Accepting request 897238 from devel:languages:python:django

OBS-URL: https://build.opensuse.org/request/show/897238
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=75

Django-3.2.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:13ac78dbfd189532cad8f383a27e58e18b3d33f80009ceb476d7fcbfc5dcebd8
-size 9798957

Django-3.2.3.tar.gz.asc

@@ -1,67 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 3.2.3, released May 13, 2021.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring. This key has
-the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
-keyserver, for example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
-
-or via the GitHub API:
-
-    curl https://github.com/felixxm.gpg | gpg --import -
-
-Once the key is imported, verify this file:
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/3.2/Django-3.2.3-py3-none-any.whl
-https://www.djangoproject.com/m/releases/3.2/Django-3.2.3.tar.gz
-
-MD5 checksums
-=============
-
-5a33b1123433c5df329de05d92148730  Django-3.2.3-py3-none-any.whl
-ec5fc12eabe33d0ccacc2f12ee43d1fe  Django-3.2.3.tar.gz
-
-SHA1 checksums
-==============
-
-4249f86c7aeffbdee61b23696d1e3adc19b3a2df  Django-3.2.3-py3-none-any.whl
-577af5cf8f756e2693ea0e7f7bb94e835e2ba7e3  Django-3.2.3.tar.gz
-
-SHA256 checksums
-================
-
-7e0a1393d18c16b503663752a8b6790880c5084412618990ce8a81cc908b4962  Django-3.2.3-py3-none-any.whl
-13ac78dbfd189532cad8f383a27e58e18b3d33f80009ceb476d7fcbfc5dcebd8  Django-3.2.3.tar.gz
------BEGIN PGP SIGNATURE-----
-
-iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAmCc0XYbHGZlbGlzaWFr
-Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bMhwP/0Qx4bpnWCwqksEPGVSR
-cKddgOfbhloXi1o7pr+EhZZB0K4+AYX3ffHG7gowanvmIR7s0RR7ojCM+f9BlSgc
-i8zbXcgCD74pqon8eo4VdCoTG3v4+6JTNLZxBze3bu7+invtKPMnI4oSSWEmwBkG
-kEXmQ6ymPflQVfAv6wMBlCji9ATK75XSyf6rknPjVYS99Uf92Es6SVUofY7sgVeW
-2ZjDeEh7z4XOgEoIxE4FE1SMnKZNYD5DwUR+HccGFmCTGNqlNOfaZIxHr2P1ifw/
-RpKQ9d9ucvQBOHJovvBtMTT9v3+gUJlrVoGIAswwRgs9fczr7ASJP2QP7koPXKcj
-Z0D6PtAXzf4nj9ltaiyXdKXNTIfCzEhrWGxnonNL2rhB/C6ZFrB4lnGFcs/aiYif
-C6JblHEDy9305WLQYBTHDQfdZZFAs7tfKyppm4b7y4xHPI0vnIf2g/QFD/71JN9q
-mwsM2rUh705ckTO640u+IJIR8FYeEN86CEm/rKwqbWUlkPI+f9dbdT/xrlqO0gUB
-L0VPH7g31OovSSiJ1UAGmdAc2sr5VhzLW/9FL5q2OtaWiqNaGHTsCjYviJfU6BI9
-Frf6jWHeDrIS9K574ECU68EFPfAA14rUAfDX4+cSjzwGewEiN3Yp/MyRFWHzcF7N
-GP5avhw1OHijJlD8h7IAVmA0
-=3wWa
------END PGP SIGNATURE-----

Django-3.2.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296
+size 9824343

Django-3.2.4.tar.gz.asc

@@ -0,0 +1,67 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 3.2.4, released June 2, 2021.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
+
+or via the GitHub API:
+
+    curl https://github.com/carltongibson.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/3.2/Django-3.2.4-py3-none-any.whl
+https://www.djangoproject.com/m/releases/3.2/Django-3.2.4.tar.gz
+
+MD5 checksums
+=============
+
+d2975d6084b5740de5838ccf7db3e823  Django-3.2.4-py3-none-any.whl
+2f30db9154efb8c9ed891781d29fae2a  Django-3.2.4.tar.gz
+
+SHA1 checksums
+==============
+
+a6a264af7bcc8906488f72d740022e006e0aeef8  Django-3.2.4-py3-none-any.whl
+7b0875627bfd044cbfd3c9dc4b87c653a3cbe2dc  Django-3.2.4.tar.gz
+
+SHA256 checksums
+================
+
+ea735cbbbb3b2fba6d4da4784a0043d84c67c92f1fdf15ad6db69900e792c10f  Django-3.2.4-py3-none-any.whl
+66c9d8db8cc6fe938a28b7887c1596e42d522e27618562517cc8929eb7e7f296  Django-3.2.4.tar.gz
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmC3RawbHGNhcmx0b24u
+Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50A8EsQAMabgJbrooZSgFkbW+eA
+ZG9scgSr4bLaFxlELTmfNCR7+9XgJ01Zp5XSd8sclyY2U+pS3ENo8k/BPJLxUCmN
+FbVgIJjy5KA+PoWZZtmmztlKqAL2mOGXmlzDjm8Y1U/LxaE1CgzgUOrWaD7zFWi6
+N6uCYdlA09O7D9Ea8cb//WEZi3DXkBYGgqMx8Xwe873+NUe42u4iFm/fG4VYz/Et
+F9wfixawD6N1LAUtU/RITZi8jYV7ucHuPa/GggV3jFAKeLSJLakrc2dU9FQKvYl1
+GpVS2r008O1TomyOVRgyyiOrigH5UjjjT9X7gfw788dTGLwDeqWEeCc3cLUC9WYv
+bsXdC4em/U04B069UB1ClECDTxykPnlY1oHpqhvpq6h5XJ0Ij9xGaRI0PGKhA/YG
+lVgYkn9pOaYijrf1aYB7QMzz2sgmn/D7yBYsZGpYxTAP1PRXOBmPbe8Ja6vJZHrm
+2n42qP5+0eejVmXqgzmQTBPFkFw31ypBQxEj9ivN8W8/LbnbeS4OCl9N/Qi3+LcS
+wj5MYfuqBW1DaDbYiGGwpyo19yHsiy4OmLDLN3VTHxYzhp5WdcPDir7bw0zIzvCH
+fsCkIsdDmYxLbb/c3jYQmjb363/6IUQ2z10MGIIcRbibBBPA3hjZNMfTFDs9D/pq
+dlF/xCthoQA1INDsebQ0Any/
+=gTYU
+-----END PGP SIGNATURE-----

python-Django.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed Jun  2 10:45:01 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571)
+  + CVE-2021-33203: Potential directory traversal via admindocs
+  + CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
+    since validators accepted leading zeros in IPv4 addresses
+  + Fixed a bug in Django 3.2 where a final catch-all view in the
+    admin didn’t respect the server-provided value of SCRIPT_NAME when
+    redirecting unauthenticated users to the login page
+  + Fixed a bug in Django 3.2 where a system check would crash on an
+    abstract model
+  + Prevented unnecessary initialization of unused caches following a
+    regression in Django 3.2
+  + Fixed a crash in Django 3.2 that could occur when running mod_wsgi
+    with the recommended settings while the Windows colorama library
+    was installed
+  + Fixed a bug in Django 3.2 that would trigger the auto-reloader for
+    template changes when directory paths were specified with strings
+  + Fixed a regression in Django 3.2 that caused a crash of
+    auto-reloader with AttributeError, e.g. inside a Conda environment
+  + Fixed a regression in Django 3.2 that caused a loss of precision
+    for operations with DecimalField on MySQL
+
 -------------------------------------------------------------------
 Mon May 17 07:37:47 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
 

python-Django.spec

@@ -23,7 +23,7 @@
 %bcond_with memcached
 Name:           python-Django
 # We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
-Version:        3.2.3
+Version:        3.2.4
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause