkqmBGkmw5lZKM8RO9BK
+hIu8ZK8c5gzJ2I/Ez9bU1aAE2GFXBKMdvixmDMJ7NrMGATjrGOhI3mfGkG01QDKq
+jcLK89d/faeb2qsNRaSFlroI4F4tEVPkvehKAeazByynpZZ30kSmr2PMQwJezAK8
+LSjOfGSpF4cQJe4d/oyQm+JfqZA0NTby+6JjFgN1Ar0DjouXsUa96m5iQgwBbNwJ
+x6NqRk9fWyC73nr+MyQ2h+WaWwsW5sT2T6V6ZVaNLu3jdt9ijfhjKTsrvEIhe+Ri
+7sMz57PBaSNETZgwT86aLvDE6BMP5FjJ4MKB5MGFK3q3FHTtsogj5a3WZ1lyWyt0
+WiWQzCjdIyQnrmSOLTXV6EdlThziXZor81ilDiFcMeIUr/HF8tk=
+=IWbV
+-----END PGP SIGNATURE-----
--- a/Django-2.2.9.tar.gz
+++ b/Django-2.2.9.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:662a1ff78792e3fd77f16f71b1f31149489434de4b62a74895bd5d6534e635a5
-size 9006404
--- a/Django-2.2.9.tar.gz.asc
+++ b/Django-2.2.9.tar.gz.asc
@ -1,63 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 2.2.9, released December 18, 2019.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring; this key has
-the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
-keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
-
-Once the key is imported, verify this file::
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.9-py3-none-any.whl
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.9.tar.gz
-
-MD5 checksums
-=============
-
-2bdad7b5e9a0012f916b14f68df8084b  Django-2.2.9-py3-none-any.whl
-a9a6555d166196e502b69715341f7ad4  Django-2.2.9.tar.gz
-
-SHA1 checksums
-==============
-
-3257a5f8bf77896b6e883162282c256c59977aa4  Django-2.2.9-py3-none-any.whl
-c5a1c4bec360b4e98e839fcf6088b8eb1599c1ed  Django-2.2.9.tar.gz
-
-SHA256 checksums
-================
-
-687c37153486cf26c3fdcbdd177ef16de38dc3463f094b5f9c9955d91f277b14  Django-2.2.9-py3-none-any.whl
-662a1ff78792e3fd77f16f71b1f31149489434de4b62a74895bd5d6534e635a5  Django-2.2.9.tar.gz
-----BEGIN PGP SIGNATURE-----
-
-iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl3543QbHGZlbGlzaWFr
-Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bzHsP/3EjnNZi5CZYQLLiay1P
-4QIhHdl0Qqu5ocugQVngnBIu9/Lsn7QlCiQBE+M83HsUz03s6IEEIJ1t0wDpQFph
-PGEe3YbUk8U5VK0aEuDrc1Shi+mYmFnvA0Cj9+6TeFj8jVqTZH1olqJ7OwWBahXr
-6WPyU0R21VFjTAbgnw3iNT8sgnDm+pZBjXmmKScsXzDEcM6lnZd2ZcXg78cUKPPU
-VC32noVdiCh3HZnCxo/9yWpqLYfbdcg0UW/4xsVs0sRj923lYdgDD8Iht4anot+3
-lKK6PUht50iBCpVdmlYG1mfI5FWIEXZy/RKFMA/wwwXHqT9A7v5O1M4thFvyUHbA
-4926eGIZpU2RvPPCJDkReUmCQTqgmNdjFft8uLs4o10hiHp0vZKj+Zjm7rfSle8r
-cRCeTirfI+MVSLEP2ZhbVvFBQ2kXjFH1vtdZZaTEriWDCTb+F44K8zjeGpz/Yb/X
-PUfeT5++WPzGFxwaR1FNGL9gLUJLL656a8YeZdWWb//byMENdOoPMBazIGJ31k9S
-0aPtOs4hqz1MWRmoc67Xf/T3wzmgZVlpFEBL8wyMFoIbtAqj/ZwUSQ0f8BdF4BRk
-MwbkZ1PQoAGpiGJSUq6I1IFSp5mHf890AU50DkGmgOXNbjoOoGNRWO4NuEAiecA9
-+cpI6GRKyos9gsdiKyxObHqc
-=hVIR
-----END PGP SIGNATURE-----
--- a/python-Django.changes
+++ b/python-Django.changes
@ -1,5 +1,13 @@
 -------------------------------------------------------------------
-Wed Jan 15 14:25:13 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+Tue Feb  4 09:42:08 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 2.2.10
+- drop pyyaml53.patch
+ * fix boo#1161919 (CVE-2020 7471) Potential SQL injection via ``StringAgg(delimiter)``
+
+
+-------------------------------------------------------------------
+Wed Jan 15 15:08:32 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>

