rpm/python-Django
SHA256
1
0
Fork 0
forked from pool/python-Django
Code Pull Requests Activity
ac52a6d205
python-Django/python-Django.changes

352 lines
13 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Wed Jun 11 12:34:45 UTC 2014 - mcihar@suse.cz
- Update to version 1.6.5, sercurity and important changes:
+ Unexpected code execution using reverse()
+ Caching of anonymous pages could reveal CSRF token
+ MySQL typecasting
+ select_for_update() requires a transaction
+ Issue: Caches may incorrectly be allowed to store and serve private data
+ Issue: Malformed redirect URLs from user input not correctly validated
-------------------------------------------------------------------
Fri Feb 14 09:32:07 UTC 2014 - speilicke@suse.com
- Fix update-alternatives
-------------------------------------------------------------------
Fri Feb 7 08:30:04 UTC 2014 - speilicke@suse.com
- Update to version 1.6.2:
+ Prevented the base geometry object of a prepared geometry to be garbage
collected, which could lead to crash Django (#21662).
+ Fixed a crash when executing the changepassword command when the user
object representation contained non-ASCII characters (#21627).
+ The collectstatic command will raise an error rather than default to
using the current working directory if STATIC_ROOT is not set. Combined
with the --clear option, the previous behavior could wipe anything
below the current working directory (#21581).
+ Fixed mail encoding on Python 3.3.3+ (#21093).
+ Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False,
the connection wasnt in autocommit mode but Django pretended it was.
+ Fixed a regression in multiple-table inheritance exclude() queries (#21787).
+ Added missing items to django.utils.timezone.__all__ (#21880).
+ Fixed a field misalignment issue with select_related() and model inheritance (#21413).
+ Fixed join promotion for negated AND conditions (#21748).
+ Oracle database introspection now works with boolean and float fields (#19884).
+ Fixed an issue where lazy objects werent actually marked as safe when
passed through mark_safe() and could end up being double-escaped (#21882).
-------------------------------------------------------------------
Tue Feb 4 14:33:40 UTC 2014 - mcihar@suse.cz
- Update to version 1.6.1:
- Most bug fixes are minor; you can find a complete list in the Django 1.6.1
release notes.
-------------------------------------------------------------------
Tue Nov 19 10:06:23 UTC 2013 - speilicke@suse.com
- Update-alternatives also for bash-completion
-------------------------------------------------------------------
Fri Nov 15 13:33:20 UTC 2013 - speilicke@suse.com
- Only ghost /etc/alternatives on 12.3 or newer
-------------------------------------------------------------------
Thu Nov 7 16:36:41 UTC 2013 - speilicke@suse.com
- Require python-Pillow for image-related functionality
- Package was renamed from python-django
- Drop Django-1.2-completion-only-for-bash.patch: Useless
-------------------------------------------------------------------
Tue Nov 5 03:27:13 UTC 2013 - alexandre@exatati.com.br
- Update to version 1.6:
- Please read the release notes
https://docs.djangoproject.com/en/1.6/releases/1.6
- Removed Patch2 as it is no needed anymore:
Django-1.4-CSRF_COOKIE_HTTPONLY-support.patch
-------------------------------------------------------------------
Tue Sep 17 12:37:53 UTC 2013 - speilicke@suse.com
- Update to version 1.5.4:
+ Fixed denial-of-service via large passwords
- Changes from version 1.5.3:
+ Fixed directory traversal with ssi template tag
-------------------------------------------------------------------
Wed Aug 14 05:49:54 UTC 2013 - alexandre@exatati.com.br
- Update to 1.5.2:
- Security release, please check release notes for details:
https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
-------------------------------------------------------------------
Thu Mar 28 23:27:01 UTC 2013 - alexandre@exatati.com.br
- Update to 1.5.1:
- Memory leak fix, please read release announcement at
https://www.djangoproject.com/weblog/2013/mar/28/django-151.
