Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2015-07-14 17:43:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2015-06-03 08:34:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new/python-Django.changes 2015-07-14 17:44:53.000000000 +0200 @@ -1,0 +2,12 @@ +Fri Jul 10 11:51:49 UTC 2015 - [email protected] + +- add keyring and verify source signature + +------------------------------------------------------------------- +Fri Jul 10 10:03:54 UTC 2015 - [email protected] + +- update to 1.8.3: + * https://docs.djangoproject.com/en/1.8/releases/1.8.3/ + Various bugfixes/security fixes (CVE-2015-5145, bsc#937524) + +------------------------------------------------------------------- Old: ---- Django-1.8.2.checksum.txt Django-1.8.2.tar.gz New: ---- Django-1.8.3.tar.gz Django-1.8.3.tar.gz.asc python-Django.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.wEXUCA/_old 2015-07-14 17:44:55.000000000 +0200 +++ /var/tmp/diff_new_pack.wEXUCA/_new 2015-07-14 17:44:55.000000000 +0200 @@ -17,14 +17,15 @@ Name: python-Django -Version: 1.8.2 +Version: 1.8.3 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause Group: Development/Languages/Python Url: http://www.djangoproject.com Source: https://www.djangoproject.com/m/releases/1.8/Django-%{version}.tar.gz -Source1: https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.txt +Source1: https://www.djangoproject.com/m/pgp/Django-%{version}.checksum.txt#/Django-%{version}.tar.gz.asc +Source2: %{name}.keyring Source99: python-Django-rpmlintrc BuildRequires: fdupes BuildRequires: python-devel @@ -48,6 +49,12 @@ Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. %prep +# The publisher doesn't sign the source tarball, but a signatures file containing multiple hashes. +# Verify hashes in that file against source tarball. +echo "`grep -e '^[0-9a-f]\{32\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-32` %{SOURCE0}" | md5sum -c +echo "`grep -e '^[0-9a-f]\{40\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-40` %{SOURCE0}" | sha1sum -c +echo "`grep -e '^[0-9a-f]\{64\} Django-%{version}.tar.gz' %{SOURCE1} | cut -c1-64` %{SOURCE0}" | sha256sum -c + %setup -q -n Django-%{version} sed -i "s|\(django/bin/django-admin.py\)|\1-%{py_ver}|" setup.py mv django/bin/django-admin.py{,-%{py_ver}} ++++++ Django-1.8.2.tar.gz -> Django-1.8.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/Django-1.8.2.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new/Django-1.8.3.tar.gz differ: char 5, line 1 ++++++ Django-1.8.3.tar.gz.asc ++++++ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code tarball and wheel files of Django 1.8.3, released July 8, 2015. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring; this key has the ID ``1E8ABDC773EDE252`` and can be imported from the MIT keyserver. For example, if using the open-source GNU Privacy Guard implementation of PGP: gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252 Once the key is imported, verify this file:: gpg --verify <<THIS FILENAME>> Once you have verified this file, you can use normal MD5, SHA2, or SHA256 checksumming applications to generate the checksums of the Django package and compare them to the checksums listed below. Release packages: ================= https://www.djangoproject.com/m/releases/1.8/Django-1.8.3.tar.gz https://www.djangoproject.com/m/releases/1.8/Django-1.8.3-py2.py3-none-any.whl MD5 checksums: ============== a5d397c65a880228c58a443070cc18a8 Django-1.8.3-py2.py3-none-any.whl 31760322115c3ae51fbd8ac85c9ac428 Django-1.8.3.tar.gz SHA1 checksums: =============== 9efb71612ab8e4fd948c564bcd574afa29127d71 Django-1.8.3-py2.py3-none-any.whl 229dae14aa42169e2e2a6ecb1e00e75f0d57ed35 Django-1.8.3.tar.gz SHA256 checksums: ================= 047d0f4c93262b33801049a2dcddaef09c29e741c03a947a3556ea4748eed2e2 Django-1.8.3-py2.py3-none-any.whl 2bb654fcc05fd53017c88caf2bc38b5c5ea23c91f8ac7f0a28b290daf2305bba Django-1.8.3.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVnXs7AAoJEB6Kvcdz7eJSTFUQAJrkhj7RvqFoRpWw3rYhgjfO 75j8gNxXEZ0EhoiSObU6MEg1TYPmkbGmX9IZC2w7vSW03MrSwon1HrC+eC1fp8vQ wWA5PKGkkJvXqnBltraFY/Az1WWQtxWB1MpKLgZJd9lyYuutLQTxN2W62nPhl9JR HKSzhr1gsILGOua0U9nuTum7BH2T0WY/oqwPnKEKfFksQNa1d+HGZtRVOPo36kDl s6iMUfXdNkS/7rNGhK83HZFbnz57Gdk1J1P+fSCL5aOHgU5wiWL27tL3Vy3g4NWe OKBzzFf2vqKSlVS6KCsG1uRPQgb7agwGzbbBgkUOfDeOd6UTjoh9xLJhMjhq8atP 3Cmd0cDQsyitDkQhiZd4QH6sKb8RsvgWK3lH6+oYNH7UgjcZemT7vOJosNktJayk dh7TvRf17jguUE+ZkfqM+yxDi/G1iAo9jBkm5ltnUPut20zE/Bw7j+YPJSPjoW7X H8QEswM+WsrQ8MyVF2iHE0f5qPE/ms4ETcNNm7Bbjbs+LRNeinWezy1sJZWzGTXf fV3MLnXtKw34962lLH4aiXqEqJumXX3chjxk+dVvD4B84+khEnnzwsqGdrs8H/Hk 9BZxDcMUvVUCwK8hRblI+b1aIj/unF5wP8AZ9zcCIHk1LSQylXp1If4T2vdjkEma d8LtHNYKtgbEbkGyws2V =vwa4 -----END PGP SIGNATURE-----
