Hello community,
here is the log from the commit of package python-Django for openSUSE:Factory
checked in at 2019-12-07 15:11:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Django (Old)
and /work/SRC/openSUSE:Factory/.python-Django.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django"
Sat Dec 7 15:11:57 2019 rev:58 rq:752876 version:2.2.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes
2019-11-18 20:06:38.933705650 +0100
+++ /work/SRC/openSUSE:Factory/.python-Django.new.4691/python-Django.changes
2019-12-07 15:12:25.495821022 +0100
@@ -1,0 +2,17 @@
+Mon Dec 2 09:45:57 UTC 2019 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to 2.2.8
+ * CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705)
+ * Fixed a data loss possibility in the admin changelist view when a
+ custom formset’s prefix contains regular expression special
+ characters, e.g. '$'
+ * Fixed a regression in Django 2.2.1 that caused a crash when
+ migrating permissions for proxy models with a multiple database
+ setup if the default entry was empty
+ * Fixed a data loss possibility in the select_for_update(). When
+ using 'self' in the of argument with multi-table inheritance, a
+ parent model was locked instead of the queryset’s model
+- Add patch fix-selenium-test.patch to fix a test when selenium is
+ missing
+
+-------------------------------------------------------------------
Old:
----
Django-2.2.7.tar.gz
Django-2.2.7.tar.gz.asc
New:
----
Django-2.2.8.tar.gz
Django-2.2.8.tar.gz.asc
fix-selenium-test.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Django.spec ++++++
--- /var/tmp/diff_new_pack.XMfl9K/_old 2019-12-07 15:12:26.291820908 +0100
+++ /var/tmp/diff_new_pack.XMfl9K/_new 2019-12-07 15:12:26.295820908 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-Django
#
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
%bcond_with memcached
Name: python-Django
# We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 ->
3.0 etc
-Version: 2.2.7
+Version: 2.2.8
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause
@@ -34,6 +34,7 @@
Source99: python-Django-rpmlintrc
Patch0: i18n_test.patch
Patch1: test_clear_site_cache-sort.patch
+Patch2: fix-selenium-test.patch
BuildRequires: %{python_module Jinja2 >= 2.9.2}
BuildRequires: %{python_module Pillow}
BuildRequires: %{python_module PyYAML}
@@ -98,6 +99,7 @@
%setup -q -n Django-%{version}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
chmod a-x django/contrib/admin/static/admin/js/vendor/xregexp/xregexp.js
%build
++++++ Django-2.2.7.tar.gz -> Django-2.2.8.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-Django/Django-2.2.7.tar.gz
/work/SRC/openSUSE:Factory/.python-Django.new.4691/Django-2.2.8.tar.gz differ:
char 5, line 1
++++++ Django-2.2.7.tar.gz.asc -> Django-2.2.8.tar.gz.asc ++++++
--- /work/SRC/openSUSE:Factory/python-Django/Django-2.2.7.tar.gz.asc
2019-11-18 20:06:38.097706069 +0100
+++ /work/SRC/openSUSE:Factory/.python-Django.new.4691/Django-2.2.8.tar.gz.asc
2019-12-07 15:12:25.139821071 +0100
@@ -2,16 +2,16 @@
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 2.2.7, released November 4, 2019.
+tarball and wheel files of Django 2.2.8, released December 2, 2019.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
-the ID ``2EF56372BA48CD1B`` and can be imported from the MIT
+the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
implementation of PGP:
- gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B
+ gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
Once the key is imported, verify this file::
@@ -24,40 +24,39 @@
Release packages:
=================
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.7-py3-none-any.whl
-https://www.djangoproject.com/m/releases/2.2/Django-2.2.7.tar.gz
