Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package python-django This new upstream release is a stable maintenance and security releases. There are no new features and upstream is sane. It fixes 3 security bugs (cf #683364 and https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/). I attach a filtered debdiff dropping documentation and test suite changes to ease your review. unblock python-django/1.4.1-1 $ diffstat /tmp/debdiff-filtered PKG-INFO | 4 +- debian/changelog | 9 ++++++ debian/patches/01_disable_broken_test.diff | 26 ------------------ debian/patches/04_hyphen-manpage.diff | 18 ------------ debian/patches/series | 2 - django/__init__.py | 2 - django/conf/project_template/project_name/settings.py | 5 --- django/contrib/admin/filters.py | 5 ++- django/contrib/admin/options.py | 10 +++--- django/contrib/admin/static/admin/css/widgets.css | 3 +- django/contrib/admin/views/main.py | 2 - django/contrib/markup/templatetags/markup.py | 4 +- django/contrib/staticfiles/storage.py | 9 ++++-- django/core/files/images.py | 7 ++++ django/core/management/commands/testserver.py | 9 +++++- django/db/backends/mysql/base.py | 15 ++++++++-- django/db/models/fields/related.py | 2 - django/forms/fields.py | 18 ++---------- django/forms/widgets.py | 11 ++++--- django/http/__init__.py | 22 ++++++++------- django/test/testcases.py | 7 ++++ django/views/debug.py | 17 +++++++++-- django/views/decorators/debug.py | 12 ++++---- setup.py | 2 - 24 files changed, 111 insertions(+), 110 deletions(-) -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.4-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru python-django-1.4/debian/changelog python-django-1.4.1/debian/changelog --- python-django-1.4/debian/changelog 2012-03-31 14:59:53.000000000 +0200 +++ python-django-1.4.1/debian/changelog 2012-08-02 10:52:42.000000000 +0200 @@ -1,3 +1,12 @@ +python-django (1.4.1-1) unstable; urgency=low + + * New upstream security and maintenance release. Closes: #683364 + Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444 + * Drop 01_disable_broken_test.diff and 04_hyphen-manpage.diff which + have been merged upstream. + + -- Raphaël Hertzog <[email protected]> Thu, 02 Aug 2012 10:44:02 +0200 + python-django (1.4-1) unstable; urgency=low * New upstream release. Closes: #666003 diff -Nru python-django-1.4/debian/patches/01_disable_broken_test.diff python-django-1.4.1/debian/patches/01_disable_broken_test.diff --- python-django-1.4/debian/patches/01_disable_broken_test.diff 2012-03-31 14:16:54.000000000 +0200 +++ python-django-1.4.1/debian/patches/01_disable_broken_test.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -Description: Disable non working test - The HTMLParser in recent Python versions accepts "<!--" which used - to be rejected up to now. The test suite ensure that HTMLParser - rejected those and is thus currently broken. - . - Until we have a proper upstream fix, we just disable the non-working - test. -Author: Raphaël Hertzog <[email protected]> -Bug: https://code.djangoproject.com/ticket/18027 -Forwarded: not-needed ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/tests/regressiontests/test_utils/tests.py -+++ b/tests/regressiontests/test_utils/tests.py -@@ -422,8 +422,9 @@ class HTMLEqualTests(TestCase): - self.assertHTMLEqual('', '<p>') - with self.assertRaises(HTMLParseError): - parse_html('</p>') -- with self.assertRaises(HTMLParseError): -- parse_html('<!--') -+ # Disabled because it does not work as expected with Python >= 2.7.3 -+ #with self.assertRaises(HTMLParseError): -+ # parse_html('<!--') - - def test_contains_html(self): - response = HttpResponse('''<body> diff -Nru python-django-1.4/debian/patches/04_hyphen-manpage.diff python-django-1.4.1/debian/patches/04_hyphen-manpage.diff --- python-django-1.4/debian/patches/04_hyphen-manpage.diff 2012-03-31 13:14:53.000000000 +0200 +++ python-django-1.4.1/debian/patches/04_hyphen-manpage.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ -Description: Properly escape a dash in the django-admin manual page - Fix a lintian I: message about improper usage of minus instead - of hyphen. - . - This should be forwarded upstream. -Author: Raphael Hertzog <[email protected]> - ---- a/docs/man/django-admin.1 -+++ b/docs/man/django-admin.1 -@@ -194,7 +194,7 @@ The domain of the message files (default - .TP - .I \-e, \-\-extension=EXTENSION - The file extension(s) to examine (separate multiple --extensions with commas, or use -e multiple times) (makemessages command). -+extensions with commas, or use \-e multiple times) (makemessages command). - .TP - .I \-s, \-\-symlinks - Follows symlinks to directories when examining source code and templates for diff -Nru python-django-1.4/debian/patches/series python-django-1.4.1/debian/patches/series --- python-django-1.4/debian/patches/series 2012-03-31 14:10:22.000000000 +0200 +++ python-django-1.4.1/debian/patches/series 2012-08-02 10:48:35.000000000 +0200 @@ -1,5 +1,3 @@ -01_disable_broken_test.diff 02_disable-sources-in-sphinxdoc.diff 03_manpage.diff -04_hyphen-manpage.diff 06_use_debian_geoip_database_as_default.diff diff -Nru python-django-1.4/django/conf/project_template/project_name/settings.py python-django-1.4.1/django/conf/project_template/project_name/settings.py --- python-django-1.4/django/conf/project_template/project_name/settings.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/conf/project_template/project_name/settings.py 2012-07-30 22:42:42.000000000 +0200 @@ -23,10 +23,7 @@ # Local time zone for this installation. Choices can be found here: # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name # although not all choices may be available on all operating systems. -# On Unix systems, a value of None will cause Django to use the same -# timezone as the operating system. -# If running in a Windows environment this must be set to the same as your -# system time zone. +# In a Windows environment this must be set to your system time zone. TIME_ZONE = 'America/Chicago' # Language code for this installation. All choices can be found here: diff -Nru python-django-1.4/django/contrib/admin/filters.py python-django-1.4.1/django/contrib/admin/filters.py --- python-django-1.4/django/contrib/admin/filters.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/filters.py 2012-07-30 22:42:42.000000000 +0200 @@ -155,7 +155,10 @@ class RelatedFieldListFilter(FieldListFilter): def __init__(self, field, request, params, model, model_admin, field_path): other_model = get_model_from_relation(field) - rel_name = other_model._meta.pk.name + if hasattr(field, 'rel'): + rel_name = field.rel.get_related_field().name + else: + rel_name = other_model._meta.pk.name self.lookup_kwarg = '%s__%s__exact' % (field_path, rel_name) self.lookup_kwarg_isnull = '%s__isnull' % field_path self.lookup_val = request.GET.get(self.lookup_kwarg, None) diff -Nru python-django-1.4/django/contrib/admin/options.py python-django-1.4.1/django/contrib/admin/options.py --- python-django-1.4/django/contrib/admin/options.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/options.py 2012-07-30 22:42:42.000000000 +0200 @@ -245,7 +245,7 @@ # if foo has been specificially included in the lookup list; so # drop __id if it is the last part. However, first we need to find # the pk attribute name. - pk_attr_name = None + rel_name = None for part in parts[:-1]: try: field, _, _, _ = model._meta.get_field_by_name(part) @@ -255,13 +255,13 @@ return True if hasattr(field, 'rel'): model = field.rel.to - pk_attr_name = model._meta.pk.name + rel_name = field.rel.get_related_field().name elif isinstance(field, RelatedObject): model = field.model - pk_attr_name = model._meta.pk.name + rel_name = model._meta.pk.name else: - pk_attr_name = None - if pk_attr_name and len(parts) > 1 and parts[-1] == pk_attr_name: + rel_name = None + if rel_name and len(parts) > 1 and parts[-1] == rel_name: parts.pop() if len(parts) == 1: diff -Nru python-django-1.4/django/contrib/admin/static/admin/css/widgets.css python-django-1.4.1/django/contrib/admin/static/admin/css/widgets.css --- python-django-1.4/django/contrib/admin/static/admin/css/widgets.css 2012-03-23 17:59:22.