SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python-django-1.6.11-7.17.noarch.rpm :

* Mon Oct 12 2015 bwiedemannAATTsuse.com- add 0002-1.6.x-Fixed-19324-Avoided-creating-a-session-record-.patch to prevent Denial-of-service possibility by filling session store (bnc#937522, CVE-2015-5143)- add 0003-1.6.x-Prevented-newlines-from-being-accepted-in-some.patch to prevent Header injection possibility (bnc#937523, CVE-2015-5144)
* Wed Sep 09 2015 bwiedemannAATTsuse.com- Add 0001-1.6.x-Fixed-DoS-possiblity-in-contrib.auth.views.log.patch (bnc#941587, CVE-2015-5963)
* Fri Mar 20 2015 bwiedemannAATTsuse.com- update to 1.6.11
* Made is_safe_url() reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs (bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags() (bnc#923172, CVE-2015-2316)
* Mon Jan 26 2015 dmuellerAATTsuse.com- update to 1.6.10:
* Content retrieved from the GeoIP library is now properly decoded from its default ``iso-8859-1`` encoding
* Fixed ``AttributeError`` when using :meth:`~django.db.models.query.QuerySet.bulk_create` with ``ForeignObject``
* Fixed crash of ``QuerySet``\\s that use ``F() + timedelta()`` when their query was compiled more once
* Prevented custom ``widget`` class attribute of :class:`~django.forms.IntegerField` subclasses from being overwritten by the code in their ``__init__`` method
* Improved :func:`~django.utils.html.strip_tags` accuracy (but it still cannot guarantee an HTML-safe result, as stated in the documentation).
* Fixed a regression in the :mod:`django.contrib.gis` SQL compiler for non-concrete fields (`#22250 `_).
* Fixed :attr:`ModelAdmin.preserve_filters ` when running a site with a URL prefix (`#21795 `_).
* Fixed a crash in the ``find_command`` management utility when the ``PATH`` environment variable wasn\'t set
* Fixed :djadmin:`changepassword` on Windows
* Avoided shadowing deadlock exceptions on MySQL
* Wrapped database exceptions in ``_set_autocommit``
* Fixed atomicity when closing a database connection or when the database server disconnects (`#21239 `_ and
* Fixed regression in ``prefetch_related`` that caused the related objects query to include an unnecessary join
* Added backwards compatibility support for the :mod:`django.contrib.messages` cookie format of Django 1.4 and earlier to facilitate upgrading to 1.6 from 1.4
* Restored the ability to :meth:`~django.core.urlresolvers.reverse` views created using :func:`functools.partial()`
* Fixed the ``object_id`` of the ``LogEntry`` that\'s created after a user password change in the admin
* Made the ``year_lookup_bounds_for_datetime_field`` Oracle backend method Python 3 compatible (`#22551 `_).
* Fixed ``pgettext_lazy`` crash when receiving bytestring content on Python 2
* Fixed the SQL generated when filtering by a negated ``Q`` object that contains a ``F`` object. (`#22429 `_).
* Avoided overwriting data fetched by ``select_related()`` in certain cases which could cause minor performance regressions
* Corrected email and URL validation to reject a trailing dash
* Prevented indexes on PostgreSQL virtual fields (:ticket:`22514`).
* Prevented edge case where values of FK fields could be initialized with a wrong value when an inline model formset is created for a relationship defined to point to a field other than the PK (:ticket:`13794`).
* Restored ``pre_delete`` signals for ``GenericRelation`` cascade deletion
* Fixed transaction handling when specifying non-default database in ``createcachetable`` and ``flush`` (:ticket:`23089`).
* Fixed the \"ORA-01843: not a valid month\" errors when using Unicode with older versions of Oracle server (:ticket:`20292`).
* Restored bug fix for sending unicode email with Python 2.6.5 and below
* Prevented ``UnicodeDecodeError`` in ``runserver`` with non-UTF-8 and non-English locale (:ticket:`23265`).
* Fixed JavaScript errors while editing multi-geometry objects in the OpenLayers widget (:ticket:`23137`, :ticket:`23293`).
* Prevented a crash on Python 3 with query strings containing unencoded non-ASCII characters (:ticket:`22996`).
* Allowed inherited and m2m fields to be referenced in the admin
* Fixed a crash when using ``QuerySet.defer()`` with ``select_related()``
* Allowed related many-to-many fields to be referenced in the admin
* Allowed inline and hidden references to admin fields (:ticket:`23431`).
* Fixed a regression with dynamically generated inlines and allowed field references in the admin (:ticket:`23754`).
* WSGI header spoofing via underscore/dash conflation (bnc#913053, CVE-2015-0219)
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against ``django.views.static.serve`` (bnc#913056, CVE-2015-0221)
* Database denial-of-service with ``ModelMultipleChoiceField`` (bnc#913055, CVE-2015-0222)
* Thu Jul 31 2014 dimstarAATTopensuse.org- Rename rpmlintrc to %{name}-rpmlintrc. Follow the packaging guidelines.
* Wed Jun 11 2014 mciharAATTsuse.cz- Update to version 1.6.5, sercurity and important changes: + Unexpected code execution using reverse() + Caching of anonymous pages could reveal CSRF token + MySQL typecasting + select_for_update() requires a transaction + Issue: Caches may incorrectly be allowed to store and serve private data + Issue: Malformed redirect URLs from user input not correctly validated
* Fri Feb 14 2014 speilickeAATTsuse.com- Fix update-alternatives
* Fri Feb 07 2014 speilickeAATTsuse.com- Update to version 1.6.2: + Prevented the base geometry object of a prepared geometry to be garbage collected, which could lead to crash Django (#21662). + Fixed a crash when executing the changepassword command when the user object representation contained non-ASCII characters (#21627). + The collectstatic command will raise an error rather than default to using the current working directory if STATIC_ROOT is not set. Combined with the --clear option, the previous behavior could wipe anything below the current working directory (#21581). + Fixed mail encoding on Python 3.3.3+ (#21093). + Fixed an issue where when settings.DATABASES[\'default\'][\'AUTOCOMMIT\'] = False, the connection wasn’t in autocommit mode but Django pretended it was. + Fixed a regression in multiple-table inheritance exclude() queries (#21787). + Added missing items to django.utils.timezone.__all__ (#21880). + Fixed a field misalignment issue with select_related() and model inheritance (#21413). + Fixed join promotion for negated AND conditions (#21748). + Oracle database introspection now works with boolean and float fields (#19884). + Fixed an issue where lazy objects weren’t actually marked as safe when passed through mark_safe() and could end up being double-escaped (#21882).
* Tue Feb 04 2014 mciharAATTsuse.cz- Update to version 1.6.1: - Most bug fixes are minor; you can find a complete list in the Django 1.6.1 release notes.
* Tue Nov 19 2013 speilickeAATTsuse.com- Update-alternatives also for bash-completion
* Fri Nov 15 2013 speilickeAATTsuse.com- Only ghost /etc/alternatives on 12.3 or newer
* Thu Nov 07 2013 speilickeAATTsuse.com- Require python-Pillow for image-related functionality- Package was renamed from python-django- Drop Django-1.2-completion-only-for-bash.patch: Useless
* Tue Nov 05 2013 alexandreAATTexatati.com.br- Update to version 1.6: - Please read the release notes https://docs.djangoproject.com/en/1.6/releases/1.6- Removed Patch2 as it is no needed anymore: Django-1.4-CSRF_COOKIE_HTTPONLY-support.patch
* Tue Sep 17 2013 speilickeAATTsuse.com- Update to version 1.5.4: + Fixed denial-of-service via large passwords- Changes from version 1.5.3: + Fixed directory traversal with ssi template tag
* Wed Aug 14 2013 alexandreAATTexatati.com.br- Update to 1.5.2: - Security release, please check release notes for details: https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
* Thu Mar 28 2013 alexandreAATTexatati.com.br- Update to 1.5.1: - Memory leak fix, please read release announcement at https://www.djangoproject.com/weblog/2013/mar/28/django-151.
* Tue Feb 26 2013 alexandreAATTexatati.com.br- Update to 1.5: - Please read the release notes https://docs.djangoproject.com/en/1.5/releases/1.5
* Tue Dec 11 2012 alexandreAATTexatati.com.br- Update to 1.4.3: - Security release: - Host header poisoning - Redirect poisoning - Please check release notes for details: https://www.djangoproject.com/weblog/2012/dec/10/security
* Sat Oct 20 2012 saschpeAATTsuse.de- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin
* Wed Oct 17 2012 alexandreAATTexatati.com.br- Update to 1.4.2: - Security release: - Host header poisoning - Please check release notes for details: https://www.djangoproject.com/weblog/2012/oct/17/security
* Mon Jul 30 2012 alexandreAATTexatati.com.br- Update to 1.4.1: - Security release: - Cross-site scripting in authentication views - Denial-of-service in image validation - Denial-of-service via get_image_dimensions() - Please check release notes for details: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
* Tue Jun 19 2012 saschpeAATTsuse.de- Add patch to support CSRF_COOKIE_HTTPONLY config
* Fri Mar 23 2012 alexandreAATTexatati.com.br- Update to 1.4: - Please read the release notes https://docs.djangoproject.com/en/dev/releases/1.4- Removed Patch2, it was merged on upstream,
* Thu Nov 24 2011 saschpeAATTsuse.de- Set license to SDPX style (BSD-3-Clause)- Package AUTHORS, LICENE and README files- No CFLAGS for noarch package- Drop runtime dependency on gettext-tools
* Sat Sep 10 2011 alexandreAATTexatati.com.br- Update to 1.3.1 to fix security issues, please read https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued.
* Thu Mar 31 2011 alexandreAATTexatati.com.br- Fix build on SLES_9.
* Wed Mar 23 2011 alexandreAATTexatati.com.br- Update to 1.3 final;- Refresh patch empty-ip-2.diff.
* Fri Mar 18 2011 alexandreAATTexatati.com.br- Update to 1.3-rc1;- Regenerated spec file with py2pack;- No more need to fix wrong line endings;- Refresh patch empty-ip-2.diff with -p0.
* Thu Mar 03 2011 saschpeAATTsuse.de- Spec file cleanup:
* Removed empty lines, package authors from description
* Cleanup duplicates
* Corrected wrong file endings
* Added zero-length rpmlint filter- Added AUTHORS, LICENSE and doc files
* Wed Feb 09 2011 alexandreAATTexatati.com.br- Update to 1.2.5: - This is a security update that fix: - Flaw in CSRF handling; - Potential XSS in file field rendering.
* Thu Dec 23 2010 alexandreAATTexatati.com.br- Update to 1.2.4: - Information leakage in Django administrative interface; - Denial-of-service attack in password-reset mechanism.- This is a mandatory security update.
* Sat Sep 11 2010 alexandreAATTexatati.com.br- Update to 1.2.3: - The patch applied for the security issue covered in Django 1.2.2 caused issues with non-ASCII responses using CSRF tokens. This has been remedied; - The patch also caused issues with some forms, most notably the user-editing forms in the Django administrative interface. This has been remedied. - The packaging manifest did not contain the full list of required files. This has been remedied.
* Thu Sep 09 2010 alexandreAATTexatati.com.br- Update to 1.2.2.- This is a ciritical security update fixing a default XSS bug!
* Fri Jul 09 2010 jfunkAATTfunktronics.ca- Added patch to fix upstream bug 5622: Empty ipaddress raises an error
* Mon May 17 2010 alexandreAATTexatati.com.br- Update to 1.2.1.
* Mon May 17 2010 alexandreAATTexatati.com.br- Update to 1.2.
* Thu May 06 2010 alexandreAATTexatati.com.br- Update to 1.2-rc-1.
* Mon Apr 05 2010 alexandreAATTexatati.com.br- Spec file cleaned with spec-cleaner;- Minor manual adjusts on spec file.
* Thu Mar 18 2010 alexandreAATTexatati.com.br- Moved autocomplete file path from /etc/profile.d to /etc/bash_completion.d. Then it works with konsole too.
* Mon Mar 15 2010 alexandreAATTexatati.com.br- Update to 1.2-beta-1;- Using -q option on prep section of spec file;- Using INSTALLED_FILES instead of declaring files;- Removed dummy changelog section of spec file;- Update completion bash patch.
* Sun Oct 11 2009 nixAATTopensuse.org- Update to 1.1.1 due to security issue described at http://www.djangoproject.com/weblog/2009/oct/09/security/
* Sat Oct 10 2009 alexandreAATTexatati.com.br- Removed old tarball file (Django-1.1.tar.bz2).
* Tue Aug 25 2009 garloffAATTsuse.de- Fix python version check.
* Sat Aug 22 2009 garloffAATTsuse.de- Don\'t require python-sqlite2 for python >= 2.6.
* Fri Aug 21 2009 garloffAATTsuse.de- Build as noarch on factory.
* Wed Aug 19 2009 poemlAATTsuse.de- don\'t run bash completion on shells other than bash. Avoiding error messages produced at login when using other shells.
* Fri Aug 14 2009 alexandreAATTexatati.com.br- Added bash auto-complete to openSUSE.
* Tue Jul 28 2009 listuserAATTpeternixon.net- update to version 1.1- add python-django-rpmlintrc to quiet rpmlint complaints about -lang
* Wed Jul 01 2009 poemlAATTsuse.de- add python-xml to the Requires (./manage.py syncdb crashes otherwise)
  
ICM