|
|
|
|
Changelog for python39-Django-4.1.1-1.2.noarch.rpm :
* Mon Sep 05 2022 Alberto Planas Dominguez - Update to 4.1.1 + Reallowed, following a regression in Django 4.1, using GeoIP2() when GEOS is not installed + Fixed a regression in Django 4.1 that caused a crash of admin’s autocomplete widgets when translations are deactivated + Fixed a regression in Django 4.1 that caused a crash of the test management command when running in parallel and multiprocessing start method is spawn + Fixed a regression in Django 4.1 that caused an incorrect redirection to the admin changelist view when using \"Save and continue editing\" and \"Save and add another\" options + Fixed a regression in Django 4.1 that caused a crash of Window expressions with ArrayAgg + Fixed a regression in Django 4.1 that caused a migration crash on SQLite 3.35.5+ when removing an indexed field + Fixed a bug in Django 4.1 that caused a crash of model validation on UniqueConstraint() with field names in expressions + Fixed a bug in Django 4.1 that caused an incorrect validation of CheckConstraint() with range fields on PostgreSQL + Fixed a regression in Django 4.1 that caused an incorrect migration when adding AutoField, BigAutoField, or SmallAutoField on PostgreSQL + Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL when altering AutoField, BigAutoField, or SmallAutoField to OneToOneField + Fixed a migration crash on ManyToManyField fields with through referencing models in different apps + Fixed a regression in Django 4.1 that caused an incorrect migration when renaming a model with ManyToManyField and db_table + Reallowed, following a regression in Django 4.1, creating reverse foreign key managers on unsaved instances + Fixed a regression in Django 4.1 that caused a migration crash on SQLite < 3.20 + Fixed a regression in Django 4.1 that caused an admin crash when the admindocs app was used- Remove 0001-Fixed-33887-Added-version-in-asserted-test-URL.patch (already upstream)- Verify the tarball with gpg * Wed Aug 03 2022 Alberto Planas Dominguez - Update to 4.1: This is just a summary. Full release notes are available at https://docs.djangoproject.com/en/4.1/releases/4.1/ + Django 4.1 supports Python 3.8, 3.9, and 3.10 + Asynchronous handlers for class-based views + Asynchronous ORM interface + Validation of Constraints + Form rendering accessibility + CSRF_COOKIE_MASKED setting- Drop fix_test_custom_fields_SQLite.patch (already merged)- Add 0001-Fixed-33887-Added-version-in-asserted-test-URL.patch to fix test * Wed Aug 03 2022 Alberto Planas Dominguez - Update to 4.0.7 (CVE-2022-36359, bsc#1201923): + Django 4.0.7 fixes a security issue with severity “high” in 4.0.6. * Tue Jul 05 2022 Alberto Planas Dominguez - Update to 4.0.6 + CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments * Thu Jun 02 2022 Alberto Planas Dominguez - Update to 4.0.5 + Fixed a bug in Django 4.0 where not all OPTIONS were passed to a Redis client + Fixed a bug in Django 4.0 that caused a crash of QuerySet.filter() on IsNull() expressions + Fixed a bug in Django 4.0 where a hidden quick filter toolbar in the admin’s navigation sidebar was focusable * Mon Apr 11 2022 Alberto Planas Dominguez - Update to 4.0.4 + CVE-2022-28346: Potential SQL injection in \"QuerySet.annotate()\", \"aggregate()\", and \"extra()\" + CVE-2022-28347: Potential SQL injection via \"QuerySet.explain( * *options)\" on PostgreSQL * Tue Mar 01 2022 Alberto Planas Dominguez - Update to 4.0.3 + Prevented, following a regression in Django 4.0.1, makemigrations from generating infinite migrations for a model with ManyToManyField to a lowercased swappable model such as \'auth.user\' + Fixed a regression in Django 4.0 that caused a crash when rendering invalid inlines with readonly_fields in the admin * Tue Feb 01 2022 Alberto Planas Dominguez - Update to 4.0.2 (CVE-2022-22818, bsc#1195086) (CVE-2022-23833, bsc#1195088) + CVE-2022-22818: Possible XSS via {% debug %} template tag + CVE-2022-23833: Denial-of-service possibility in file uploads + Fixed a bug in Django 4.0 where TestCase.captureOnCommitCallbacks() could execute callbacks multiple times + Fixed a regression in Django 4.0 where help_text was HTML-escaped in automatically-generated forms + Fixed a regression in Django 4.0 that caused displaying an incorrect name for class-based views on the technical 404 debug page + Fixed a regression in Django 4.0 that caused an incorrect repr of ResolverMatch for class-based views + Fixed a regression in Django 4.0 that caused a crash of makemigrations on models without Meta.order_with_respect_to but with a field named _order + Fixed a regression in Django 4.0 that caused incorrect ModelAdmin.radio_fields layout in the admin + Fixed a duplicate operation regression in Django 4.0 that caused a migration crash when altering a primary key type for a concrete parent model referenced by a foreign key + Fixed a bug in Django 4.0 that caused a crash of QuerySet.aggregate() after annotate() on an aggregate function with a default + Fixed a regression in Django 4.0 that caused a crash of makemigrations when renaming a field of a renamed model * Wed Jan 12 2022 Matej Cepl - Add fix_test_custom_fields_SQLite.patch