From 9f6f318436d45306960c78b125acaaa58dc97877f0600b7831924a9b7fe9a2c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20S=C3=BAkup?= Date: Tue, 4 Feb 2020 09:59:22 +0000 Subject: [PATCH] - add sqlite330.patch - fix sqlite 3.30 support OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=52 --- Django-2.2.10.tar.gz | 3 ++ Django-2.2.10.tar.gz.asc | 62 ++++++++++++++++++++++++++++++++ Django-2.2.9.tar.gz | 3 -- Django-2.2.9.tar.gz.asc | 63 --------------------------------- python-Django.changes | 10 +++++- python-Django.spec | 4 +-- pyyaml53.patch | 76 ---------------------------------------- 7 files changed, 75 insertions(+), 146 deletions(-) create mode 100644 Django-2.2.10.tar.gz create mode 100644 Django-2.2.10.tar.gz.asc delete mode 100644 Django-2.2.9.tar.gz delete mode 100644 Django-2.2.9.tar.gz.asc delete mode 100644 pyyaml53.patch diff --git a/Django-2.2.10.tar.gz b/Django-2.2.10.tar.gz new file mode 100644 index 0000000..fe41108 --- /dev/null +++ b/Django-2.2.10.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1226168be1b1c7efd0e66ee79b0e0b58b2caa7ed87717909cd8a57bb13a7079a +size 8865888 diff --git a/Django-2.2.10.tar.gz.asc b/Django-2.2.10.tar.gz.asc new file mode 100644 index 0000000..2004f4e --- /dev/null +++ b/Django-2.2.10.tar.gz.asc @@ -0,0 +1,62 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 2.2.10, released February 3, 2020. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring; this key has +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT +keyserver. For example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 + +Once the key is imported, verify this file:: + + gpg --verify <> + +Once you have verified this file, you can use normal MD5, SHA1, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages: +================= + +https://www.djangoproject.com/m/releases/2.2/Django-2.2.10-py3-none-any.whl +https://www.djangoproject.com/m/releases/2.2/Django-2.2.10.tar.gz + +MD5 checksums +============= + +d24676ee3a4e112abc46f5363a608cd6 Django-2.2.10-py3-none-any.whl +10f192f8565ab137aea2dda4a4cb3d26 Django-2.2.10.tar.gz + +SHA1 checksums +============== + +084cdc5c5e2041b0d202cd9cfc2d272f978a244b Django-2.2.10-py3-none-any.whl +86b0f5160b52cc4330d17cd69090f7f240c9fb47 Django-2.2.10.tar.gz + +SHA256 checksums +================ + +9a4635813e2d498a3c01b10c701fe4a515d76dd290aaa792ccb65ca4ccb6b038 Django-2.2.10-py3-none-any.whl +1226168be1b1c7efd0e66ee79b0e0b58b2caa7ed87717909cd8a57bb13a7079a Django-2.2.10.tar.gz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl432l4ACgkQ4X31yCtP +nQDn1BAAn6zw5gnrDYDq1l3EOu5msL93pTt4vlRQP398taGwmytUdlpiDBtzRwUC +wDRqOIwAoExhoxRbg5vn4oYkb+V5mYBr3ExWQpDvVRS3j4Pt+sldOUUF66JpfUEV +iyo982VN0x91Ddx1Q+KGiEd3i+p5w2VFMDh+FDM+ySBzv86t0g0errCxb6+9Je4P +MxtLgVzeGhAigoiQzJcGjr3uYxOZSNwNuxYiw/3vHpi8KmET3Bst+zLhYtr3LiAz +3+K1qWek/Wwbv/Ycj4S+6TaVjaUkeNN3LlU7JCS8HFh2FkqmBGkmw5lZKM8RO9BK +hIu8ZK8c5gzJ2I/Ez9bU1aAE2GFXBKMdvixmDMJ7NrMGATjrGOhI3mfGkG01QDKq +jcLK89d/faeb2qsNRaSFlroI4F4tEVPkvehKAeazByynpZZ30kSmr2PMQwJezAK8 +LSjOfGSpF4cQJe4d/oyQm+JfqZA0NTby+6JjFgN1Ar0DjouXsUa96m5iQgwBbNwJ +x6NqRk9fWyC73nr+MyQ2h+WaWwsW5sT2T6V6ZVaNLu3jdt9ijfhjKTsrvEIhe+Ri +7sMz57PBaSNETZgwT86aLvDE6BMP5FjJ4MKB5MGFK3q3FHTtsogj5a3WZ1lyWyt0 +WiWQzCjdIyQnrmSOLTXV6EdlThziXZor81ilDiFcMeIUr/HF8tk= +=IWbV +-----END PGP SIGNATURE----- diff --git a/Django-2.2.9.tar.gz b/Django-2.2.9.tar.gz deleted file mode 100644 index 6a1367c..0000000 --- a/Django-2.2.9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:662a1ff78792e3fd77f16f71b1f31149489434de4b62a74895bd5d6534e635a5 -size 9006404 diff --git a/Django-2.2.9.tar.gz.asc b/Django-2.2.9.tar.gz.asc deleted file mode 100644 index 26139b8..0000000 --- a/Django-2.2.9.tar.gz.asc +++ /dev/null @@ -1,63 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - -This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 2.2.9, released December 18, 2019. - -To use this file, you will need a working install of PGP or other -compatible public-key encryption software. You will also need to have -the Django release manager's public key in your keyring; this key has -the ID ``2EF56372BA48CD1B`` and can be imported from the MIT -keyserver. For example, if using the open-source GNU Privacy Guard -implementation of PGP: - - gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B - -Once the key is imported, verify this file:: - - gpg --verify <> - -Once you have verified this file, you can use normal MD5, SHA1, or SHA256 -checksumming applications to generate the checksums of the Django -package and compare them to the checksums listed below. - -Release packages: -================= - -https://www.djangoproject.com/m/releases/2.2/Django-2.2.9-py3-none-any.whl -https://www.djangoproject.com/m/releases/2.2/Django-2.2.9.tar.gz - -MD5 checksums -============= - -2bdad7b5e9a0012f916b14f68df8084b Django-2.2.9-py3-none-any.whl -a9a6555d166196e502b69715341f7ad4 Django-2.2.9.tar.gz - -SHA1 checksums -============== - -3257a5f8bf77896b6e883162282c256c59977aa4 Django-2.2.9-py3-none-any.whl -c5a1c4bec360b4e98e839fcf6088b8eb1599c1ed Django-2.2.9.tar.gz - -SHA256 checksums -================ - -687c37153486cf26c3fdcbdd177ef16de38dc3463f094b5f9c9955d91f277b14 Django-2.2.9-py3-none-any.whl -662a1ff78792e3fd77f16f71b1f31149489434de4b62a74895bd5d6534e635a5 Django-2.2.9.tar.gz ------BEGIN PGP SIGNATURE----- - -iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl3543QbHGZlbGlzaWFr -Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bzHsP/3EjnNZi5CZYQLLiay1P -4QIhHdl0Qqu5ocugQVngnBIu9/Lsn7QlCiQBE+M83HsUz03s6IEEIJ1t0wDpQFph -PGEe3YbUk8U5VK0aEuDrc1Shi+mYmFnvA0Cj9+6TeFj8jVqTZH1olqJ7OwWBahXr -6WPyU0R21VFjTAbgnw3iNT8sgnDm+pZBjXmmKScsXzDEcM6lnZd2ZcXg78cUKPPU -VC32noVdiCh3HZnCxo/9yWpqLYfbdcg0UW/4xsVs0sRj923lYdgDD8Iht4anot+3 -lKK6PUht50iBCpVdmlYG1mfI5FWIEXZy/RKFMA/wwwXHqT9A7v5O1M4thFvyUHbA -4926eGIZpU2RvPPCJDkReUmCQTqgmNdjFft8uLs4o10hiHp0vZKj+Zjm7rfSle8r -cRCeTirfI+MVSLEP2ZhbVvFBQ2kXjFH1vtdZZaTEriWDCTb+F44K8zjeGpz/Yb/X -PUfeT5++WPzGFxwaR1FNGL9gLUJLL656a8YeZdWWb//byMENdOoPMBazIGJ31k9S -0aPtOs4hqz1MWRmoc67Xf/T3wzmgZVlpFEBL8wyMFoIbtAqj/ZwUSQ0f8BdF4BRk -MwbkZ1PQoAGpiGJSUq6I1IFSp5mHf890AU50DkGmgOXNbjoOoGNRWO4NuEAiecA9 -+cpI6GRKyos9gsdiKyxObHqc -=hVIR ------END PGP SIGNATURE----- diff --git a/python-Django.changes b/python-Django.changes index 7ded6d2..31431be 100644 --- a/python-Django.changes +++ b/python-Django.changes @@ -1,5 +1,13 @@ ------------------------------------------------------------------- -Wed Jan 15 14:25:13 UTC 2020 - Ondřej Súkup +Tue Feb 4 09:42:08 UTC 2020 - Ondřej Súkup + +- update to 2.2.10 +- drop pyyaml53.patch + * fix boo#1161919 (CVE-2020 7471) Potential SQL injection via ``StringAgg(delimiter)`` + + +------------------------------------------------------------------- +Wed Jan 15 15:08:32 UTC 2020 - Ondřej Súkup - add pyyaml53.patch - fix tests with PyYAML 5.3 diff --git a/python-Django.spec b/python-Django.spec index 40f1dfc..8f801cc 100644 --- a/python-Django.spec +++ b/python-Django.spec @@ -23,7 +23,7 @@ %bcond_with memcached Name: python-Django # We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc -Version: 2.2.9 +Version: 2.2.10 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause @@ -35,7 +35,6 @@ Source99: python-Django-rpmlintrc Patch0: i18n_test.patch Patch1: test_clear_site_cache-sort.patch Patch2: fix-selenium-test.patch -Patch3: pyyaml53.patch BuildRequires: %{python_module Jinja2 >= 2.9.2} BuildRequires: %{python_module Pillow} BuildRequires: %{python_module PyYAML} @@ -101,7 +100,6 @@ echo "`grep -e '^[0-9a-f]\{64\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1- %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 chmod a-x django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js %build diff --git a/pyyaml53.patch b/pyyaml53.patch deleted file mode 100644 index f39da0d..0000000 --- a/pyyaml53.