Hello community, here is the log from the commit of package python3-Django for openSUSE:Factory checked in at 2016-03-07 13:28:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python3-Django (Old) and /work/SRC/openSUSE:Factory/.python3-Django.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-Django" Changes: -------- --- /work/SRC/openSUSE:Factory/python3-Django/python3-Django.changes 2016-02-26 00:43:06.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python3-Django.new/python3-Django.changes 2016-03-07 13:30:04.000000000 +0100 @@ -1,0 +2,48 @@ +Mon Mar 7 03:57:46 UTC 2016 - a...@gmx.de + +- update to version 1.9.4: + * Django 1.9.4 fixes a regression on Python 2 in the 1.9.3 security + release where utils.http.is_safe_url() crashes on bytestring URLs + (#26308). + +------------------------------------------------------------------- +Fri Mar 4 16:22:21 UTC 2016 - a...@gmx.de + +- update to version 1.9.3: + * CVE-2016-2512: Malicious redirect and possible XSS attack via + user-supplied redirect URLs containing basic auth + * CVE-2016-2513: User enumeration through timing difference on + password hasher work factor upgrade + * Skipped URL checks (new in 1.9) if the ROOT_URLCONF setting isn’t + defined (#26155). + * Fixed a crash on PostgreSQL that prevented using TIME_ZONE=None + and USE_TZ=False (#26177). + * Added system checks for query name clashes of hidden relationships + (#26162). + * Fixed a regression for cases where + ForeignObject.get_extra_descriptor_filter() returned a Q object + (#26153). + * Fixed regression with an __in=qs lookup for a ForeignKey with + to_field set (#26196). + * Made forms.FileField and utils.translation.lazy_number() picklable + (#26212). + * Fixed RangeField and ArrayField serialization with None values + (#26215). + * Fixed a crash when filtering by a Decimal in RawQuery (#26219). + * Reallowed dashes in top-level domain names of URLs checked by + URLValidator to fix a regression in Django 1.8 (#26204). + * Fixed some crashing deprecation shims in SimpleTemplateResponse + that regressed in Django 1.9 (#26253). + * Fixed BoundField to reallow slices of subwidgets (#26267). + * Changed the admin’s “permission denied” message in the login + template to use get_username instead of username to support custom + user models (#26231). + * Fixed a crash when passing a nonexistent template name to the + cached template loader’s load_template() method (#26280). + * Prevented ContentTypeManager instances from sharing their cache + (#26286). + * Reverted a change in Django 1.9.2 (#25858) that prevented relative + lazy relationships defined on abstract models to be resolved + according to their concrete model’s app_label (#26186). + +------------------------------------------------------------------- Old: ---- Django-1.9.2.checksum.txt Django-1.9.2.tar.gz New: ---- Django-1.9.4.checksum.txt Django-1.9.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-Django.spec ++++++ --- /var/tmp/diff_new_pack.cGqmgZ/_old 2016-03-07 13:30:06.000000000 +0100 +++ /var/tmp/diff_new_pack.cGqmgZ/_new 2016-03-07 13:30:06.000000000 +0100 @@ -17,7 +17,7 @@ Name: python3-Django -Version: 1.9.2 +Version: 1.9.4 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-1.9.2.checksum.txt -> Django-1.9.4.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python3-Django/Django-1.9.2.checksum.txt 2016-02-08 09:47:34.