- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537):
* Fixed#29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets.
* Added CVE-2018-6188 to the security release archive.
* Post-release version bump.
* Updated translations from Transifex
* Added stub release notes for security releases.
* Fixed incorrect regex in re_path() example.
* Fixed#29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments.
* Fixed#29126 -- Doc'd the behavior of QuerySet.update_or_create() with manually specified pks.
* Used a CSS positioning in tutorial 6 that doesn't differ across browsers.
* Fixed typo in bulk_create() documentation.
* Fixed#29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
* Removed blank lines per isort 4.3.0.
* Added stub release notes for 2.0.3.
* Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
* Fixed#29172 -- Fixed crash with Window expression in a subquery.
* Fixed#29166 -- Fixed crash in When() expression with a list argument.
* Fixed#24270 -- Doc'd that django_bash_completion is only in the source distribution.
* Improved clarity of docs/topics/install.txt.
* Refs #29125 -- Made Q.deconstruct() omit 'query_utils' in the path and _connector='AND' since it's a default value.
* Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
* Bumped version for 2.0.3 release.
* Corrected doc'd type of some parameters from string to str.
* Fixed#29146 -- Readded ^ and $ inadvertently removed from re_path() examples.
* Fixed#29107 -- Doc'd that ModelForm doesn't actually inherit from Form.
* Switched test requirement to new psycopg2-binary package.
* Added backticks around obj argument in admin docs.
* Fixed typo in docs/topics/forms/media.txt.
* Fixed#29109 -- Fixed the admin time picker widget for the Thai locale.
* Fixed#29118 -- Fixed crash with QuerySet.order_by(Exists(...)).
OBS-URL: https://build.opensuse.org/request/show/588436
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=37
- update to 2.0.2 (bsc#1077714, CVE-2018-6188):
* Fixed#28883 -- Doc'd that the uuid URL path converter matches lowercase only letters.
* Fixed a GeoIP2 test failure with the latest GeoIP2 database.
* Added stub release notes for 2.0.1.
* Bumped version for 2.0.2 release.
* Fixed location of spatialite_source label.
* Fixed#28958 -- Fixed admin changelist crash when using a query expression in the page's ordering.
* Fixed#28231 -- Doc'd that QuerySet.bulk_create() casts objs to a list.
* Fixed#29032 -- Fixed an example of using expressions in QuerySet.values().
* Disambiguated "settings" in SpatiaLite note.
* Fixed typo in docs/topics/testing/advanced.txt.
* Post-release version bump.
* Refs #25604 -- Removed docs for makemigrations --exit.
* Fixed#29002 -- Corrected cached template loader docs about when it's automatically enabled.
* Fixed typo in TemplateCommand argument help text.
* Added stub release notes for 1.11.9.
* Fixed#28915 -- Prevented SQLite from truncating trailing zeros in the fractional part of DecimalField.
* Refs #29086 -- Doc'd how to detect bytestring mistakes.
* Fixed#28886 -- Updated prefix for example django.contrib.auth.urls URLs.
* Fixed#29081 -- Clarified comments in QuerySet.select_related() example.
* Refs #27985 -- Reallowed using __exact=None as an alias for __isnull=True if a custom lookup class with lookup_name != None is registered as the exact lookup.
* Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table.
* Removed 'development' word in contributing docs
* Fixed#29055 -- Doc'd that escapejs doesn't make template literals safe.
* Fixed#29016 -- Fixed incorrect foreign key nullification on related instance deletion.
* Fixed grammar in docs/releases/2.0.txt.
* Fixed#29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn't accept a request but a later one does.
* Fixed#28944 -- Fixed crash when chaining values()/values_list() after QuerySet.select_for_update(of=()).
* Fixed#29091 -- Fixed makemigrations crash if migrations directory doesn't have __init__.py.
* Fixed#28898 -- Corrected admin check to allow a OneToOneField in ModelAdmin.autocomplete_fields.
OBS-URL: https://build.opensuse.org/request/show/573722
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=36
- Fix update-alternatives
- Update to version 1.6.2:
+ Prevented the base geometry object of a prepared geometry to be garbage
collected, which could lead to crash Django (#21662).
+ Fixed a crash when executing the changepassword command when the user
object representation contained non-ASCII characters (#21627).
+ The collectstatic command will raise an error rather than default to
using the current working directory if STATIC_ROOT is not set. Combined
with the --clear option, the previous behavior could wipe anything
below the current working directory (#21581).
+ Fixed mail encoding on Python 3.3.3+ (#21093).
+ Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False,
the connection wasn’t in autocommit mode but Django pretended it was.
+ Fixed a regression in multiple-table inheritance exclude() queries (#21787).
+ Added missing items to django.utils.timezone.__all__ (#21880).
+ Fixed a field misalignment issue with select_related() and model inheritance (#21413).
+ Fixed join promotion for negated AND conditions (#21748).
+ Oracle database introspection now works with boolean and float fields (#19884).
+ Fixed an issue where lazy objects weren’t actually marked as safe when
passed through mark_safe() and could end up being double-escaped (#21882).
OBS-URL: https://build.opensuse.org/request/show/222292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Django?expand=0&rev=3