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/static/admin/css/widgets.css 2012-07-30 22:42:33.000000000 +0200 @@ -41,7 +41,8 @@ text-align: left; } -.selector .selector-filter label { +.selector .selector-filter label, +.inline-group .aligned .selector .selector-filter label { width: 16px; padding: 2px; } diff -Nru python-django-1.4/django/contrib/admin/views/main.py python-django-1.4.1/django/contrib/admin/views/main.py --- python-django-1.4/django/contrib/admin/views/main.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/views/main.py 2012-07-30 22:42:42.000000000 +0200 @@ -258,7 +258,7 @@ if not (set(ordering) & set(['pk', '-pk', pk_name, '-' + pk_name])): # The two sets do not intersect, meaning the pk isn't present. So # we add it. - ordering.append('pk') + ordering.append('-pk') return ordering diff -Nru python-django-1.4/django/contrib/auth/tests/forms.py python-django-1.4.1/django/contrib/auth/tests/forms.py diff -Nru python-django-1.4/django/contrib/markup/templatetags/markup.py python-django-1.4.1/django/contrib/markup/templatetags/markup.py --- python-django-1.4/django/contrib/markup/templatetags/markup.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/contrib/markup/templatetags/markup.py 2012-07-30 22:42:42.000000000 +0200 @@ -65,8 +65,8 @@ safe_mode = True else: safe_mode = False - python_markdown_deprecation = "The use of Python-Markdown " - "< 2.1 in Django is deprecated; please update to the current version" + python_markdown_deprecation = ("The use of Python-Markdown " + "< 2.1 in Django is deprecated; please update to the current version") # Unicode support only in markdown v1.7 or above. Version_info # exist only in markdown v1.6.2rc-2 or above. markdown_vers = getattr(markdown, "version_info", None) diff -Nru python-django-1.4/django/contrib/staticfiles/storage.py python-django-1.4.1/django/contrib/staticfiles/storage.py --- python-django-1.4/django/contrib/staticfiles/storage.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/contrib/staticfiles/storage.py 2012-07-30 22:42:42.000000000 +0200 @@ -190,8 +190,8 @@ if dry_run: return - # delete cache of all handled paths - self.cache.delete_many([self.cache_key(path) for path in paths]) + # where to store the new paths + hashed_paths = {} # build a list of adjustable files matches = lambda path: matches_patterns(path, self._patterns.keys()) @@ -240,9 +240,12 @@ hashed_name = force_unicode(saved_name.replace('\\', '/')) # and then set the cache accordingly - self.cache.set(self.cache_key(name), hashed_name) + hashed_paths[self.cache_key(name)] = hashed_name yield name, hashed_name, processed + # Finally set the cache + self.cache.set_many(hashed_paths) + class CachedStaticFilesStorage(CachedFilesMixin, StaticFilesStorage): """ diff -Nru python-django-1.4/django/core/files/images.py python-django-1.4.1/django/core/files/images.py --- python-django-1.4/django/core/files/images.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/core/files/images.py 2012-07-30 22:41:50.000000000 +0200 @@ -47,13 +47,18 @@ file = open(file_or_path, 'rb') close = True try: + # Most of the time PIL only needs a small chunk to parse the image and + # get the dimensions, but with some TIFF files PIL needs to parse the + # whole file. + chunk_size = 1024 while 1: - data = file.read(1024) + data = file.read(chunk_size) if not data: break p.feed(data) if p.image: return p.image.size + chunk_size = chunk_size*2 return None finally: if close: diff -Nru python-django-1.4/django/core/management/commands/testserver.py python-django-1.4.1/django/core/management/commands/testserver.py --- python-django-1.4/django/core/management/commands/testserver.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/core/management/commands/testserver.py 2012-07-30 22:42:34.000000000 +0200 @@ -35,4 +35,11 @@ # a strange error -- it causes this handle() method to be called # multiple times. shutdown_message = '\nServer stopped.\nNote that the test database, %r, has not been deleted. You can explore it on your own.' % db_name - call_command('runserver', addrport=addrport, shutdown_message=shutdown_message, use_reloader=False, use_ipv6=options['use_ipv6']) + use_threading = connection.features.test_db_allows_multiple_connections + call_command('runserver', + addrport=addrport, + shutdown_message=shutdown_message, + use_reloader=False, + use_ipv6=options['use_ipv6'], + use_threading=use_threading + ) diff -Nru python-django-1.4/django/db/backends/mysql/base.py python-django-1.4.1/django/db/backends/mysql/base.py --- python-django-1.4/django/db/backends/mysql/base.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/db/backends/mysql/base.py 2012-07-30 22:42:42.000000000 +0200 @@ -407,11 +407,20 @@ def get_server_version(self): if not self.server_version: + new_connection = False if not self._valid_connection(): - self.cursor() - m = server_version_re.match(self.connection.get_server_info()) + # Ensure we have a connection with the DB by using a temporary + # cursor + new_connection = True + self.cursor().close() + server_info = self.connection.get_server_info() + if new_connection: + # Make sure we close the connection + self.connection.close() + self.connection = None + m = server_version_re.match(server_info) if not m: - raise Exception('Unable to determine MySQL version from version string %r' % self.connection.get_server_info()) + raise Exception('Unable to determine MySQL version from version string %r' % server_info) self.server_version = tuple([int(x) for x in m.groups()]) return self.server_version diff -Nru python-django-1.4/django/db/models/fields/related.py python-django-1.4.1/django/db/models/fields/related.py --- python-django-1.4/django/db/models/fields/related.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/db/models/fields/related.py 2012-07-30 22:42:42.000000000 +0200 @@ -239,7 +239,7 @@ def get_prefetch_query_set(self, instances): vals = set(instance._get_pk_val() for instance in instances) params = {'%s__pk__in' % self.related.field.name: vals} - return (self.get_query_set(instance=instances[0]), + return (self.get_query_set(instance=instances[0]).filter(**params), attrgetter(self.related.field.attname), lambda obj: obj._get_pk_val(), True, diff -Nru python-django-1.4/django/forms/fields.py python-django-1.4.1/django/forms/fields.py --- python-django-1.4/django/forms/fields.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/forms/fields.py 2012-07-30 22:42:42.000000000 +0200 @@ -570,20 +570,10 @@ file = StringIO(data['content']) try: - # load() is the only method that can spot a truncated JPEG, - # but it cannot be called sanely after verify() - trial_image = Image.open(file) - trial_image.load() - - # Since we're about to use the file again we have to reset the - # file object if possible. - if hasattr(file, 'reset'): - file.reset() - - # verify() is the only method that can spot a corrupt PNG, - # but it must be called immediately after the constructor - trial_image = Image.open(file) - trial_image.verify() + # load() could spot a truncated JPEG, but it loads the entire + # image in memory, which is a DoS vector. See #3848 and #18520. + # verify() must be called immediately after the constructor. + Image.open(file).verify() except ImportError: # Under PyPy, it is possible to import PIL. However, the underlying # _imaging C module isn't available, so an ImportError will be diff -Nru python-django-1.4/django/forms/widgets.py python-django-1.4.1/django/forms/widgets.py --- python-django-1.4/django/forms/widgets.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/forms/widgets.py 2012-07-30 22:42:42.000000000 +0200 @@ -487,15 +487,18 @@ pass return super(TimeInput, self)._has_changed(self._format_value(initial), data) + +# Defined at module level so that CheckboxInput is picklable (#17976) +def boolean_check(v): + return not (v is False or v is None or v == '') + + class CheckboxInput(Widget): def __init__(self, attrs=None, check_test=None): super(CheckboxInput, self).