Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2019-12-07 15:11:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Sat Dec 7 15:11:57 2019 rev:58 rq:752876 version:2.2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2019-11-18 20:06:38.933705650 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new.4691/python-Django.changes 2019-12-07 15:12:25.495821022 +0100 @@ -1,0 +2,17 @@ +Mon Dec 2 09:45:57 UTC 2019 - Alberto Planas Dominguez <apla...@suse.com> + +- Update to 2.2.8 + * CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705) + * Fixed a data loss possibility in the admin changelist view when a + custom formset’s prefix contains regular expression special + characters, e.g. '$' + * Fixed a regression in Django 2.2.1 that caused a crash when + migrating permissions for proxy models with a multiple database + setup if the default entry was empty + * Fixed a data loss possibility in the select_for_update(). When + using 'self' in the of argument with multi-table inheritance, a + parent model was locked instead of the queryset’s model +- Add patch fix-selenium-test.patch to fix a test when selenium is + missing + +------------------------------------------------------------------- Old: ---- Django-2.2.7.tar.gz Django-2.2.7.tar.gz.asc New: ---- Django-2.2.8.tar.gz Django-2.2.8.tar.gz.asc fix-selenium-test.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.XMfl9K/_old 2019-12-07 15:12:26.291820908 +0100 +++ /var/tmp/diff_new_pack.XMfl9K/_new 2019-12-07 15:12:26.295820908 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-Django # -# Copyright (c) 2019 SUSE LLC. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %bcond_with memcached Name: python-Django # We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc -Version: 2.2.7 +Version: 2.2.8 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause @@ -34,6 +34,7 @@ Source99: python-Django-rpmlintrc Patch0: i18n_test.patch Patch1: test_clear_site_cache-sort.patch +Patch2: fix-selenium-test.patch BuildRequires: %{python_module Jinja2 >= 2.9.2} BuildRequires: %{python_module Pillow} BuildRequires: %{python_module PyYAML} @@ -98,6 +99,7 @@ %setup -q -n Django-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 chmod a-x django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js %build ++++++ Django-2.2.7.tar.gz -> Django-2.2.8.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/Django-2.2.7.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.4691/Django-2.2.8.tar.gz differ: char 5, line 1 ++++++ Django-2.2.7.tar.gz.asc -> Django-2.2.8.tar.gz.asc ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-2.2.7.tar.gz.asc 2019-11-18 20:06:38.097706069 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new.4691/Django-2.2.8.tar.gz.asc 2019-12-07 15:12:25.139821071 +0100 @@ -2,16 +2,16 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 2.2.7, released November 4, 2019. +tarball and wheel files of Django 2.2.8, released December 2, 2019. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring; this key has -the ID ``2EF56372BA48CD1B`` and can be imported from the MIT +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT keyserver. For example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 Once the key is imported, verify this file:: @@ -24,40 +24,39 @@ Release packages: ================= -https://www.djangoproject.com/m/releases/2.2/Django-2.2.7-py3-none-any.whl -https://www.djangoproject.com/m/releases/2.2/Django-2.2.7.tar.gz +https://www.djangoproject.com/m/releases/2.2/Django-2.2.8-py3-none-any.whl +https://www.djangoproject.com/m/releases/2.2/Django-2.2.8.tar.gz MD5 checksums ============= -501704dd5d29b597763a8e9dd7737f6b Django-2.2.7-py3-none-any.whl -b0833024aac4c8240467e4dc91a12e9b Django-2.2.7.tar.gz +2dd61e8dfadc3754e35f927d4142fc0f Django-2.2.8-py3-none-any.whl +57d965818410a4e00e2267eef66aa9c9 Django-2.2.8.tar.gz SHA1 checksums ============== -40fc8e32c8d002cf44d9abebe57c24019fcda3ba Django-2.2.7-py3-none-any.whl -ef69a17d8547070880aba9171f2471eb4b921fed Django-2.2.7.tar.gz +ad9d4b417d4b99ec19548d7339b345d807de5000 Django-2.2.8-py3-none-any.whl +0a631fe2237fea6a60cdd5d02b618632b6e49a1b Django-2.2.8.tar.gz SHA256 checksums ================ -89c2007ca4fa5b351a51a279eccff298520783b713bf28efb89dfb81c80ea49b Django-2.2.7-py3-none-any.whl -16040e1288c6c9f68c6da2fe75ebde83c0a158f6f5d54f4c5177b0c1478c5b86 Django-2.2.7.tar.gz +fa98ec9cc9bf5d72a08ebf3654a9452e761fbb8566e3f80de199cbc15477e891 Django-2.2.8-py3-none-any.whl +a4ad4f6f9c6a4b7af7e2deec8d0cbff28501852e5010d6c2dc695d3d1fae7ca0 Django-2.2.8.tar.gz -----BEGIN PGP SIGNATURE----- -iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl2/2JUbHGZlbGlzaWFr -Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bzCIQAKaFzUHrxUJeFrgrkcUZ -LvCa3IjyuDJlHWzavSSjf7ZXQR3de52VUDtNwdD5yByMQpn/s/UWqKlKu8c7fh2V -+xagzCXYAbYbFyjoinZiZib7SPAffDITyFyy3FgxHNMS/g7pmuBPxic4oYyL0poP -OA1H26x4TpOWDCRLh9FncTWIkJusSekqsjjDKbfRr9GvkbAR9ueRfOFZn96PuOTF -JUcpkbntdZzVChl90LHDMuJywSURChcoOci66fmaMXMoTblbBpdX1gTwNJeW4//d -WZb3LMbB9vq41XEnjttlcYXHrWNqsDSqkOB6kqa+dh6TLe0mmDpiphnDotHCHL6V -1PII9yVLUZ1l6vL36iXoWQaOPIeLbtRDYzk/IURY3QKE69FGxTOsVqbwMnS5jJvn -maOGtaYch/NWnRHVMoIO5+bh9SRkS+1wO3a6EFzl69TuVW5fm6vqfuDnknd24UEA -6UCsWhEQoG9ot6AyTXDTARQVrE5K2ujDheMiNXKqbAv+QUcjf3BzECdwBGC9LvAi -j3FkXTJ/Q1XUQaYZRJsELRNMs5DOrBTZ8/6EEVuP6gOQosbHaCzlcyGxqF6JpcYy -NOxAmKDVyvBS/N5WsgAQCVO7jeV7ytUN7rgUtruKW7GMUhUqq1h+Mg1QFy53lqip -U4wWM0jrmAxNBCw3hbqiaQQZ -=xLL3 +iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl3ky/QACgkQ4X31yCtP +nQBi8w//S+ZVGHyo35gekAy3j11PmUuiD2nhGlrmfZgiBsAepcxIpXH/ZYS+OWUY +ZYdyUYb9308YGiKzkOxOMmsqrZeEwzImQcf844MCbQcFkPe0NWc9FZ/RphCaStVN +pxoGHZOfV6bOyLVJO8jV4YqDl/MBWdvtFDMhrrJlZSmgmVDAfpSV+BFUmoFaiC2i +vd1fKKVLxTVZrr6L6ov0h8JM2gMPVoGp4P/WDofk1LuWRKLZmwtrp7PRdBeyf5jO +itoQD00qAt2IsdaXYuPkaCMdQWzCJDGiFFUjcRkzdZtLaKugTnuHMol9/lCcXkW1 +NL//xq+rh8YfyTkNk4rDHuu98urPz46z1kgvNOSJlgpTf4RWjk/va1s+/Cc28QSa +KVA4CcD+2+we781USYJG0B10+OsgzWbPV+50IOejVqrhj5QCSa6LRG37hp6iJThp ++2ZqM8DthouFdjliT1W3pEzcyII/nWqIibyWo7zMrQQk5N9f5E628KHIFlOeB7+8 +pinSTmfUpTS5leVBRIzc2LhdE9WYoPaFdQOm2AD7vHDIwYxy5l9uStyN25xi+Jp1 +EvsFmIKj9COc21L4nDujpgKdLJ0eiGAL6fJ6UQydvMaBsdbPXO8kTk/lXooQx1X/ +LhbnxqLG1Yzh9bxNHCGOGPDnWswGeTFNpAhRwtryCBASeItQzAE= +=xo2Q -----END PGP SIGNATURE----- ++++++ fix-selenium-test.patch ++++++ Index: Django-2.2.8/tests/admin_inlines/tests.py =================================================================== --- Django-2.2.8.orig/tests/admin_inlines/tests.py +++ Django-2.2.8/tests/admin_inlines/tests.py @@ -1,5 +1,3 @@ -from selenium.common.exceptions import NoSuchElementException - from django.contrib.admin import ModelAdmin, TabularInline from django.contrib.admin.helpers import InlineAdminForm from django.contrib.admin.tests import AdminSeleniumTestCase @@ -1050,6 +1048,8 @@ class SeleniumTests(AdminSeleniumTestCas self.assertEqual(Profile.objects.all().count(), 3) def test_add_inline_link_absent_for_view_only_parent_model(self): + from selenium.common.exceptions import NoSuchElementException + user = User.objects.create_user('testing', password='password', is_staff=True) user.user_permissions.add( Permission.objects.get(codename='view_poll', content_type=ContentType.objects.get_for_model(Poll))