add bugzilla entries for the CVEs

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django4?expand=0&rev=7

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

Django-4.2.14.checksum.txt

@@ -0,0 +1,67 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 4.2.14, released July 9, 2024.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``2EE82A8D9470983E`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
+
+or via the GitHub API:
+
+    curl https://github.com/nessita.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-4.2.14.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.14.tar.gz
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.14-py3-none-any.whl
+
+MD5 checksums
+=============
+
+34e53943311a2603dd54c46f284136db  Django-4.2.14.tar.gz
+bf26e4c5c12ca94b7cc1b68b8792a94a  Django-4.2.14-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+62b423064e3b75f038bd19729f3252135d399a8e  Django-4.2.14.tar.gz
+cdb5832c1d8e3368eaafeef6f5d0f1669ff53c45  Django-4.2.14-py3-none-any.whl
+
+SHA256 checksums
+================
+
+fc6919875a6226c7ffcae1a7d51e0f2ceaf6f160393180818f6c95f51b1e7b96  Django-4.2.14.tar.gz
+3ec32bc2c616ab02834b9cac93143a7dc1cdcd5b822d78ac95fc20a38c534240  Django-4.2.14-py3-none-any.whl
+-----BEGIN PGP SIGNATURE-----
+
+iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmaNQY4oHDEyNDMwNCtu
+ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPqowD/45
+Ii2nt/zw5j7orw/ZHPmQIOZw4H6PJRRG4cET3Utt6Uk0ndyLhVoqqyP2xufXgd1Q
+ciMpaQM4JBovtHo9AIlK2HJQK1gK4riGPcY+zK7PA508UBozAkzPr0lcROnC5XiY
+zitDrnqBmc7w1MdnoHXcYUBYLcahI66qQR61tkFUZzYM3SKUCtwYL9ZvV5Ev5nt2
+9gwQhvehmz1rhJlvLQMIlK/g5kueb6Z5zdmwHhkSQnIhxCX5rDgzopNZDZQoH2G3
+yVcJxsFYv3uaqzr/cDsqOajrYZLc0bdlFUlqNQa8E5jFJSBTscYGSdvzKViqcf7O
+XkeTm9C/TkR39TdzGYANzeqGZYYKs+YZunXNoHthqKEYnf0pz/ciGtkrgsODt/EV
+L60kb/xcWSMBwGEPtaPsVSRpYrdVJ7UcxbRnqORMVHLxIsz48204Dv2toqt3PUm8
+fNOTt198cphvMRDT9vpwAiOp4VjQVdM2D/rU4QEf1l6i6QcQzGdO0crMFBqAY0h3
+IpH2p5im05Bf12kOnPpxKgvYTSQtkP0RN98NbQmSMhJqm9fIZNlvQBs7FprKDAZl
+yAr2JfZT+kfY5Xy9hcwxUH6w8ahlZ7jn2vcsnL1Au1nO5ZiR5n+enMS6yH/rLsEj
+Yp176+ZHtxx4J0iJErkkd7MEf2pBCRM/7O8qr2dsYw==
+=5Gpw
+-----END PGP SIGNATURE-----

Django-4.2.14.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fc6919875a6226c7ffcae1a7d51e0f2ceaf6f160393180818f6c95f51b1e7b96
+size 10432993