fixing issues with modern SQLite (gh#django/django#15168). * Mon Jan 10 2022 Alberto Planas Dominguez - Update to 4.0.1 (CVE-2021-45115, CVE-2021-45452, bsc#1194117) + CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator + CVE-2021-45452: Potential directory-traversal via Storage.save() + Fixed a regression in Django 4.0 that caused a crash of assertFormsetError() on a formset named form + Fixed a bug in Django 4.0 that caused a crash on booleans with the RedisCache backend + Relaxed the check added in Django 4.0 to reallow use of a duck-typed HttpRequest in django.views.decorators.cache.cache_control() and never_cache() decorators + Fixed a regression in Django 4.0 that caused creating bogus migrations for models that reference swappable models such as auth.User + Fixed a long standing bug in Geometry Collections and Polygon that caused a crash on some platforms (reported on macOS based on the ARM64 architecture) * Mon Dec 27 2021 Ben Greiner - Fix u-a scriptlet dependency.- Remove python36 conditional on numpy dep. * Fri Dec 24 2021 John Vandenberg - Avoid dependency on backports.zoneinfo except on Python 3.8 * Mon Dec 20 2021 Matej Cepl - Clean up PYTHONPATH to make test_extra_tests_build_suite pass. * Tue Dec 07 2021 Alberto Planas Dominguez - Update to 4.0 This is just a summary. Full release notes are available at https://docs.djangoproject.com/en/4.0/releases/4.0/. - Django 4.0 supports Python 3.8, 3.9, and 3.10. We highly recommend and only officially support the latest release of each series. The Django 3.2.x series is the last to support Python 3.6 and 3.7. - The Python standard library’s zoneinfo is now the default timezone implementation in Django. This is the next step in the migration from using pytz to using zoneinfo. Django 3.2 allowed the use of non-pytz time zones. Django 4.0 makes zoneinfo the default implementation. Support for pytz is now deprecated and will be removed in Django 5.0. - The new *expressions positional argument of UniqueConstraint() enables creating functional unique constraints on expressions and database functions. - The new scrypt password hasher is more secure and recommended over PBKDF2. However, it’s not the default as it requires OpenSSL 1.1+ and more memory. - Redis cache backend - Template based form rendering. Forms, Formsets, and ErrorList are now rendered using the template engine to enhance customization. * Tue Nov 02 2021 Alberto Planas Dominguez - Update to 3.2.9 + Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering a field with a functional index * Tue Oct 05 2021 Alberto Planas Dominguez - Update to 3.2.8 + Fixed a bug in Django 3.2 that caused incorrect links on read-only fields in the admin + Fixed a regression in Django 3.2 that caused incorrect selection of items across all pages when actions were placed both on the top and bottom of the admin change-list view- Drop failing_test_subparser_invalid_option.patch, as is already in the upstream code. * Thu Sep 09 2021 Matej Cepl - Add failing_test_subparser_invalid_option.patch fixing https://code.djangoproject.com/ticket/33082 * Wed Sep 01 2021 Alberto Planas Dominguez - Update to 3.2.7 + Fixed a regression in Django 3.2 that caused the incorrect offset extraction from fixed offset timezones * Mon Aug 16 2021 Alberto Planas Dominguez - Update to 3.2.6 + Fixed a regression in Django 3.2 that caused a crash validating \"NaN\" input with a forms.DecimalField when additional constraints, e.g. max_value, were specified + Fixed a bug in Django 3.2 where a system check would crash on a model with a reverse many-to-many relation inherited from a parent class * Thu Jul 01 2021 Alberto Planas Dominguez - Update to 3.2.5 (CVE-2021-35042, bsc#1187785) + Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(..., named=True) after prefetch_related() + Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable + Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value + Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label * Wed Jun 02 2021 Alberto Planas Dominguez - Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571) + CVE-2021-33203: Potential directory traversal via admindocs + CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses + Fixed a bug in Django 3.2 where a final catch-all view in the admin didn’t respect the server-provided value of SCRIPT_NAME when redirecting unauthenticated users to the login page + Fixed a bug in Django 3.2 where a system check would crash on an abstract model + Prevented unnecessary initialization of unused caches following a regression in Django 3.2 + Fixed a crash in Django 3.2 that could occur when running mod_wsgi with the recommended settings while the Windows colorama library was installed + Fixed a bug in Django 3.2 that would trigger the auto-reloader for template changes when directory paths were specified with strings + Fixed a regression in Django 3.2 that caused a crash of auto-reloader with AttributeError, e.g. inside a Conda environment + Fixed a regression in Django 3.2 that caused a loss of precision for operations with DecimalField on MySQL * Mon May 17 2021 Alberto Planas Dominguez - Update to 3.2.3 + Prepared for mysqlclient > 2.0.3 support + Fixed a