From e6d42316c49336384240f62bc6a3cf2cbe90c38c747361cb503c94761d98c93f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 1 Aug 2019 11:30:44 +0000 Subject: [PATCH] - Update to 2.2.4: * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628). * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621). * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506). * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=35 --- Django-2.2.3.tar.gz | 3 -- Django-2.2.3.tar.gz.asc | 63 ----------------------------------------- Django-2.2.4.tar.gz | 3 ++ Django-2.2.4.tar.gz.asc | 62 ++++++++++++++++++++++++++++++++++++++++ python-Django.changes | 10 +++++++ python-Django.spec | 2 +- 6 files changed, 76 insertions(+), 67 deletions(-) delete mode 100644 Django-2.2.3.tar.gz delete mode 100644 Django-2.2.3.tar.gz.asc create mode 100644 Django-2.2.4.tar.gz create mode 100644 Django-2.2.4.tar.gz.asc diff --git a/Django-2.2.3.tar.gz b/Django-2.2.3.tar.gz deleted file mode 100644 index 5b2b524..0000000 --- a/Django-2.2.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d23f61b26892bac785f07401bc38cbf8fa4cec993f400e9cd9ddf28fd51c0ea -size 8992109 diff --git a/Django-2.2.3.tar.gz.asc b/Django-2.2.3.tar.gz.asc deleted file mode 100644 index 1bb6f7a..0000000 --- a/Django-2.2.3.tar.gz.asc +++ /dev/null @@ -1,63 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - -This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 2.2.3, released July 1, 2019. - -To use this file, you will need a working install of PGP or other -compatible public-key encryption software. You will also need to have -the Django release manager's public key in your keyring; this key has -the ID ``2EF56372BA48CD1B`` and can be imported from the MIT -keyserver. For example, if using the open-source GNU Privacy Guard -implementation of PGP: - - gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B - -Once the key is imported, verify this file:: - - gpg --verify <> - -Once you have verified this file, you can use normal MD5, SHA1, or SHA256 -checksumming applications to generate the checksums of the Django -package and compare them to the checksums listed below. - -Release packages: -================= - -https://www.djangoproject.com/m/releases/2.2/Django-2.2.3.tar.gz -https://www.djangoproject.com/m/releases/2.2/Django-2.2.3-py3-none-any.whl - -MD5 checksums -============= - -f152164e77d38460ee06c42c210d2f57 Django-2.2.3.tar.gz -32c2feb280afee531389ec8fa38f49d8 Django-2.2.3-py3-none-any.whl - -SHA1 checksums -============== - -1d4eca8884b601e8e7dc06705b9644fb579c57f9 Django-2.2.3.tar.gz -eeb00e26dfae7f98a6e188bae71ef243732e9dfe Django-2.2.3-py3-none-any.whl - -SHA256 checksums -================ - -4d23f61b26892bac785f07401bc38cbf8fa4cec993f400e9cd9ddf28fd51c0ea Django-2.2.3.tar.gz -6e974d4b57e3b29e4882b244d40171d6a75202ab8d2402b8e8adbd182e25cf0c Django-2.2.3-py3-none-any.whl ------BEGIN PGP SIGNATURE----- - -iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl0Zom4bHGZlbGlzaWFr -Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bZyIP/RaqvtvbI0NmPideK4O1 -juNqk1Np5+3cCJ+xbL1jtenrGnvSC6VwR/nV08ES/PSjJzk2AXi2GPBT7rjunJJA -iGnL9OR9TWAZqH2fMCywL2/EqTqcFJQPxLw5p3FrDfpijPn2G8zYh9F9TpXpnQIX -bfjkLoDjAgS4zSYl8bst0XCCl7E3qU+USJDl93PG4GnSwXLupDpU6jCm0o/x9e5k -sz8wjGsTijRUXRSvyOupMMtf7HiWTDGGUmKO9fXUup7SJXzLvndw9xTfBsj1K3C1 -rGXv4N2ZUBN88O61rcDJSp8fq6y6KhB0U+h6eC+vSZqIq+uKumF7cQW+qid/K7rj -rLtxMKZHK5yBbdzteNXRuQAs0ujcv8hTKRC9H40gixAXJhvMAjZV+8vwWJuRGTDT -OSJFJOPrvZIDtUybr0AkYwJ0EplOplJAB83Auh8DCeGlsBvlFk8vjSV0p+OxNblz -jD4oltjIrs6wJEq5onN7MGBlrcX4ghfYFyEElq0KcfjOi/MH4vUDpP3d7oIc/DoZ -Xq45tcRHmmp6MdAT0HOHoX2ovH9bEMuiqAs27692MRNtfc173tEhg4k37fCzftyH -qcz0xFNfNZaM9AhG2089grStJwn2PnRHAUxBHcqnFMIaiw8J+yJkx/YMqKprv/5C -KVqSZV56G5L0tdJMBq/AAkua -=kD67 ------END PGP SIGNATURE----- diff --git a/Django-2.2.4.tar.gz b/Django-2.2.4.tar.gz new file mode 100644 index 0000000..4a3b5b2 --- /dev/null +++ b/Django-2.2.