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 4a6824e450e15aeb3558ba80b1b314e33a6e7b0b Mon Sep 17 00:00:00 2001 -From: Mariusz Felisiak -Date: Tue, 7 Jan 2020 08:59:22 +0100 -Subject: [PATCH] Fixed timezones tests for PyYAML 5.3+. - ---- - tests/timezones/tests.py | 28 ++++++++++++++++++++++------ - 1 file changed, 22 insertions(+), 6 deletions(-) - -diff --git a/tests/timezones/tests.py b/tests/timezones/tests.py -index 67bac731f7b5..a211a43de0b4 100644 ---- a/tests/timezones/tests.py -+++ b/tests/timezones/tests.py -@@ -32,6 +32,12 @@ - AllDayEvent, Event, MaybeEvent, Session, SessionEvent, Timestamp, - ) - -+try: -+ import yaml -+ HAS_YAML = True -+except ImportError: -+ HAS_YAML = False -+ - # These tests use the EAT (Eastern Africa Time) and ICT (Indochina Time) - # who don't have Daylight Saving Time, so we can represent them easily - # with fixed offset timezones and use them directly as tzinfo in the -@@ -607,9 +613,10 @@ class SerializationTests(SimpleTestCase): - - # Backend-specific notes: - # - JSON supports only milliseconds, microseconds will be truncated. -- # - PyYAML dumps the UTC offset correctly for timezone-aware datetimes, -- # but when it loads this representation, it subtracts the offset and -- # returns a naive datetime object in UTC. See ticket #18867. -+ # - PyYAML dumps the UTC offset correctly for timezone-aware datetimes. -+ # When PyYAML < 5.3 loads this representation, it subtracts the offset -+ # and returns a naive datetime object in UTC. PyYAML 5.3+ loads timezones -+ # correctly. - # Tests are adapted to take these quirks into account. - - def assert_python_contains_datetime(self, objects, dt): -@@ -696,7 +703,10 @@ def test_aware_datetime_with_microsecond(self): - data = serializers.serialize('yaml', [Event(dt=dt)], default_flow_style=None) - self.assert_yaml_contains_datetime(data, "2011-09-01 17:20:30.405060+07:00") - obj = next(serializers.deserialize('yaml', data)).object -- self.assertEqual(obj.dt.replace(tzinfo=UTC), dt) -+ if HAS_YAML and yaml.__version__ < '5.3': -+ self.assertEqual(obj.dt.replace(tzinfo=UTC), dt) -+ else: -+ self.assertEqual(obj.dt, dt) - - def test_aware_datetime_in_utc(self): - dt = datetime.datetime(2011, 9, 1, 10, 20, 30, tzinfo=UTC) -@@ -744,7 +754,10 @@ def test_aware_datetime_in_local_timezone(self): - data = serializers.serialize('yaml', [Event(dt=dt)], default_flow_style=None) - self.assert_yaml_contains_datetime(data, "2011-09-01 13:20:30+03:00") - obj = next(serializers.deserialize('yaml', data)).object -- self.assertEqual(obj.dt.replace(tzinfo=UTC), dt) -+ if HAS_YAML and yaml.__version__ < '5.3': -+ self.assertEqual(obj.dt.replace(tzinfo=UTC), dt) -+ else: -+ self.assertEqual(obj.dt, dt) - - def test_aware_datetime_in_other_timezone(self): - dt = datetime.datetime(2011, 9, 1, 17, 20, 30, tzinfo=ICT) -@@ -768,7 +781,10 @@ def test_aware_datetime_in_other_timezone(self): - data = serializers.serialize('yaml', [Event(dt=dt)], default_flow_style=None) - self.assert_yaml_contains_datetime(data, "2011-09-01 17:20:30+07:00") - obj = next(serializers.deserialize('yaml', data)).object -- self.assertEqual(obj.dt.replace(tzinfo=UTC), dt) -+ if HAS_YAML and yaml.__version__ < '5.3': -+ self.assertEqual(obj.dt.replace(tzinfo=UTC), dt) -+ else: -+ self.assertEqual(obj.dt, dt) - - - @override_settings(DATETIME_FORMAT='c', TIME_ZONE='Africa/Nairobi', USE_L10N=False, USE_TZ=True)