SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python-Django-1.8.18-2.1.noarch.rpm :
Tue Apr 4 14:00:00 2017 appleonkelAATTopensuse.org
- fixes two security issues in 1.8.17

* Open redirect and possible XSS attack via user-supplied numeric redirect URLs

* Open redirect vulnerability in django.views.static.serve()

Fri Dec 2 13:00:00 2016 appleonkelAATTopensuse.org
- fixes a regression in 1.8.16

* Quoted the Oracle test user’s password in queries to fix the “ORA-00922: missing or invalid option” error when the password starts with a number or special character (#27420)

Tue Jul 19 14:00:00 2016 oliver.bengsAATTopensuse.org
- fixes a security issue and a bug

* Unsafe usage of JavaScript’s Element.innerHTML could result in XSS

* missing varchar/text_pattern_ops index on CharField and TextField

Tue May 3 14:00:00 2016 oliver.bengsAATTopensuse.org
- Update fixes several bugs:

* Fixed TimeField microseconds round-tripping on MySQL and SQLite (#26498).

* Restored conversion of an empty string to null when saving values of GenericIPAddressField on SQLite and MySQL (#26557).

* Made MultiPartParser ignore filenames that normalize to an empty string to fix crash in MemoryFileUploadHandler on specially crafted user input (#26325).

* Fixed data loss on SQLite where DurationField values with fractional seconds could be saved as None (#26324).

* Restored the functionality of the admin’s raw_id_fields in list_editable (#26387).

Mon Mar 7 13:00:00 2016 oliver.bengsAATTopensuse.org
- Django 1.8.11 fixes a regression on Python 2 in the 1.8.10 security release where utils.http.is_safe_url() crashes on bytestring URLs (#26308)

Tue Mar 1 13:00:00 2016 oliver.bengsAATTopensuse.org
- fixes two security issues and several bugs in 1.8.9

* CVE-2016-2512: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

* CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade¶

Thu Feb 11 13:00:00 2016 oliver.bengsAATTopensuse.org
- The Django 1.8.9 release fixes several bugs in 1.8.8 but no security issues

Thu Jan 28 13:00:00 2016 oliver.bengsAATTopensuse.org
- Update to version 1.8.8

* Fixed incorrect unique_together field name generation by inspectdb (#25274)

* Corrected __len query lookup on ArrayField for empty arrays (#25772)

* estored the ability to use custom formats from formats.py with django.utils.formats.get_format() and the date template filter (#25812)

* Fixed a state bug when migrating a SeparateDatabaseAndState operation backwards (#25896)

* Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AlterField on PostgreSQL (#25412)

* Fixed a state bug when using an AlterModelManagers operation (#25852)

* Fixed a regression which prevented using a language not in Django’s default language list (LANGUAGES) (#25915)

* django.views.decorators.cache.never_cache() now sends more persuasive headers (added no-cache, no-store, must-revalidate to Cache-Control) to better prevent caching (#13008). This fixes a problem where a page refresh in Firefox cleared the selected entries in the admin’s filter_horizontal and filter_vertical widgets, which could result in inadvertent data loss if a user didn’t notice that and then submitted the form (#22955)

* Fixed a regression in the admin which ignored line breaks in read-only fields instead of converting them to
(#25465)

* Made loaddata skip disabling and enabling database constraints when it doesn’t load any fixtures (#23372)

* Fixed a crash in QuerySet.values()/values_list() after an annotate() and order_by() when values()/values_list() includes a field not in the order_by() (#25316)

Wed Dec 30 13:00:00 2015 appleonkelAATTopensuse.org
- Update to version 1.8.7

Mon Aug 24 14:00:00 2015 oliver.bengsAATTopensuse.org
- Update to version: 1.7.10:
+ Denial-of-service possibility in logout() view by filling session store

Fri Jul 10 14:00:00 2015 oliver.bengsAATTopensuse.org
- fix linitian maybe, works local

Fri Jul 10 14:00:00 2015 oliver.bengsAATTopensuse.org
- Update to version: 1.7.9
+ Denial-of-service possibility by filling session store
+ Header injection possibility since validators accept newlines in input
+ Denial-of-service possibility in URL validation

Thu Feb 5 13:00:00 2015 oliver.bengsAATTopensuse.org
- Update to version: 1.7.4
+ Bugfix release

Thu Jan 29 13:00:00 2015 oliver.bengsAATTopensuse.org
- Update to version: 1.7.3
+ New Feature migrations
+ Removed: simplejson
+ Django 1.6 changed the default value of BooleanField from False to None

Tue May 20 14:00:00 2014 oliver.bengsAATTopensuse.org
- Update to version: 1.6.5
+ Issue: Caches may be allowed to store and serve private data (CVE-2014-1418)
+ Issue: Malformed URLs from user input incorrectly validated (CVE-2014-3730)

Fri Feb 14 13:00:00 2014 speilickeAATTsuse.com
- Fix update-alternatives

Fri Feb 7 13:00:00 2014 speilickeAATTsuse.com
- Update to version 1.6.2:
+ Prevented the base geometry object of a prepared geometry to be garbage
collected, which could lead to crash Django (#21662).
+ Fixed a crash when executing the changepassword command when the user
object representation contained non-ASCII characters (#21627).
+ The collectstatic command will raise an error rather than default to
using the current working directory if STATIC_ROOT is not set. Combined
with the --clear option, the previous behavior could wipe anything
below the current working directory (#21581).
+ Fixed mail encoding on Python 3.3.3+ (#21093).
+ Fixed an issue where when settings.DATABASES[\'default\'][\'AUTOCOMMIT\'] = False,
the connection wasn’t in autocommit mode but Django pretended it was.
+ Fixed a regression in multiple-table inheritance exclude() queries (#21787).
+ Added missing items to django.utils.timezone.__all__ (#21880).
+ Fixed a field misalignment issue with select_related() and model inheritance (#21413).
+ Fixed join promotion for negated AND conditions (#21748).
+ Oracle database introspection now works with boolean and float fields (#19884).
+ Fixed an issue where lazy objects weren’t actually marked as safe when
passed through mark_safe() and could end up being double-escaped (#21882).

Tue Feb 4 13:00:00 2014 mciharAATTsuse.cz
- Update to version 1.6.1:
- Most bug fixes are minor; you can find a complete list in the Django 1.6.1
release notes.

Tue Nov 19 13:00:00 2013 speilickeAATTsuse.com
- Update-alternatives also for bash-completion

Fri Nov 15 13:00:00 2013 speilickeAATTsuse.com
- Only ghost /etc/alternatives on 12.3 or newer

Thu Nov 7 13:00:00 2013 speilickeAATTsuse.com
- Require python-Pillow for image-related functionality
- Package was renamed from python-django
- Drop Django-1.2-completion-only-for-bash.patch: Useless

Tue Nov 5 13:00:00 2013 alexandreAATTexatati.com.br
- Update to version 1.6:
- Please read the release notes
https://docs.djangoproject.com/en/1.6/releases/1.6
- Removed Patch2 as it is no needed anymore:
Django-1.4-CSRF_COOKIE_HTTPONLY-support.patch

Tue Sep 17 14:00:00 2013 speilickeAATTsuse.com
- Update to version 1.5.4:
+ Fixed denial-of-service via large passwords
- Changes from version 1.5.3:
+ Fixed directory traversal with ssi template tag

Wed Aug 14 14:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5.2:
- Security release, please check release notes for details:
https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued

Thu Mar 28 13:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5.1:
- Memory leak fix, please read release announcement at
https://www.djangoproject.com/weblog/2013/mar/28/django-151.

Tue Feb 26 13:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5:
- Please read the release notes
https://docs.djangoproject.com/en/1.5/releases/1.5

Tue Dec 11 13:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.3:
- Security release:
- Host header poisoning
- Redirect poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/dec/10/security

Sat Oct 20 14:00:00 2012 saschpeAATTsuse.de
- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin

Wed Oct 17 14:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.2:
- Security release:
- Host header poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security

Mon Jul 30 14:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.1:
- Security release:
- Cross-site scripting in authentication views
- Denial-of-service in image validation
- Denial-of-service via get_image_dimensions()
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued

Tue Jun 19 14:00:00 2012 saschpeAATTsuse.de
- Add patch to support CSRF_COOKIE_HTTPONLY config

Fri Mar 23 13:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4:
- Please read the release notes
https://docs.djangoproject.com/en/dev/releases/1.4
- Removed Patch2, it was merged on upstream,

Thu Nov 24 13:00:00 2011 saschpeAATTsuse.de
- Set license to SDPX style (BSD-3-Clause)
- Package AUTHORS, LICENE and README files
- No CFLAGS for noarch package
- Drop runtime dependency on gettext-tools

Sat Sep 10 14:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3.1 to fix security issues, please read
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued.