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python3-Django.new/Django-1.9.4.checksum.txt 2016-03-07 13:30:04.000000000 +0100 @@ -2,7 +2,7 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 1.9.2, released February 1, 2016. +tarball and wheel files of Django 1.9.4, released March 5, 2016. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have @@ -24,40 +24,40 @@ Release packages: ================= -https://www.djangoproject.com/m/releases/1.9/Django-1.9.2.tar.gz -https://www.djangoproject.com/m/releases/1.9/Django-1.9.2-py2.py3-none-any.whl +https://www.djangoproject.com/m/releases/1.9/Django-1.9.4.tar.gz +https://www.djangoproject.com/m/releases/1.9/Django-1.9.4-py2.py3-none-any.whl MD5 checksums: ============== -72317fd693fe1c95b6192d25d8fcd323 Django-1.9.2-py2.py3-none-any.whl -ee90280973d435a1a6aa01b453b50cd1 Django-1.9.2.tar.gz +89481f08178f7d28a943fea1bd41de44 Django-1.9.4-py2.py3-none-any.whl +e8d389532e248174a9859f2987be6a04 Django-1.9.4.tar.gz SHA1 checksums: =============== -9fd1d27833f0fc3109b417922dbbe387abd7c724 Django-1.9.2-py2.py3-none-any.whl -3b761b2ba6a098572e39545251caef565bba3d5f Django-1.9.2.tar.gz +90c47679c67b649258009d3184f1903c171bf64c Django-1.9.4-py2.py3-none-any.whl +30848b412df1f07b35ef280545900864d4d61cc7 Django-1.9.4.tar.gz SHA256 checksums: ================= -cc2ee91769af012654ae4904b6704f2fa0cc6b283675869c2f2ed879eaba11e8 Django-1.9.2-py2.py3-none-any.whl -7a233322eeb35da5fd8315f9e5dd48f2171de43ca2cfb11b138607daa4bf8a2f Django-1.9.2.tar.gz +af6264550f8d1cc468db6bbd38151e539b0468ecc5d7d39598af918eae2428b2 Django-1.9.4-py2.py3-none-any.whl +ada8e7aa697e47c94b5660291cc0a14bb555385e0898da0a119d8f4b648fbde9 Django-1.9.4.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 -iQIcBAEBCAAGBQJWr5GIAAoJEB6Kvcdz7eJSkIYP/1YkC2VfkucQJTQjERmCH1S4 -EadRBshFDkmrGQInwTJ/F35XVlAATGT75MvjIQpPlNoYIpRZXpEU7sqcICY7pmNO -Und1ShCtPUnPzUpE5GL7e2yEoJHGWUwfP73ro9+uQQDDDFD6oe29d4X8zNQEQZpU -fl59rAbXo/dGsJQiSPwZstf6+B6ciiIoBsS8fMXzXWUHmq0QpfbIWegmWNVe5qFj -Ot3glje/HGofzGzFbUa9WgaPFDA30COdbvzeP0zoj71C1FsMVXtvrl4avpPxYG70 -tvOwmSKu72CfrpSm1fRAFDYINB6W+1+0S7nLwvOmdSvKX9k1LUQ70mxwGVmaHMiB -XSA7R59bJYM61y08KI8PQN6bkaLv0nIBkQG/eRP41yY/XbVFQ4SkNCJVvG7JZPzs -Op/D+ev3ao2qP8V3l2PYmhWtMoFgNstDFBRHe5IwiTuGHfxq8SMGfWSwPO26p/kU -fwN3HLWFBx752THRF1TjFFnA2DU5FFdqUjVVQDZsEli+5hJO61mguEdgKAXQ2dHU -bXZyIXySyzWTMjmmw/P948Qc+d3K8rGgBcCUVk8MToe0/ljqAMlrL3eYA1q26QBS -T7fA3ja6ypMyeT9s7701zoLzQ4RSF9I8bl+4RnvSVwCutx/VrCJ2GKIssxo8qqT0 -xTN+usqGuNs3yAOfYEen -=HrIA +iQIcBAEBCAAGBQJW2uyFAAoJEB6Kvcdz7eJSx/sP/3/jwakGK2uLrPrkAfGzziWO +9e73GQD+SmiU5Wa7/cNAIeIsFCU7WHKp/ORRo9Wt+7piFL+ReNmMniOEl4SIqgWK +BTfPZlRcWID8wbgNgYbQDCkkkENFXX3fJVEa7NpBr21i7r7Mz+Z4L6NJBiX8U3iU +8kJrEtghGQCoE7IzQBwwaz0wCTFC3UOhfyncsYtF7OhdUHu5Q9JIiPIo0oAIvZZ9 +lOgK/2TR9Gzj+mwQaQUvWqingEP6XyQXANYqgLC/noR3Qo627p7uqizek9/XnLdt +GFF7Fw7QiYNRQONRwmlw6lFfsfPBFMPS7eIAwdWFR0y1WxroNuR+f4+hJ90tZM4i +XtW88BdSUQqUjLVR8B/9CcNmYCUm8IlqeuxBA9jxQftIofotluxdNTyHiNfo623l +7tuI1+X3dGM/I8/ASI7S3YwMJnZlPb2HtItKgbsz4+44c4rkvV7WWbbBij4cCwUs +1Y1neBy+25HixfMgBaG3aWInE++gjmRe/OQSvffVFTB34XgONbXMq3sNJI4D7j+Q +vAsYo8u4r/rJLFvzvesAX+IGluvZlzlYqPOQll0oWgeaLLLsfMLNA9O+VJL9DKp2 +4SuccXQcz/044asWdJ4X20ayGIhZWrEl7mujRvJEPofD5H5Jnt/gIf9/ihKsIdwZ +tdOLDJzmm5ydhiOU7jGe +=5NbH -----END PGP SIGNATURE----- ++++++ Django-1.9.2.tar.gz -> Django-1.9.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/python3-Django/Django-1.9.2.tar.gz /work/SRC/openSUSE:Factory/.python3-Django.new/Django-1.9.4.tar.gz differ: char 5, line 1