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.8-py3-none-any.whl
+https://www.djangoproject.com/m/releases/2.2/Django-2.2.8.tar.gz
MD5 checksums
=============
-501704dd5d29b597763a8e9dd7737f6b Django-2.2.7-py3-none-any.whl
-b0833024aac4c8240467e4dc91a12e9b Django-2.2.7.tar.gz
+2dd61e8dfadc3754e35f927d4142fc0f Django-2.2.8-py3-none-any.whl
+57d965818410a4e00e2267eef66aa9c9 Django-2.2.8.tar.gz
SHA1 checksums
==============
-40fc8e32c8d002cf44d9abebe57c24019fcda3ba Django-2.2.7-py3-none-any.whl
-ef69a17d8547070880aba9171f2471eb4b921fed Django-2.2.7.tar.gz
+ad9d4b417d4b99ec19548d7339b345d807de5000 Django-2.2.8-py3-none-any.whl
+0a631fe2237fea6a60cdd5d02b618632b6e49a1b Django-2.2.8.tar.gz
SHA256 checksums
================
-89c2007ca4fa5b351a51a279eccff298520783b713bf28efb89dfb81c80ea49b
Django-2.2.7-py3-none-any.whl
-16040e1288c6c9f68c6da2fe75ebde83c0a158f6f5d54f4c5177b0c1478c5b86
Django-2.2.7.tar.gz
+fa98ec9cc9bf5d72a08ebf3654a9452e761fbb8566e3f80de199cbc15477e891
Django-2.2.8-py3-none-any.whl
+a4ad4f6f9c6a4b7af7e2deec8d0cbff28501852e5010d6c2dc695d3d1fae7ca0
Django-2.2.8.tar.gz
-----BEGIN PGP SIGNATURE-----
-iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl2/2JUbHGZlbGlzaWFr
-Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bzCIQAKaFzUHrxUJeFrgrkcUZ
-LvCa3IjyuDJlHWzavSSjf7ZXQR3de52VUDtNwdD5yByMQpn/s/UWqKlKu8c7fh2V
-+xagzCXYAbYbFyjoinZiZib7SPAffDITyFyy3FgxHNMS/g7pmuBPxic4oYyL0poP
-OA1H26x4TpOWDCRLh9FncTWIkJusSekqsjjDKbfRr9GvkbAR9ueRfOFZn96PuOTF
-JUcpkbntdZzVChl90LHDMuJywSURChcoOci66fmaMXMoTblbBpdX1gTwNJeW4//d
-WZb3LMbB9vq41XEnjttlcYXHrWNqsDSqkOB6kqa+dh6TLe0mmDpiphnDotHCHL6V
-1PII9yVLUZ1l6vL36iXoWQaOPIeLbtRDYzk/IURY3QKE69FGxTOsVqbwMnS5jJvn
-maOGtaYch/NWnRHVMoIO5+bh9SRkS+1wO3a6EFzl69TuVW5fm6vqfuDnknd24UEA
-6UCsWhEQoG9ot6AyTXDTARQVrE5K2ujDheMiNXKqbAv+QUcjf3BzECdwBGC9LvAi
-j3FkXTJ/Q1XUQaYZRJsELRNMs5DOrBTZ8/6EEVuP6gOQosbHaCzlcyGxqF6JpcYy
-NOxAmKDVyvBS/N5WsgAQCVO7jeV7ytUN7rgUtruKW7GMUhUqq1h+Mg1QFy53lqip
-U4wWM0jrmAxNBCw3hbqiaQQZ
-=xLL3
+iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl3ky/QACgkQ4X31yCtP
+nQBi8w//S+ZVGHyo35gekAy3j11PmUuiD2nhGlrmfZgiBsAepcxIpXH/ZYS+OWUY
+ZYdyUYb9308YGiKzkOxOMmsqrZeEwzImQcf844MCbQcFkPe0NWc9FZ/RphCaStVN
+pxoGHZOfV6bOyLVJO8jV4YqDl/MBWdvtFDMhrrJlZSmgmVDAfpSV+BFUmoFaiC2i
+vd1fKKVLxTVZrr6L6ov0h8JM2gMPVoGp4P/WDofk1LuWRKLZmwtrp7PRdBeyf5jO
+itoQD00qAt2IsdaXYuPkaCMdQWzCJDGiFFUjcRkzdZtLaKugTnuHMol9/lCcXkW1
+NL//xq+rh8YfyTkNk4rDHuu98urPz46z1kgvNOSJlgpTf4RWjk/va1s+/Cc28QSa
+KVA4CcD+2+we781USYJG0B10+OsgzWbPV+50IOejVqrhj5QCSa6LRG37hp6iJThp
++2ZqM8DthouFdjliT1W3pEzcyII/nWqIibyWo7zMrQQk5N9f5E628KHIFlOeB7+8
+pinSTmfUpTS5leVBRIzc2LhdE9WYoPaFdQOm2AD7vHDIwYxy5l9uStyN25xi+Jp1
+EvsFmIKj9COc21L4nDujpgKdLJ0eiGAL6fJ6UQydvMaBsdbPXO8kTk/lXooQx1X/
+LhbnxqLG1Yzh9bxNHCGOGPDnWswGeTFNpAhRwtryCBASeItQzAE=
+=xo2Q
-----END PGP SIGNATURE-----
++++++ fix-selenium-test.patch ++++++
Index: Django-2.2.8/tests/admin_inlines/tests.py
===================================================================
--- Django-2.2.8.orig/tests/admin_inlines/tests.py
+++ Django-2.2.8/tests/admin_inlines/tests.py
@@ -1,5 +1,3 @@
-from selenium.common.exceptions import NoSuchElementException
-
from django.contrib.admin import ModelAdmin, TabularInline
from django.contrib.admin.helpers import InlineAdminForm
from django.contrib.admin.tests import AdminSeleniumTestCase
@@ -1050,6 +1048,8 @@ class SeleniumTests(AdminSeleniumTestCas
self.assertEqual(Profile.objects.all().count(), 3)
def test_add_inline_link_absent_for_view_only_parent_model(self):
+ from selenium.common.exceptions import NoSuchElementException
+
user = User.objects.create_user('testing', password='password',
is_staff=True)
user.user_permissions.add(
Permission.objects.get(codename='view_poll',
content_type=ContentType.objects.get_for_model(Poll))