__init__(attrs) # check_test is a callable that takes a value and returns True # if the checkbox should be checked for that value. - if check_test is None: - self.check_test = lambda v: not (v is False or v is None or v == '') - else: - self.check_test = check_test + self.check_test = boolean_check if check_test is None else check_test def render(self, name, value, attrs=None): final_attrs = self.build_attrs(attrs, type='checkbox', name=name) diff -Nru python-django-1.4/django/http/__init__.py python-django-1.4.1/django/http/__init__.py --- python-django-1.4/django/http/__init__.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/http/__init__.py 2012-07-30 22:42:42.000000000 +0200 @@ -9,7 +9,7 @@ from pprint import pformat from urllib import urlencode, quote -from urlparse import urljoin +from urlparse import urljoin, urlparse try: from cStringIO import StringIO except ImportError: @@ -114,7 +114,7 @@ from django.conf import settings from django.core import signing -from django.core.exceptions import ImproperlyConfigured +from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation from django.core.files import uploadhandler from django.http.multipartparser import MultiPartParser from django.http.utils import * @@ -731,19 +731,21 @@ raise Exception("This %s instance cannot tell its position" % self.__class__) return sum([len(str(chunk)) for chunk in self._container]) -class HttpResponseRedirect(HttpResponse): - status_code = 302 +class HttpResponseRedirectBase(HttpResponse): + allowed_schemes = ['http', 'https', 'ftp'] def __init__(self, redirect_to): - super(HttpResponseRedirect, self).__init__() + super(HttpResponseRedirectBase, self).__init__() + parsed = urlparse(redirect_to) + if parsed.scheme and parsed.scheme not in self.allowed_schemes: + raise SuspiciousOperation("Unsafe redirect to URL with scheme '%s'" % parsed.scheme) self['Location'] = iri_to_uri(redirect_to) -class HttpResponsePermanentRedirect(HttpResponse): - status_code = 301 +class HttpResponseRedirect(HttpResponseRedirectBase): + status_code = 302 - def __init__(self, redirect_to): - super(HttpResponsePermanentRedirect, self).__init__() - self['Location'] = iri_to_uri(redirect_to) +class HttpResponsePermanentRedirect(HttpResponseRedirectBase): + status_code = 301 class HttpResponseNotModified(HttpResponse): status_code = 304 diff -Nru python-django-1.4/django/__init__.py python-django-1.4.1/django/__init__.py --- python-django-1.4/django/__init__.py 2012-03-23 17:59:16.000000000 +0100 +++ python-django-1.4.1/django/__init__.py 2012-07-30 22:43:10.000000000 +0200 @@ -1,4 +1,4 @@ -VERSION = (1, 4, 0, 'final', 0) +VERSION = (1, 4, 1, 'final', 0) def get_version(version=None): """Derives a PEP386-compliant version number from VERSION.""" diff -Nru python-django-1.4/django/test/testcases.py python-django-1.4.1/django/test/testcases.py --- python-django-1.4/django/test/testcases.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/test/testcases.py 2012-07-30 22:42:42.000000000 +0200 @@ -1143,4 +1143,11 @@ if hasattr(cls, 'server_thread'): # Terminate the live server's thread cls.server_thread.join() + + # Restore sqlite connections' non-sharability + for conn in connections.all(): + if (conn.settings_dict['ENGINE'] == 'django.db.backends.sqlite3' + and conn.settings_dict['NAME'] == ':memory:'): + conn.allow_thread_sharing = False + super(LiveServerTestCase, cls).tearDownClass() diff -Nru python-django-1.4/django/views/debug.py python-django-1.4.1/django/views/debug.py --- python-django-1.4/django/views/debug.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/views/debug.py 2012-07-30 22:42:42.000000000 +0200 @@ -155,9 +155,20 @@ Replaces the values of variables marked as sensitive with stars (*********). """ - func_name = tb_frame.f_code.co_name - func = tb_frame.f_globals.get(func_name) - sensitive_variables = getattr(func, 'sensitive_variables', []) + # Loop through the frame's callers to see if the sensitive_variables + # decorator was used. + current_frame = tb_frame.f_back + sensitive_variables = None + while current_frame is not None: + if (current_frame.f_code.co_name == 'sensitive_variables_wrapper' + and 'sensitive_variables_wrapper' in current_frame.f_locals): + # The sensitive_variables decorator was used, so we take note + # of the sensitive variables' names. + wrapper = current_frame.f_locals['sensitive_variables_wrapper'] + sensitive_variables = getattr(wrapper, 'sensitive_variables', None) + break + current_frame = current_frame.f_back + cleansed = [] if self.is_active(request) and sensitive_variables: if sensitive_variables == '__ALL__': diff -Nru python-django-1.4/django/views/decorators/debug.py python-django-1.4.1/django/views/decorators/debug.py --- python-django-1.4/django/views/decorators/debug.