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:16a5d54411599780ac9dfe3b9b38f90f785c51259a584e0b24b6f14a7f69aae8 +size 8856979 diff --git a/Django-2.2.4.tar.gz.asc b/Django-2.2.4.tar.gz.asc new file mode 100644 index 0000000..2a97bbb --- /dev/null +++ b/Django-2.2.4.tar.gz.asc @@ -0,0 +1,62 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This file contains MD5, SHA1, and SHA256 checksums for the source-code +tarball and wheel files of Django 2.2.4, released August 1, 2019. + +To use this file, you will need a working install of PGP or other +compatible public-key encryption software. You will also need to have +the Django release manager's public key in your keyring; this key has +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT +keyserver. For example, if using the open-source GNU Privacy Guard +implementation of PGP: + + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 + +Once the key is imported, verify this file:: + + gpg --verify <> + +Once you have verified this file, you can use normal MD5, SHA1, or SHA256 +checksumming applications to generate the checksums of the Django +package and compare them to the checksums listed below. + +Release packages: +================= + +https://www.djangoproject.com/m/releases/2.2/Django-2.2.4-py3-none-any.whl +https://www.djangoproject.com/m/releases/2.2/Django-2.2.4.tar.gz + +MD5 checksums +============= + +0b4efcaafec4ef999513c9f40c7e3746 Django-2.2.4-py3-none-any.whl +b32e396c354880742d85a7628a0bdd5a Django-2.2.4.tar.gz + +SHA1 checksums +============== + +f5eff14c130be27ff49d89f39f30f70002e94d27 Django-2.2.4-py3-none-any.whl +42640e8381bbf041bb2e09400251cd53694902a8 Django-2.2.4.tar.gz + +SHA256 checksums +================ + +9a2f98211ab474c710fcdad29c82f30fc14ce9917c7a70c3682162a624de4035 Django-2.2.4-py3-none-any.whl +16a5d54411599780ac9dfe3b9b38f90f785c51259a584e0b24b6f14a7f69aae8 Django-2.2.4.tar.gz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl1CqZEACgkQ4X31yCtP +nQCKrhAAtdZSJgEpW4ccbQGdnZuepm6E8FkE0YSopFH6OjJqxZXlVHxJm5hXua4A +Wnp2tKMzcd6SAwbPijgkCAHb9TglcQOjEnFvG5NA3bHNsGoZ7JvUckyTa8TKKCHd +nml+tUTn2a3ShKDjMYUi0l/+4JDfr2p6v5CIjfSlTsjHrm3CM5gOoGAEWz9+W8VS +Q/MG7v0DIfX6RLRKYzuFlxtVJgp4tTAjpiNsdK++h1/ojh+zezVJO8ujr1ETVDFw +1EmL9fIAhwX5+/XZFH0F7Oj7uj8LZKkfx0EJOy9UoTJvjlUcgQ5GdylgVlVdix1B +Bxk6Wh+CoNNlELaC/0xK4LQuLnBnOBzLiOBE3dKi333xgDEQKK5q6UB3O+gTsdjk +oXb3a7A1htY1Y32deK/U/RVA3+B6icUqtAoVjQFoU+9SyIr95gCMz96PL16IqyqL +ABsD8eogXFjzT9VlzL9gbHUat6Pen1pzEdmu3OMOHH+RvF2u26m7HXRViN9xKUZn +Vxr6Y/1KXsXGgpEq6Vl7On9LDypRX/BFlC/rqhMs7T/ddOlI91DbY8zZbo34PMiv +phXYhsntfIY8Brz15HkzuWJjBvjSH+ojyNzuL3uNcdx5MZM+m27/rW6yxKYulhVO +aQ8SobUnF4Smi406dpYm3YQisosvz9NZTLLZwbe2+DKTYntTwM8= +=yvdd +-----END PGP SIGNATURE----- diff --git a/python-Django.changes b/python-Django.changes index 4c26ab5..d756bdb 100644 --- a/python-Django.changes +++ b/python-Django.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Aug 1 11:13:37 UTC 2019 - Tomáš Chvátal + +- Update to 2.2.4: + * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 + * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628). + * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621). + * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506). + * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647). + ------------------------------------------------------------------- Thu Jul 18 17:21:59 UTC 2019 - Tomáš Chvátal diff --git a/python-Django.spec b/python-Django.spec index 8e2ed34..e450e2e 100644 --- a/python-Django.spec +++ b/python-Django.spec @@ -23,7 +23,7 @@ %define skip_python2 1 Name: python-Django # We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc -Version: 2.2.3 +Version: 2.2.4 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause