Hello community,
here is the log from the commit of package python3-Django for openSUSE:Factory
checked in at 2015-01-20 12:32:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python3-Django (Old)
and /work/SRC/openSUSE:Factory/.python3-Django.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-Django"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python3-Django/python3-Django.changes
2015-01-12 09:50:09.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.python3-Django.new/python3-Django.changes
2015-01-20 12:32:34.000000000 +0100
@@ -1,0 +2,26 @@
+Thu Jan 15 21:20:17 UTC 2015 - a...@gmx.de
+
+- update to version 1.7.3:
+ * security issues
+ + WSGI header spoofing via underscore/dash conflation
+ + Mitigated possible XSS attack via user-supplied redirect URLs
+ + Denial-of-service attack against "django.views.static.serve"
+ + Database denial-of-service with "ModelMultipleChoiceField"
+ * bugfixes
+ + The default iteration count for the PBKDF2 password hasher has
+ been increased by 25%. This part of the normal major release
+ process was inadvertently omitted in 1.7. This backwards
+ compatible change will not affect users who have subclassed
+ "django.contrib.auth.hashers.PBKDF2PasswordHasher" to change
+ the default value.
+ + Fixed a crash in the CSRF middleware when handling non-ASCII
+ referer header (:ticket:'23815').
+ + Fixed a crash in the "django.contrib.auth.redirect_to_login"
+ view when passing a
+ :func:'~django.core.urlresolvers.reverse_lazy' result on Python
+ 3 (:ticket:'24097').
+ + Added correct formats for Greek ("el") (:ticket:'23967').
+ + Fixed a migration crash when unapplying a migration where
+ multiple operations interact with the same model (:ticket:'24110').
+
+-------------------------------------------------------------------
Old:
----
Django-1.7.2.checksum.txt
Django-1.7.2.tar.gz
New:
----
Django-1.7.3.checksum.txt
Django-1.7.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python3-Django.spec ++++++
--- /var/tmp/diff_new_pack.IJzZFI/_old 2015-01-20 12:32:36.000000000 +0100
+++ /var/tmp/diff_new_pack.IJzZFI/_new 2015-01-20 12:32:36.000000000 +0100
@@ -17,7 +17,7 @@
Name: python3-Django
-Version: 1.7.2
+Version: 1.7.3
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause
++++++ Django-1.7.2.checksum.txt -> Django-1.7.3.checksum.txt ++++++
--- /work/SRC/openSUSE:Factory/python3-Django/Django-1.7.2.checksum.txt
2015-01-06 09:07:05.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.python3-Django.new/Django-1.7.3.checksum.txt
2015-01-20 12:32:32.000000000 +0100
@@ -2,14 +2,14 @@
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball of Django 1.7.2, released January 2, 2015.
+tarball of Django 1.7.3, released January 13, 2015.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the ID ``1E8ABDC773EDE252`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP::
+implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252
@@ -22,42 +22,42 @@
package and compare them to the checksums listed below.
Release packages:
-================
+=================
-Django 1.7.2 (tar.gz):
https://www.djangoproject.com/m/releases/1.7/Django-1.7.2.tar.gz
-Django 1.7.2 (.whl):
https://www.djangoproject.com/m/releases/1.7/Django-1.7.2-py2.py3-none-any.whl
+Django 1.7.3 (tar.tgz):
https://www.djangoproject.com/m/releases/1.7/Django-1.7.3.tar.gz
+Django 1.7.3 (.whl):
https://www.djangoproject.com/m/releases/1.7/Django-1.7.3-py2.py3-none-any.whl
-MD5 checksum:
-=============
+MD5 checksums:
+==============
-MD5(Django-1.7.2.tar.gz)= 855a53a9a5581c62b6031c9b3bd80ec5
-MD5(Django-1.7.2-py2.py3-none-any.whl)= b57f9a2dec214b60e338aa80fb902936
+bd24beec81e161d30ad925aef9d23e57 Django-1.7.3-py2.py3-none-any.whl
+ea9a3fe7eca2280b233938a98c4a35a0 Django-1.7.3.tar.gz
-SHA1 checksum:
-==============
+SHA1 checksums:
+===============
-SHA1(Django-1.7.2.tar.gz)= 142168eef96423d3586d9bd99ca9b3c8d6ae652a
-SHA1(Django-1.7.2-py2.py3-none-any.whl)=
b259a071161566a5797af26aa446f9cf127849ce
+74a977b77880818335cf6ff3ae8d5d28bfadaaf6 Django-1.7.3-py2.py3-none-any.whl
+2577e8e40999f5120b091c17e8cabfb518917ca2 Django-1.7.3.tar.gz
-SHA256 checksum:
-================
+SHA256 checksums:
+=================
-SHA256(Django-1.7.2.tar.gz)=
31c6c3c229f8c04b3be87e6afc3492903b57ec8f1188a47b6ae160d90cf653c8
-SHA256(Django-1.7.2-py2.py3-none-any.whl)=
b22871edc9ddf3e57b18989c3c7e9174b4c168dc7b8dbe3f31d4101a73bf2006
+72edd47b55ae748d29f1a71d5ca4b86e785c9fb974407cf242b3168e6f1b177e
Django-1.7.3-py2.py3-none-any.whl
+f226fb8aa438456968d403f6739de1cf2dad128db86f66ee2b41dfebe3645c5b
Django-1.7.3.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQIcBAEBCAAGBQJUp0TWAAoJEB6Kvcdz7eJS3P8P/i8ffgRtwTaR/DgYMOa8IR9f
-NRe5hSq2BgS2kxjOBapXkFvR/Zin8OGby9fi7Cv2bvRko1nokXfI+3M0IxjrgnO8
-7WjYtqvL/3HrI6L+81mEzJdWR2kuX28qcEBMTcjplgLvzCKf21Ptvs/+E4sTyQVu
-9kIO8K+tPvG5k9oYJgmZmmC9YY7ipvPzX7MUI9NB2kMVvT3yUvZLZ4IIaC+qecZo
-UHbGhfk1152mqtgVcsOtQEZOSY7KTdXFhgreWd1R9bVzHCjUdSb/PA/ygHTd/cD/
-VusiqilD0SqJqNMDpAFJNhBnjCu9bHjuolUk4fjK+lTR8ADLIXeXPGvA8j2QALlI
-k2AicDH4UjqxV3r8QdWxOlSdoQkEt5jv4LhjxjbyFBmFLrtKEWEsmRZw8gj6HbqP
-z4iX11KaRHiEhNiWwj/iZl84+1KiesQjJFAJQy9Y8k1Hb1qaDh/QT5OSRGIJQAMc
-hHlL8jCHsQRoieRulMw/jMitWBEAcy4otkQyI/grC0t2QXXIMskFy/Xgs+d5IozH
-TCTn7kinjBlGurP3Zg0q7bKZEqlvbD3qxmdr7Q8GIwHrQTcztKQSsyLRGLw75e3F
-s9/yk+cSF5D6BQ7W7prgfQdW01h8fyXGXDYgrE/2u5hDdabYZptBv15bDP6bazh+
-a42qx2m55ko80vcwgooa
-=9WtV
+iQIbBAEBCAAGBQJUtWTMAAoJEB6Kvcdz7eJSrX0P91/cNLe5oISzWH/viWQpj3C7
+khbTl61sRakbx45mEqhW6GJqNxJwsyZuVDzL8sxXGvyRqRsLE2nd5stM2xHqXxMN
+vZJUYeyUCBaH1ozCzhvA4k8mXSX7twy6puYKgk0FcuMbgFepkuqnqep6cryAmgOk
+5tcTgxwF/bxUZ7YGa3AdQsIvLU6rGLupDIqMmG+8W94VwKg2+PhOEAv3iB6e1DxA
+aOKI/leMbkxF3eG4HnvPTdO80cM63Sp+654Kj9d+Q94nMQY/pAp5q6j9lCxZFwYj
+eak/joly9UZwlRMO1HeV8jCzcq/7xDe4OIQR1o2YY1hWK89yA1I1fT4TQTTlbBk3
+lPKrdkSxievYy7Ggs0+3f4534A5g3I05sd/w5R68L6QuXxZt/yZDQzpxkdE+bT4D
+ZO0nVc3fZ0qlmTJIohtHjKK6MBcG9igAWz7VYmr/iDeUCdK1Y/b1TN+i4pmth2tX
+NJJw9c0bev/A4+Qe1WCRodqd9Ipcs4MLKJMzIho75rhOLfUyC8JQWrISqSNc9PmQ
+lj7sITcASQL7T55CdNalB1XRZig/Il0Qhoil7Mwae7/gwqz9IHMlW1VDntfaCdTN
+83Nm80mDhgdm0i0lJHbUmlNAAgYT3W0mEyH3+5uep0PNn02ZhTTTPL7wzfZmCs+N
+7PWSYlGP8/4JjD65yqw=
+=/LA8
-----END PGP SIGNATURE-----
++++++ Django-1.7.2.tar.gz -> Django-1.7.3.tar.gz ++++++
/work/SRC/openSUSE:Factory/python3-Django/Django-1.7.2.tar.gz
/work/SRC/openSUSE:Factory/.python3-Django.new/Django-1.7.3.tar.gz differ: char
5, line 1
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