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/views/decorators/debug.py 2012-07-30 22:42:34.000000000 +0200 @@ -26,13 +26,13 @@ """ def decorator(func): @functools.wraps(func) - def wrapper(*args, **kwargs): + def sensitive_variables_wrapper(*args, **kwargs): if variables: - wrapper.sensitive_variables = variables + sensitive_variables_wrapper.sensitive_variables = variables else: - wrapper.sensitive_variables = '__ALL__' + sensitive_variables_wrapper.sensitive_variables = '__ALL__' return func(*args, **kwargs) - return wrapper + return sensitive_variables_wrapper return decorator @@ -61,11 +61,11 @@ """ def decorator(view): @functools.wraps(view) - def wrapper(request, *args, **kwargs): + def sensitive_post_parameters_wrapper(request, *args, **kwargs): if parameters: request.sensitive_post_parameters = parameters else: request.sensitive_post_parameters = '__ALL__' return view(request, *args, **kwargs) - return wrapper + return sensitive_post_parameters_wrapper return decorator diff -Nru python-django-1.4/docs/conf.py python-django-1.4.1/docs/conf.py diff -Nru python-django-1.4/docs/faq/models.txt python-django-1.4.1/docs/faq/models.txt diff -Nru python-django-1.4/docs/howto/custom-management-commands.txt python-django-1.4.1/docs/howto/custom-management-commands.txt diff -Nru python-django-1.4/docs/howto/custom-model-fields.txt python-django-1.4.1/docs/howto/custom-model-fields.txt diff -Nru python-django-1.4/docs/howto/deployment/wsgi/uwsgi.txt python-django-1.4.1/docs/howto/deployment/wsgi/uwsgi.txt diff -Nru python-django-1.4/docs/howto/outputting-pdf.txt python-django-1.4.1/docs/howto/outputting-pdf.txt Les fichiers binaires /tmp/f_LcC7UEUu/python-django-1.4/docs/intro/_images/admin12t.png et /tmp/Y536zR3R0v/python-django-1.4.1/docs/intro/_images/admin12t.png sont différents diff -Nru python-django-1.4/docs/intro/install.txt python-django-1.4.1/docs/intro/install.txt diff -Nru python-django-1.4/docs/intro/tutorial02.txt python-django-1.4.1/docs/intro/tutorial02.txt diff -Nru python-django-1.4/docs/intro/whatsnext.txt python-django-1.4.1/docs/intro/whatsnext.txt diff -Nru python-django-1.4/docs/man/django-admin.1 python-django-1.4.1/docs/man/django-admin.1 diff -Nru python-django-1.4/docs/ref/contrib/admin/index.txt python-django-1.4.1/docs/ref/contrib/admin/index.txt diff -Nru python-django-1.4/docs/ref/contrib/gis/install.txt python-django-1.4.1/docs/ref/contrib/gis/install.txt diff -Nru python-django-1.4/docs/ref/contrib/markup.txt python-django-1.4.1/docs/ref/contrib/markup.txt diff -Nru python-django-1.4/docs/ref/contrib/syndication.txt python-django-1.4.1/docs/ref/contrib/syndication.txt diff -Nru python-django-1.4/docs/ref/databases.txt python-django-1.4.1/docs/ref/databases.txt diff -Nru python-django-1.4/docs/ref/django-admin.txt python-django-1.4.1/docs/ref/django-admin.txt diff -Nru python-django-1.4/docs/ref/forms/widgets.txt python-django-1.4.1/docs/ref/forms/widgets.txt diff -Nru python-django-1.4/docs/ref/middleware.txt python-django-1.4.1/docs/ref/middleware.txt diff -Nru python-django-1.4/docs/ref/models/fields.txt python-django-1.4.1/docs/ref/models/fields.txt diff -Nru python-django-1.4/docs/ref/models/instances.txt python-django-1.4.1/docs/ref/models/instances.txt diff -Nru python-django-1.4/docs/ref/models/options.txt python-django-1.4.1/docs/ref/models/options.txt diff -Nru python-django-1.4/docs/ref/settings.txt python-django-1.4.1/docs/ref/settings.txt diff -Nru