Django-4.2.15.checksum.txt

@@ -0,0 +1,65 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 4.2.15, released August 6, 2024.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``3955B19851EA96EF`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 3955B19851EA96EF
+
+or via the GitHub API:
+
+    curl https://github.com/sarahboyce.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-4.2.15.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.15.tar.gz
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.15-py3-none-any.whl
+
+MD5 checksums
+=============
+
+a828465eb577e2b4c9a34b9839b33bef  Django-4.2.15.tar.gz
+6c82f64cc4ef7409f2a7e835afe274f0  Django-4.2.15-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+82d4afdf4c3210cf399eaebe287d4012a49444ff  Django-4.2.15.tar.gz
+44109d399ec33f89699a211d0fe9493a1b2a2bad  Django-4.2.15-py3-none-any.whl
+
+SHA256 checksums
+================
+
+c77f926b81129493961e19c0e02188f8d07c112a1162df69bfab178ae447f94a  Django-4.2.15.tar.gz
+61ee4a130efb8c451ef3467c67ca99fdce400fedd768634efc86a68c18d80d30  Django-4.2.15-py3-none-any.whl
+-----BEGIN PGP SIGNATURE-----
+
+iQHhBAEBCABLFiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmayH/QtHDQyMjk2NTY2
+K3NhcmFoYm95Y2VAdXNlcnMubm9yZXBseS5naXRodWIuY29tAAoJEDlVsZhR6pbv
+vR4L/1moYeuxAQINUNq8JcWb7FP5Q5dUrqlo4D8LQF3aRPSjTkow8mh+A8ms030T
+EtLNcwIZM7ovMwvjvnuBMwcumNIocAFERXh5D90oP7cKBE1D3vCUfyiPES+RkCSy
+9L/U3rReZl54alTii5rmjm3Ja3Nd79KGz14kIxpw93rJIC1bTt0Gy9iVcaqggOtB
+Wj6aGuzlCalLQHyEuCmXG17MqXg0RKRqwzjc04X+RBH98ZzcDAqna+VbRt9+cCRh
+8+DxzbrJCCpO/1CTTNovznKmXen00EboBd/5//FNxF9v1i2YPESxTP3pHvEyNXLK
+s5KsouiF2Xncf1jq1DiBTNa5r+MekII8vtvULu275hnMIAyVTOfD2o8WZL9h0tcS
+CtpT3eu+zUhUZc7o5ib8sDGA1evyIk6rIBexT2V59v4EJa1L85Mmv2txqs41b0HE
+FvWDuQUSoCwmaXjbGW23oqkxGS8Fto9onj45m3A6BwB8z08AFAS/SuWoDWOdMSGK
+b8H9bQ==
+=oBEc
+-----END PGP SIGNATURE-----

Django-4.2.15.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c77f926b81129493961e19c0e02188f8d07c112a1162df69bfab178ae447f94a
+size 10418066

dirty-hack-remove-assert.patch

@@ -0,0 +1,25 @@
+From 36736edaf595d2bbf1fe881609b2a4c8e3bac68a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
+Date: Thu, 29 Jun 2023 12:29:21 +0200
+Subject: [PATCH] Dirty hack: Remove a failing assert, failure does not seem
+ critical
+
+---
+ tests/settings_tests/tests.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tests/settings_tests/tests.py b/tests/settings_tests/tests.py
+index 62cbffb..b7432d3 100644
+--- a/tests/settings_tests/tests.py
++++ b/tests/settings_tests/tests.py
+@@ -397,7 +397,6 @@ class TestComplexSettingOverride(SimpleTestCase):
+         with self.assertWarnsMessage(UserWarning, msg) as cm:
+             with override_settings(TEST_WARN="override"):
+                 self.assertEqual(settings.TEST_WARN, "override")
+-        self.assertEqual(cm.filename, __file__)
+ 
+ 
+ class SecureProxySslHeaderTest(SimpleTestCase):
+-- 
+2.40.1
+

python-Django-rpmlintrc

@@ -0,0 +1,5 @@
+addFilter("file-not-in-%lang")
+# Empty model.py files should be kept around:
+addFilter("zero-length")
+# Bash completion isn't config:
+# addFilter("non-conffile-in-etc /etc/bash_completion.d/django_bash_completion*")

python-Django4.keyring

@@ -0,0 +1,42 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGYTwrUBDADP52ov7O0jqH+QWStcbCwwedsV2syCQXxfhnydhkNvdCILBJ0k
+cQdc4E7Q8wGmch9a3bCLR4HIUlv1MMWk+Ty0YY71wczqIPedgM1dBZEtSH6fDOwW
+qFcYieCcmsP+FwBk8WWOKnMydEXoXCp6djSru6YOuQH2CZ+EerKjnDaXAj35dloR
+vbJ14k7Ghn9UCLDXiNOjn2N8eLe6aeoEQt7iiqStdeFuUGR/pLHHEX4sch4y9uBa
+bhC/Ce93VWK8nVna7qWX/cIjZNG6rTo79W7+IiOC5+6r7bLff5qw4BgUX2JPm5Sz
+mhPUlsJZGGXPPaTo+WZQOe5P3Fw7RpuURa+MVoih2H/i2Ur51pDEngB64YwBU1mB
+a+xwm6GHgD28JUwllHJbUl9/UJTbntS7k/k2uuMkok8jHfYb+rqkfCWqOlmuYTG3
+okseReh2TSkGpWyyaSbCihgm80RE5O6jrEDXJiZOsLIuOlVoErfxEZHpOqw43axl
+EXX0VkjFz2IBNPMAEQEAAbROU2FyYWggQm95Y2UgKEdQRyBEamFuZ28gRmVsbG93
+KSA8NDIyOTY1NjYrc2FyYWhib3ljZUB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20+
+iQHOBBMBCAA4FiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmYTwrUCGwMFCwkIBwIG
+FQoJCAsCBBYCAwECHgECF4AACgkQOVWxmFHqlu8t+wv9HitJmG5iPs45Qo0nGwGm
+j1X6rP6SQENl+jqtjZU6YaxvNqWculCFl0Wa/xODhxM9HNMs3qREc+R4SqPx4epu
+NaUERN91gZoO4Ms80uqllPzdCsX5hrFblg+LqqznZWAYi94NMTm3Ft4/+I7780ev
+BhxHFBTlqwxZ0eeyaB/qAyb6K9X0cUUFExjYrP3+HAgmrOHK9PUb7vNNKUYMerOK
+waFrpPP5oDBn0p2ZunYAcJt7o2DjBOwy5iw5I2Qs50ZLt9EU0DY8Rf5nF2mKNki1
+CAD8ksNo/ohrNuGyi0r2cvVfx52izPd6PxlKf7xfL2lW16nflK/lNbZtCioDA1FC
+1dCPGD5rvOUXFASc+FZY4tJ6LbIpzg9llgcb6fSi2joT2bm9BbGrHybrIWd3BF/5
+AnrlsSwDCWtYXkdNr/eNEHNgG+aOAH2vSzue3NbCJsXkK69SzlKKOiD2ZUjJ6tKi
+IwcTkotyBaX/FLGhTKLEQE7aztsOpnfJlLU9Zx5IPxJAuQGNBGYTwrUBDACp1f7H
+MpzHvAAy7dD1Ow0pgT3NBFFiEk4jKccz9sAHPT7QQbMeIdL5uQ80lNp6Sw+IyptW
+4cytl6ovRdRyv3XetSp+KJeaqvWvGkz3L+GUoE8ezxgQXLlVcw7IzkhBNMGi+K3C
+aK6ZlZZQG8587dLF9Gbz3Vioc9hyQ/4BOr8pPaAWlSfWQVEGHPSVLh7LToGjrLlS
+h1AzVABNXtJbAt/+O7H5mkMopoPKrqgHTzOLGCd0/Tq3z5d+wqVl7JKk6yHxRr5i
+SXDqPQPmObUhPH1addNzIe+GRVW1ZbbT6l9VDiC4Lj+BJsLafubMB3rlI2T2mQCU
+PTQO0fz5y6oW0HxRtTidoxhvmC72YDFBwvsUTPQ5nt8bcSQprJMLLNL1C5M2LjPu
+tf/Csl02Fcwe/RnW2yjeb6qNCDcLpM9wpMMOdZQCRdRIkWQTcLZPQ2+SR3Ih8rAb
+pzATjFvif/4zpFlDZ9KFevCqf1M2v32sr/dDgcA3nWJ4CFrBQMhBVTcr7rcAEQEA
+AYkBtgQYAQgAIBYhBOsbOA2KxS0AK6zTMjlVsZhR6pbvBQJmE8K1AhsMAAoJEDlV
+sZhR6pbvizgL/34++v0b080pCr/0rWspcuTtD91GwQPs0HgrrfMOV2BXoXucTXj7
+G4xFq9yYO8QALrrtz40S/NeGz09hhFHo08phLAYjLZt8xD7i0uXuV8ZouDUHT0bk
+334RlKHu9kq3si0lyzu1dkGZgIBXsAURrMOyVKVySZGzsa/dpy/EDardWkTKHedf
+07K+KQgomMpVGk4EtKHpfqU9VNN8fdYD4UYtwuegz1nsg28Fa8xkK2ammWncgpVj
++4cJwzFPg11AhhTWs/Ec068ojj70cLD2CodJVAch9RTIOcQ5yKGc483u3bagNqTK
+qZYoLWI6NjxrNZQpwha3pO2ueBDOo/fZXUMgPPqyfdmBZvz6DQM85JfULALxKbkL
+5dQguy8K8SBcrCnv6iT0FjaWlrqnU0IJDZfi2r6eDlXhYjLSwGq8RHkAYXvsCNm8
+BzeRu0mAvjLkLNegQIvfdVXfYIcwUQQB8OAzoz3qzi8vji82MBQO+gkYrlteivoF
+z+gZLcBuv/NdNg==
+=B8gH
+-----END PGP PUBLIC KEY BLOCK-----

python-Django4.spec

@@ -0,0 +1,158 @@
+#
+# spec file for package python-Django4
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define skip_python2 1
+%define skip_python36 1
+# Selenium and memcached are not operational
+%bcond_with selenium
+%bcond_with memcached
+%{?sle15_python_module_pythons}
+Name:           python-Django4
+# We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
+Version:        4.2.15
+Release:        0
+Summary:        A high-level Python Web framework
+License:        BSD-3-Clause
+URL:            https://www.djangoproject.com
+Source:         https://www.djangoproject.com/m/releases/4.2/Django-%{version}.tar.gz
+Source1:        https://media.djangoproject.com/pgp/Django-%{version}.checksum.txt
+Source2:        %{name}.keyring
+Source99:       python-Django-rpmlintrc
+# PATCH-FIX-UPSTREAM https://github.com/django/django/commit/da2f8e8257d1bea4215381684ca4abfcee333c43  Refs #34118 -- Improved sanitize_address() error message for tuple with empty strings.
+Patch0:         sanitize_address.patch
+# PATCH-FIX-OPENSUSE: ignore minor failure on Python 3.12
+Patch1:         dirty-hack-remove-assert.patch
+BuildRequires:  %{python_module Jinja2 >= 2.9.2}
+BuildRequires:  %{python_module Pillow >= 6.2.0}
+BuildRequires:  %{python_module PyYAML}
+BuildRequires:  %{python_module argon2-cffi >= 19.1.0}
+BuildRequires:  %{python_module asgiref >= 3.6.0}
+BuildRequires:  %{python_module base >= 3.8}
+BuildRequires:  %{python_module bcrypt}
+BuildRequires:  %{python_module docutils}
+BuildRequires:  %{python_module geoip2}
+BuildRequires:  %{python_module numpy}
+BuildRequires:  %{python_module pytz}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module sqlparse >= 0.3.1}
+BuildRequires:  %{python_module tblib >= 1.5.0}
+BuildRequires:  %{pythons}
+BuildRequires:  fdupes
+BuildRequires:  gpg2
+BuildRequires:  python-rpm-macros
+BuildRequires:  %{python_module backports.zoneinfo if (%python-base with python38-base)}
+Requires:       python
+Requires:       python-Pillow >= 6.2.0
+Requires:       python-argon2-cffi >= 19.1.0
+Requires:       python-asgiref >= 3.6.0
+%if "%{python_flavor}" == "python38"
+Requires:       python-backports.zoneinfo
+%endif
+Requires:       python-bcrypt
+Requires:       python-pytz
+Requires:       python-setuptools
+Requires:       python-sqlparse >= 0.3.1
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
+Recommends:     python-Jinja2 >= 2.9.2
+Recommends:     python-PyYAML
+Recommends:     python-geoip2
+Recommends:     python-pylibmc
+Recommends:     python-pymemcache
+Provides:       python-Django = %{version}
+Conflicts:      python-Django > %{version}
+Provides:       python-django = %{version}
+Obsoletes:      python-django < %{version}
+Provides:       python-South = %{version}
+Obsoletes:      python-South < %{version}
+BuildArch:      noarch
+%if %{with memcached}
+BuildRequires:  %{python_module pylibmc}
+BuildRequires:  %{python_module pymemcache}
+%endif
+%if %{with selenium}
+# python-selenium is supported only on the Intel architecture.
+# Additionally chromedriver is only available on x86_64.
+%ifarch %{ix86} x86_64
+BuildRequires:  %{python_module selenium}
+BuildRequires:  chromedriver
+BuildRequires:  xvfb-run
+%endif
+%endif
+%python_subpackages
+
+%description
+Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
+
+%prep
+# The publisher doesn't sign the source tarball, but a signatures file
+# containing multiple hashes.
+gpg --import %{SOURCE2}
+gpg --verify %{SOURCE1}
+#
+# Verify hashes in that file against source tarball.
+echo "`grep -e '^[0-9a-f]\{32\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-32`  %{SOURCE0}" | md5sum -c
+echo "`grep -e '^[0-9a-f]\{40\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-40`  %{SOURCE0}" | sha1sum -c
+echo "`grep -e '^[0-9a-f]\{64\}  Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-64`  %{SOURCE0}" | sha256sum -c
+
+%autosetup -p1 -n Django-%{version}
+
+%build
+%python_build
+
+%install
+%python_install
+
+%python_clone -a %{buildroot}%{_bindir}/django-admin
+
+%{python_expand install -D -m 0644 extras/django_bash_completion %{buildroot}%%{_datadir}/bash-completion/completions/django_bash_completion-%{$python_bin_suffix}.sh
+# Fix wrong-script-interpreter
+sed -i "s|^#!%{_bindir}/env python$|#!%{_bindir}/$python|" \
+  %{buildroot}%{$python_sitelib}/django/conf/project_template/manage.py-tpl
+}
+%python_compileall
+%{python_expand #
+%fdupes %{buildroot}%{$python_sitelib}/django/
+%fdupes %{buildroot}%{$python_sitelib}/Django-%{version}-py*.egg-info/
+}
+
+%check
+export LANG=en_US.UTF8
+export PYTHONDONTWRITEBYTECODE=1
+%if %{with selenium}
+export PATH=%{_libdir}/chromium:$PATH
+%python_expand PYTHONPATH=.:%{buildroot}%{$python_sitelib} xvfb-run $python tests/runtests.py -v 2 --selenium=chrome
+%else
+%python_expand PYTHONPATH=.:%{buildroot}%{$python_sitelib} $python tests/runtests.py -v 2
+%endif
+
+%post
+%{python_install_alternative django-admin}
+
+%postun
+%{python_uninstall_alternative django-admin}
+
+%files %{python_files}
+%doc AUTHORS README.rst
+%license LICENSE
+%python_alternative %{_bindir}/django-admin
+%{_datadir}/bash-completion/completions/django_bash_completion-%{python_bin_suffix}.sh
+%{python_sitelib}/django
+%{python_sitelib}/Django-%{version}-py*.egg-info
+
+%changelog