regression in Django 3.2 that caused the incorrect filtering of querysets combined with the | operator + Fixed a regression in Django 3.2.1 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path * Thu May 06 2021 Alberto Planas Dominguez - Update to 3.2.2 (CVE-2021-32052) + CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ + Prevented, following a regression in Django 3.2.1, makemigrations from generating infinite migrations for a model with Meta.ordering contained OrderBy expressions * Wed May 05 2021 Ben Greiner - Keep rpm runtime requirements in sync. Downstream packages often read the egg-info and fail if they are not fulfilled. * Wed May 05 2021 Alberto Planas Dominguez - Update to 3.2.1 (CVE-2021-31542) + CVE-2021-31542: Potential directory-traversal via uploaded files + Corrected detection of GDAL 3.2 on Windows + Fixed a bug in Django 3.2 where subclasses of BigAutoField and SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting + Fixed a regression in Django 3.2 that caused a crash of QuerySet.values()/values_list() after QuerySet.union(), intersection(), and difference() when it was ordered by an unannotated field + Restored, following a regression in Django 3.2, displaying an exception message on the technical 404 debug page + Fixed a bug in Django 3.2 where a system check would crash on a reverse one-to-one relationships in CheckConstraint.check or UniqueConstraint.condition + Fixed a regression in Django 3.2 that caused a crash of ModelAdmin.search_fields when searching against phrases with unbalanced quotes + Fixed a bug in Django 3.2 where variable lookup errors were logged rendering the sitemap template if alternates were not defined + Fixed a regression in Django 3.2 that caused a crash when combining Q() objects which contains boolean expressions + Fixed a regression in Django 3.2 that caused a crash of QuerySet.update() on a queryset ordered by inherited or joined fields on MySQL and MariaDB + Fixed a regression in Django 3.2 that caused a crash when decoding a cookie value, used by django.contrib.messages.storage.cookie.CookieStorage, in the pre-Django 3.2 format + Fixed a regression in Django 3.2 that stopped the shift-key modifier selecting multiple rows in the admin changelist + Fixed a bug in Django 3.2 where a system check would crash on the STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path) + Fixed a long standing bug involving queryset bitwise combination when used with subqueries that began manifesting in Django 3.2, due to a separate fix using Exists to exclude() multi-valued relationships + Fixed a bug in Django 3.2 where variable lookup errors were logged when rendering some admin templates + Fixed a bug in Django 3.2 where an admin changelist would crash when deleting objects filtered against multi-valued relationships + Fixed a regression in Django 3.2 where the calling process environment would not be passed to the dbshell command on PostgreSQL + Fixed a performance regression in Django 3.2 when building complex filters with subqueries * Tue Apr 06 2021 Alberto Planas Dominguez - Update to 3.2.0 + Automatic ~django.apps.AppConfig discovery + Customizing type of auto-created primary keys + Functional indexes + pymemcache support + New decorators for the admin site + For a complete description of new features check: https://github.com/django/django/blob/main/docs/releases/3.2.txt- Update PYTHOPATH to include the local tests- Drop i18n_test.patch, i18n_test_extraction.patch, test_clear_site_cache-sort.patch * Sat Feb 13 2021 Ben Greiner - Don\'t install python36-numpy for testing. It is no longer available. (The tests or portions of tests requiring numpy are skipped automatically in this case.)- Let the singlespec macro do its job to set the primary provider for python3-django and python3-South on the primary flavor only.- Fix mtime of cache file by recompiling. * Wed Dec 09 2020 Ondřej Súkup - Update to 3.1.4 * Fixed setting the Content-Length HTTP header in AsyncRequestFactory * Fixed passing extra HTTP headers to AsyncRequestFactory request methods * Fixed crash of key transforms for JSONField on PostgreSQL when usingi on a Subquery() annotation * Fixed a regression in Django 3.1 that caused the incorrect grouping by a Q object annotation * Fixed a regression in Django 3.1 that caused suppressing connection errors when JSONField is used on SQLite * Fixed a crash on SQLite, when QuerySet.values()/values_list() contained key transforms for JSONField returning non-string primitive values * Mon Nov 02 2020 Ondřej Súkup - Update to 3.1.3 * Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin changelist search bar * Fixed a regression in Django 3.1.2 that caused the incorrect width of the admin changelist search bar on a filtered page * Fixed displaying Unicode characters in forms.JSONField and read-only models.JSONField values in the admin * Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg with ordering on key transforms for JSONField * Fixed a regression in Django 3.1 that caused a crash of __in lookup when using key transforms for JSONField in the lookup value * Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with key transforms for JSONField * Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL when adding an ExclusionConstraint with key transforms for JSONField in expressions * Fixed a regression in Django 3.1 where ProtectedError.protected_objects and RestrictedError.restricted_objects attributes returned iterators instead of set of objects * Fixed a regression in Django 3.1.2 that caused incorrect form input layout on small screens in the admin change form view * Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset tokens * Added support for asgiref 3.3 * Fixed a regression in Django 3.1 that caused incorrect textarea layout on medium-sized screens in the admin change form view with the sidebar open * Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases in the GROUP BY clause * Fixed a bug in Django 3.1 where FileField instances with a callable storage were not correctly deconstructed * Fixed a regression in Django 3.1 where the QuerySet.ordered attribute returned incorrectly True for GROUP BY queries (e.g. .annotate().values()) on models with Meta.ordering. A model’s Meta.ordering doesn’t affect such queries * Fixed a regression in Django 3.1 where a queryset would crash if it contained an aggregation and a Q object annotation * Fixed a bug in Django 3.1 where a test database was not synced during creation when using the MIGRATE test database setting * Fixed a django.contrib.admin.EmptyFieldListFilter crash when using on a GenericRelation * Fixed a regression in Django 3.1.1 where the admin changelist filter sidebar would not scroll for a long list of available filters * Wed Sep 09 2020 Marketa Calabkova - Update to 3.1.1 * CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ * CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+ * Fixed a data loss possibility in the select_for_update(). When using related fields pointing to a proxy model in the of argument, the corresponding model was not locked * Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data * Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite * Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator and settings.py * Wed Sep 09 2020 John Vandenberg - Require asgiref >= 3.2.10 per upstream * Tue Aug 11 2020 Alberto Planas Dominguez - Update to 3.1 * Asynchronous views and middleware support * JSONField for all supported database backends * DEFAULT_HASHING_ALGORITHM settings¶ * Read https://docs.djangoproject.com/en/3.1/releases/3.1/- Drop fix-selenium-test.patch. Already upstream.- Add i18n_test_extraction.patch to support xgettext 0.21 * Thu Aug 06 2020 Ondřej Súkup - update to 3.0.9 * Allowed setting the SameSite cookie flag in HttpResponse.delete_cookie() * Fixed crash when sending emails to addresses with display names longer than 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+ * Wed Jul 08 2020 Ondřej Súkup - update to 3.0.8 * Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings raised by cache key validation * Fixed a regression in Django 3.0.7 that caused a queryset crash when grouping by a many-to-one relationship * Reallowed, following a regression in Django 3.0, non-expressions having a filterable attribute to be used as the right-hand side in queryset filters * Fixed a regression in Django 3.0.2 that caused a migration crash on PostgreSQL when adding a foreign key to a model with a namespaced db_table * Added compatibility for cx_Oracle 8 * Thu Jun 04 2020 Ondřej Súkup - update to 3.0.7- drop 32bit.patch * boo#1172167 - CVE-2020-13254: Potential data leakage via malformed memcached keys * boo#1172167 - CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget * many other bugfixes * Thu Apr 30 2020 Tomáš Chvátal - Add patch to fix the 32bit build: * 32bit.patch * Thu Apr 23 2020 Marcus Rueckert - Update to 3.0.5 https://docs.djangoproject.com/en/3.0/releases/3.0.5/ https://docs.djangoproject.com/en/3.0/releases/3.0.4/ https://docs.djangoproject.com/en/3.0/releases/3.0.3/ https://docs.djangoproject.com/en/3.0/releases/3.0.2/ https://docs.djangoproject.com/en/3.0/releases/3.0.1/ https://docs.djangoproject.com/en/3.0/releases/3.0/- new dependency: python-asgiref * Fri Apr 03 2020 Tomáš Chvátal - Update to 2.2.12: * Added the ability to handle .po files containing different plural equations for the same language (#30439). * Wed Mar 18 2020 Ondřej Súkup - update to 2.2.11 * fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle * Tue Feb 04 2020 Ondřej Súkup - update to 2.2.10- drop pyyaml53.patch * fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)`` * Wed Jan 15 2020 Ondřej Súkup - add pyyaml53.patch - fix tests with PyYAML 5.3 * Sun Dec 29 2019 Ondřej Súkup - Update to 2.2.9 * CVE-2019-19844: Potential account hijack via password reset form (bsc#1159447) * Fixed a data loss possibility in SplitArrayField. * Mon Dec 02 2019 Alberto Planas Dominguez - Update to 2.2.8 * CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705) * Fixed a data loss possibility in the admin changelist view when a custom formset’s prefix contains regular expression special characters, e.g. \'$\' * Fixed a regression in Django 2.2.1 that caused a crash when migrating permissions for proxy models with a multiple database setup if the default entry was empty * Fixed a data loss