- Update to 2.2.4:

* CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
  * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
  * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
  * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
  * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=35

Django-2.2.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4d23f61b26892bac785f07401bc38cbf8fa4cec993f400e9cd9ddf28fd51c0ea
-size 8992109

Django-2.2.3.tar.gz.asc

@@ -1,63 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 2.2.3, released July 1, 2019.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring; this key has
-the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
-keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
-
-Once the key is imported, verify this file::
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.3.tar.gz
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.3-py3-none-any.whl
-
-MD5 checksums
-=============
-
-f152164e77d38460ee06c42c210d2f57  Django-2.2.3.tar.gz
-32c2feb280afee531389ec8fa38f49d8  Django-2.2.3-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-1d4eca8884b601e8e7dc06705b9644fb579c57f9  Django-2.2.3.tar.gz
-eeb00e26dfae7f98a6e188bae71ef243732e9dfe  Django-2.2.3-py3-none-any.whl
-
-SHA256 checksums
-================
-
-4d23f61b26892bac785f07401bc38cbf8fa4cec993f400e9cd9ddf28fd51c0ea  Django-2.2.3.tar.gz
-6e974d4b57e3b29e4882b244d40171d6a75202ab8d2402b8e8adbd182e25cf0c  Django-2.2.3-py3-none-any.whl
------BEGIN PGP SIGNATURE-----
-
-iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl0Zom4bHGZlbGlzaWFr
-Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bZyIP/RaqvtvbI0NmPideK4O1
-juNqk1Np5+3cCJ+xbL1jtenrGnvSC6VwR/nV08ES/PSjJzk2AXi2GPBT7rjunJJA
-iGnL9OR9TWAZqH2fMCywL2/EqTqcFJQPxLw5p3FrDfpijPn2G8zYh9F9TpXpnQIX
-bfjkLoDjAgS4zSYl8bst0XCCl7E3qU+USJDl93PG4GnSwXLupDpU6jCm0o/x9e5k
-sz8wjGsTijRUXRSvyOupMMtf7HiWTDGGUmKO9fXUup7SJXzLvndw9xTfBsj1K3C1
-rGXv4N2ZUBN88O61rcDJSp8fq6y6KhB0U+h6eC+vSZqIq+uKumF7cQW+qid/K7rj
-rLtxMKZHK5yBbdzteNXRuQAs0ujcv8hTKRC9H40gixAXJhvMAjZV+8vwWJuRGTDT
-OSJFJOPrvZIDtUybr0AkYwJ0EplOplJAB83Auh8DCeGlsBvlFk8vjSV0p+OxNblz
-jD4oltjIrs6wJEq5onN7MGBlrcX4ghfYFyEElq0KcfjOi/MH4vUDpP3d7oIc/DoZ
-Xq45tcRHmmp6MdAT0HOHoX2ovH9bEMuiqAs27692MRNtfc173tEhg4k37fCzftyH
-qcz0xFNfNZaM9AhG2089grStJwn2PnRHAUxBHcqnFMIaiw8J+yJkx/YMqKprv/5C
-KVqSZV56G5L0tdJMBq/AAkua
-=kD67
------END PGP SIGNATURE-----

Django-2.2.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:16a5d54411599780ac9dfe3b9b38f90f785c51259a584e0b24b6f14a7f69aae8
+size 8856979

Django-2.2.4.tar.gz.asc

@@ -0,0 +1,62 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 2.2.4, released August 1, 2019.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring; this key has
+the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
+keyserver. For example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
+
+Once the key is imported, verify this file::
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.4-py3-none-any.whl
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.4.tar.gz
+
+MD5 checksums
+=============
+
+0b4efcaafec4ef999513c9f40c7e3746  Django-2.2.4-py3-none-any.whl
+b32e396c354880742d85a7628a0bdd5a  Django-2.2.4.tar.gz
+
+SHA1 checksums
+==============
+
+f5eff14c130be27ff49d89f39f30f70002e94d27  Django-2.2.4-py3-none-any.whl
+42640e8381bbf041bb2e09400251cd53694902a8  Django-2.2.4.tar.gz
+
+SHA256 checksums
+================
+
+9a2f98211ab474c710fcdad29c82f30fc14ce9917c7a70c3682162a624de4035  Django-2.2.4-py3-none-any.whl
+16a5d54411599780ac9dfe3b9b38f90f785c51259a584e0b24b6f14a7f69aae8  Django-2.2.4.tar.gz
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl1CqZEACgkQ4X31yCtP
+nQCKrhAAtdZSJgEpW4ccbQGdnZuepm6E8FkE0YSopFH6OjJqxZXlVHxJm5hXua4A
+Wnp2tKMzcd6SAwbPijgkCAHb9TglcQOjEnFvG5NA3bHNsGoZ7JvUckyTa8TKKCHd
+nml+tUTn2a3ShKDjMYUi0l/+4JDfr2p6v5CIjfSlTsjHrm3CM5gOoGAEWz9+W8VS
+Q/MG7v0DIfX6RLRKYzuFlxtVJgp4tTAjpiNsdK++h1/ojh+zezVJO8ujr1ETVDFw
+1EmL9fIAhwX5+/XZFH0F7Oj7uj8LZKkfx0EJOy9UoTJvjlUcgQ5GdylgVlVdix1B
+Bxk6Wh+CoNNlELaC/0xK4LQuLnBnOBzLiOBE3dKi333xgDEQKK5q6UB3O+gTsdjk
+oXb3a7A1htY1Y32deK/U/RVA3+B6icUqtAoVjQFoU+9SyIr95gCMz96PL16IqyqL
+ABsD8eogXFjzT9VlzL9gbHUat6Pen1pzEdmu3OMOHH+RvF2u26m7HXRViN9xKUZn
+Vxr6Y/1KXsXGgpEq6Vl7On9LDypRX/BFlC/rqhMs7T/ddOlI91DbY8zZbo34PMiv
+phXYhsntfIY8Brz15HkzuWJjBvjSH+ojyNzuL3uNcdx5MZM+m27/rW6yxKYulhVO
+aQ8SobUnF4Smi406dpYm3YQisosvz9NZTLLZwbe2+DKTYntTwM8=
+=yvdd
+-----END PGP SIGNATURE-----

python-Django.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Aug  1 11:13:37 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Update to 2.2.4:
+  * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
+  * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
+  * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
+  * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
+  * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).
+
 -------------------------------------------------------------------
 Thu Jul 18 17:21:59 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
 

python-Django.spec

@@ -23,7 +23,7 @@
 %define skip_python2 1
 Name:           python-Django
 # We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc
-Version:        2.2.3
+Version:        2.2.4
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause