------------------------------------------------------------------- Wed Sep 24 08:30:00 UTC 2014 - aplanas@suse.com - Update to Django 1.7 * A new built-in database migration system. Notes on upgrading from South (a popular third*party application providing migration functionality) are also available. * A refactored concept of Django applications. Django applications are no longer tied to the existence of a models files, and can now specify both configuration data and code to be executed as Django starts up. * Improvements to the model Field API to support migrations and, in the future, to enable easy addition of composite-key support to Django's ORM. * Improvements for custom Manager and QuerySet classes, allowing reverse relationship traversal to specify the Manager to use, and creation of a Manager from a custom QuerySet class. * An extensible system check framework which can assist developers in detecting and diagnosing errors. Please refer to the release notes for all details and migration instructions: https://docs.djangoproject.com/en/1.7/releases/1.7/ - Added python-setuptools as a BuildRequires. - Fixed Source URL from Django Project site. - Reordered sources. - Fixed deduplication to avoid wrong mtimes in pyc files. ------------------------------------------------------------------- Thu Jul 31 16:55:11 UTC 2014 - dimstar@opensuse.org - Rename rpmlintrc to %{name}-rpmlintrc. Follow the packaging guidelines. ------------------------------------------------------------------- Wed Jun 11 12:34:45 UTC 2014 - mcihar@suse.cz - Update to version 1.6.5, sercurity and important changes: + Unexpected code execution using reverse() + Caching of anonymous pages could reveal CSRF token + MySQL typecasting + select_for_update() requires a transaction + Issue: Caches may incorrectly be allowed to store and serve private data + Issue: Malformed redirect URLs from user input not correctly validated ------------------------------------------------------------------- Fri Feb 14 09:32:07 UTC 2014 - speilicke@suse.com - Fix update-alternatives ------------------------------------------------------------------- Fri Feb 7 08:30:04 UTC 2014 - speilicke@suse.com - Update to version 1.6.2: + Prevented the base geometry object of a prepared geometry to be garbage collected, which could lead to crash Django (#21662). + Fixed a crash when executing the changepassword command when the user object representation contained non-ASCII characters (#21627). + The collectstatic command will raise an error rather than default to using the current working directory if STATIC_ROOT is not set. Combined with the --clear option, the previous behavior could wipe anything below the current working directory (#21581). + Fixed mail encoding on Python 3.3.3+ (#21093). + Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, the connection wasn’t in autocommit mode but Django pretended it was. + Fixed a regression in multiple-table inheritance exclude() queries (#21787). + Added missing items to django.utils.timezone.__all__ (#21880). + Fixed a field misalignment issue with select_related() and model inheritance (#21413). + Fixed join promotion for negated AND conditions (#21748). + Oracle database introspection now works with boolean and float fields (#19884). + Fixed an issue where lazy objects weren’t actually marked as safe when passed through mark_safe() and could end up being double-escaped (#21882). ------------------------------------------------------------------- Tue Feb 4 14:33:40 UTC 2014 - mcihar@suse.cz - Update to version 1.6.1: - Most bug fixes are minor; you can find a complete list in the Django 1.6.1 release notes. ------------------------------------------------------------------- Tue Nov 19 10:06:23 UTC 2013 - speilicke@suse.com - Update-alternatives also for bash-completion ------------------------------------------------------------------- Fri Nov 15 13:33:20 UTC 2013 - speilicke@suse.com - Only ghost /etc/alternatives on 12.3 or newer ------------------------------------------------------------------- Thu Nov 7 16:36:41 UTC 2013 - speilicke@suse.com - Require python-Pillow for image-related functionality - Package was renamed from python-django - Drop Django-1.2-completion-only-for-bash.patch: Useless ------------------------------------------------------------------- Tue Nov 5 03:27:13 UTC 2013 - alexandre@exatati.com.br - Update to version 1.6: - Please read the release notes https://docs.djangoproject.com/en/1.6/releases/1.6 - Removed Patch2 as it is no needed anymore: Django-1.4-CSRF_COOKIE_HTTPONLY-support.patch ------------------------------------------------------------------- Tue Sep 17 12:37:53 UTC 2013 - speilicke@suse.com - Update to version 1.5.4: + Fixed denial-of-service via large passwords - Changes from version 1.5.3: + Fixed directory traversal with ssi template tag ------------------------------------------------------------------- Wed Aug 14 05:49:54 UTC 2013 - alexandre@exatati.com.br - Update to 1.5.2: - Security release, please check release notes for details: https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued ------------------------------------------------------------------- Thu Mar 28 23:27:01 UTC 2013 - alexandre@exatati.com.br - Update to 1.5.1: - Memory leak fix, please read release announcement at https://www.djangoproject.com/weblog/2013/mar/28/django-151. ------------------------------------------------------------------- Tue Feb 26 19:49:02 UTC 2013 - alexandre@exatati.com.br - Update to 1.5: - Please read the release notes https://docs.djangoproject.com/en/1.5/releases/1.5 ------------------------------------------------------------------- Tue Dec 11 12:27:50 UTC 2012 - alexandre@exatati.com.br - Update to 1.4.3: - Security release: - Host header poisoning - Redirect poisoning - Please check release notes for details: https://www.djangoproject.com/weblog/2012/dec/10/security ------------------------------------------------------------------- Sat Oct 20 13:41:10 UTC 2012 - saschpe@suse.de - Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin ------------------------------------------------------------------- Wed Oct 17 22:51:36 UTC 2012 - alexandre@exatati.com.br - Update to 1.4.2: - Security release: - Host header poisoning - Please check release notes for details: https://www.djangoproject.com/weblog/2012/oct/17/security ------------------------------------------------------------------- Mon Jul 30 21:38:31 UTC 2012 - alexandre@exatati.com.br - Update to 1.4.1: - Security release: - Cross-site scripting in authentication views - Denial-of-service in image validation - Denial-of-service via get_image_dimensions() - Please check release notes for details: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued ------------------------------------------------------------------- Tue Jun 19 11:27:33 UTC 2012 - saschpe@suse.de - Add patch to support CSRF_COOKIE_HTTPONLY config ------------------------------------------------------------------- Fri Mar 23 18:39:40 UTC 2012 - alexandre@exatati.com.br - Update to 1.4: - Please read the release notes https://docs.djangoproject.com/en/dev/releases/1.4 - Removed Patch2, it was merged on upstream, ------------------------------------------------------------------- Thu Nov 24 12:30:40 UTC 2011 - saschpe@suse.de - Set license to SDPX style (BSD-3-Clause) - Package AUTHORS, LICENE and README files - No CFLAGS for noarch package - Drop runtime dependency on gettext-tools ------------------------------------------------------------------- Sat Sep 10 12:05:07 UTC 2011 - alexandre@exatati.com.br - Update to 1.3.1 to fix security issues, please read https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued. ------------------------------------------------------------------- Thu Mar 31 15:09:16 UTC 2011 - alexandre@exatati.com.br - Fix build on SLES_9. ------------------------------------------------------------------- Wed Mar 23 11:39:53 UTC 2011 - alexandre@exatati.com.br - Update to 1.3 final; - Refresh patch empty-ip-2.diff. ------------------------------------------------------------------- Fri Mar 18 03:45:45 UTC 2011 - alexandre@exatati.com.br - Update to 1.3-rc1; - Regenerated spec file with py2pack; - No more need to fix wrong line endings; - Refresh patch empty-ip-2.diff with -p0. ------------------------------------------------------------------- Thu Mar 3 09:32:52 UTC 2011 - saschpe@suse.de - Spec file cleanup: * Removed empty lines, package authors from description * Cleanup duplicates * Corrected wrong file endings * Added zero-length rpmlint filter - Added AUTHORS, LICENSE and doc files ------------------------------------------------------------------- Wed Feb 9 03:37:29 UTC 2011 - alexandre@exatati.com.br - Update to 1.2.5: - This is a security update that fix: - Flaw in CSRF handling; - Potential XSS in file field rendering. ------------------------------------------------------------------- Thu Dec 23 10:20:03 UTC 2010 - alexandre@exatati.com.br - Update to 1.2.4: - Information leakage in Django administrative interface; - Denial-of-service attack in password-reset mechanism. - This is a mandatory security update. ------------------------------------------------------------------- Sat Sep 11 11:46:41 UTC 2010 - alexandre@exatati.com.br - Update to 1.2.3: - The patch applied for the security issue covered in Django 1.2.2 caused