possibility in the select_for_update(). When using \'self\' in the of argument with multi-table inheritance, a parent model was locked instead of the queryset’s model- Add patch fix-selenium-test.patch to fix a test when selenium is missing * Fri Nov 15 2019 Tomáš Chvátal - Update to 2.2.7: * Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826). * Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870). * Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903). * Restored the ability to override get_FOO_display() (#30931). * Fri Nov 15 2019 Tomáš Chvátal - Require full python interpreter on build and runtime * Mon Oct 07 2019 Tomáš Chvátal - Update to 2.2.6: * Fixed migrations crash on SQLite when altering a model containing partial indexes (#30754). * Fixed a regression in Django 2.2.4 that caused a crash when filtering with a Subquery() annotation of a queryset containing JSONField or HStoreField (#30769). * Mon Sep 16 2019 Tomáš Chvátal - Update to 2.2.5: * Relaxed the system check added in Django 2.2 for models to reallow use of the same db_table by multiple models when database routers are installed (#30673). * Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672). * Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign objects don’t respect a model’s Meta.ordering (#30449). * Fixed a race condition in loading URLconf module that could cause a crash of auto-reloader on Python 3.5 and below (#30500). * Thu Aug 01 2019 Tomáš Chvátal - Update to 2.2.4: * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880 * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628). * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621). * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters (\'\\x00\') (#30506). * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647). * Thu Jul 18 2019 Tomáš Chvátal - Update to 2.2.3: * CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶ * Mon Jun 03 2019 Ondřej Súkup - update to 2.2.2 * Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468) * Fixes CVE-2019-11358: Prototype pollution * Tue May 07 2019 Tomáš Chvátal - Update keyring file * Mon May 06 2019 Alberto Planas Dominguez - Update to 2.2.1 * Fixed a regression in Django 2.1 that caused the incorrect quoting of database user password when using dbshell on Oracle (#30307). * Added compatibility for psycopg2 2.8 (#30331). * Fixed a regression in Django 2.2 that caused a crash when loading the template for the technical 500 debug page (#30324). * Fixed crash of ordering argument in ArrayAgg and StringAgg when it contains an expression with params (#30332). * Fixed a regression in Django 2.2 that caused a single instance fast-delete to not set the primary key to None (#30330). * Prevented makemigrations from generating infinite migrations for check constraints and partial indexes when condition contains a range object (#30350). Reverted an optimization in Django 2.2 (#29725) that caused the inconsistent behavior of count() and exists() on a reverse many-to-many relationship with a custom manager (#30325). * Fixed a regression in Django 2.2 where Paginator crashes if object_list is a queryset ordered or aggregated over a nested JSONField key transform (#30335). * Fixed a regression in Django 2.2 where IntegerField validation of database limits crashes if limit_value attribute in a custom validator is callable (#30328). * Fixed a regression in Django 2.2 where SearchVector generates SQL that is not indexable (#30385). * Fixed a regression in Django 2.2 that caused an exception to be raised when a custom error handler could not be imported (#30318). * Relaxed the system check added in Django 2.2 for the admin app’s dependencies to reallow use of SessionMiddleware subclasses, rather than requiring django.contrib.sessions to be in INSTALLED_APPS (#30312). * Increased the default timeout when using Watchman to 5 seconds to prevent falling back to StatReloader on larger projects and made it customizable via the DJANGO_WATCHMAN_TIMEOUT environment variable (#30361). * Fixed a regression in Django 2.2 that caused a crash when migrating permissions for proxy models if the target permissions already existed. For example, when a permission had been created manually or a model had been migrated from concrete to proxy (#30351). * Fixed a regression in Django 2.2 that caused a crash of runserver when URLConf modules raised exceptions (#30323). * Fixed a regression in Django 2.2 where changes were not reliably detected by auto-reloader when using StatReloader (#30323). * Fixed a migration crash on Oracle and PostgreSQL when adding a check constraint with a contains, startswith, or endswith lookup (or their case-insensitive variant) (#30408). * Fixed a migration crash on Oracle and SQLite when adding a check constraint with condition contains | (OR) operator (#30412). * Wed Apr 10 2019 John Vandenberg - Add test_clear_site_cache-sort.patch to workaround flaky test- Add bcond_with for selenium and memcached, as those tests are inactive, and add missing dependencies and setup for selenium testing- Move removal of executable bit from a JavaScript file to %prep- Fix fdupes * Wed Apr 03 2019 Ondřej Súkup - update to 2.2- drop pyyaml5.patch- add i18n_test.patch * HttpRequest.headers to allow simple access to a request’s headers. * Database-level constraints on models. * Watchman compatibility for runserver to improve the performance * Sat Mar 23 2019 Tomáš Chvátal - Add patch to build with PyYAML >5: * pyyaml5.patch * Tue Feb 12 2019 Thomas Bechtold - update to 2.1.7 (CVE-2019-6975, bsc#1124991): * Corrected packaging error from 2.1.6 * Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to \'{:f}\'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation. * Made the obj argument of InlineModelAdmin.has_add_permission() optional to restore backwards compatibility with third-party code that doesn’t provide it * Thu Jan 10 2019 Thomas Bechtold - update to 2.1.5 (CVE-2019-3498, bsc#1120932): * CVE-2019-3498: Content spoofing possibility in the default 404 page * Fixed compatibility with mysqlclient 1.3.14 (#30013). * Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and rebuild your SQLite database if you applied a migration while using an older version of Django with SQLite 3.26 or later (#29182). * Prevented SQLite schema alterations while foreign key checks are enabled to avoid the possibility of schema corruption (#30023). * Fixed a regression in Django 2.1.4 (which enabled keep-alive connections) where request body data isn’t properly consumed for such connections (#30015). * Fixed a regression in Django 2.1.4 where InlineModelAdmin.has_change_permission() is incorrectly called with a non-None obj argument during an object add (#30050). * Mon Dec 10 2018 Ondřej Súkup - Update to version 2.1.4 * Corrected the default password list that CommonPasswordValidator uses by lowercasing all passwords to match the format expected by the validator * Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion * Fixed keep-alive support in runserver after it was disabled o 2.0 * Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields * Fixed “Please correct the errors below” error message when editing an object in the admin if the user only has the “view” permission on inlines * Fixed a regression in Django 2.0 where combining Q objects with __in lookups and lists crashed * Fixed a regression in Django 2.0 where test databases aren’t reused with manage.py test --keepdb on MySQL * Fixed a regression where cached foreign keys that use to_field were incorrectly cleared in Model.save() * Fixed a regression in Django 2.0 where FileSystemStorage crashes with FileExistsError if concurrent saves try to create the same directory * Thu Oct 04 2018 Alberto Planas Dominguez - Update to version 2.1.2 * CVE-2018-16984: Password hash disclosure to “view only” admin users * Fixed a regression where nonexistent joins in F() no longer raised FieldError (#29727). * Fixed a regression where files starting with a tilde or underscore weren’t ignored by the migrations loader (#29749). * Made migrations detect changes to Meta.default_related_name (#29755). * Added compatibility for cx_Oracle 7 (#29759). * Fixed a regression in Django 2.0 where unique index names weren’t quoted (#29778). * Fixed a regression where sliced queries with multiple columns with the same name crashed on Oracle 12.1 (#29630). * Fixed a crash when a user with the view (but not change) permission made a POST request to an admin user change form (#29809). * Tue Sep 18 2018 Matěj Cepl - Switch of BR selenium for non-Intel platforms. * Tue Sep 04 2018 Ondřej Súkup - update to version 2.1.1- drop django-urlencode.patch * Fixed a race condition in QuerySet.update_or_create() that could result in data loss * Fixed a regression where QueryDict.urlencode() crashed if the dictionary contains a non-string value * Fixed a regression in Django 2.0 where using manage.py test --keepdb fails on PostgreSQL if the database exists and the user doesn’t have permission to create databases * Fixed a regression in Django 2.0 where combining Q objects with __in lookups and lists crashed * Fixed translation failure of DurationField’s “overflow” error message * Fixed a regression where the admin change form crashed if the user doesn’t have the ‘add’ permission to a model that uses TabularInline * Fixed a regression where a related_query_name reverse accessor wasn’t set up when a GenericRelation is declared on an abstract base model * Fixed the test client’s JSON serialization of a request data dictionary for structured content type suffixes * Made the admin change view redirect to the changelist view after a POST if the user has the ‘view’ permission * Fixed admin change view crash for view-only users if the form has an extra form field * Fixed a regression in Django 2.0.5 where QuerySet.values() or values_list() after combining querysets with extra() with union(), difference(), or intersection() crashed due to mismatching columns * Tue Aug 14 2018 tchvatalAATTsuse.com- Apply patch to fix urlencode nonstring values: * django-urlencode.patch * Wed Aug 08 2018 tchvatalAATTsuse.com- Enable testsuite * Wed Aug 08 2018 mimi.vxAATTgmail.com- update to version 2.1- move bash completion to right location- for full chanfges please see https://docs.djangoproject.com/en/2.1/releases/2.1/ * Dropped support for MySQL 5.5 * Dropped support for PostgreSQL 9.3 * Support for SpatiaLite 4.0 is removed * Support for SQLite < 3.7.15 is removed. * Mon Jul 02 2018 aplanasAATTsuse.com- update to version 2.0.7: * Fixed admin changelist crash when using a query expression without asc() or desc() in the page’s ordering (#29428). * Fixed admin check crash when using a query expression in ModelAdmin.ordering (#29428). * Fixed __regex and __iregex lookups with MySQL 8 (#29451). * Fixed migrations crash with namespace packages on Python 3.7 (#28814).