-------------------------------------------------------------------
Tue Feb 26 19:49:02 UTC 2013 - alexandre@exatati.com.br
- Update to 1.5:
- Please read the release notes
https://docs.djangoproject.com/en/1.5/releases/1.5
-------------------------------------------------------------------
Tue Dec 11 12:27:50 UTC 2012 - alexandre@exatati.com.br
- Update to 1.4.3:
- Security release:
- Host header poisoning
- Redirect poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/dec/10/security
-------------------------------------------------------------------
Sat Oct 20 13:41:10 UTC 2012 - saschpe@suse.de
- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin
-------------------------------------------------------------------
Wed Oct 17 22:51:36 UTC 2012 - alexandre@exatati.com.br
- Update to 1.4.2:
- Security release:
- Host header poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security
-------------------------------------------------------------------
Mon Jul 30 21:38:31 UTC 2012 - alexandre@exatati.com.br
- Update to 1.4.1:
- Security release:
- Cross-site scripting in authentication views
- Denial-of-service in image validation
- Denial-of-service via get_image_dimensions()
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
-------------------------------------------------------------------
Tue Jun 19 11:27:33 UTC 2012 - saschpe@suse.de
- Add patch to support CSRF_COOKIE_HTTPONLY config
-------------------------------------------------------------------
Fri Mar 23 18:39:40 UTC 2012 - alexandre@exatati.com.br
- Update to 1.4:
- Please read the release notes
https://docs.djangoproject.com/en/dev/releases/1.4
- Removed Patch2, it was merged on upstream,
-------------------------------------------------------------------
Thu Nov 24 12:30:40 UTC 2011 - saschpe@suse.de
- Set license to SDPX style (BSD-3-Clause)
- Package AUTHORS, LICENE and README files
- No CFLAGS for noarch package
- Drop runtime dependency on gettext-tools
-------------------------------------------------------------------
Sat Sep 10 12:05:07 UTC 2011 - alexandre@exatati.com.br
- Update to 1.3.1 to fix security issues, please read
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued.
-------------------------------------------------------------------
Thu Mar 31 15:09:16 UTC 2011 - alexandre@exatati.com.br
- Fix build on SLES_9.
-------------------------------------------------------------------
Wed Mar 23 11:39:53 UTC 2011 - alexandre@exatati.com.br
- Update to 1.3 final;
- Refresh patch empty-ip-2.diff.
-------------------------------------------------------------------
Fri Mar 18 03:45:45 UTC 2011 - alexandre@exatati.com.br
- Update to 1.3-rc1;
- Regenerated spec file with py2pack;
- No more need to fix wrong line endings;
- Refresh patch empty-ip-2.diff with -p0.
-------------------------------------------------------------------
Thu Mar 3 09:32:52 UTC 2011 - saschpe@suse.de
- Spec file cleanup:
* Removed empty lines, package authors from description
* Cleanup duplicates
* Corrected wrong file endings
* Added zero-length rpmlint filter
- Added AUTHORS, LICENSE and doc files
-------------------------------------------------------------------
Wed Feb 9 03:37:29 UTC 2011 - alexandre@exatati.com.br
- Update to 1.2.5:
- This is a security update that fix:
- Flaw in CSRF handling;
- Potential XSS in file field rendering.
-------------------------------------------------------------------
Thu Dec 23 10:20:03 UTC 2010 - alexandre@exatati.com.br
- Update to 1.2.4:
- Information leakage in Django administrative interface;
- Denial-of-service attack in password-reset mechanism.
- This is a mandatory security update.
-------------------------------------------------------------------
Sat Sep 11 11:46:41 UTC 2010 - alexandre@exatati.com.br
- Update to 1.2.3:
- The patch applied for the security issue covered in Django
1.2.2 caused issues with non-ASCII responses using CSRF
tokens. This has been remedied;
- The patch also caused issues with some forms, most notably
the user-editing forms in the Django administrative interface.
This has been remedied.
- The packaging manifest did not contain the full list of
required files. This has been remedied.
-------------------------------------------------------------------
Thu Sep 9 01:06:43 UTC 2010 - alexandre@exatati.com.br
- Update to 1.2.2.
- This is a ciritical security update fixing a default XSS bug!
-------------------------------------------------------------------
Fri Jul 9 11:27:26 UTC 2010 - jfunk@funktronics.ca
- Added patch to fix upstream bug 5622: Empty ipaddress raises an error
-------------------------------------------------------------------
Mon May 17 21:14:11 UTC 2010 - alexandre@exatati.com.br
- Update to 1.2.1.
-------------------------------------------------------------------
Mon May 17 18:35:20 UTC 2010 - alexandre@exatati.com.br
- Update to 1.2.
-------------------------------------------------------------------
Thu May 6 13:46:03 UTC 2010 - alexandre@exatati.com.br
- Update to 1.2-rc-1.
-------------------------------------------------------------------
Mon Apr 5 02:21:44 UTC 2010 - alexandre@exatati.com.br
- Spec file cleaned with spec-cleaner;
- Minor manual adjusts on spec file.
-------------------------------------------------------------------
Thu Mar 18 17:47:12 UTC 2010 - alexandre@exatati.com.br
- Moved autocomplete file path from /etc/profile.d to
/etc/bash_completion.d. Then it works with konsole too.
-------------------------------------------------------------------
Mon Mar 15 01:53:50 UTC 2010 - alexandre@exatati.com.br
- Update to 1.2-beta-1;
- Using -q option on prep section of spec file;
- Using INSTALLED_FILES instead of declaring files;
- Removed dummy changelog section of spec file;
- Update completion bash patch.
-------------------------------------------------------------------
Sun Oct 11 07:51:32 UTC 2009 - nix@opensuse.org
- Update to 1.1.1 due to security issue described at
http://www.djangoproject.com/weblog/2009/oct/09/security/
-------------------------------------------------------------------
Sat Oct 10 12:18:31 UTC 2009 - alexandre@exatati.com.br
- Removed old tarball file (Django-1.1.tar.bz2).
-------------------------------------------------------------------
Tue Aug 25 12:23:09 CEST 2009 - garloff@suse.de
- Fix python version check.
-------------------------------------------------------------------
Sat Aug 22 13:39:35 CEST 2009 - garloff@suse.de
- Don't require python-sqlite2 for python >= 2.6.
-------------------------------------------------------------------
Fri Aug 21 11:38:03 CEST 2009 - garloff@suse.de
- Build as noarch on factory.
-------------------------------------------------------------------
Wed Aug 19 17:40:46 CEST 2009 - poeml@suse.de
- don't run bash completion on shells other than bash. Avoiding
error messages produced at login when using other shells.
-------------------------------------------------------------------
Fri Aug 14 18:05:42 UTC 2009 - alexandre@exatati.com.br
- Added bash auto-complete to openSUSE.
-------------------------------------------------------------------
Wed Jul 29 00:00:00 CEST 2009 - listuser@peternixon.net
- update to version 1.1
- add python-django-rpmlintrc to quiet rpmlint complaints about -lang
-------------------------------------------------------------------
Wed Jul 1 19:04:26 CEST 2009 - poeml@suse.de
- add python-xml to the Requires (./manage.py syncdb crashes
otherwise)
-------------------------------------------------------------------
Sat Sep 13 00:00:00 UTC 2008 - listuser@peternixon.net
- update to version 1.0
- Fix build on SLES9
-------------------------------------------------------------------
Thu Sep 4 10:40:58 CEST 2008 - crrodriguez@suse.de
- update to version 1.0 final
-------------------------------------------------------------------
Wed May 14 00:00:00 UTC 2008 - listuser@peternixon.net
- update to version 0.96.2
-------------------------------------------------------------------
Thu Feb 21 00:00:00 UTC 2008 - jfunk@funktronics.ca
- The way simplejson is included in this package is not useful to other
packages. Removed from provides
-------------------------------------------------------------------
Fri Oct 26 20:20:08 UTC 2007 - crrodriguez@suse.de
- verion 0.96.1 fixes D.o.S attack in the i18n module
-------------------------------------------------------------------
Fri Mar 23 00:00:00 UTC 2007 - crrodriguez@suse.de
- update to version 0.96
see http://www.djangoproject.com/documentation/release_notes_0.96 for details
- this package provides python-simplejson too.
View Git Blame Copy Permalink