issues with non-ASCII responses using CSRF tokens. This has been remedied; - The patch also caused issues with some forms, most notably the user-editing forms in the Django administrative interface. This has been remedied. - The packaging manifest did not contain the full list of required files. This has been remedied. ------------------------------------------------------------------- Thu Sep 9 01:06:43 UTC 2010 - alexandre@exatati.com.br - Update to 1.2.2. - This is a ciritical security update fixing a default XSS bug! ------------------------------------------------------------------- Fri Jul 9 11:27:26 UTC 2010 - jfunk@funktronics.ca - Added patch to fix upstream bug 5622: Empty ipaddress raises an error ------------------------------------------------------------------- Mon May 17 21:14:11 UTC 2010 - alexandre@exatati.com.br - Update to 1.2.1. ------------------------------------------------------------------- Mon May 17 18:35:20 UTC 2010 - alexandre@exatati.com.br - Update to 1.2. ------------------------------------------------------------------- Thu May 6 13:46:03 UTC 2010 - alexandre@exatati.com.br - Update to 1.2-rc-1. ------------------------------------------------------------------- Mon Apr 5 02:21:44 UTC 2010 - alexandre@exatati.com.br - Spec file cleaned with spec-cleaner; - Minor manual adjusts on spec file. ------------------------------------------------------------------- Thu Mar 18 17:47:12 UTC 2010 - alexandre@exatati.com.br - Moved autocomplete file path from /etc/profile.d to /etc/bash_completion.d. Then it works with konsole too. ------------------------------------------------------------------- Mon Mar 15 01:53:50 UTC 2010 - alexandre@exatati.com.br - Update to 1.2-beta-1; - Using -q option on prep section of spec file; - Using INSTALLED_FILES instead of declaring files; - Removed dummy changelog section of spec file; - Update completion bash patch. ------------------------------------------------------------------- Sun Oct 11 07:51:32 UTC 2009 - nix@opensuse.org - Update to 1.1.1 due to security issue described at http://www.djangoproject.com/weblog/2009/oct/09/security/ ------------------------------------------------------------------- Sat Oct 10 12:18:31 UTC 2009 - alexandre@exatati.com.br - Removed old tarball file (Django-1.1.tar.bz2). ------------------------------------------------------------------- Tue Aug 25 12:23:09 CEST 2009 - garloff@suse.de - Fix python version check. ------------------------------------------------------------------- Sat Aug 22 13:39:35 CEST 2009 - garloff@suse.de - Don't require python-sqlite2 for python >= 2.6. ------------------------------------------------------------------- Fri Aug 21 11:38:03 CEST 2009 - garloff@suse.de - Build as noarch on factory. ------------------------------------------------------------------- Wed Aug 19 17:40:46 CEST 2009 - poeml@suse.de - don't run bash completion on shells other than bash. Avoiding error messages produced at login when using other shells. ------------------------------------------------------------------- Fri Aug 14 18:05:42 UTC 2009 - alexandre@exatati.com.br - Added bash auto-complete to openSUSE. ------------------------------------------------------------------- Wed Jul 29 00:00:00 CEST 2009 - listuser@peternixon.net - update to version 1.1 - add python-django-rpmlintrc to quiet rpmlint complaints about -lang ------------------------------------------------------------------- Wed Jul 1 19:04:26 CEST 2009 - poeml@suse.de - add python-xml to the Requires (./manage.py syncdb crashes otherwise) ------------------------------------------------------------------- Sat Sep 13 00:00:00 UTC 2008 - listuser@peternixon.net - update to version 1.0 - Fix build on SLES9 ------------------------------------------------------------------- Thu Sep 4 10:40:58 CEST 2008 - crrodriguez@suse.de - update to version 1.0 final ------------------------------------------------------------------- Wed May 14 00:00:00 UTC 2008 - listuser@peternixon.net - update to version 0.96.2 ------------------------------------------------------------------- Thu Feb 21 00:00:00 UTC 2008 - jfunk@funktronics.ca - The way simplejson is included in this package is not useful to other packages. Removed from provides ------------------------------------------------------------------- Fri Oct 26 20:20:08 UTC 2007 - crrodriguez@suse.de - verion 0.96.1 fixes D.o.S attack in the i18n module ------------------------------------------------------------------- Fri Mar 23 00:00:00 UTC 2007 - crrodriguez@suse.de - update to version 0.96 see http://www.djangoproject.com/documentation/release_notes_0.96 for details - this package provides python-simplejson too.