SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python3-Django-1.8.19-5.3.1.noarch.rpm :
Mon Mar 19 13:00:00 2018 tbechtoldAATTsuse.com
update to version 1.8.18 (CVE-2018-7537, CVE-2018-7536, CVE-2016-2513,
CVE-2016-7401, CVE-2016-2513, CVE-2016-9013, CVE-2016-9014, CVE-2017-7234,
CVE-2017-7233, CVE-2016-2512):

* Bumped version for 1.8.19 release.

* Fixed #28561 -- Removed inaccurate docs about QuerySet.order_by() and joins.

* Fixed GeoIP test failure with the latest data.

* Corrected removal of deprecated sphinx.util.compat.Directive.

* Added CVE-2017-7233,4 to the security release archive.

* Switched test requirement to new psycopg2-binary package.

* Removed a docs workaround for an old Sphinx version.

* Fixed docs build with Sphinx 1.6.

* Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.

* Added stub release notes for security release.

* Removed usage of deprecated sphinx.util.compat.Directive.

* Post-release version bump.

* Added CVE-2017-12794 to the security release archive (boo#1056284).

* Removed redundant backticks in docs/releases/1.8.txt

* Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.

* Fixed typo in docs/topics/testing/advanced.txt.

* Fixed gis_tests.geoapp test with incorrect geodetic coordinates.

* Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt.

* Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets.

* Added import in docs/topics/email.txt example.

* Fixed #25772 -- Corrected __len lookup on ArrayField for empty arrays.

* Fixed #26774 -- Corrected value of default_zoom in GeoModelAdmin doc

* Added Django version trove classifier to reusable apps tutorial.

* Fixed #25710 -- Clarified the docs about what INTERNAL_IPS does.

* Fixed a backends test with psycopg2 2.7.

* Fixed #20415 -- Ensured srid isn\'t localized in OpenLayers JavaScript.

* Bumped version for 1.8.12 release.

* Corrected GenericIPAddressField protocol parameter doc.

* Fixed #26233 -- Fixed invalid reSt in models.Q docstring.

* Fixed #25895 -- Used a consistent style for UserAdmin overrides.

* Fixed code example in docs/howto/custom-lookups.txt

* Bumped version for 1.8.14 release.

* Fixed #27420 -- Quoted the Oracle test user password in queries.

* Fixed #25711 -- Updated the project template\'s include() example.

* Refs #25693 -- Avoided redundant calls to get_fields() in `to_attr` validation.

* Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics.

* Added stub release notes for 1.8.12.

* Fixed #25728 -- Fixed description of GEOSGeometry.contains().

* Fixed #25915 -- Allowed language not in Django\'s default LANGUAGES

* Fixed allow_migrate() signature in documentation

* Skipped a dateformat test on Windows as needed.

* Fixed incorrect examples in ArrayField docs.

* Added stub release notes for 1.8.8.

* Fixed #25812 -- Restored the ability to use custom formats with the date template filter.

* Fixed #23372 -- Made loaddata faster if it doesn\'t find any fixtures.

* Added release date for 1.8.13.

* Fixed 27283 -- Fixed typo in 1.8 release notes.

* Followed recommended ValidationError use in docs.

* Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.

* Fix typos in 1.8 release notes.

* Ignored flake8\'s newly added E305, E741, E743.

* Fixed #27342 -- Corrected QuerySet.update_or_create() example.

* Corrected doc\'d differences between django-admin and manage.py.

* Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.

* Refs #25745 -- Avoided multiple registration of the same model in schema tests.

* Fixed a typo in the docs.

* Fixed #26162 -- Checked query name clashes of hidden relationships.

* Fixed #26116 -- Corrected schema\'s test_alter_implicit_id_to_explicit.

* Fixed #25531 -- Documented that admin_order_field supports lookups.

* Fixed user_passes_test() signature in docs.

* Fixed nonexistent tmc.edu domain in GeoIP test.

* Refs #25136 -- Fixed nonexistent field reference in aggregation topic guide.

* Fixed #26387 -- Restored the functionality of the admin\'s raw_id_fields in list_editable.

* [1.8.8] Bumped version for 1.8.8 release.

* Fixed #25963 -- Clarified render_to_response() context_instance deprecation.

* Bumped version for 1.8.17 release.

* Added CVE-2016-2048 to the security archive.

* Added CVE-2016-2512/2513 to security release archive.

* Fixed #25685 -- Fixed a duplicate query regression on deletion of proxied models.

* Refs #25693 -- Added a regression test for `to_attr` validation on forward m2m.

* Bumped version for 1.8.9 release.

* Sorted single letter imports per the latest version of isort.

* Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.

* Corrected firstof template tag\'s docstring.

* Fixed #21588 -- Corrected handler initialization in \"modifying upload handlers\" example.

* Added stub release notes for 1.8.13.

* Fixed a settings leak possibility in the date template filter.

* De-emphasized use of NullHandler in logging docs.

* Fixed some code blocks indentation in GIS docs.

* Added a missing test method in tests/migrations/test_writer.py.

* Added release date for 1.8.12.

* Fixed #25412 -- Fixed missing PostgreSQL index on Char/TextField when using AlterField.

* Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False.

* Fixed #26477 -- Fixed typo in docs/ref/contrib/contenttypes.txt

* Fixed a typo in docs/ref/contrib/gis/geos.txt.

* Added missing import for previous commit.

* Fixed CVE-2016-9013 -- Generated a random database user password when running tests on Oracle.

* Added stub release notes for security release.

* Made doc icon\'s edges smooth.

* Fixed #26941 -- Corrected uwsgi \"env = LANG=…\" configuration in docs.

* Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.

* Added missing quotes in openlayers.html template.

* Refs #26034 -- Added another case fixed by this ticket to release notes.

* Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve().

* Discouraged use of /tmp with predictable names.