Thu Mar 31 14:00:00 2011 alexandreAATTexatati.com.br
- Fix build on SLES_9.

Wed Mar 23 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3 final;
- Refresh patch empty-ip-2.diff.

Fri Mar 18 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3-rc1;
- Regenerated spec file with py2pack;
- No more need to fix wrong line endings;
- Refresh patch empty-ip-2.diff with -p0.

Thu Mar 3 13:00:00 2011 saschpeAATTsuse.de
- Spec file cleanup:

* Removed empty lines, package authors from description

* Cleanup duplicates

* Corrected wrong file endings

* Added zero-length rpmlint filter
- Added AUTHORS, LICENSE and doc files

Wed Feb 9 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.2.5:
- This is a security update that fix:
- Flaw in CSRF handling;
- Potential XSS in file field rendering.

Thu Dec 23 13:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.4:
- Information leakage in Django administrative interface;
- Denial-of-service attack in password-reset mechanism.
- This is a mandatory security update.

Sat Sep 11 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.3:
- The patch applied for the security issue covered in Django
1.2.2 caused issues with non-ASCII responses using CSRF
tokens. This has been remedied;
- The patch also caused issues with some forms, most notably
the user-editing forms in the Django administrative interface.
This has been remedied.
- The packaging manifest did not contain the full list of
required files. This has been remedied.

Thu Sep 9 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.2.
- This is a ciritical security update fixing a default XSS bug!

Fri Jul 9 14:00:00 2010 jfunkAATTfunktronics.ca
- Added patch to fix upstream bug 5622: Empty ipaddress raises an error

Mon May 17 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.1.

Mon May 17 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.

Thu May 6 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2-rc-1.

Mon Apr 5 14:00:00 2010 alexandreAATTexatati.com.br
- Spec file cleaned with spec-cleaner;
- Minor manual adjusts on spec file.

Thu Mar 18 13:00:00 2010 alexandreAATTexatati.com.br
- Moved autocomplete file path from /etc/profile.d to
/etc/bash_completion.d. Then it works with konsole too.

Mon Mar 15 13:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2-beta-1;
- Using -q option on prep section of spec file;
- Using INSTALLED_FILES instead of declaring files;
- Removed dummy changelog section of spec file;
- Update completion bash patch.

Sun Oct 11 14:00:00 2009 nixAATTopensuse.org
- Update to 1.1.1 due to security issue described at
http://www.djangoproject.com/weblog/2009/oct/09/security/

Sat Oct 10 14:00:00 2009 alexandreAATTexatati.com.br
- Removed old tarball file (Django-1.1.tar.bz2).

Tue Aug 25 14:00:00 2009 garloffAATTsuse.de
- Fix python version check.

Sat Aug 22 14:00:00 2009 garloffAATTsuse.de
- Don\'t require python-sqlite2 for python >= 2.6.

Fri Aug 21 14:00:00 2009 garloffAATTsuse.de
- Build as noarch on factory.

Wed Aug 19 14:00:00 2009 poemlAATTsuse.de
- don\'t run bash completion on shells other than bash. Avoiding
error messages produced at login when using other shells.

Fri Aug 14 14:00:00 2009 alexandreAATTexatati.com.br
- Added bash auto-complete to openSUSE.

Tue Jul 28 14:00:00 2009 listuserAATTpeternixon.net
- update to version 1.1
- add python-django-rpmlintrc to quiet rpmlint complaints about -lang

Wed Jul 1 14:00:00 2009 poemlAATTsuse.de
- add python-xml to the Requires (./manage.py syncdb crashes
otherwise)


 
ICM