rpm/python-Django
SHA256
1
0
Fork 0
forked from pool/python-Django
Code Pull Requests Activity

- update to 2.1.7 (CVE-2019-6975, bsc#1124991):

Browse Source 
* Corrected packaging error from 2.1.6
  * Memory exhaustion in django.utils.numberformat.format()
    If django.utils.numberformat.format() – used by contrib.admin as well
    as the the floatformat, filesizeformat, and intcomma templates
    filters – received a Decimal with a large number of digits or a
    large exponent, it could lead to significant memory usage
    due to a call to '{:f}'.format().
    To avoid this, decimals with more than 200 digits are now formatted
    using scientific notation.
  * Made the obj argument of InlineModelAdmin.has_add_permission() optional
    to restore backwards compatibility with third-party code that doesn’t
    provide it

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=20
This commit is contained in:
Thomas Bechtold 2019-02-12 09:33:11 +00:00 committed by Git OBS Bridge
parent 64adc52e6e
commit a2706e4981
6 changed files with 83 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Django-2.1.5.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3
size 8612384

62
Django-2.1.5.tar.gz.asc
View File

@ -1,62 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 2.1.5, released January 4, 2019.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the ID ``1E8ABDC773EDE252`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252
Once the key is imported, verify this file::
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/2.1/Django-2.1.5.tar.gz
https://www.djangoproject.com/m/releases/2.1/Django-2.1.5-py3-none-any.whl
MD5 checksums
=============
9309c48c8b92503b8969a7603a97e2a1 Django-2.1.5.tar.gz
90ac057753cff4d5b154ef4ca3d0e1e6 Django-2.1.5-py3-none-any.whl
SHA1 checksums
==============
67297b08e31b9f4562bb6813cc28b897fdcc49a5 Django-2.1.5.tar.gz
ea100ac61c5b6288bef71488e4f5b287f3b99478 Django-2.1.5-py3-none-any.whl
SHA256 checksums
================
d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3 Django-2.1.5.tar.gz
a32c22af23634e1d11425574dce756098e015a165be02e4690179889b207c7a8 Django-2.1.5-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENS9UlZg+ZfEFUeKFHoq9x3Pt4lIFAlwvY8cACgkQHoq9x3Pt
4lLGShAAnGQDupqHxDdseKMuewzIaSKIzJqjbHwHA6L+56GVsgi+d4MMKr9x89sg
HCP+5GCyUw0Tsm949FOY1lgcRnbhnhHW4YcwWbQgo05Qp0gGrNqMD1sP2l3uW82S
eKMtYD1+0QP/7YXqtILzIYKTaHpw7NXHCHEsI7tTAoeXhj2VUu2L7o2D47OOX+8G
B8nG8qTenCbCQUYRyuODKlal6OweEdkQZITFjWsVTmnh4idw91eymcrLCf7VPLq2
am+SdYZ6US8p9+vjoBodPKGFOnRJ7fc2f6vWuu3W4X7mA3Qkzzq/rLdNRuulm62X
LEiKiD5n8BQJXUK1dSgQz2t+aJR7VxUD7icpJA8AhrS0kJoBo5mcxO53JPK083CC
1AaC3PI6JUM7/ZTuLP40He2nQxZ0W9OAchxSRAbNqCcqtJSJalCD4HBRqYQQH3eI
OaKZmBnkGVjO/Yq92u/51TtT7aQuh3zm+u41C89hEnVOf5AGrEd6K4wGdTj4pFxj
81Vi+UKtYoRp7DsExXPLCFA0zfM7yVi6oN4OYWntwGqBFKy5kHI0kjiptHLgzhyS
zR2Vyc/ifSrN5FOeh/2AkfxqHY8vDEDCf/YQegZiO7mQUYm/wKHjtmgEQB64WeHx
TGZjZ1xKbZvPR7hSgQragmvvVAhkCYSwu2fTUxwJs1zEIpBSxFk=
=0YGP
-----END PGP SIGNATURE-----

