Your message dated Tue, 20 Nov 2012 08:47:46 +0000
with message-id <[email protected]>
and subject line Bug#693752: fixed in python-django 1.4.2-2
has caused the Debian Bug report #693752,
regarding python-django: self-test failure with 1.4.2-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
693752: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693752
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-django
Version: 1.4.2-1
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu raring ubuntu-patch
Dear Maintainer,
1.4.2-1 introduced testsuite fixes for the patches to fix CVE-2012-4520. This
breaks 'manage.py test' when ADMINS or MANAGERS is set in settings.py.
This is upstream:
https://code.djangoproject.com/ticket/19172
and Launchpad bug:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1080204
In Ubuntu, the attached patch was applied to achieve the following:
* Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py
- debian/patches/lp1080204.diff: Isolate poisoned_http_host tests from
500. This can be dropped in 1.4.3.
- https://code.djangoproject.com/ticket/19172
- LP: #1080204
Thanks for considering the patch.
-- System Information:
Debian Release: wheezy/sid
APT prefers quantal-updates
APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500,
'quantal')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5.0-18-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru python-django-1.4.2/debian/changelog python-django-1.4.2/debian/changelog
diff -Nru python-django-1.4.2/debian/patches/lp1080204.diff python-django-1.4.2/debian/patches/lp1080204.diff
--- python-django-1.4.2/debian/patches/lp1080204.diff 1969-12-31 18:00:00.000000000 -0600
+++ python-django-1.4.2/debian/patches/lp1080204.diff 2012-11-19 16:10:08.000000000 -0600
@@ -0,0 +1,33 @@
+From b774c5993cf80000966ae8f04c985116f98ee5ac Mon Sep 17 00:00:00 2001
+From: Claude Paroz <[email protected]>
+Date: Mon, 29 Oct 2012 17:26:10 +0100
+Subject: [PATCH] Fixed #19172 -- Isolated poisoned_http_host tests from 500
+ handlers
+
+Thanks bernardofontes for the report.
+---
+ django/contrib/auth/tests/views.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Index: python-django-1.4.1/django/contrib/auth/tests/views.py
+===================================================================
+--- python-django-1.4.1.orig/django/contrib/auth/tests/views.py 2012-11-19 14:15:53.000000000 -0600
++++ python-django-1.4.1/django/contrib/auth/tests/views.py 2012-11-19 14:15:53.000000000 -0600
+@@ -118,6 +118,8 @@
+ self.assertTrue("http://adminsite.com"; in mail.outbox[0].body)
+ self.assertEqual(settings.DEFAULT_FROM_EMAIL, mail.outbox[0].from_email)
+
++ # Skip any 500 handler action (like sending more mail...)
++ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
+ def test_poisoned_http_host(self):
+ "Poisoned HTTP_HOST headers can't be used for reset emails"
+ # This attack is based on the way browsers handle URLs. The colon
+@@ -134,6 +136,8 @@
+ )
+ self.assertEqual(len(mail.outbox), 0)
+
++ # Skip any 500 handler action (like sending more mail...)
++ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
+ def test_poisoned_http_host_admin_site(self):
+ "Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
+ with self.assertRaises(SuspiciousOperation):
diff -Nru python-django-1.4.2/debian/patches/series python-django-1.4.2/debian/patches/series
--- python-django-1.4.2/debian/patches/series 2012-10-22 03:55:20.000000000 -0500
+++ python-django-1.4.2/debian/patches/series 2012-11-19 16:10:17.000000000 -0600
@@ -1,3 +1,4 @@
02_disable-sources-in-sphinxdoc.diff
03_manpage.diff
06_use_debian_geoip_database_as_default.diff
+lp1080204.diff
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1.4.2-2
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphaël Hertzog <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 20 Nov 2012 08:28:37 +0100
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.4.2-2
Distribution: unstable
Urgency: low
Maintainer: Chris Lamb <[email protected]>
Changed-By: Raphaël Hertzog <[email protected]>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Closes: 693752
Changes:
python-django (1.4.2-2) unstable; urgency=low
.
* Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py.
Add upstream patch debian/patches/01_fix-self-tests.diff.
Thanks to Jamie Strandboge <[email protected]> for the report.
Closes: #693752 LP: #1080204
Checksums-Sha1:
63e21b7e7ad8c22c99f5bf279acd14cfa01c3772 2227 python-django_1.4.2-2.dsc
ede9892288b2c26248206bf16625f4fabfdc0b34 20263
python-django_1.4.2-2.debian.tar.gz
ea01e53eef0c399549174f1ad0817dec77911170 5363346 python-django_1.4.2-2_all.deb
1cada868756da10f6889a1a7a855fd988a1c50eb 2421514
python-django-doc_1.4.2-2_all.deb
Checksums-Sha256:
feb3ba2e7fd22bd8e274ecc3784027947ee6772490c54297c911aafa0a24e243 2227
python-django_1.4.2-2.dsc
5deff0ed30eb24eddebccfe2ade0fbab4f323b8c9c43ce7e7855d1ad932a239f 20263
python-django_1.4.2-2.debian.tar.gz
2dfbd5338ce2d029772c8c5c32af047a2bf409d4045a0fec6bf61a1335202d81 5363346
python-django_1.4.2-2_all.deb
9f2bbb2a8d2546c8418e601f2bdb45f6305fa8c642bb35886726c4607762de9b 2421514
python-django-doc_1.4.2-2_all.deb
Files:
3ebe75f34205dc94392b836a1ca740d9 2227 python optional python-django_1.4.2-2.dsc
ce91d82f5f7d17002aaa9973f83f4e6a 20263 python optional
python-django_1.4.2-2.debian.tar.gz
b338eb1ec7d07524105507e77243889c 5363346 python optional
python-django_1.4.2-2_all.deb
b2be44803768dc020af23c1b2a4a7e4b 2421514 doc optional
python-django-doc_1.4.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Signed by Raphael Hertzog
iQIcBAEBCAAGBQJQqzaDAAoJEOYZBF3yrHKab1kP/3IFT0vxkCEcG4ClurRKJIXZ
/js+ozU4X8LWfWSz4epolEcRnlG6WUUiOJt/ADGUnEmOFBOIynIM9SMD612FeBvk
99j7MB317LmFLPAxGC3ILNIr4RsGHfQUr0NNwfxlvWLw9eoi+Y9F3IRynqPOSoRV
Fzr/rS6JcvpdK1xrsI1QGH18je6CKNjls21ErqIsDpf6umOpBXKyyhLOgET06Pre
Fbfqrk8Q/zwRERAKUrOHroP4esMA243U/MMEFkGrbP6NeUVpqyvCINfxOVftQldg
BgcHPvRowwxsPOGaAEq9EoqJImGmFN0kRZCE7SxAu7FKezRUt4CBje735shta6co
o1e/nYfWhaBpNxSY4QqpDMnYmkhHhHmWoKhhmZqRR/PC5AvVsgDBf9pYMt0k2IUQ
0+VsMNMX0v2nz5K6xiInBOnsvfVddTIJqWjbg/9qn2qLHX0q6PNrECVZ+DohnDtg
a4VbM/+rHYsWwBVSU9kbLzn3DSBihrlGQl3YNkh9yawbCUJ73n+0MjRn5AXhKpv7
gPIs3vNOLz8mEji5JmaIHWhWR9Uq6cTj859BnqNBl80pYjfa1ODX4AfDtko2OQiQ
F1e1EIiW8xHWdY2ZA/VYfIzr0a9uuM4vj/UdXTkxj7ZFoPZlqE1bNV0iRHqqPN8y
H4l/zOKPcJ/Oh/kX/5cM
=cx8S
-----END PGP SIGNATURE-----
--- End Message ---