* Fixed #25745 -- Promoted RuntimeWarnings to errors in the test suite.

* Used relative models imports in the GIS tutorial.

* Added release dates for 1.8.7/1.7.11 releases.

* Fixed a GeoIP test failure with the latest data.

* Fixed a broken link in docs/internals/contributing/writing-documentation.txt.

* Fixed #26498 -- Fixed TimeField microseconds round-tripping on MySQL and SQLite.

* Fixed #25767 -- Fixed data truncation possibility with Positive(Small)IntegerField on MySQL.

* Fixed #26923 -- Fixed template_tests with numpy < 1.9.0.

* Fixed #13008 -- Added more Cache-Control headers to never_cache() decorator.

* Refs #25526 -- Documented some missing termcolors.

* Refs #25846 -- Added stacklevel to SubfieldBase warning.

* Added CVE-2016-9013,14 to the security release archive.

* Fixed #10045 -- Corrected docs about .annotate()/.filter() ordering.

* Fixed #25729 -- Fixed flaky admin_widgets selenium test: test_ForeignKey_using_to_field

* Refs #25274 -- Added missing argument to contrib.gis\' inspectdb.

* Clarified default value for DateField to emulate auto_now_add.

* Fixed #26122 -- Fixed copying a LazyObject

* Fixed #26321 -- Added missing \"for_save\" parameter in expressions example.

* Fixed #24937 -- Fixed serialization of Date(Time)RangeField.

* Updated six to 1.10.0.

* Refs #26253 -- Added tests for deprecation shims in SimpleTemplateResponse.

* Fixed #24796 -- Moved SecurityMiddleware in MIDDLEWARE_CLASSES docs.

* Fixed #26034 -- Fixed incorrect index handling on PostgreSQL on Char/TextField with unique=True and db_index=True.

* Ignored new warnings when building the docs with Sphinx 1.4.

* Fixed #25649 -- Documented that all GEOSGeometry constructors take srid kwarg.

* Fixed #26188 -- Documented how to wrap password hashers.

* Bumped version for 1.8.7 release.

* Updated release notes links to prevent warnings with Sphinx 1.4.2.

* Fixed #26375 -- Used a more generic name in a reusable template example.

* Fixed #26324 -- Fixed DurationField with fractional seconds on SQLite.

* Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.

* Fixed #25744 -- Corrected reference to User object in auth docs.

* Fixed man page by ensuring \".pot\" doesn\'t render unescaped.

* Fixed #26286 -- Prevented content type managers from sharing their cache.

* Added imports to docs/topics/db/aggregation.txt example.

* Fixed a dead link in django/contrib/sitemaps/__init__.py.

* Fixed #23751 -- Fixed code snippet formatting in docs PDF.

* Fixed #26687 -- Made an i18n test not use a hardcoded path separator.

* Fixed #26557 -- Converted empty strings to None when saving GenericIPAddressField.

* Added CVE-2016-7401 to the security release archive.

* Fixed #25720 -- Made gettext() return bytestring on Python 2 if input is bytestring.

* Bumped version for 1.8.16 release.

* Post-release version bump.

* Fixed DiscoverRunner failfast parameter default in docs.

* Added a helper function in schema tests.

* Fixed #26221 -- Used find_packages() in reusable apps tutorial.

* Updated GeoIP test for latest database.

* Bumped version for 1.8.10 release.

* Added release date for 1.8.9.

* Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values

* Refs #26089 -- Removed obsolete docs about custom user model testing.

* Fixed a function signature in docs/topics/auth/default.txt.

* Fixed #26807 -- Documented how to replicate SubfieldBase\'s assignment behavior.

* Fixed #26408 -- Updated link to DEP 182.

* Bumped version for 1.8.15 release.

* Fixed XSS in admin\'s add/change related popup.

* Fixed #26071 -- Fixed crash with __in lookup in a Case expression.

* Fixed #25526 -- Documented how to output colored text in custom management commands.

* Refs #26687 -- Made an i18n test not use a hardcoded path separator.

* Fixed #25461 -- Corrected meta API code examples to account for MTI.

* Fixed a typo in the managers docs.

* Added safety to URL decoding in is_safe_url() on Python 2

* Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()

* Refs #23751 -- Added some unicode characters to the latex preamble.

* Added stub release notes for 1.8.16.

* Fixed admin_filters test failures when run in reverse.

* Fixed typo in docs/topics/forms/modelforms.txt

* Added release date for 1.8.17.

* Updated xhtml2pdf URL in docs.

* Added release date for 1.8.8 release.

* Fixed typo in docs/topics/class-based-views/generic-display.txt

* Bumped version for 1.8.13 release.

* Changed section title from \"Model syntax\" to \"Introduction to models\".

* Fixed #27616 -- Fixed incorrect vary_on_headers() example.

* Fixed #26035 -- Prevented user-tools from appearing on admin logout page.

* Fixed #25169 -- Documented stacking of permission_required and login_required.

* Fixed #26331 -- Fixed test function names with typos

* Added stub release notes for 1.8.11.

* Fixed #26055 -- Removed an orphaned phrase in docs/howto/deployment/wsgi/modwsgi.txt.

* Fixed import location of check_password() in docs.

* Fixed #25727 -- Added a doc link to cached_property.

* Added CVE-2016-6186 to the security release archive.

* Fixed #25274 --- Made inspectdb handle renamed fields in unique_together.

* Refs #24980 -- Fixed incorrect timezone handling in admin calendar widget.

* Fixed #26136 -- Removed URL reversing by dotted path from JavaScript catalog example.

* Fixed a typo in tests/middleware/test_security.py

* Fixed #26889 -- Fixed missing PostgreSQL index in SchemaEditor.add_field().

* Declared Sphinx extensions safe for parallel reading.

* Fixed flake8 2.6 warnings.

* Fixed #25896 -- Fixed state bug in SeparateDatabaseAndState.database_backwards().

* Fixed typo in docs/topics/db/aggregation.txt.

* Fixed incorrect rendered widget in forms example.

* Fixed possible \"RuntimeError: maximum recursion depth exceeded\" building docs.

* Fixed GeoIP test failure with the latest data.

* Corrected stacklevel in Engine deprecation warnings.

* Fixed #26438 -- Fixed multiple .objects typos in the docs.

* Fixed #25881 -- Marked Python 3.2 in Django 1.8 as unsupported at the end of 2016.

* Fixed #26046 -- Fixed a crash with translations and Django-unknown language code

* Replaced \"inbuilt\" with more common \"built-in\".

* Added tests for if tag\'s != operator.

* Fixed #26392 -- Corrected login_required/permission_required stacking example.

* Fixed #26147 -- Relaxed expected values in GIS tests to account for database/library differences.

* Fixed typo in test name.

* Fixed #24980 -- Fixed day determination in admin calendar widget.

* Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.

* Fixed Sphinx highlight warnings in docs.

* Added a CVE role for Sphinx.

* Fixed #25316 -- Fixed a crash with order_by() and values() after annotate().

* Documented that forms.Field.help_text isn\'t HTML-escaped.

* Fixed #25893 -- Corrected custom lookups example.

* Fixed #25549 -- Documented auth_user_password_change URL.

* Bumped version for 1.8.18 release.

* Refs #25739 -- Lessened the prominence of geos.fromstr() in the docs.

* Added stub release notes for 1.8.9.

* Fixed many spelling mistakes in code, comments, and docs.

* Fixed #26309 -- Documented that login URL settings no longer support dotted paths.

* Pinned test requirement to numpy < 1.12 for Python 3.3 compatibility.

* Fixed #26121 -- Updated MySQL storage engine example.

* Tweaked example text in docs/ref/templates/builtins.txt.

* Fixed #26503 -- Removed an outdated example from session docs.

* Added stub release notes for 1.8.10.

* Fixed #25852 -- Made sure AlterModelManager forces a reload of its model state.

* Fixed typo docs/ref/models/relations.txt

* Bumped mysqlclient test requirement to >= 1.3.7.

* Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields.

* Fixed #26126 -- Fixed transient failure of test_max_age_expiration

* Removed unnecessary filter kwarg from .get() in a test.

* Fixed #25786 -- Fixed set_FOO_order() crash with order_with_respect_to referencing OneToOneField pk.

* Fixed typo in docs/ref/migration-operations.txt.

* Bumped version for 1.8.11 release.

* Fixed #25666 -- Fixed the exact lookup of ArrayField.

* Fixed typo in BaseCache.delete_many() docstring.

* Fixed a typo in BCryptPasswordHasher docstring

* Fixed #26636 -- Fixed typo in docs/ref/request-response.txt

* Refs #24937 -- Backported more commits to fix for serialization of Date(Time)RangeField.

* Added stub release notes for security issues.

* Fixed numpy deprecation warning silencing in template_tests.

* Fixed #25465 -- Restored line breaks conversion in admin readonly fields.

* Refs #27924 -- Doc\'d that cx_Oracle < 5.3 is required.

* Fixed #25715 -- Fixed Model.refresh_from_db() with ForeignKey w/on_delete=SET_NULL.

* Made doc icons background transparent.

* Refs #25886 -- Improved language in Python compatibility section of the release notes.

* Fixed a few docstring typos.

* Added Python 3.5 trove classifier.

* Fixed typo in docs/ref/forms/validation.txt.

* Fixed #27307 -- Added missing url names in sitemaps docs.

* Fixed an admin_scripts test on Ubuntu 16.04/spatialite.

* Fixed #25854 -- Removed deprecated usage of template.render() with RequestContext in docs.

* Fixed #23285 -- Fixed non-deterministic admin_views test.

* Removed an extra header in docs/ref/templates/api.txt.

* Backported the latest version of the security issue archive.

* Corrected a few typos in Signal.send() docstring.

* Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string.

* Fixed indenting in \"Serving files in development\" code example

* Fixed #27594 -- Fixed select_related() with reverse self-referential OneToOneField.

* Removed deprecated html_translator_class sphinx config option.

* Reverted \"Fixed #27594 -- Fixed select_related() with reverse self-referential OneToOneField.\"

* Refs #25896 -- Fixed migration test failure on Oracle

* Fixed #17686, refs #17816 -- Added \"Files\" section to Unicode topic.

* Removed docs of deprecated SimpleTestCase warnings behavior.

* Changed `action=\".\"` to `action=\"\"` in tests and docs.

* Fixed typo in 1.8.10 release date.

Sun Aug 23 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.4:

* Denial-of-service possibility in logout() view by filling session
store
Previously, a session could be created when anonymously accessing
the django.contrib.auth.views.logout() view (provided it wasn’t
decorated with login_required() as done in the admin). This could
allow an attacker to easily create many new session records by
sending repeated requests, potentially filling up the session
store or causing other users’ session records to be evicted.
The SessionMiddleware has been modified to no longer create empty
session records.

* Bugfixes
+ Added the ability to serialize values from the newly added
UUIDField (#25019).
+ Added a system check warning if the old TEMPLATE_
* settings are
defined in addition to the new TEMPLATES setting.
+ Fixed QuerySet.raw() so InvalidQuery is not raised when using the
db_column name of a ForeignKey field with primary_key=True
(#12768).
+ Prevented an exception in TestCase.setUpTestData() from leaking
the transaction (#25176).
+ Fixed has_changed() method in contrib.postgres.forms.HStoreField
(#25215, #25233).
+ Fixed the recording of squashed migrations when running the
migrate command (#25231).
+ Moved the unsaved model instance assignment data loss check to
Model.save() to allow easier usage of in-memory models (#25160).
+ Prevented varchar_patterns_ops and text_patterns_ops indexes for
ArrayField (#25180).