python-django-1.4/docs/ref/templates/builtins.txt python-django-1.4.1/docs/ref/templates/builtins.txt diff -Nru python-django-1.4/docs/releases/1.4.txt python-django-1.4.1/docs/releases/1.4.txt diff -Nru python-django-1.4/docs/topics/auth.txt python-django-1.4.1/docs/topics/auth.txt diff -Nru python-django-1.4/docs/topics/db/models.txt python-django-1.4.1/docs/topics/db/models.txt diff -Nru python-django-1.4/docs/topics/db/transactions.txt python-django-1.4.1/docs/topics/db/transactions.txt diff -Nru python-django-1.4/docs/topics/email.txt python-django-1.4.1/docs/topics/email.txt diff -Nru python-django-1.4/docs/topics/forms/index.txt python-django-1.4.1/docs/topics/forms/index.txt diff -Nru python-django-1.4/docs/topics/http/middleware.txt python-django-1.4.1/docs/topics/http/middleware.txt diff -Nru python-django-1.4/docs/topics/http/shortcuts.txt python-django-1.4.1/docs/topics/http/shortcuts.txt diff -Nru python-django-1.4/docs/topics/security.txt python-django-1.4.1/docs/topics/security.txt diff -Nru python-django-1.4/docs/topics/testing.txt python-django-1.4.1/docs/topics/testing.txt diff -Nru python-django-1.4/PKG-INFO python-django-1.4.1/PKG-INFO --- python-django-1.4/PKG-INFO 2012-03-23 17:59:43.000000000 +0100 +++ python-django-1.4.1/PKG-INFO 2012-07-30 22:47:53.000000000 +0200 @@ -1,12 +1,12 @@ Metadata-Version: 1.0 Name: Django -Version: 1.4 +Version: 1.4.1 Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Home-page: http://www.djangoproject.com/ Author: Django Software Foundation Author-email: [email protected] License: UNKNOWN -Download-URL: https://www.djangoproject.com/m/releases/1.4/Django-1.4.tar.gz +Download-URL: https://www.djangoproject.com/m/releases/1.4/Django-1.4.1.tar.gz Description: UNKNOWN Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable diff -Nru python-django-1.4/setup.py python-django-1.4.1/setup.py --- python-django-1.4/setup.py 2012-03-23 17:59:15.000000000 +0100 +++ python-django-1.4.1/setup.py 2012-07-30 22:43:01.000000000 +0200 @@ -75,7 +75,7 @@ author = 'Django Software Foundation', author_email = '[email protected]', description = 'A high-level Python Web framework that encourages rapid development and clean, pragmatic design.', - download_url = 'https://www.djangoproject.com/m/releases/1.4/Django-1.4.tar.gz', + download_url = 'https://www.djangoproject.com/m/releases/1.4/Django-1.4.1.tar.gz', packages = packages, cmdclass = cmdclasses, data_files = data_files, diff -Nru python-django-1.4/tests/modeltests/prefetch_related/tests.py python-django-1.4.1/tests/modeltests/prefetch_related/tests.py diff -Nru python-django-1.4/tests/regressiontests/admin_changelist/models.py python-django-1.4.1/tests/regressiontests/admin_changelist/models.py diff -Nru python-django-1.4/tests/regressiontests/admin_changelist/tests.py python-django-1.4.1/tests/regressiontests/admin_changelist/tests.py diff -Nru python-django-1.4/tests/regressiontests/admin_filters/models.py python-django-1.4.1/tests/regressiontests/admin_filters/models.py diff -Nru python-django-1.4/tests/regressiontests/admin_filters/tests.py python-django-1.4.1/tests/regressiontests/admin_filters/tests.py diff -Nru python-django-1.4/tests/regressiontests/admin_views/tests.py python-django-1.4.1/tests/regressiontests/admin_views/tests.py diff -Nru python-django-1.4/tests/regressiontests/backends/tests.py python-django-1.4.1/tests/regressiontests/backends/tests.py diff -Nru python-django-1.4/tests/regressiontests/forms/tests/fields.py python-django-1.4.1/tests/regressiontests/forms/tests/fields.py diff -Nru python-django-1.4/tests/regressiontests/httpwrappers/tests.py python-django-1.4.1/tests/regressiontests/httpwrappers/tests.py diff -Nru python-django-1.4/tests/regressiontests/test_utils/tests.py python-django-1.4.1/tests/regressiontests/test_utils/tests.py diff -Nru python-django-1.4/tests/regressiontests/views/tests/debug.py python-django-1.4.1/tests/regressiontests/views/tests/debug.py diff -Nru python-django-1.4/tests/regressiontests/views/views.py python-django-1.4.1/tests/regressiontests/views/views.py
