diff --git a/Django-1.8.2.checksum.txt b/Django-1.8.2.checksum.txt deleted file mode 100644 index 3a22651..0000000 --- a/Django-1.8.2.checksum.txt +++ /dev/null @@ -1,63 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - -This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 1.8.2, released May 20, 2015. - -To use this file, you will need a working install of PGP or other -compatible public-key encryption software. You will also need to have -the Django release manager's public key in your keyring; this key has -the ID ``1E8ABDC773EDE252`` and can be imported from the MIT -keyserver. For example, if using the open-source GNU Privacy Guard -implementation of PGP: - - gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252 - -Once the key is imported, verify this file:: - - gpg --verify <> - -Once you have verified this file, you can use normal MD5, SHA2, or SHA256 -checksumming applications to generate the checksums of the Django -package and compare them to the checksums listed below. - -Release packages: -================= - -https://www.djangoproject.com/m/releases/1.8/Django-1.8.2.tar.gz -https://www.djangoproject.com/m/releases/1.8/Django-1.8.2-py2.py3-none-any.whl - -MD5 checksums: -============== - -ef4e1c047ec900ae321126b22c7659f2 Django-1.8.2-py2.py3-none-any.whl -ec4330cd275dd6ce64230feebcb449c4 Django-1.8.2.tar.gz - -SHA1 checksums: -=============== - -714b73c3f472dd527b5608d6dcc64a37a6cd2136 Django-1.8.2-py2.py3-none-any.whl -6a5cad0a7eb3a98d12654b447ea1bd0bb1bc6094 Django-1.8.2.tar.gz - -SHA256 checksums: -================= - -bd57d950778db81f55f89efcbcb905ee839a778ba790ae4308b8a316835eb7ce Django-1.8.2-py2.py3-none-any.whl -3bb60536b2fb2084612fc9486634295e7208790029081842524916b5a66d206f Django-1.8.2.tar.gz ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAEBCAAGBQJVXMntAAoJEB6Kvcdz7eJSzkwP/0WXUHbQpS0kGfOMbtyeG1J8 -d8Yq6xIODVv77i2J2USZnk8tELss1m81wA/N5nBlJF5KaWvBF3KAMHASihDT2y8x -i+d4cowFYNShSDTf+OeptnpV7QbFqyOFdjBAa4t6TXxGulOmArxgFM7oe+0DFwQ7 -I2HxOmh1LiworOgLlEAEepM166xcXRAPc1F6fc/CX3F515xyAauxkxatmL2h2ISn -PI/AVtKe4BMEM1Gnt6sPw3uKG0OjSTcXT5ux0ZMM1kcOZg0S5WHQe3eWhGEx5eiQ -hadLD5c32G3S8vQc9IfBQC2upv5DLSLwGgwIGhJCYlPpwWym9hzZBTZ5QNSUOck3 -RJV1IujYj+qSRVExDEaJXjmQ2dnVDZAWwzhRXV2D2aZJ3J9vT4dSK74gFnMIfd0F -Ot//e9AnFqF/Uzf1+AbxY4tJlCzO/Ds1VaOdVdfJ+lqEqU6AKMkOFSLbECvte106 -2UdmV3VhDFQ8DBxYqgdza84Tn0V3GYDROPvU23ExVMEXvf9Fuhrh2cfCAG/poi6y -uK7rTMbDDGEFeAfW88DM7gkUIAjWqRkoPTiJvlsmwEOQdKH60E/xDLSt4aZAHIcV -M7uD7mZPkv1T4ya0qNAsdAgmBqdySQiDeu4P7F0toffRAkrHym7ZNcXqCjEy8fhZ -xAKA5/Sc+mdo1eVyh2LU -=pJGa ------END PGP SIGNATURE----- diff --git a/Django-1.8.2.tar.gz b/Django-1.8.2.tar.gz deleted file mode 100644 index e53a6ba..0000000 --- a/Django-1.8.