Mon Jul 13 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.3:

* Django 1.8.3 fixes several security issues and bugs in 1.8.2.

* bugfixes
+ Fixed BaseRangeField.prepare_value() to use each base_field’s
prepare_value() method (#24841).
+ Fixed crash during makemigrations if a migrations module either
is missing __init__.py or is a file (#24848).
+ Fixed QuerySet.exists() returning incorrect results after
annotation with Count() (#24835).
+ Corrected HStoreField.has_changed() (#24844).
+ Reverted an optimization to the CSRF template context processor
which caused a regression (#24836).
+ Fixed a regression which caused template context processors to
overwrite variables set on a RequestContext after it’s created
(#24847).
+ Prevented the loss of null/not null column properties during
field renaming of MySQL databases (#24817).
+ Fixed a crash when using a reverse one-to-one relation in
ModelAdmin.list_display (#24851).
+ Fixed quoting of SQL when renaming a field to AutoField in
PostgreSQL (#24892).
+ Fixed lack of unique constraint when changing a field from
primary_key=True to unique=True (#24893).
+ Fixed queryset pickling when using prefetch_related() after
deleting objects (#24831).
+ Allowed using choices longer than 1 day with DurationField
(#24897).
+ Fixed a crash when loading squashed migrations from two apps
with a dependency between them, where the dependent app’s replaced
migrations are partially applied (#24895).
+ Fixed recording of applied status for squashed (replacement)
migrations (#24628).
+ Fixed queryset annotations when using Case expressions with
exclude() (#24833).
+ Corrected join promotion for multiple Case
expressions. Annotating a query with multiple Case expressions
could unexpectedly filter out results (#24924).
+ Fixed usage of transforms in subqueries (#24744).
+ Fixed SimpleTestCase.assertRaisesMessage() on Python 2.7.10
(#24903).
+ Provided better backwards compatibility for the verbosity
argument in optparse management commands by casting it to an
integer (#24769).
+ Fixed prefetch_related() on databases other than PostgreSQL for
models using UUID primary keys (#24912).
+ Fixed removing unique_together constraints on MySQL (#24972).
+ Fixed crash when uploading images with MIME types that Pillow
doesn’t detect, such as bitmap, in forms.ImageField (#24948).
+ Fixed a regression when deleting a model through the admin that
has a GenericRelation with a related_query_name (#24940).
+ Reallowed non-ASCII values for ForeignKey.related_name on Python
3 by fixing the false positive system check (#25016).
+ Fixed inline forms that use a parent object that has a UUIDField
primary key and a child object that has an AutoField primary key
(#24958).
+ Fixed a regression in the unordered_list template filter on
certain inputs (#25031).
+ Fixed a regression in URLValidator that invalidated Punycode
TLDs (#25059).
+ Improved pyinotify runserver polling (#23882).

Sun May 24 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.2:

* security fix
+ Fixed session flushing in the cached_db backend

* bugfixes
+ Fixed check for template engine alias uniqueness (#24685).
+ Fixed crash when reusing the same Case instance in a query
(#24752).
+ Corrected join promotion for Case expressions. For example,
annotating a query with a Case expression could unexpectedly
filter out results (#24766).
+ Fixed negated Q objects in expressions. Cases like
Case(When(~Q(friends__age__lte=30))) tried to generate a subquery
which resulted in a crash (#24705).
+ Fixed incorrect GROUP BY clause generation on MySQL when the
query’s model has a self-referential foreign key (#24748).
+ Implemented ForeignKey.get_db_prep_value() so that ForeignKeys
pointing to UUIDField and inheritance on models with UUIDField
primary keys work correctly (#24698, #24712).
+ Fixed isnull lookup for HStoreField (#24751).
+ Fixed a MySQL crash when a migration removes a combined index
(unique_together or index_together) containing a foreign key
(#24757).
+ Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN
(#24799).
+ On PostgreSQL, when no access is granted for the postgres
database, Django now falls back to the default database when it
normally requires a “no database” connection (#24791).
+ Fixed display of contrib.admin’s ForeignKey widget when it’s used
in a row with other fields (#24784).

Sat May 9 14:00:00 2015 arunAATTgmx.de
- update to version 1.8.1:

* Added support for serializing timedelta objects in migrations
(#24566).

* Restored proper parsing of the testserver command’s positional
arguments (fixture names) (#24571).

* Prevented TypeError in translation functions check_for_language()
and get_language_bidi() when translations are deactivated
(#24569).

* Fixed squashmigrations command when using SeparateDatabaseAndState
(#24278).

* Stripped microseconds from datetime values when using an older
version of the MySQLdb DB API driver as it does not support
fractional seconds (#24584).

* Fixed a migration crash when altering ManyToManyFields (#24513)

* Fixed a crash with QuerySet.update() on foreign keys to one-to-one
fields (#24578).

* Fixed a regression in the model detail view of admindocs when a
model has a reverse foreign key relation (#24624).

* Prevented arbitrary file inclusions in admindocs (#24625).

* Fixed a crash with QuerySet.update() on foreign keys to instances
with uuid primary keys (#24611).

* Fixed database introspection with SQLite 3.8.9 (released April 8,
2015) (#24637).

* Updated urlpatterns examples generated by startproject to remove
usage of referencing views by dotted path in url() which is
deprecated in Django 1.8 (#24635).

* Fixed queries where an expression was referenced in order_by(),
but wasn’t part of the select clause. An example query is
qs.annotate(foo=F(\'field\')).values(\'pk\').order_by(\'foo\'))
(#24615).

* Fixed a database table name quoting regression (#24605).

* Prevented the loss of null/not null column properties during field
alteration of MySQL databases (#24595).