 - add pyyaml53.patch - fix tests with PyYAML 5.3

--- a/python-Django.spec
+++ b/python-Django.spec
@ -23,7 +23,7 @@
 %bcond_with memcached
 Name:           python-Django
 # We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
-Version:        2.2.9
+Version:        2.2.10
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause
@ -35,7 +35,6 @@ Source99:       python-Django-rpmlintrc
 Patch0:         i18n_test.patch
 Patch1:         test_clear_site_cache-sort.patch
 Patch2:         fix-selenium-test.patch
-Patch3:         pyyaml53.patch
 BuildRequires:  %{python_module Jinja2 >= 2.9.2}
 BuildRequires:  %{python_module Pillow}
 BuildRequires:  %{python_module PyYAML}
@ -101,7 +100,6 @@ echo "`grep -e '^[0-9a-f]\{64\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 chmod a-x django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js

 %build
--- a/pyyaml53.patch
+++ b/pyyaml53.patch
@ -1,76 +0,0 @@
-From 4a6824e450e15aeb3558ba80b1b314e33a6e7b0b Mon Sep 17 00:00:00 2001
-From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
-Date: Tue, 7 Jan 2020 08:59:22 +0100
-Subject: [PATCH] Fixed timezones tests for PyYAML 5.3+.
-
---
- tests/timezones/tests.py | 28 ++++++++++++++++++++++------
- 1 file changed, 22 insertions(+), 6 deletions(-)
-
-diff --git a/tests/timezones/tests.py b/tests/timezones/tests.py
-index 67bac731f7b5..a211a43de0b4 100644
--- a/tests/timezones/tests.py
-+++ b/tests/timezones/tests.py
-@@ -32,6 +32,12 @@
-     AllDayEvent, Event, MaybeEvent, Session, SessionEvent, Timestamp,
- )
- 
-+try:
-+    import yaml
-+    HAS_YAML = True
-+except ImportError:
-+    HAS_YAML = False
-+
- # These tests use the EAT (Eastern Africa Time) and ICT (Indochina Time)
- # who don't have Daylight Saving Time, so we can represent them easily
- # with fixed offset timezones and use them directly as tzinfo in the
-@@ -607,9 +613,10 @@ class SerializationTests(SimpleTestCase):
- 
-     # Backend-specific notes:
-     # - JSON supports only milliseconds, microseconds will be truncated.
-    # - PyYAML dumps the UTC offset correctly for timezone-aware datetimes,
-    #   but when it loads this representation, it subtracts the offset and
-    #   returns a naive datetime object in UTC. See ticket #18867.
-+    # - PyYAML dumps the UTC offset correctly for timezone-aware datetimes.
-+    #   When PyYAML < 5.3 loads this representation, it subtracts the offset
-+    #   and returns a naive datetime object in UTC. PyYAML 5.3+ loads timezones
-+    #   correctly.
-     # Tests are adapted to take these quirks into account.
- 
-     def assert_python_contains_datetime(self, objects, dt):
-@@ -696,7 +703,10 @@ def test_aware_datetime_with_microsecond(self):
-             data = serializers.serialize('yaml', [Event(dt=dt)], default_flow_style=None)
-             self.assert_yaml_contains_datetime(data, "2011-09-01 17:20:30.405060+07:00")
-             obj = next(serializers.deserialize('yaml', data)).object
-            self.assertEqual(obj.dt.replace(tzinfo=UTC), dt)
-+            if HAS_YAML and yaml.__version__ < '5.3':
-+                self.assertEqual(obj.dt.replace(tzinfo=UTC), dt)
-+            else:
-+                self.assertEqual(obj.dt, dt)
- 
-     def test_aware_datetime_in_utc(self):
-         dt = datetime.datetime(2011, 9, 1, 10, 20, 30, tzinfo=UTC)
-@@ -744,7 +754,10 @@ def test_aware_datetime_in_local_timezone(self):
-             data = serializers.serialize('yaml', [Event(dt=dt)], default_flow_style=None)
-             self.assert_yaml_contains_datetime(data, "2011-09-01 13:20:30+03:00")
-             obj = next(serializers.deserialize('yaml', data)).object
-            self.assertEqual(obj.dt.replace(tzinfo=UTC), dt)
-+            if HAS_YAML and yaml.__version__ < '5.3':
-+                self.assertEqual(obj.dt.replace(tzinfo=UTC), dt)
-+            else:
-+                self.assertEqual(obj.dt, dt)
- 
-     def test_aware_datetime_in_other_timezone(self):
-         dt = datetime.datetime(2011, 9, 1, 17, 20, 30, tzinfo=ICT)
-@@ -768,7 +781,10 @@ def test_aware_datetime_in_other_timezone(self):
-             data = serializers.serialize('yaml', [Event(dt=dt)], default_flow_style=None)
-             self.assert_yaml_contains_datetime(data, "2011-09-01 17:20:30+07:00")
-             obj = next(serializers.deserialize('yaml', data)).object
-            self.assertEqual(obj.dt.replace(tzinfo=UTC), dt)
-+            if HAS_YAML and yaml.__version__ < '5.3':
-+                self.assertEqual(obj.dt.replace(tzinfo=UTC), dt)
-+            else:
-+                self.assertEqual(obj.dt, dt)
- 
- 
- @override_settings(DATETIME_FORMAT='c', TIME_ZONE='Africa/Nairobi', USE_L10N=False, USE_TZ=True)