diff --git a/Django-2.1.5.tar.gz b/Django-2.1.5.tar.gz deleted file mode 100644 index 040582f..0000000 --- a/Django-2.1.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3 -size 8612384 diff --git a/Django-2.1.5.tar.gz.asc b/Django-2.1.5.tar.gz.asc deleted file mode 100644 index cf52aad..0000000 --- a/Django-2.1.5.tar.gz.asc +++ /dev/null @@ -1,62 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - -This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 2.1.5, released January 4, 2019. - -To use this file, you will need a working install of PGP or other -compatible public-key encryption software. You will also need to have -the Django release manager's public key in your keyring; this key has -the ID ``1E8ABDC773EDE252`` and can be imported from the MIT -keyserver. For example, if using the open-source GNU Privacy Guard -implementation of PGP: - - gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252 - -Once the key is imported, verify this file:: - - gpg --verify <> - -Once you have verified this file, you can use normal MD5, SHA1, or SHA256 -checksumming applications to generate the checksums of the Django -package and compare them to the checksums listed below. - -Release packages: -================= - -https://www.djangoproject.com/m/releases/2.1/Django-2.1.5.tar.gz -https://www.djangoproject.com/m/releases/2.1/Django-2.1.5-py3-none-any.whl - -MD5 checksums -============= - -9309c48c8b92503b8969a7603a97e2a1 Django-2.1.5.tar.gz -90ac057753cff4d5b154ef4ca3d0e1e6 Django-2.1.5-py3-none-any.whl - -SHA1 checksums -============== - -67297b08e31b9f4562bb6813cc28b897fdcc49a5 Django-2.1.5.tar.gz -ea100ac61c5b6288bef71488e4f5b287f3b99478 Django-2.1.5-py3-none-any.whl - -SHA256 checksums -================ - -d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3 Django-2.1.5.tar.gz -a32c22af23634e1d11425574dce756098e015a165be02e4690179889b207c7a8 Django-2.1.5-py3-none-any.whl ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCAAdFiEENS9UlZg+ZfEFUeKFHoq9x3Pt4lIFAlwvY8cACgkQHoq9x3Pt -4lLGShAAnGQDupqHxDdseKMuewzIaSKIzJqjbHwHA6L+56GVsgi+d4MMKr9x89sg -HCP+5GCyUw0Tsm949FOY1lgcRnbhnhHW4YcwWbQgo05Qp0gGrNqMD1sP2l3uW82S -eKMtYD1+0QP/7YXqtILzIYKTaHpw7NXHCHEsI7tTAoeXhj2VUu2L7o2D47OOX+8G -B8nG8qTenCbCQUYRyuODKlal6OweEdkQZITFjWsVTmnh4idw91eymcrLCf7VPLq2 -am+SdYZ6US8p9+vjoBodPKGFOnRJ7fc2f6vWuu3W4X7mA3Qkzzq/rLdNRuulm62X -LEiKiD5n8BQJXUK1dSgQz2t+aJR7VxUD7icpJA8AhrS0kJoBo5mcxO53JPK083CC -1AaC3PI6JUM7/ZTuLP40He2nQxZ0W9OAchxSRAbNqCcqtJSJalCD4HBRqYQQH3eI -OaKZmBnkGVjO/Yq92u/51TtT7aQuh3zm+u41C89hEnVOf5AGrEd6K4wGdTj4pFxj -81Vi+UKtYoRp7DsExXPLCFA0zfM7yVi6oN4OYWntwGqBFKy5kHI0kjiptHLgzhyS -zR2Vyc/ifSrN5FOeh/2AkfxqHY8vDEDCf/YQegZiO7mQUYm/wKHjtmgEQB64WeHx -TGZjZ1xKbZvPR7hSgQragmvvVAhkCYSwu2fTUxwJs1zEIpBSxFk= -=0YGP ------END PGP SIGNATURE----- diff --git a/Django-2.1.7.tar.gz b/Django-2.1.7.tar.gz new file mode 100644 index 0000000..520d83d --- /dev/null +++ b/Django-2.1.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963 +size 8608548 diff --git a/Django-2.1.7.tar.gz.asc b/Django-2.1.7.tar.gz.asc new file mode 100644 index 0000000..2c1c658 --- /dev/null +++ b/Django-2.1.7.tar.gz.asc @@ -0,0 +1,62 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 2.1.7, released February 11, 2019. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring; this key has +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT +keyserver. For example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 + +Once the key is imported, verify this file:: + + gpg --verify <> + +Once you have verified this file, you can use normal MD5, SHA1, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages: +================= + +https://www.djangoproject.com/m/releases/2.1/Django-2.1.7-py3-none-any.whl +https://www.djangoproject.com/m/releases/2.1/Django-2.1.7.tar.gz + +MD5 checksums +============= + +9b2efcc20342cb780630c02734553c1a Django-2.1.7-py3-none-any.whl +a042e6ba117d2e01950d842cceb5eee0 Django-2.1.7.tar.gz + +SHA1 checksums +============== + +e818497e0d08208acda63bc3a5afdb85858486b0 Django-2.1.7-py3-none-any.whl +e1529c46fd643346e6ff8c7f3ba57c398223201f Django-2.1.7.tar.gz + +SHA256 checksums +================ + +275bec66fd2588dd517ada59b8bfb23d4a9abc5a362349139ddda3c7ff6f5ade Django-2.1.7-py3-none-any.whl +939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963 Django-2.1.7.tar.gz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAlxhj9UACgkQ4X31yCtP +nQCQMRAAwlhgDkKvJSYdJH4No5t6DwnSIvz845Zq7oEnkToTo32lZOoVgGgy1f+z +ze4bUMLqljxy6WFIL+K7QsvtCGwKcDKrP0Oi4YbPvAsQ01SplPKd66DvcIfhJMv7 +vaIAb47tCSPRvfGrL9KFSvj1mzFl8WO2+UlUbiqIojkg83Xll1Wdv9Lx7mlF423N +5tpk1Mj3Pk8TLT5gk0ghcIYYgHsXK0eaBaGSNI+rBRPI5HDKj1VCf+c23I+PJRqh +KMzvf2NWHbu+h8Qa4MkTDT2NEBbQvennW6Wa8WgBOZjVQ9KpMjinS4s6s5nlDskd +FATIGDKNO48uWn3LDofKjv62EAeW5Nh6S2juHHarXPIv6W7LtPVGTS3X8xn2wXa0 +Q5YyhOyFJGEG452tfm5eqrHb6uhUfXKQngDM/fqv6gh6+gv17/kdVDAfm6Y6EEZN +YR7lx5O94SkjQA5mLAx6+PkxWP5AbyMZY/CpakcMcR2H6xXytLcQKXjB1TRoXb9C +NGLjlSM5X40ETlQYqAOWqo7524Tpdot2fcalyBl36UwJcp3bP5GJXy90xvuxOzGQ +V0BfbdOAgFSj9oaa+y5JiHjHIY3wCCl0vVkmiY6HoJ3NBp040SDItuzt0PilXPFg +GTX9jTpGQXPjDNGQ2N3nAL27/J3XYlSaH1BrG4Cysb6oAbqPAiI= +=v5/g +-----END PGP SIGNATURE----- diff --git a/python-Django.changes b/python-Django.changes index a199808..8f27522 100644 --- a/python-Django.changes +++ b/python-Django.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Feb 12 09:24:53 UTC 2019 - Thomas Bechtold + +- update to 2.1.7 (CVE-2019-6975, bsc#1124991): + * Corrected packaging error from 2.1.6 + * Memory exhaustion in django.utils.numberformat.format() + If django.utils.numberformat.format() – used by contrib.admin as well + as the the floatformat, filesizeformat, and intcomma templates + filters – received a Decimal with a large number of digits or a + large exponent, it could lead to significant memory usage + due to a call to '{:f}'.format(). + To avoid this, decimals with more than 200 digits are now formatted + using scientific notation. + * Made the obj argument of InlineModelAdmin.has_add_permission() optional + to restore backwards compatibility with third-party code that doesn’t + provide it + ------------------------------------------------------------------- Thu Jan 10 12:09:43 UTC 2019 - Thomas Bechtold diff --git a/python-Django.spec b/python-Django.spec index 2d0ef14..e358def 100644 --- a/python-Django.spec +++ b/python-Django.spec @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-Django -Version: 2.1.5 +Version: 2.1.7 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause