Accepting request 527627 from devel:languages:python

1 OBS-URL: https://build.opensuse.org/request/show/527627 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=33
2017-09-25 11:54:05 +00:00 · 2017-09-25 11:54:05 +00:00 · fc1405057d
commit fc1405057d
parent eb4c061c74
6 changed files with 105 additions and 70 deletions
--- a/Django-1.11.4.tar.gz
+++ b/Django-1.11.4.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:abe86e67dda9897a1536a727ed57dbefb5a42b41943be3b116fe3edab4c07bb2
 size 7870752
--- a/Django-1.11.4.tar.gz.asc
+++ b/Django-1.11.4.tar.gz.asc
@ -1,63 +0,0 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 1.11.4, released August 1, 2017.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring; this key has
 the ID ``1E8ABDC773EDE252`` and can be imported from the MIT
 keyserver. For example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252
 Once the key is imported, verify this file::
    gpg --verify <<THIS FILENAME>>
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages:
 =================
 https://www.djangoproject.com/m/releases/1.11/Django-1.11.4-py2.py3-none-any.whl
 https://www.djangoproject.com/m/releases/1.11/Django-1.11.4.tar.gz
 MD5 checksums
 =============
 71cf96f790b1e729c8c1a95304971341  Django-1.11.4-py2.py3-none-any.whl
 c851d892cd5ad3a90808703c4f36e3fe  Django-1.11.4.tar.gz
 SHA1 checksums
 ==============
 fdd097a7bd8dc9bb065caedf3badd1d31ed3efcb  Django-1.11.4-py2.py3-none-any.whl
 2fd515ec779ab9bced0f96d92a22de9b726beadf  Django-1.11.4.tar.gz
 SHA256 checksums
 ================
 6fd30e05dc9af265f7d7d10cfb0efa013e6236db0853c9f47c74c585587c5a57  Django-1.11.4-py2.py3-none-any.whl
 abe86e67dda9897a1536a727ed57dbefb5a42b41943be3b116fe3edab4c07bb2  Django-1.11.4.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAEBCAAGBQJZgHIpAAoJEB6Kvcdz7eJSjIwP/1L0rFeilByW9gTv4tXJHQbM
 t+KGd6lfrNGzWOJDORAGbyBj7kO+jzeeLmH2ibqCq+wwIfvyeGDmkToEfK2O2V3g
 WXF1CTku1D6MvMAd+s94JzvlBKa4NxZrvZpP7rRem+PjjUyNH9RC0l0dffsH10sp
 A+5xeAv6nShdlOg7dcbE8iroiKoqqKezO4xkvpr1vAg9IaxZo4tdIfg5ZqOkdvI+
 Fy1iEoVYmeATgIvpDCzjcdxQZ1nlta88HRXqvr0TWsQT3bFNM8bm6C1CIoLHLXKQ
 THT7Gi3SAc5JUVijqwzScsXLMMb95EKYutXIn+p7hH2840zQ63V6hQV8T2GG6SMp
 usLz+h+TUxWOffS3Rt30Y3+Ofii6wC/cnYBY4WwuR9JqRIdWfPKJJ85mZBS3Mqy0
 DIvWrtAOWcQW25JDV5UWJmrgasg0xXvGOYblOnFAYdJ2VPJBr+N6YDond2xZ0MR5
 Wq8Y0NALeQAHndQaUSdMDPJyhw+bhW/bQgSbSWTGEyJcJxpywd7BtNrf5xBP1LWo
 l+2YnyEW25uOhR7UgpAgLjxTDaZUfFuUnWkGUd8xmxGxMPU+gTVMYFEkWweEFGZx
 jyaxb1QGypYmrJ5dFNbj98CP3r0aUzKRSHVazXinTOsh/jnhkrD/2tbkQpTn3wIf
 RspXvTG/kZn9uuHh5vdt
 =saI9
 -----END PGP SIGNATURE-----
--- a/Django-1.11.5.tar.gz
+++ b/Django-1.11.5.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1836878162dfdf865492bacfdff0321e4ee8f1e7d51d93192546000b54982b29
 size 7875054
--- a/Django-1.11.5.tar.gz.asc
+++ b/Django-1.11.5.tar.gz.asc
@ -0,0 +1,63 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 1.11.5, released September 5, 2017.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring; this key has
 the ID ``1E8ABDC773EDE252`` and can be imported from the MIT
 keyserver. For example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252
 Once the key is imported, verify this file::
    gpg --verify <<THIS FILENAME>>
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages:
 =================
 https://www.djangoproject.com/m/releases/1.11/Django-1.11.5-py2.py3-none-any.whl
 https://www.djangoproject.com/m/releases/1.11/Django-1.11.5.tar.gz
 MD5 checksums
 =============
 6380d5fb6ede4847dc186a09ccc7b538  Django-1.11.5-py2.py3-none-any.whl
 8cef0d42aabacbc414ec4fbbb6056f3c  Django-1.11.5.tar.gz
 SHA1 checksums
 ==============
 e0e7626da2a21c04b016757a6d4164d129f00d39  Django-1.11.5-py2.py3-none-any.whl
 c16f8090c2251ff03e041afda77264474777a2d7  Django-1.11.5.tar.gz
 SHA256 checksums
 ================
 89162f70a74aac62a53f975128faba6099a7ef2c9d8140a41ae9d6210bda05cd  Django-1.11.5-py2.py3-none-any.whl
 1836878162dfdf865492bacfdff0321e4ee8f1e7d51d93192546000b54982b29  Django-1.11.5.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAEBCAAGBQJZrr75AAoJEB6Kvcdz7eJSrRwQAI9OtHOn49wSz0e3p/Tw50Z0
 oJM6Lrub8QZu7SV7JoWqzVsm1Yd3xXpFWEk625Npn7oEQ31zJcCyMUhjsmd1zlGE
 iYkuVzqUfvlxzhdijkDL43DFZADb1L8BgSO0qGqYLq3OYMRYpynKa6C3syifRTqt
 qXCprPNF184cpd0pHhgGqSkxZAUuK5G92XgeISkATvnDKITW4IUfN8cA0/FOUHC6
 3nuEFRi/rV8tz8rE7WBDt3zE6VwcNH4gpy1nLAkhPEnok53KIljodwjnO4hSsNAe
 6cCD9r4TdXfZXlUAtKYxfV6Gyee8otE0tB3tjg6nfpuYRuvcH0rup2MhdEDXiwZJ
 OArDiz0YOkKBX3tMh9coWujwnsWVOt+MgUccBCwwmxQZWz+UbHzpdncVsG2Ot8tY
 VCorJybxO6AXsOxyGtJUhjhyYRpr9tUv64WAdgwe+I+Y7kzuyNatpb4slQCQvlzy
 FHbJ64ezsGz0c7GATcYL6TUO2nPsx8772xQi8vZD48Qaj6+bKkIY06cOjOCC029Q
 yNG4PAf1SC3v1pYlZkalcyEpzEdYxsm+uTMmfQK8ri1NerFE9BnEFpX6pEZdvyRT
 QogOfL67xScggiOT/6/zHqjRfSZm5F3vPBOujaX4oUhA+GVYZ1dfKZ+jLV2gSi5V
 lU+oNCp30YpaDSa6mdBY
 =Smso
 -----END PGP SIGNATURE-----
--- a/python-Django.changes
+++ b/python-Django.changes
@ -1,3 +1,36 @@
 -------------------------------------------------------------------
 Wed Sep 20 21:53:53 UTC 2017 - toddrme2178@gmail.com
 - update to version 1.11.5
  * CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page
  * Fixed GEOS version parsing if the version has a commit hash at the end (new
    in GEOS 3.6.2) (:ticket:`28441`).
