Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2020-09-14 12:02:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Mon Sep 14 12:02:48 2020 rev:68 rq:833249 version:3.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2020-09-04 10:57:53.618584195 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.4249/python-Django.changes 2020-09-14 12:04:04.907672370 +0200 @@ -1,0 +2,19 @@ +Wed Sep 9 14:14:08 UTC 2020 - Marketa Calabkova <mcalabk...@suse.com> + +- Update to 3.1.1 + * CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ + * CVE-2020-24584: Permission escalation in intermediate-level directories of the file + system cache on Python 3.7+ + * Fixed a data loss possibility in the select_for_update(). When using related fields + pointing to a proxy model in the of argument, the corresponding model was not locked + * Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data + * Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite + * Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator + and settings.py + +------------------------------------------------------------------- +Wed Sep 9 03:55:36 UTC 2020 - John Vandenberg <jay...@gmail.com> + +- Require asgiref >= 3.2.10 per upstream + +------------------------------------------------------------------- Old: ---- Django-3.1.tar.gz Django-3.1.tar.gz.asc New: ---- Django-3.1.1.tar.gz Django-3.1.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.rnb9qq/_old 2020-09-14 12:04:06.163673662 +0200 +++ /var/tmp/diff_new_pack.rnb9qq/_new 2020-09-14 12:04:06.163673662 +0200 @@ -23,7 +23,7 @@ %bcond_with memcached Name: python-Django # We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc -Version: 3.1 +Version: 3.1.1 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause @@ -40,7 +40,7 @@ BuildRequires: %{python_module Pillow} BuildRequires: %{python_module PyYAML} BuildRequires: %{python_module argon2-cffi >= 16.1.0} -BuildRequires: %{python_module asgiref} +BuildRequires: %{python_module asgiref >= 3.2.10} BuildRequires: %{python_module base >= 3.5} BuildRequires: %{python_module bcrypt} BuildRequires: %{python_module docutils} @@ -56,7 +56,7 @@ Requires: python Requires: python-Pillow Requires: python-argon2-cffi >= 16.1.0 -Requires: python-asgiref +Requires: python-asgiref >= 3.2.10 Requires: python-pytz Requires: python-setuptools Requires: python-sqlparse >= 0.2.2 ++++++ Django-3.1.tar.gz -> Django-3.1.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/Django-3.1.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.4249/Django-3.1.1.tar.gz differ: char 5, line 1 ++++++ Django-3.1.tar.gz.asc -> Django-3.1.1.tar.gz.asc ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-3.1.tar.gz.asc 2020-09-04 10:57:46.030580130 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.4249/Django-3.1.1.tar.gz.asc 2020-09-14 12:04:03.979671416 +0200 @@ -2,16 +2,16 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 3.1, released August 4, 2020. +tarball and wheel files of Django 3.1.1, released September 1, 2020. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring; this key has -the ID ``2EF56372BA48CD1B`` and can be imported from the MIT +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT keyserver. For example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 Once the key is imported, verify this file:: @@ -24,40 +24,39 @@ Release packages: ================= -https://www.djangoproject.com/m/releases/3.1/Django-3.1-py3-none-any.whl -https://www.djangoproject.com/m/releases/3.1/Django-3.1.tar.gz +https://www.djangoproject.com/m/releases/3.1/Django-3.1.1.tar.gz +https://www.djangoproject.com/m/releases/3.1/Django-3.1.1-py3-none-any.whl MD5 checksums ============= -281c2e919cb60fd09a64fd068cf152fb Django-3.1-py3-none-any.whl -2001ba40467d61a2b90570a68c657e35 Django-3.1.tar.gz +d5e894fb3c46064e84e9dc68a08a46d0 Django-3.1.1.tar.gz +f4eb53dd67fc64f9b62514fb21a95949 Django-3.1.1-py3-none-any.whl SHA1 checksums ============== -078f1ca04e2a85b33061b573eb60f653fe3af6ed Django-3.1-py3-none-any.whl -e337b9d012e55fef0e2ebd40df2f594973be090f Django-3.1.tar.gz +85b27794ddeea5b127563ba6cae0f35b59d78289 Django-3.1.1.tar.gz +65c131f4e90c914a52bca1543e70678a64ffad93 Django-3.1.1-py3-none-any.whl SHA256 checksums ================ -1a63f5bb6ff4d7c42f62a519edc2adbb37f9b78068a5a862beff858b68e3dc8b Django-3.1-py3-none-any.whl -2d390268a13c655c97e0e2ede9d117007996db692c1bb93eabebd4fb7ea7012b Django-3.1.tar.gz +59c8125ca873ed3bdae9c12b146fbbd6ed8d0f743e4cf5f5817af50c51f1fc2f Django-3.1.1.tar.gz +b5fbb818e751f660fa2d576d9f40c34a4c615c8b48dd383f5216e609f383371f Django-3.1.1-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl8pFPIbHGZlbGlzaWFr -Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0b6vkP/32JhaDGV29bTaxKnaSH -LGtLADGlIBKueTjiWGJtRGHiYqCrTg5wnqs9VDlgnskhXJqTN3dCEmX9TXrrUOAv -Mujog0bXm1iQbD3Y/pv8RCuWUZPLbTKTbQn2OlONIHPbbTeeUFIAhu7P7t8g/Jjl -UIKM+CjgrAluHHQf+texdN0qiddd6gajf+Re+znWuT4COo1b0urcXHUGbCyJx0Ae -Kb/U9asLxB+Z8O+4gSxphb9Eo8dt5d3HpmnmAJ/Lfx47TCi4jmoHEHV/BNvQoYBF -fCqLRelGWWjkPbDoCX2JAAalvNDAk4fVe9ZQkFTD6uiur1jHn/nD3Dgt+zfdhTNb -0kQZ4WIawiH1VwQQ1GqkvDu04sToafKstdtRrgf/WbgwNivfxui531/niF30E6nd -8svHLA+a63KFx6sQPv7v4430g6uLvvEEyqIA5tjB2MjGFgmcOhnsykYmT/bidwIy -A0tEJ0/iNsS0WyYCqwoQ3op0+wnx1voCgN5Rt5MaBVAcwl3Lzp8StUJTC5o2QDUM -qDdFrr1Mp4JBj992i33vu8QqQsgbUDozZJOedH3j5E47PRx74XAUHNmaAbcAKB9y -v5XV4ueNKEyI1bP/wuUKqm6QqYRcjEnxAq08OkiBHvsqr8L0EXS+5enyaQsRNOA6 -WyWATW0ae02i6KMPWn4owW5L -=nCOU +iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl9OASwACgkQ4X31yCtP +nQC97Q//V1gnXYEsqn2UOz1JJ16I3M8LSDKpma1FY4BJ9EtKjB+JgiGkjwLUAJZP +sOyDeNkTOnLk0sNn7LTpSnOhjfb5vgbeFrGiXaCL3njJjSqZl6M6HnsePuanOTAA +ufGKyFhk5TJ243oHMuKAfcqWOQegSHi3ZXgD0NJOTH6dGsKNsvcNaPlwlGAPc0EH +wokz/ikDIV8q10/uquOP+AUew3lClCuncI+YCsGVUs/wnniiqxxoY9V2uxP/8/mt +OfL5/VRAkXNk0kBxu5lLPGOLNdJfgskpQbhZFXAAtWjbQw2D0s1/HCB2XXfiiztU +j34o/CD1USOzTZA3uv8zoCiLjWON/FXwvdvJFNo3J79DGdeqJmjdCFEpnLNzLBUW +kliy9i+OVCR3eWfx6UEu4WwsSOLuyDP38J0V57FzRzZAXSyVYpvTKToHWMkDi7eU +CrCkhUkWTWIS9C73V42FUChReFkHfZ00RVR+g21rz6wEp4UFu1IRPcxLsir1Uy63 +7VSHydexXllr0/BS1Ii1V5z1Vk8eUx4qE10yiRAtxBEjaGMJkVsvJXVmA2MINrxI +mYO1Q2j7FkXLA3AHcH1FPHjYiPZDfEHX4MADNXU0YVoRWDiWXZRp2bCuM2Q6PmkW +l5WhxbfllVcy1xJMmqwsTu0Wvr27x7hyU/nA348+9I6SV3uh3cQ= +=Q2LD -----END PGP SIGNATURE-----