* Fixed JavaScript path of contrib.admin’s related field widget when
using alternate static file storages (#24655).

* Fixed a migration crash when adding new relations to models
(#24573).

* Fixed a migration crash when applying migrations with model
managers on Python 3 that were generated on Python 2 (#24701).

* Restored the ability to use iterators as queryset filter arguments
(#24719).

* Fixed a migration crash when renaming the target model of a
many-to-many relation (#24725).

* Removed flushing of the test database with --keepdb, which
prevented apps with data migrations from using the option
(#24729).

* Fixed makemessages crash in some locales (#23271).

* Fixed help text positioning of contrib.admin fields that use the
ModelAdmin.filter_horizontal and filter_vertical options (#24676).

* Fixed AttributeError: function ‘GDALAllRegister’ not found error
when initializing contrib.gis on Windows.

* Changed ModelState to deepcopy fields instead of deconstructing and
reconstructing (#24591). This speeds up the rendering of model
states and reduces memory usage when running manage.py migrate.

Fri Apr 3 14:00:00 2015 arunAATTgmx.de
- update to version 1.8:

* long list of changes, please see: https://docs.djangoproject.com/en/1.8/releases/1.8/

Thu Jan 15 13:00:00 2015 arunAATTgmx.de
- update to version 1.7.3:

* security issues
+ WSGI header spoofing via underscore/dash conflation
+ Mitigated possible XSS attack via user-supplied redirect URLs
+ Denial-of-service attack against \"django.views.static.serve\"
+ Database denial-of-service with \"ModelMultipleChoiceField\"

* bugfixes
+ The default iteration count for the PBKDF2 password hasher has
been increased by 25%. This part of the normal major release
process was inadvertently omitted in 1.7. This backwards
compatible change will not affect users who have subclassed
\"django.contrib.auth.hashers.PBKDF2PasswordHasher\" to change
the default value.
+ Fixed a crash in the CSRF middleware when handling non-ASCII
referer header (:ticket:\'23815\').
+ Fixed a crash in the \"django.contrib.auth.redirect_to_login\"
view when passing a
:func:\'~django.core.urlresolvers.reverse_lazy\' result on Python
3 (:ticket:\'24097\').
+ Added correct formats for Greek (\"el\") (:ticket:\'23967\').
+ Fixed a migration crash when unapplying a migration where
multiple operations interact with the same model (:ticket:\'24110\').

Sun Jan 11 13:00:00 2015 p.drouandAATTgmail.com
- South has been merged in main Django; provide and obsolete it

Sun Jan 4 13:00:00 2015 arunAATTgmx.de
- specfile: update copyright year
- update to version 1.7.2:

* Fixed migration\'s renaming of auto-created many-to-many tables
when changing :attr:Meta.db_table
(:ticket:23630).

* Fixed a migration crash when adding an explicit \"id\" field to a
model on SQLite (:ticket:23702).

* Added a warning for duplicate models when a module is
reloaded. Previously a \"RuntimeError\" was raised every time two
models clashed in the app registry. (:ticket:23621).

* Prevented :djadmin:flush from loading initial data for migrated apps
(:ticket:23699).

* Fixed a :djadmin:makemessages regression in 1.7.1 when
:setting:STATIC_ROOT has the default \"None\" value (:ticket:23717).

* Added GeoDjango compatibility with mysqlclient database driver.

* Fixed MySQL 5.6+ crash with \"GeometryField\"\\s in migrations
(:ticket:23719).

* Fixed a migration crash when removing a field that is referenced in
\"AlterIndexTogether\" or \"AlterUniqueTogether\" (:ticket:23614).

* Updated the first day of the week in the Ukrainian locale to Monday.

* Added support for transactional spatial metadata initialization on
SpatiaLite 4.1+ (:ticket:23152).

* Fixed a migration crash that prevented changing a nullable field with a
default to non-nullable with the same default (:ticket:23738).

* Fixed a migration crash when adding \"GeometryField\"\\s with
\"blank=True\" on PostGIS (:ticket:23731).

* Allowed usage of \"DateTimeField()\" as \"Transform.output_field\"
(:ticket:23420).

* Fixed a migration serializing bug involving \"float(\"nan\")\" and
\"float(\"inf\")\" (:ticket:23770).

* Fixed a regression where custom form fields having a \"queryset\"
attribute but no \"limit_choices_to\" could not be used in a
:class:~django.forms.ModelForm (:ticket:23795).

* Fixed a custom field type validation error with MySQL backend when
\"db_type\" returned \"None\" (:ticket:23761).

* Fixed a migration crash when a field is renamed that is part of an
\"index_together\" (:ticket:23859).

* Fixed :djadmin:squashmigrations to respect the \"--no-optimize\"
parameter (:ticket:23799).

* Made :class:~django.db.migrations.operations.RenameModel reversible
(:ticket:22248)

* Avoided unnecessary rollbacks of migrations from other apps when
migrating backwards (:ticket:23410).

* Fixed a rare query error when using deeply nested subqueries
(:ticket:23605).

* Fixed a crash in migrations when deleting a field that is part of a
\"index/unique_together\" constraint (:ticket:23794).

* Fixed \"django.core.files.File.__repr__()\" when the file\'s \"name\"
contains Unicode characters (:ticket:23888).

* Added missing context to the admin\'s \"delete_selected\" view that
prevented custom site header, etc. from appearing (:ticket:23898).

* Fixed a regression with dynamically generated inlines and allowed
field references in the admin (:ticket:23754).

* Fixed an infinite loop bug for certain cyclic migration
dependencies, and made the error message for cyclic dependencies
much more helpful.

* Added missing \"index_together\" handling for SQLite (:ticket:23880).

* Fixed a crash when \"RunSQL\" SQL content was collected by the schema
editor, typically when using \"sqlmigrate\" (:ticket:23909).