  * Added compatibility for ``cx_Oracle`` 6 (:ticket:`28498`).
  * Fixed select widget rendering when option values are tuples (:ticket:`28502`).
  * Django 1.11 inadvertently changed the sequence and trigger naming scheme on
    Oracle. This causes errors on INSERTs for some tables if
    ``'use_returning_into': False`` is in the ``OPTIONS`` part of ``DATABASES``.
    The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
    requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
    upgrade script in :ticket:`28451` comment 8 to update sequence and trigger
    names to use the pre-1.11 naming scheme.
  * Added POST request support to ``LogoutView``, for equivalence with the
    function-based ``logout()`` view (:ticket:`28513`).
  * Omitted ``pages_per_range`` from ``BrinIndex.deconstruct()`` if it's ``None``
    (:ticket:`25809`).
  * Fixed a regression where ``SelectDateWidget`` localized the years in the
    select box (:ticket:`28530`).
  * Fixed a regression in 1.11.4 where ``runserver`` crashed with non-Unicode
    system encodings on Python 2 + Windows (:ticket:`28487`).
  * Fixed a regression in Django 1.10 where changes to a ``ManyToManyField``
    weren't logged in the admin change history (:ticket:`27998`) and prevented
    ``ManyToManyField`` initial data in model forms from being affected by
    subsequent model changes (:ticket:`28543`).
  * Fixed non-deterministic results or an ``AssertionError`` crash in some
    queries with multiple joins (:ticket:`26522`).
  * Fixed a regression in ``contrib.auth``'s ``login()`` and ``logout()`` views
    where they ignored positional arguments (:ticket:`28550`).
 -------------------------------------------------------------------
 Thu Aug 10 12:51:56 UTC 2017 - tbechtold@suse.com
@ -488,7 +521,7 @@ Wed Jan 27 15:25:25 UTC 2016 - aplanas@suse.com
 -------------------------------------------------------------------
 Wed Dec  2 15:14:05 UTC 2015 - aplanas@suse.com
- update to 1.9
+- update to 1.9 (CVE-2016-7401, CVE-2015-8213)
  * https://docs.djangoproject.com/en/1.9/releases/1.9/ 
  * Performing actions after a transaction commit
  * Password validation
--- a/python-Django.spec
+++ b/python-Django.spec
@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define oldpython python
 Name:           python-Django
-Version:        1.11.4
+Version:        1.11.5
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause
@ -79,9 +79,10 @@ echo "`grep -e '^[0-9a-f]\{64\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-
 %{python_expand install -D -m 0644 extras/django_bash_completion %{buildroot}%{_sysconfdir}/bash_completion.d/django_bash_completion-%{$python_bin_suffix}.sh
 pushd %{buildroot}%{$python_sitelib}
 chmod a-x django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js
 # Fix wrong-script-interpreter
-sed -i "s|#!/usr/bin/env python|#!%__$python|" django/bin/django-admin.py
+sed -i "s|^#!/usr/bin/env python$|#!%{__$python}|" django/bin/django-admin.py
-sed -i "s|#!/usr/bin/env python|#!%__$python|" django/conf/project_template/manage.py-tpl
+sed -i "s|^#!/usr/bin/env python$|#!%{__$python}|" django/conf/project_template/manage.py-tpl
 %fdupes .
 # Deduplicating files can generate a RPMLINT warning for pyc mtime
 $python -m compileall -d %{$python_sitelib} django/bin/
@ -92,6 +93,7 @@ $python -m compileall -d %{$python_sitelib} django/conf/locale/
 $python -O -m compileall -d %{$python_sitelib} django/conf/locale/
 $python -m compileall -d %{$python_sitelib} django/conf/locale/ru/
 $python -O -m compileall -d %{$python_sitelib} django/conf/locale/ru/
 %fdupes django/bin/
 popd
 }