Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Django for openSUSE:Factory
checked in at 2021-05-12 19:31:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Django (Old)
and /work/SRC/openSUSE:Factory/.python-Django.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django"
Wed May 12 19:31:09 2021 rev:73 rq:891227 version:3.2.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes
2021-04-29 22:44:29.484274917 +0200
+++ /work/SRC/openSUSE:Factory/.python-Django.new.2988/python-Django.changes
2021-05-12 19:31:14.291285758 +0200
@@ -1,0 +2,64 @@
+Thu May 6 08:54:41 UTC 2021 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to 3.2.2 (CVE-2021-32052)
+ + CVE-2021-32052: Header injection possibility since URLValidator
+ accepted newlines in input on Python 3.9.5+
+ + Prevented, following a regression in Django 3.2.1, makemigrations
+ from generating infinite migrations for a model with Meta.ordering
+ contained OrderBy expressions
+
+-------------------------------------------------------------------
+Wed May 5 17:25:18 UTC 2021 - Ben Greiner <c...@bnavigator.de>
+
+- Keep rpm runtime requirements in sync. Downstream packages often
+ read the egg-info and fail if they are not fulfilled.
+
+-------------------------------------------------------------------
+Wed May 5 08:44:30 UTC 2021 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to 3.2.1 (CVE-2021-31542)
+ + CVE-2021-31542: Potential directory-traversal via uploaded files
+ + Corrected detection of GDAL 3.2 on Windows
+ + Fixed a bug in Django 3.2 where subclasses of BigAutoField and
+ SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting
+ + Fixed a regression in Django 3.2 that caused a crash of
+ QuerySet.values()/values_list() after QuerySet.union(),
+ intersection(), and difference() when it was ordered by an
+ unannotated field
+ + Restored, following a regression in Django 3.2, displaying an
+ exception message on the technical 404 debug page
+ + Fixed a bug in Django 3.2 where a system check would crash on a
+ reverse one-to-one relationships in CheckConstraint.check or
+ UniqueConstraint.condition
+ + Fixed a regression in Django 3.2 that caused a crash of
+ ModelAdmin.search_fields when searching against phrases with
+ unbalanced quotes
+ + Fixed a bug in Django 3.2 where variable lookup errors were logged
+ rendering the sitemap template if alternates were not defined
+ + Fixed a regression in Django 3.2 that caused a crash when
+ combining Q() objects which contains boolean expressions
+ + Fixed a regression in Django 3.2 that caused a crash of
+ QuerySet.update() on a queryset ordered by inherited or joined
+ fields on MySQL and MariaDB
+ + Fixed a regression in Django 3.2 that caused a crash when decoding
+ a cookie value, used by
+ django.contrib.messages.storage.cookie.CookieStorage, in the
+ pre-Django 3.2 format
+ + Fixed a regression in Django 3.2 that stopped the shift-key
+ modifier selecting multiple rows in the admin changelist
+ + Fixed a bug in Django 3.2 where a system check would crash on the
+ STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path)
+ + Fixed a long standing bug involving queryset bitwise combination
+ when used with subqueries that began manifesting in Django 3.2,
+ due to a separate fix using Exists to exclude() multi-valued
+ relationships
+ + Fixed a bug in Django 3.2 where variable lookup errors were logged
+ when rendering some admin templates
+ + Fixed a bug in Django 3.2 where an admin changelist would crash
+ when deleting objects filtered against multi-valued relationships
+ + Fixed a regression in Django 3.2 where the calling process
+ environment would not be passed to the dbshell command on PostgreSQL
+ + Fixed a performance regression in Django 3.2 when building complex
+ filters with subqueries
+
+-------------------------------------------------------------------
Old:
----
Django-3.2.tar.gz
Django-3.2.tar.gz.asc
New:
----
Django-3.2.2.tar.gz
Django-3.2.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Django.spec ++++++
--- /var/tmp/diff_new_pack.hEUaDh/_old 2021-05-12 19:31:14.803283485 +0200
+++ /var/tmp/diff_new_pack.hEUaDh/_new 2021-05-12 19:31:14.803283485 +0200
@@ -23,7 +23,7 @@
%bcond_with memcached
Name: python-Django
# We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc
-Version: 3.2
+Version: 3.2.2
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause
@@ -36,7 +36,7 @@
BuildRequires: %{python_module Pillow}
BuildRequires: %{python_module PyYAML}
BuildRequires: %{python_module argon2-cffi >= 16.1.0}
-BuildRequires: %{python_module asgiref >= 3.2.10}
+BuildRequires: %{python_module asgiref >= 3.3.2}
BuildRequires: %{python_module base >= 3.6}
BuildRequires: %{python_module bcrypt}
BuildRequires: %{python_module docutils}
@@ -52,7 +52,7 @@
Requires: python
Requires: python-Pillow
Requires: python-argon2-cffi >= 16.1.0
-Requires: python-asgiref >= 3.2.10
+Requires: python-asgiref >= 3.3.2
Requires: python-pytz
Requires: python-setuptools
Requires: python-sqlparse >= 0.2.2
++++++ Django-3.2.tar.gz -> Django-3.2.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-Django/Django-3.2.tar.gz
/work/SRC/openSUSE:Factory/.python-Django.new.2988/Django-3.2.2.tar.gz differ:
char 5, line 1
++++++ Django-3.2.tar.gz.asc -> Django-3.2.2.tar.gz.asc ++++++
--- /work/SRC/openSUSE:Factory/python-Django/Django-3.2.tar.gz.asc
2021-04-29 22:44:29.472274971 +0200
+++ /work/SRC/openSUSE:Factory/.python-Django.new.2988/Django-3.2.2.tar.gz.asc
2021-05-12 19:31:14.279285812 +0200
@@ -2,20 +2,20 @@
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 3.2, released April 6, 2021.
+tarball and wheel files of Django 3.2.2, released May 6, 2021.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
-the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
+the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
- gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
+ gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
or via the GitHub API:
- curl https://github.com/carltongibson.gpg | gpg --import -
+ curl https://github.com/felixxm.gpg | gpg --import -