* Fixed a regression in \"contrib.admin\" add/change views which caused
some \"ModelAdmin\" methods to receive the incorrect \"obj\" value
(:ticket:23934).

* Fixed \"runserver\" crash when socket error message contained Unicode
characters (:ticket:23946).

* Fixed serialization of \"type\" when adding a \"deconstruct()\" method
(:ticket:23950).

* Prevented the
:class:~django.contrib.auth.middleware.SessionAuthenticationMiddleware
from setting a \"\"Vary: Cookie\"\" header on all responses
(:ticket:23939).

* Fixed a crash when adding \"blank=True\" to \"TextField()\" on MySQL
(:ticket:23920).

* Fixed index creation by the migration infrastructure, particularly
when dealing with PostgreSQL specific \"{text|varchar}_pattern_ops\"
indexes (:ticket:23954).

* Fixed bug in \"makemigrations\" that created broken migration files
when dealing with multiple table inheritance and inheriting from
more than one model (:ticket:23956).

* Fixed a crash when a \"MultiValueField\" has invalid data
(:ticket:23674).

* Fixed a crash in the admin when using \"Save as new\" and also
deleting a related inline (:ticket:23857).

* Always converted \"related_name\" to text (unicode), since that is
required on Python 3 for interpolation. Removed conversion of
\"related_name\" to text in migration deconstruction (:ticket:23455
and :ticket:23982).

* Enlarged the sizes of tablespaces which are created by default for
testing on Oracle (the main tablespace was increased from 200M to
300M and the temporary tablespace from 100M to 150M). This was
required to accommodate growth in Django\'s own test suite
(:ticket:23969).

* Fixed \"timesince\" filter translations in Korean (:ticket:23989).

* Fixed the SQLite \"SchemaEditor\" to properly add defaults in the
absence of a user specified \"default\". For example, a \"CharField\"
with \"blank=True\" didn\'t set existing rows to an empty string which
resulted in a crash when adding the \"NOT NULL\" constraint
(:ticket:23987).

* \"makemigrations\" no longer prompts for a default value when adding
\"TextField()\" or \"CharField()\" without a \"default\" (:ticket:23405).

* Fixed a migration crash when adding \"order_with_respect_to\" to a
table with existing rows (:ticket:23983).

* Restored the \"pre_migrate\" signal if all apps have migrations
(:ticket:23975).

* Made admin system checks run for custom \"AdminSite\"\\s
(:ticket:23497).

* Ensured the app registry is fully populated when unpickling
models. When an external script (like a queueing infrastructure)
reloads pickled models, it could crash with an \"AppRegistryNotReady\"
exception (:ticket:24007).

* Added quoting to field indexes in the SQL generated by migrations to
prevent a crash when the index name requires it (:ticket:#24015).

* Added \"datetime.time\" support to migrations questioner
(:ticket:23998).

* Fixed admindocs crash on apps installed as eggs (:ticket:23525).

* Changed migrations autodetector to generate an \"AlterModelOptions\"
operation instead of \"DeleteModel\" and \"CreateModel\" operations when
changing \"Meta.managed\". This prevents data loss when changing
\"managed\" from \"False\" to \"True\" and vice versa (:ticket:24037).

* Enabled the \"sqlsequencereset\" command on apps with migrations
(:ticket:24054).

* Added tablespace SQL to apps with migrations (:ticket:24051).

* Corrected \"contrib.sites\" default site creation in a multiple
database setup (:ticket:24000).

* Restored support for objects that aren\'t :class:str or :class:bytes
in :func:~django.utils.safestring.mark_for_escaping on Python 3.

* Supported strings escaped by third-party libraries with the
\"__html__\" convention in the template engine (:ticket:23831).

* Prevented extraneous \"DROP DEFAULT\" SQL in migrations (:ticket:23581).

* Restored the ability to use more than five levels of subqueries
(:ticket:23758).

* Fixed crash when \"ValidationError\" is initialized with a
\"ValidationError\" that is initialized with a dictionary
(:ticket:24008).

* Prevented a crash on apps without migrations when running \"migrate
- -list\" (:ticket:23366).

Sat Nov 15 13:00:00 2014 arunAATTgmx.de
- Update to Django 1.7.1

* Allowed related many-to-many fields to be referenced in the admin
(#23604).

* Added a more helpful error message if you try to migrate an app
without first creating the contenttypes table (#22411).

* Modified migrations dependency algorithm to avoid possible
infinite recursion.

* Fixed a UnicodeDecodeError when the flush error message contained
Unicode characters (#22882).

* Reinstated missing CHECK SQL clauses which were omitted on some
backends when not using migrations (#23416).

* Fixed serialization of type objects in migrations (#22951).

* Allowed inline and hidden references to admin fields (#23431).

* The AATTdeconstructible decorator now fails with a ValueError if the
decorated object cannot automatically be imported (#23418).

* Fixed a typo in an inlineformset_factory() error message that
caused a crash (#23451).

* Restored the ability to use ABSOLUTE_URL_OVERRIDES with the
\'auth.User\' model (#11775). As a side effect, the setting now adds
a get_absolute_url() method to any model that appears in
ABSOLUTE_URL_OVERRIDES but doesn’t define get_absolute_url().

* Avoided masking some ImportError exceptions during application
loading (#22920).

* Empty index_together or unique_together model options no longer
results in infinite migrations (#23452).

* Fixed crash in contrib.sitemaps if lastmod returned a date rather
than a datetime (#23403).

* Allowed migrations to work with app_labels that have the same last
part (e.g. django.contrib.auth and vendor.auth) (#23483).

* Restored the ability to deepcopy F objects (#23492).

* Formats for Welsh (cy) and several Chinese locales (zh_CN,
zh_Hans, zh_Hant and zh_TW) have been added. Formats for
Macedonian have been fixed (trailing dot removed, #23532).

* Added quoting of constraint names in the SQL generated by
migrations to prevent crash with uppercase characters in the name
(#23065).

* Fixed renaming of models with a self-referential many-to-many
field (ManyToManyField(\'self\')) (#23503).

* Added the get_extra(), get_max_num(), and get_min_num() hooks to
GenericInlineModelAdmin (#23539).

* Made migrations.RunSQL no longer require percent sign
escaping. This is now consistent with cursor.execute() (#23426).

* Made the SERIALIZE entry in the TEST dictionary usable (#23421).

* Fixed bug in migrations that prevented foreign key constraints to
unmanaged models with a custom primary key (#23415).

* Added SchemaEditor for MySQL GIS backend so that spatial indexes
will be created for apps with migrations (#23538).

* Added SchemaEditor for Oracle GIS backend so that spatial metadata
and indexes will be created for apps with migrations (#23537).

* Coerced the related_name model field option to unicode during
migration generation to generate migrations that work with both
Python 2 and 3 (#23455).

* Fixed MigrationWriter to handle builtin types without imports
(#23560).

* Fixed deepcopy on ErrorList (#23594).

* Made the admindocs view to browse view details check if the view
specified in the URL exists in the URLconf. Previously it was
possible to import arbitrary packages from the Python path. This
was not considered a security issue because admindocs is only
accessible to staff users (#23601).

* Fixed UnicodeDecodeError crash in AdminEmailHandler with non-ASCII
characters in the request (#23593).

* Fixed missing get_or_create and update_or_create on related
managers causing IntegrityError (#23611).

* Made urlsafe_base64_decode() return the proper type (byte string)
on Python 3 (#23333).

* makemigrations can now serialize timezone-aware values (#23365).

* Added a prompt to the migrations questioner when removing the null
constraint from a field to prevent an IntegrityError on existing
NULL rows (#23609).

* Fixed generic relations in ModelAdmin.list_filter (#23616).

* Restored RFC compliance for the SMTP backend on Python 3 (#23063).

* Fixed a crash while parsing cookies containing invalid content
(#23638).

* The system check framework now raises error models.E020 when the
class method Model.check() is unreachable (#23615).

* Made the Oracle test database creation drop the test user in the
event of an unclean exit of a previous test run (#23649).

* Fixed makemigrations to detect changes to Meta.db_table (#23629).

* Fixed a regression when feeding the Django test client with an
empty data string (#21740).

* Fixed a regression in makemessages where static files were
unexpectedly ignored (#23583).
- Changes from version 1.7

* A new built-in database migration system. Notes on upgrading from
South (a popular third
*party application providing migration
functionality) are also available.

* A refactored concept of Django applications. Django applications
are no longer tied to the existence of a models files, and can now
specify both configuration data and code to be executed as Django
starts up.

* Improvements to the model Field API to support migrations and, in
the future, to enable easy addition of composite-key support to
Django\'s ORM.

* Improvements for custom Manager and QuerySet classes, allowing
reverse relationship traversal to specify the Manager to use, and
creation of a Manager from a custom QuerySet class.

* An extensible system check framework which can assist developers
in detecting and diagnosing errors.
Please refer to the release notes for all details and migration
instructions:
https://docs.djangoproject.com/en/1.7/releases/1.7/
- Added python-setuptools as a BuildRequires.
- Fixed Source URL from Django Project site.
- Reordered sources.
- Fixed deduplication to avoid wrong mtimes in pyc files.
- Changes from version 1.6.5 :
+ Unexpected code execution using reverse()
+ Caching of anonymous pages could reveal CSRF token
+ MySQL typecasting
+ select_for_update() requires a transaction
+ Issue: Caches may incorrectly be allowed to store and serve private data
+ Issue: Malformed redirect URLs from user input not correctly validated
- Changes from version 1.6.2:
+ Prevented the base geometry object of a prepared geometry to be garbage
collected, which could lead to crash Django (#21662).
+ Fixed a crash when executing the changepassword command when the user
object representation contained non-ASCII characters (#21627).
+ The collectstatic command will raise an error rather than default to
using the current working directory if STATIC_ROOT is not set. Combined
with the --clear option, the previous behavior could wipe anything
below the current working directory (#21581).
+ Fixed mail encoding on Python 3.3.3+ (#21093).
+ Fixed an issue where when settings.DATABASES[\'default\'][\'AUTOCOMMIT\'] = False,
the connection wasn’t in autocommit mode but Django pretended it was.
+ Fixed a regression in multiple-table inheritance exclude() queries (#21787).
+ Added missing items to django.utils.timezone.__all__ (#21880).
+ Fixed a field misalignment issue with select_related() and model inheritance (#21413).
+ Fixed join promotion for negated AND conditions (#21748).
+ Oracle database introspection now works with boolean and float fields (#19884).
+ Fixed an issue where lazy objects weren’t actually marked as safe when
passed through mark_safe() and could end up being double-escaped (#21882).
- Changes from version 1.6.1:
- Most bug fixes are minor; you can find a complete list in the Django 1.6.1
release notes.

Thu Jul 31 14:00:00 2014 dimstarAATTopensuse.org
- Rename rpmlintrc to %{name}-rpmlintrc.
Follow the packaging guidelines.

Fri Feb 14 13:00:00 2014 speilickeAATTsuse.com
- Fix update-alternatives (again)

Tue Nov 19 13:00:00 2013 speilickeAATTsuse.com
- Update-alternatives also for bash-completion

Thu Nov 7 13:00:00 2013 speilickeAATTsuse.com
- Require python-Pillow for image-related functionality
- Package was renamed from python-django
- Drop Django-1.2-completion-only-for-bash.patch: Useless

Tue Nov 5 13:00:00 2013 alexandreAATTexatati.com.br
- Update to version 1.6:
- Please read the release notes
https://docs.djangoproject.com/en/1.6/releases/1.6
- Removed Patch2 as it is no needed anymore:
Django-1.4-CSRF_COOKIE_HTTPONLY-support.patch

Tue Sep 17 14:00:00 2013 speilickeAATTsuse.com
- Update to version 1.5.4:
+ Fixed denial-of-service via large passwords
- Changes from version 1.5.3:
+ Fixed directory traversal with ssi template tag

Wed Aug 14 14:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5.2:
- Security release, please check release notes for details:
https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued

Thu Mar 28 13:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5.1:
- Memory leak fix, please read release announcement at
https://www.djangoproject.com/weblog/2013/mar/28/django-151.

Tue Feb 26 13:00:00 2013 alexandreAATTexatati.com.br
- Update to 1.5:
- Please read the release notes
https://docs.djangoproject.com/en/1.5/releases/1.5

Tue Dec 11 13:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.3:
- Security release:
- Host header poisoning
- Redirect poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/dec/10/security

Sat Oct 20 14:00:00 2012 saschpeAATTsuse.de
- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin

Wed Oct 17 14:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.2:
- Security release:
- Host header poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security

Mon Jul 30 14:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4.1:
- Security release:
- Cross-site scripting in authentication views
- Denial-of-service in image validation
- Denial-of-service via get_image_dimensions()
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued

Tue Jun 19 14:00:00 2012 saschpeAATTsuse.de
- Add patch to support CSRF_COOKIE_HTTPONLY config

Fri Mar 23 13:00:00 2012 alexandreAATTexatati.com.br
- Update to 1.4:
- Please read the release notes
https://docs.djangoproject.com/en/dev/releases/1.4
- Removed Patch2, it was merged on upstream,

Thu Nov 24 13:00:00 2011 saschpeAATTsuse.de
- Set license to SDPX style (BSD-3-Clause)
- Package AUTHORS, LICENE and README files
- No CFLAGS for noarch package
- Drop runtime dependency on gettext-tools

Sat Sep 10 14:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3.1 to fix security issues, please read
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued.

Thu Mar 31 14:00:00 2011 alexandreAATTexatati.com.br
- Fix build on SLES_9.

Wed Mar 23 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3 final;
- Refresh patch empty-ip-2.diff.

Fri Mar 18 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.3-rc1;
- Regenerated spec file with py2pack;
- No more need to fix wrong line endings;
- Refresh patch empty-ip-2.diff with -p0.

Thu Mar 3 13:00:00 2011 saschpeAATTsuse.de
- Spec file cleanup:

* Removed empty lines, package authors from description

* Cleanup duplicates

* Corrected wrong file endings

* Added zero-length rpmlint filter
- Added AUTHORS, LICENSE and doc files

Wed Feb 9 13:00:00 2011 alexandreAATTexatati.com.br
- Update to 1.2.5:
- This is a security update that fix:
- Flaw in CSRF handling;
- Potential XSS in file field rendering.

Thu Dec 23 13:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.4:
- Information leakage in Django administrative interface;
- Denial-of-service attack in password-reset mechanism.
- This is a mandatory security update.

Sat Sep 11 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.3:
- The patch applied for the security issue covered in Django
1.2.2 caused issues with non-ASCII responses using CSRF
tokens. This has been remedied;
- The patch also caused issues with some forms, most notably
the user-editing forms in the Django administrative interface.
This has been remedied.
- The packaging manifest did not contain the full list of
required files. This has been remedied.

Thu Sep 9 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.2.
- This is a ciritical security update fixing a default XSS bug!

Fri Jul 9 14:00:00 2010 jfunkAATTfunktronics.ca
- Added patch to fix upstream bug 5622: Empty ipaddress raises an error

Mon May 17 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.1.

Mon May 17 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2.

Thu May 6 14:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2-rc-1.

Mon Apr 5 14:00:00 2010 alexandreAATTexatati.com.br
- Spec file cleaned with spec-cleaner;
- Minor manual adjusts on spec file.

Thu Mar 18 13:00:00 2010 alexandreAATTexatati.com.br
- Moved autocomplete file path from /etc/profile.d to
/etc/bash_completion.d. Then it works with konsole too.

Mon Mar 15 13:00:00 2010 alexandreAATTexatati.com.br
- Update to 1.2-beta-1;
- Using -q option on prep section of spec file;
- Using INSTALLED_FILES instead of declaring files;
- Removed dummy changelog section of spec file;
- Update completion bash patch.

Sun Oct 11 14:00:00 2009 nixAATTopensuse.org
- Update to 1.1.1 due to security issue described at
http://www.djangoproject.com/weblog/2009/oct/09/security/

Sat Oct 10 14:00:00 2009 alexandreAATTexatati.com.br
- Removed old tarball file (Django-1.1.tar.bz2).

Tue Aug 25 14:00:00 2009 garloffAATTsuse.de
- Fix python version check.

Sat Aug 22 14:00:00 2009 garloffAATTsuse.de
- Don\'t require python-sqlite2 for python >= 2.6.

Fri Aug 21 14:00:00 2009 garloffAATTsuse.de
- Build as noarch on factory.

Wed Aug 19 14:00:00 2009 poemlAATTsuse.de
- don\'t run bash completion on shells other than bash. Avoiding
error messages produced at login when using other shells.

Fri Aug 14 14:00:00 2009 alexandreAATTexatati.com.br
- Added bash auto-complete to openSUSE.

Tue Jul 28 14:00:00 2009 listuserAATTpeternixon.net
- update to version 1.1
- add python-django-rpmlintrc to quiet rpmlint complaints about -lang

Wed Jul 1 14:00:00 2009 poemlAATTsuse.de
- add python-xml to the Requires (./manage.py syncdb crashes
otherwise)


  
ICM