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3bb60536b2fb2084612fc9486634295e7208790029081842524916b5a66d206f -size 7275112 diff --git a/Django-1.8.3.tar.gz b/Django-1.8.3.tar.gz new file mode 100644 index 0000000..56dc6ec --- /dev/null +++ b/Django-1.8.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2bb654fcc05fd53017c88caf2bc38b5c5ea23c91f8ac7f0a28b290daf2305bba +size 7284327 diff --git a/Django-1.8.3.tar.gz.asc b/Django-1.8.3.tar.gz.asc new file mode 100644 index 0000000..d32679c --- /dev/null +++ b/Django-1.8.3.tar.gz.asc @@ -0,0 +1,63 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 1.8.3, released July 8, 2015. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring; this key has +the ID ``1E8ABDC773EDE252`` and can be imported from the MIT +keyserver. For example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252 + +Once the key is imported, verify this file:: + + gpg --verify <> + +Once you have verified this file, you can use normal MD5, SHA2, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages: +================= + +https://www.djangoproject.com/m/releases/1.8/Django-1.8.3.tar.gz +https://www.djangoproject.com/m/releases/1.8/Django-1.8.3-py2.py3-none-any.whl + +MD5 checksums: +============== + +a5d397c65a880228c58a443070cc18a8 Django-1.8.3-py2.py3-none-any.whl +31760322115c3ae51fbd8ac85c9ac428 Django-1.8.3.tar.gz + +SHA1 checksums: +=============== + +9efb71612ab8e4fd948c564bcd574afa29127d71 Django-1.8.3-py2.py3-none-any.whl +229dae14aa42169e2e2a6ecb1e00e75f0d57ed35 Django-1.8.3.tar.gz + +SHA256 checksums: +================= + +047d0f4c93262b33801049a2dcddaef09c29e741c03a947a3556ea4748eed2e2 Django-1.8.3-py2.py3-none-any.whl +2bb654fcc05fd53017c88caf2bc38b5c5ea23c91f8ac7f0a28b290daf2305bba Django-1.8.3.tar.gz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAEBCAAGBQJVnXs7AAoJEB6Kvcdz7eJSTFUQAJrkhj7RvqFoRpWw3rYhgjfO +75j8gNxXEZ0EhoiSObU6MEg1TYPmkbGmX9IZC2w7vSW03MrSwon1HrC+eC1fp8vQ +wWA5PKGkkJvXqnBltraFY/Az1WWQtxWB1MpKLgZJd9lyYuutLQTxN2W62nPhl9JR +HKSzhr1gsILGOua0U9nuTum7BH2T0WY/oqwPnKEKfFksQNa1d+HGZtRVOPo36kDl +s6iMUfXdNkS/7rNGhK83HZFbnz57Gdk1J1P+fSCL5aOHgU5wiWL27tL3Vy3g4NWe +OKBzzFf2vqKSlVS6KCsG1uRPQgb7agwGzbbBgkUOfDeOd6UTjoh9xLJhMjhq8atP +3Cmd0cDQsyitDkQhiZd4QH6sKb8RsvgWK3lH6+oYNH7UgjcZemT7vOJosNktJayk +dh7TvRf17jguUE+ZkfqM+yxDi/G1iAo9jBkm5ltnUPut20zE/Bw7j+YPJSPjoW7X +H8QEswM+WsrQ8MyVF2iHE0f5qPE/ms4ETcNNm7Bbjbs+LRNeinWezy1sJZWzGTXf +fV3MLnXtKw34962lLH4aiXqEqJumXX3chjxk+dVvD4B84+khEnnzwsqGdrs8H/Hk +9BZxDcMUvVUCwK8hRblI+b1aIj/unF5wP8AZ9zcCIHk1LSQylXp1If4T2vdjkEma +d8LtHNYKtgbEbkGyws2V +=vwa4 +-----END PGP SIGNATURE----- diff --git a/python-Django.changes b/python-Django.changes index f2701c0..d636824 100644 --- a/python-Django.changes +++ b/python-Django.