Once the key is imported, verify this file:
@@ -28,40 +28,40 @@
Release packages:
=================
-https://www.djangoproject.com/m/releases/3.2/Django-3.2.tar.gz
-https://www.djangoproject.com/m/releases/3.2/Django-3.2-py3-none-any.whl
+https://www.djangoproject.com/m/releases/3.2/Django-3.2.2-py3-none-any.whl
+https://www.djangoproject.com/m/releases/3.2/Django-3.2.2.tar.gz
MD5 checksums
=============
-0db580470a6a1dc20ccb805f94479ffa Django-3.2.tar.gz
-e2cfd14ad74a389429bec15cd8b7391b Django-3.2-py3-none-any.whl
+abd67e107427fb9b5f68863bf0b384d5 Django-3.2.2-py3-none-any.whl
+43784c090a8805605e3d0b768cd21cb2 Django-3.2.2.tar.gz
SHA1 checksums
==============
-00abafe8e50230aa41892b28456c35ae18c16b8b Django-3.2.tar.gz
-07015dcabc200f09266991978f611bdca56ce93f Django-3.2-py3-none-any.whl
+d2edacc8e6e2a3eaa7a598a3c70761436157c56f Django-3.2.2-py3-none-any.whl
+67932014e89b3388eb6df61619ce65ebe49cd620 Django-3.2.2.tar.gz
SHA256 checksums
================
-21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d
Django-3.2.tar.gz
-0604e84c4fb698a5e53e5857b5aea945b2f19a18f25f10b8748dbdf935788927
Django-3.2-py3-none-any.whl
+18dd3145ddbd04bf189ff79b9954d08fda5171ea7b57bf705789fea766a07d50
Django-3.2.2-py3-none-any.whl
+0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d
Django-3.2.2.tar.gz
-----BEGIN PGP SIGNATURE-----
-iQJPBAEBCAA5FiEE/l+2OHah1xioxnVW4X31yCtPnQAFAmBsKcQbHGNhcmx0b24u
-Z2lic29uQG5vdW1lbmFsLmVzAAoJEOF99cgrT50APIkP/1pmxTi40TM+EKi/PuGv
-rv7ft9gXDbCkgnS0BMr5qnqi3allE7x7JJ0qEXN7mvo2ZEevVntR3gLRV8y6h9H6
-zYprz4iEs/+tfnEzcuZhCbkqDidY4SaoClNh9rqXBcMCWR2/CkR9GLNYDvMAYK9S
-g/bRQBH3iy1Naw6TCum9fLcTqhpQgkbgN1qdxfDE12QsHTcxfIrkB54Jd1TSswWt
-QzYwhhIdLkot785UBRsFk7rcNTsPCSXUDIlNUHxqMx6ubJXKPLLiDoaxZqXFyYAi
-Pqhak9Itj7Q34emm+BkMpFj2fKAcdS8ufDtrTjiS3gmjNJ1Pw+A6+eamanVNFfYb
-4eTbr2+X7Ttp9rUrJdMmBUNN+hEM8HwdShcjp94w+8ExDk2j80ZDGfjdxSwEh1Dj
-drIFAyewXQ1umsK333gtI+xJS7bXak+6XjRg44PtfNH3WbSnKNuJ1u2wHYNFmARA
-undAOhBiEsCz/TOKo3Rd2jb14j84J0x/ksiEQRfNWhjRAUvuFJohMtlV3/ig53Vw
-icGvRwp0X3zst4I4p/SK+e/XAuOU+Cwc6GTP5yKBJZhtZIFAG8BZ2Z8CWYjNViQT
-o43K7QtZlit6mmGXDEvONJhSXl3W7CQ0Wrwd3xI0ySE9fFRq1RQLOhjSpiidIXfE
-oP/d3xyNLl4s58C0irBMrg9j
-=Aeit
+iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAmCTlDMbHGZlbGlzaWFr
+Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bpS4QAISsBwHgTdsgdtC/qJbM
+kUvw3W2l00B0GBbm14W2jdwXBftn31V8zP6DcfTEKmBjkHlEvnfmd/IvHR+poFKR
+q6Pz43+xNcT7r6UIgB5Qftd9KDQmUGKp7Be3FzZ3Q3+EwduMWGRReOjHLC25Ed+z
+Wetdg2IsR/6FF2+fSgMuYSSWjQ83Y1Pb2t2EWyEhTwRnM5wYhY7ZrNwnNa3mZaIJ
+/8tvCKQrqAZpjxyJT6wmvCNT1IZH6GwEJ5jAqFNQM89sxgNyi68gDiO11K3oFkxZ
+Eyeo3i32FKKcHhqrGJnoC1mwuYIFbB2e2K347smcwrc670dVuj1IdQ5PFAQBdyXZ
+6YCNznWXM1nZ6NovOXO2DiT2QpKb0olKsdlENeCLM9oqSrhP1YYlVeRRpzgg3GCh
+J7RFnuileSEu2fl1kVofdsDa2/FFNn+3IJFgdEAXSI1ITwrMMMNFCkNh4h0JR/Cn
+LJw7+LCYxm8qJeY+LzzW3bGjAXZs1eM1DfquvQKqE65hRr93LKXjFn4FHmUvIIeg
+Ke1G4VPCmKD+vRo8uvE32lkevW81aycCujdn3ssQe4lP/QEOfZVEEKpMQ+wjt3JK
+gD6Ogxgdd+ZRgzuycBv1ZDD6vdgX6onBoFYDxJEWDQ8ZKpRbZ03oZgT6cZCX1Zwm
+5Z26wvw98synt63VvV5Pg2eC
+=T6ja
-----END PGP SIGNATURE-----