- update to version 2.0.6 * Fixed a regression that broke custom template filters that use decorators (#29400). * Fixed detection of custom URL converters in included patterns (#29415). * Fixed a regression that added an unnecessary subquery to the GROUP BY clause on MySQL when using a RawSQL annotation (#29416). * Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ (#29460). * Fixed a regression in Django 1.10 that could result in large memory usage when making edits using ModelAdmin.list_editable (#28462).- update to version 2.0.5 * Corrected the import paths that inspectdb generates for django.contrib.postgres fields (#29307). * Fixed a regression in Django 1.11.8 where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary (#29193). * Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed (#29296). * Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns (#29286). * Sat Apr 07 2018 tbechtoldAATTsuse.com- update to version 2.0.4: * Fixed #29265 -- Removed the suggestion to hardcode static URLs. * Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. * Fixed #29195 -- Fixed Exists.output_field resolution on single-valued queries. * Fixed links to Sphinx docs. * Fixed typo in docs/releases/2.0.4.txt. * Clarified docs about ISO 8601 week numbering. * Fixed #29116 -- Fixed OpenLayersWidget deserialization ignoring the widget map\'s SRID. * Added CVE-2018-7536,7 to the security release archive. * Fixed #29221 -- Corrected admin\'s autocomplete widget to add a space after custom classes. * Fixed #29273 -- Prevented initial selection of empty choice in multiple choice widgets. * Added a pagination example to ListView docs. * Fixed #28514 -- Clarifed docs about idempotence of RelatedManager.add(). * isorted import statements in tutorial example. * Fixed #29192 -- Corrected docs regarding overriding fields from abstract base classes. * Refs #11278 -- Clarified RelatedManager differences between reverse one-to-many and many-to-many relations. * Added stub release notes for 1.11.12. * Fixed #29165 -- Clarified how to load initial data with migrations. * Fixed #29213 -- Fixed autocomplete widget\'s translations for zh-hans/zh-hant. * Reverted \"Expanded docs for AbstractBaseUser.has_usable_password().\" * Fixed typo in docs/releases/2.0.4/1.11.12.txt. * Bumped version for 2.0.4 release. * Fixed #29250 -- Added \'django_version\' context to startapp/project docs. * Added release date for 2.0.4 and 1.11.12. * Post-release version bump. * Clarified a sentence in docs/topics/i18n/translation.txt. * Fixed #29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection(). * Added stub release notes for 2.0.4. * Fixed a couple mistakes in docs/ref/forms/widgets.txt. * Fixed #28655 -- Added more examples for customizing widgets in a form. * Mon Mar 19 2018 tbechtoldAATTsuse.com- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537): * Fixed #29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets. * Added CVE-2018-6188 to the security release archive. * Post-release version bump. * Updated translations from Transifex * Added stub release notes for security releases. * Fixed incorrect regex in re_path() example. * Fixed #29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments. * Fixed #29126 -- Doc\'d the behavior of QuerySet.update_or_create() with manually specified pks. * Used a CSS positioning in tutorial 6 that doesn\'t differ across browsers. * Fixed typo in bulk_create() documentation. * Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn\'t a string. * Removed blank lines per isort 4.3.0. * Added stub release notes for 2.0.3. * Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. * Fixed #29172 -- Fixed crash with Window expression in a subquery. * Fixed #29166 -- Fixed crash in When() expression with a list argument. * Fixed #24270 -- Doc\'d that django_bash_completion is only in the source distribution. * Improved clarity of docs/topics/install.txt. * Refs #29125 -- Made Q.deconstruct() omit \'query_utils\' in the path and _connector=\'AND\' since it\'s a default value. * Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. * Bumped version for 2.0.3 release. * Corrected doc\'d type of some parameters from string to str. * Fixed #29146 -- Readded ^ and $ inadvertently removed from re_path() examples. * Fixed #29107 -- Doc\'d that ModelForm doesn\'t actually inherit from Form. * Switched test requirement to new psycopg2-binary package. * Added backticks around obj argument in admin docs. * Fixed typo in docs/topics/forms/media.txt. * Fixed #29109 -- Fixed the admin time picker widget for the Thai locale. * Fixed #29118 -- Fixed crash with QuerySet.order_by(Exists(...)). * Wed Feb 07 2018 tbechtoldAATTsuse.com- update to 2.0.2 (bsc#1077714, CVE-2018-6188): * Fixed #28883 -- Doc\'d that the uuid URL path converter matches lowercase only letters. * Fixed a GeoIP2 test failure with the latest GeoIP2 database. * Added stub release notes for 2.0.1. * Bumped version for 2.0.2 release. * Fixed location of spatialite_source label. * Fixed #28958 -- Fixed admin changelist crash when using a query expression in the page\'s ordering. * Fixed #28231 -- Doc\'d that QuerySet.bulk_create() casts objs to a list. * Fixed #29032 -- Fixed an example of using expressions in QuerySet.values(). * Disambiguated \"settings\" in SpatiaLite note. * Fixed typo in docs/topics/testing/advanced.txt. * Post-release version bump. * Refs #25604 -- Removed docs for makemigrations --exit. * Fixed #29002 -- Corrected cached template loader docs about when it\'s automatically enabled. * Fixed typo in TemplateCommand argument help text. * Added stub release notes for 1.11.9. * Fixed #28915 -- Prevented SQLite from truncating trailing zeros in the fractional part of DecimalField. * Refs #29086 -- Doc\'d how to detect bytestring mistakes. * Fixed #28886 -- Updated prefix for example django.contrib.auth.urls URLs. * Fixed #29081 -- Clarified comments in QuerySet.select_related() example. * Refs #27985 -- Reallowed using __exact=None as an alias for __isnull=True if a custom lookup class with lookup_name != None is registered as the exact lookup. * Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table. * Removed \'development\' word in contributing docs * Fixed #29055 -- Doc\'d that escapejs doesn\'t make template literals safe. * Fixed #29016 -- Fixed incorrect foreign key nullification on related instance deletion. * Fixed grammar in docs/releases/2.0.txt. * Fixed #29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn\'t accept a request but a later one does. * Fixed #28944 -- Fixed crash when chaining values()/values_list() after QuerySet.select_for_update(of=()). * Fixed #29091 -- Fixed makemigrations crash if migrations directory doesn\'t have __init__.py. * Fixed #28898 -- Corrected admin check to allow a OneToOneField in ModelAdmin.autocomplete_fields. * Fixed #28896 -- Reallowed filtering a queryset with GeometryField=None. * Fixed #28891 -- Documented Origin\'s loader attribute. * Confirmed support for PostGIS 2.4. * Wrapped an import per isort. * Added release date for 2.0.1 and 1.11.9. * Fixed #28884 -- Fixed crash on SQLite when renaming a field in a model referenced by a ManyToManyField. * Fixed \"template tag\" spelling in docs. * Fixed #28947 -- Fixed crash when coercing a translatable URL pattern to str. * Fixed typo in docs/topics/i18n/translation.txt. * Refs #28932 -- Skipped the failing test for refs #28915 on Oracle. * Refs #25181 -- Updated timezone.now() docs about obtaining the time in the current time zone. * Updated documented mysqlclient requirement to 1.3.7. * Fixed #28885 -- Fixed hidden content at the bottom of the \"The install worked successfully!\" page for some languages. * Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs. * Fixed #29067 -- Fixed regression in QuerySet.values_list(..., flat=True) followed by annotate(). * Removed note in tutorial about bypassing manage.py. * Fixed #28929 -- Corrected QUnit examples. * Refs #28958 -- Added a test for ModelAdmin with query expressions in ordering. * Updated various links in docs to use HTTPS. * Expanded docs for AbstractBaseUser.has_usable_password(). * Fixed #29017 -- Updated BaseCommand.leave_locale_alone doc per refs #24073. * Doc\'d specifying the ENGINE setting as part of configuring contrib.gis. * Added stub release notes for 1.11.10. * Fixed #28881 -- Doc\'d that CommonPasswordValidator\'s password list must be lowercase. * Fixed #28784 -- Clarified how migrate --fake works. * Fixed typo in docs/ref/models/expressions.txt. * Fixed #29094 -- Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields. * Refs #28876 -- Fixed incorrect foreign key constraint name for models with quoted db_table. * Bumped version for 2.0.1 release. * Fixed #25277 -- Restored test dependency to the original python-memcached. * Fixed #28761 -- Documented how an inline formset\'s prefix works. * Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI. * Fixed #28966 -- Doc\'d that the uuid URL path converter requires dashes * Fixed #29054 -- Fixed a regression where a queryset that annotates with geometry objects crashes. * Reverted \"[1.11.x] Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI.\" * Added \"Python 3 Only\" trove classifier. * Fixed #28941 -- Fixed crash in testserver command startup. * Fixed import in docs/ref/models/conditional-expressions.txt example. * Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. * Fixed #28594 -- Removed Jython docs and specific code * Renamed the \"Supported versions\" label. * Fixed #28878 -- Added python_requires in setup.py and a warning for older pips that don\'t recognize it. * Fixed typo in docs/ref/contrib/admin/index.txt. * Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI. * Added stub release notes for 2.0.2. * Fixed #28938 -- Corrected Python compatibility in the tutorial. * Fixed #28890 -- Removed newlines between MultiWidget\'s subwidgets.
|
|
|