3
Django-2.1.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963
size 8608548

62
Django-2.1.7.tar.gz.asc Normal file
View File

@ -0,0 +1,62 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django 2.1.7, released February 11, 2019.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
Once the key is imported, verify this file::
gpg --verify <<THIS FILENAME>>
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.
Release packages:
=================
https://www.djangoproject.com/m/releases/2.1/Django-2.1.7-py3-none-any.whl
https://www.djangoproject.com/m/releases/2.1/Django-2.1.7.tar.gz
MD5 checksums
=============
9b2efcc20342cb780630c02734553c1a Django-2.1.7-py3-none-any.whl
a042e6ba117d2e01950d842cceb5eee0 Django-2.1.7.tar.gz
SHA1 checksums
==============
e818497e0d08208acda63bc3a5afdb85858486b0 Django-2.1.7-py3-none-any.whl
e1529c46fd643346e6ff8c7f3ba57c398223201f Django-2.1.7.tar.gz
SHA256 checksums
================
275bec66fd2588dd517ada59b8bfb23d4a9abc5a362349139ddda3c7ff6f5ade Django-2.1.7-py3-none-any.whl
939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963 Django-2.1.7.tar.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAlxhj9UACgkQ4X31yCtP
nQCQMRAAwlhgDkKvJSYdJH4No5t6DwnSIvz845Zq7oEnkToTo32lZOoVgGgy1f+z
ze4bUMLqljxy6WFIL+K7QsvtCGwKcDKrP0Oi4YbPvAsQ01SplPKd66DvcIfhJMv7
vaIAb47tCSPRvfGrL9KFSvj1mzFl8WO2+UlUbiqIojkg83Xll1Wdv9Lx7mlF423N
5tpk1Mj3Pk8TLT5gk0ghcIYYgHsXK0eaBaGSNI+rBRPI5HDKj1VCf+c23I+PJRqh
KMzvf2NWHbu+h8Qa4MkTDT2NEBbQvennW6Wa8WgBOZjVQ9KpMjinS4s6s5nlDskd
FATIGDKNO48uWn3LDofKjv62EAeW5Nh6S2juHHarXPIv6W7LtPVGTS3X8xn2wXa0
Q5YyhOyFJGEG452tfm5eqrHb6uhUfXKQngDM/fqv6gh6+gv17/kdVDAfm6Y6EEZN
YR7lx5O94SkjQA5mLAx6+PkxWP5AbyMZY/CpakcMcR2H6xXytLcQKXjB1TRoXb9C
NGLjlSM5X40ETlQYqAOWqo7524Tpdot2fcalyBl36UwJcp3bP5GJXy90xvuxOzGQ
V0BfbdOAgFSj9oaa+y5JiHjHIY3wCCl0vVkmiY6HoJ3NBp040SDItuzt0PilXPFg
GTX9jTpGQXPjDNGQ2N3nAL27/J3XYlSaH1BrG4Cysb6oAbqPAiI=
=v5/g
-----END PGP SIGNATURE-----

17
python-Django.changes
View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Tue Feb 12 09:24:53 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
- update to 2.1.7 (CVE-2019-6975, bsc#1124991):
* Corrected packaging error from 2.1.6
* Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() used by contrib.admin as well
as the the floatformat, filesizeformat, and intcomma templates
filters received a Decimal with a large number of digits or a
large exponent, it could lead to significant memory usage
due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted
using scientific notation.
* Made the obj argument of InlineModelAdmin.has_add_permission() optional
to restore backwards compatibility with third-party code that doesnt
provide it
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 10 12:09:43 UTC 2019 - Thomas Bechtold <tbechtold@suse.com> Thu Jan 10 12:09:43 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>

2
python-Django.spec
View File

@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}} %{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1 %define skip_python2 1
Name: python-Django Name: python-Django
Version: 2.1.5 Version: 2.1.7
Release: 0 Release: 0
Summary: A high-level Python Web framework Summary: A high-level Python Web framework
License: BSD-3-Clause License: BSD-3-Clause