sanitize_address.patch

@@ -0,0 +1,40 @@
+From da2f8e8257d1bea4215381684ca4abfcee333c43 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Mon, 17 Jul 2023 11:03:36 +0200
+Subject: [PATCH] Refs #34118 -- Improved sanitize_address() error message for
+ tuple with empty strings.
+
+---
+ django/core/mail/message.py | 2 ++
+ tests/mail/tests.py         | 3 ++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/django/core/mail/message.py b/django/core/mail/message.py
+index f3fe6186c7f5..4f8c93e9e55e 100644
+--- a/django/core/mail/message.py
++++ b/django/core/mail/message.py
+@@ -97,6 +97,8 @@ def sanitize_address(addr, encoding):
+             domain = token.domain or ""
+     else:
+         nm, address = addr
++        if "@" not in address:
++            raise ValueError(f'Invalid address "{address}"')
+         localpart, domain = address.rsplit("@", 1)
+ 
+     address_parts = nm + localpart + domain
+diff --git a/tests/mail/tests.py b/tests/mail/tests.py
+index 54a136c1a98b..848ee32e9f80 100644
+--- a/tests/mail/tests.py
++++ b/tests/mail/tests.py
+@@ -1084,9 +1084,10 @@ def test_sanitize_address_invalid(self):
+             "@",
+             "to@",
+             "@example.com",
++            ("", ""),
+         ):
+             with self.subTest(email_address=email_address):
+-                with self.assertRaises(ValueError):
++                with self.assertRaisesMessage(ValueError, "Invalid address"):
+                     sanitize_address(email_address, encoding="utf-8")
+ 
+     def test_sanitize_address_header_injection(self):