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Jul 10 11:51:49 UTC 2015 - astieger@suse.com + +- add keyring and verify source signature + +------------------------------------------------------------------- +Fri Jul 10 10:03:54 UTC 2015 - dmueller@suse.com + +- update to 1.8.3: + * https://docs.djangoproject.com/en/1.8/releases/1.8.3/ + Various bugfixes/security fixes (CVE-2015-5145, bsc#937524) + ------------------------------------------------------------------- Tue May 26 08:26:56 UTC 2015 - dmueller@suse.com diff --git a/python-Django.keyring b/python-Django.keyring new file mode 100644 index 0000000..15683b2 --- /dev/null +++ b/python-Django.keyring @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFRnUJUBEACihdB7r9tfCvUe/f0AGNA2qlHs2vUheCqS5l3VA8H0O2x7kWIu +kYpVN3bI92Ab1ZGH+qii+Vriuc/EAVYxn5fSgp3qoxNlOsjTHAzdseWw/F2nnZST +4f3zI57VlqeWrBiPw0U7T6gJIofabm6zfvMcl4yLoJbhGsIzob5BEPAWKj1RQ/ZH +kRqKsdl/nYCnhqSuE/jcXghNhroRpUzkLvFaBwcmYdfKcDtAwq0rbfClGoB4xQhu +bI/tt9zN/mxwwCWO/Jujj7kmLEnsGN4PQ7QPl79TwIHjC2MRTrov6GzuZtseOtWb +Rr/r05sGnRSC0dDEKnGqOgNCfvSFBpkxK2Kg+RvYWjNcYMwJB9WweE/Fp/60dERt ++PzB6/AIH20AXiBQZsNjvx0v3MdvttDTWOwiIPBSxX+wTkK9RrKlKe2Xj616Wq2L +uUC9TasQWmAx7pUDjaMqjqOiE89W2+kJf/JMpLC1ajAUVYxnpRkj9V+7TMRPShKQ +b5lKAO+34Ec5jZ1/Q40b7JMDri/pB4H+9wCd+bEno8f1gB2b75e+8+b/I8QOLMBr +yVfJ3MHQD5rkZVk3UbzemECQRJwR841BQODQNeMYmAlvDrG8reh6aqxfByLqYfCW +juy4ayuCJy7lwLAztasn+UZZyRhkabYf51XY2E39ZNkcCt1Nd7k1LqZhLwARAQAB +tCFUaW0gR3JhaGFtIDx0aW1vZ3JhaGFtQGdtYWlsLmNvbT6JAj4EEwECACgFAlRn +UJUCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEB6Kvcdz7eJS +DQcP/jxC8RLAPrPma+fZ/ao9NFsVSA0CiWlGmSAZDfXrvoWy7cfSOyOyX3C3Q6eu +xO1BYXHY3Ea3xNRwz8qc4qlbVKjLFJMbONyNagjE69N0Jc0vbxRPloGZmIK1NLUN +KaEqD13G6uI3V2lDEGJ9YEp86c1zs/rlhpCxC9B/fLgIbXSLPwVTL5n3rdb5026R +DWDAWbTTMUkfN2Zbx27yj13Ej/Il3aDA21Kw9Mfez3y8fQ+FL++2LyALedXSmRJs +d43cFkqWnFZ5ioznFLvxe9v/u1RsEn7l6yMyuvlnnMHjlmasoAKTnwPkvKvMsJae +fnrj0hqok39Q/VwqBDNu6nIaQ1W2etPytrSBX59+aPvkn5pDpzbGIMLEOudHboIq ++vYc/R4QuIiUs9gvJcgxe6YIepdoxYHadexh8RUVfiJWBskZkIYEzXBnJZ6ZV42O +tYE+5sk/sYKckyJKT1wsDPFwLn2k7MJ/hMDz+GDiNZwaHnPK+O2C0gCKTXu3kaxS +RW7QfBqSyw9L9+oB8cNrmLDBUuqSDCIQGQJ5aGwHC+p7b9i6/F6D3li4CqI4aBUk +BFjZB1Z2a+7ZXAW621zAqzrKGifVzGu1MOCv71mwJhFtSGezU4MzFvy2TKJhb4Wd +P1N1zU7dJFAqQPKV3EmrDgjdW0AC07jO521LWm+IHumkKm7LuQINBFRnUJUBEADT +Wzk0B4/7BOvvJ5f+W7xNpoTr7V7D3j20GtxhzsRz1fm2DI2mNba6a+55RFMfZ5ty +TdqPrQeVHpBKcObk9g16yg9hkBB5D8qhkBPzHwgz0elpieK6rImcjd5Gb6XB/Vyu +y0j7+r8rPgdYEGuqNb7/5wYY/lvjv7ojqIL0LF1lAFDKjyzDriogrTA3DYLD2kBz +YVmB58ErX8OixrFx8fXEiEuMYN6cgI0T2rtPCVm7tddBgQD7UNzQ1iSL1n4RlqJN +qiBTsUnWyrsdcwTNA1tE+6Q3XEK13URH/7RYU3QOk9kJbB4QpwpEORnDzlyYlAjv +Pifw8muueCkv1PFwIBmfAXHjUXQELnMO79u1Ce/L7ZTFYC7OtEWoIEgg8RmwP4Ed +vAaVu3TvSS+I+U7xWpSNvUYJcSUDmUhvpUxXSbGAbwcritYYnYToJRUzSctqQuQq +j4/b2Ya1RYkseBXXCk5u9r2M/6cf+7KT7h4P1nI0HOO6tQ7oQ+60WyZqToM0fgBO +SkBfeEgQA2OFTNw2Yu8wt3clqjCtL8qobeAsFcR5YnfFvLni/+j2TJzyYJf2scYB +p/Nj7nApItON6YKP2HN7zHvm49LfsY22TulenHBn2/AXkVflnAIJME58MJ+iTj6X +27SvcqMjntOxVGM2mncVHy9pMUblo6P7IikwrLk8EQARAQABiQIlBBgBAgAPBQJU +Z1CVAhsMBQkSzAMAAAoJEB6Kvcdz7eJSP0EP/0AdUfOmfVJiejmvVmrydgjNrHQW +5I5FYhicPhyskWlZkhfNAKJGe04PjWnSwCzRD/U514Xj+0h1prxpYzh9kKzcdN3z +cDDipR8/fkIIaCuTP9hiV2d1iefpnLlfx09u8J1uuMyGQwYor0on0Ea1DKmzBNCE +UzLA/nBYMwFsLQN80GxeBc3D72DqrifGPn/8JSeDxl9Js4WzQG4PKNcEXnYDym5O +ICjsiNkzWXKmPIDnG7Mt207NpLZGQyJngsOTDQo9T7F6Jl/0rlN2axvUmAwd/ggH +8UPtHIegQPIPJJ1/NdGpA4/m9BMWe+bYbKZGjhxZ933+e5kB7IO4bG52yPkOmH2X +7Ovw6jgFm5obPcdqZfzlwTsuVnlXfzJIhwJVnAKcZextyfPIEF6nYw1dr16qZXGZ +hwGSoQOR1juH7msltHUmbolutdTcKwK1gwwu0rykxCF73Iq8owu/MugP4VIHJF/f +pCxVDEqaMTrw0sukw9jjeGHtpRoDZcbp2lWSJ26gKe+2gTXMc/swV7QjCyH+Y7gG +KYD2DNd/++1UR3heA2c+JrHITDpWQr5Ijdp9j+QsOqj2WXUHsIW3Wi0+x7z8eCQ8 +afObg5zrhyTM1KJmVx+Lu7wD5tZ9x2jFYzBa9cqzQuDSdVvFhPJVX3UE1o8xN/SR +wlQDP043a+4c/n+0 +=2V9b +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python-Django.spec b/python-Django.spec index 4239ac2..d96913d 100644 --- a/python-Django.spec +++ b/python-Django.spec @@ -17,14 +17,15 @@ Name: python-Django -Version: 1.8.2 +Version: 1.8.3 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause Group: Development/Languages/Python Url: http://www.djangoproject.com Source: https://www.djangoproject.com/m/releases/1.8/Django-%{version}.tar.gz -Source1: https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.txt +Source1: https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.txt#/Django-%{version}.tar.gz.asc +Source2: %{name}.keyring Source99: python-Django-rpmlintrc BuildRequires: fdupes BuildRequires: python-devel @@ -48,6 +49,12 @@ BuildArch: noarch Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. %prep +# The publisher doesn't sign the source tarball, but a signatures file containing multiple hashes. +# Verify hashes in that file against source tarball. +echo "`grep -e '^[0-9a-f]\{32\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-32` %{SOURCE0}" | md5sum -c +echo "`grep -e '^[0-9a-f]\{40\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-40` %{SOURCE0}" | sha1sum -c +echo "`grep -e '^[0-9a-f]\{64\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-64` %{SOURCE0}" | sha256sum -c + %setup -q -n Django-%{version} sed -i "s|\(django/bin/django-admin.py\)|\1-%{py_ver}|" setup.py mv django/bin/django-admin.py{,-%{py_ver}}