SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python310-Django-4.0.5-qubes.6.6.noarch.rpm :

* Thu Jun 02 2022 Alberto Planas Dominguez - Update to 4.0.5 + Fixed a bug in Django 4.0 where not all OPTIONS were passed to a Redis client + Fixed a bug in Django 4.0 that caused a crash of QuerySet.filter() on IsNull() expressions + Fixed a bug in Django 4.0 where a hidden quick filter toolbar in the admin’s navigation sidebar was focusable
* Mon Apr 11 2022 Alberto Planas Dominguez - Update to 4.0.4 + CVE-2022-28346: Potential SQL injection in \"QuerySet.annotate()\", \"aggregate()\", and \"extra()\" + CVE-2022-28347: Potential SQL injection via \"QuerySet.explain(
*
*options)\" on PostgreSQL
* Tue Mar 01 2022 Alberto Planas Dominguez - Update to 4.0.3 + Prevented, following a regression in Django 4.0.1, makemigrations from generating infinite migrations for a model with ManyToManyField to a lowercased swappable model such as \'auth.user\' + Fixed a regression in Django 4.0 that caused a crash when rendering invalid inlines with readonly_fields in the admin
* Tue Feb 01 2022 Alberto Planas Dominguez - Update to 4.0.2 (CVE-2022-22818, bsc#1195086) (CVE-2022-23833, bsc#1195088) + CVE-2022-22818: Possible XSS via {% debug %} template tag + CVE-2022-23833: Denial-of-service possibility in file uploads + Fixed a bug in Django 4.0 where TestCase.captureOnCommitCallbacks() could execute callbacks multiple times + Fixed a regression in Django 4.0 where help_text was HTML-escaped in automatically-generated forms + Fixed a regression in Django 4.0 that caused displaying an incorrect name for class-based views on the technical 404 debug page + Fixed a regression in Django 4.0 that caused an incorrect repr of ResolverMatch for class-based views + Fixed a regression in Django 4.0 that caused a crash of makemigrations on models without Meta.order_with_respect_to but with a field named _order + Fixed a regression in Django 4.0 that caused incorrect ModelAdmin.radio_fields layout in the admin + Fixed a duplicate operation regression in Django 4.0 that caused a migration crash when altering a primary key type for a concrete parent model referenced by a foreign key + Fixed a bug in Django 4.0 that caused a crash of QuerySet.aggregate() after annotate() on an aggregate function with a default + Fixed a regression in Django 4.0 that caused a crash of makemigrations when renaming a field of a renamed model
* Wed Jan 12 2022 Matej Cepl - Add fix_test_custom_fields_SQLite.patch fixing issues with modern SQLite (gh#django/django#15168).
* Mon Jan 10 2022 Alberto Planas Dominguez - Update to 4.0.1 (CVE-2021-45115, CVE-2021-45452, bsc#1194117) + CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator + CVE-2021-45452: Potential directory-traversal via Storage.save() + Fixed a regression in Django 4.0 that caused a crash of assertFormsetError() on a formset named form + Fixed a bug in Django 4.0 that caused a crash on booleans with the RedisCache backend + Relaxed the check added in Django 4.0 to reallow use of a duck-typed HttpRequest in django.views.decorators.cache.cache_control() and never_cache() decorators + Fixed a regression in Django 4.0 that caused creating bogus migrations for models that reference swappable models such as auth.User + Fixed a long standing bug in Geometry Collections and Polygon that caused a crash on some platforms (reported on macOS based on the ARM64 architecture)
* Mon Dec 27 2021 Ben Greiner - Fix u-a scriptlet dependency.- Remove python36 conditional on numpy dep.
* Fri Dec 24 2021 John Vandenberg - Avoid dependency on backports.zoneinfo except on Python 3.8
* Mon Dec 20 2021 Matej Cepl - Clean up PYTHONPATH to make test_extra_tests_build_suite pass.
* Tue Dec 07 2021 Alberto Planas Dominguez - Update to 4.0 This is just a summary. Full release notes are available at https://docs.djangoproject.com/en/4.0/releases/4.0/. - Django 4.0 supports Python 3.8, 3.9, and 3.10. We highly recommend and only officially support the latest release of each series. The Django 3.2.x series is the last to support Python 3.6 and 3.7. - The Python standard library’s zoneinfo is now the default timezone implementation in Django. This is the next step in the migration from using pytz to using zoneinfo. Django 3.2 allowed the use of non-pytz time zones. Django 4.0 makes zoneinfo the default implementation. Support for pytz is now deprecated and will be removed in Django 5.0. - The new
*expressions positional argument of UniqueConstraint() enables creating functional unique constraints on expressions and database functions. - The new scrypt password hasher is more secure and recommended over PBKDF2. However, it’s not the default as it requires OpenSSL 1.1+ and more memory. - Redis cache backend - Template based form rendering. Forms, Formsets, and ErrorList are now rendered using the template engine to enhance customization.
* Tue Nov 02 2021 Alberto Planas Dominguez - Update to 3.2.9 + Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering a field with a functional index
* Tue Oct 05 2021 Alberto Planas Dominguez - Update to 3.2.8 + Fixed a bug in Django 3.2 that caused incorrect links on read-only fields in the admin + Fixed a regression in Django 3.2 that caused incorrect selection of items across all pages when actions were placed both on the top and bottom of the admin change-list view- Drop failing_test_subparser_invalid_option.patch, as is already in the upstream code.
* Thu Sep 09 2021 Matej Cepl - Add failing_test_subparser_invalid_option.patch fixing https://code.djangoproject.com/ticket/33082
* Wed Sep 01 2021 Alberto Planas Dominguez - Update to 3.2.7 + Fixed a regression in Django 3.2 that caused the incorrect offset extraction from fixed offset timezones
* Mon Aug 16 2021 Alberto Planas Dominguez - Update to 3.2.6 + Fixed a regression in Django 3.2 that caused a crash validating \"NaN\" input with a forms.DecimalField when additional constraints, e.g. max_value, were specified + Fixed a bug in Django 3.2 where a system check would crash on a model with a reverse many-to-many relation inherited from a parent class
* Thu Jul 01 2021 Alberto Planas Dominguez - Update to 3.2.5 (CVE-2021-35042, bsc#1187785) + Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(..., named=True) after prefetch_related() + Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable + Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value + Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label
* Wed Jun 02 2021 Alberto Planas Dominguez - Update to 3.2.4 (CVE-2021-33203, CVE-2021-33571) + CVE-2021-33203: Potential directory traversal via admindocs + CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses + Fixed a bug in Django 3.2 where a final catch-all view in the admin didn’t respect the server-provided value of SCRIPT_NAME when redirecting unauthenticated users to the login page + Fixed a bug in Django 3.2 where a system check would crash on an abstract model + Prevented unnecessary initialization of unused caches following a regression in Django 3.2 + Fixed a crash in Django 3.2 that could occur when running mod_wsgi with the recommended settings while the Windows colorama library was installed + Fixed a bug in Django 3.2 that would trigger the auto-reloader for template changes when directory paths were specified with strings + Fixed a regression in Django 3.2 that caused a crash of auto-reloader with AttributeError, e.g. inside a Conda environment + Fixed a regression in Django 3.2 that caused a loss of precision for operations with DecimalField on MySQL
* Mon May 17 2021 Alberto Planas Dominguez - Update to 3.2.3 + Prepared for mysqlclient > 2.0.3 support + Fixed a regression in Django 3.2 that caused the incorrect filtering of querysets combined with the | operator + Fixed a regression in Django 3.2.1 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path
* Thu May 06 2021 Alberto Planas Dominguez - Update to 3.2.2 (CVE-2021-32052) + CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ + Prevented, following a regression in Django 3.2.1, makemigrations from generating infinite migrations for a model with Meta.ordering contained OrderBy expressions
* Wed May 05 2021 Ben Greiner - Keep rpm runtime requirements in sync. Downstream packages often read the egg-info and fail if they are not fulfilled.
* Wed May 05 2021 Alberto Planas Dominguez - Update to 3.2.1 (CVE-2021-31542) + CVE-2021-31542: Potential directory-traversal via uploaded files + Corrected detection of GDAL 3.2 on Windows + Fixed a bug in Django 3.2 where subclasses of BigAutoField and SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting + Fixed a regression in Django 3.2 that caused a crash of QuerySet.values()/values_list() after QuerySet.union(), intersection(), and difference() when it was ordered by an unannotated field + Restored, following a regression in Django 3.2, displaying an exception message on the technical 404 debug page + Fixed a bug in Django 3.2 where a system check would crash on a reverse one-to-one relationships in CheckConstraint.check or UniqueConstraint.condition + Fixed a regression in Django 3.2 that caused a crash of ModelAdmin.search_fields when searching against phrases with unbalanced quotes + Fixed a bug in Django 3.2 where variable lookup errors were logged rendering the sitemap template if alternates were not defined + Fixed a regression in Django 3.2 that caused a crash when combining Q() objects which contains boolean expressions + Fixed a regression in Django 3.2 that caused a crash of QuerySet.update() on a queryset ordered by inherited or joined fields on MySQL and MariaDB + Fixed a regression in Django 3.2 that caused a crash when decoding a cookie value, used by django.contrib.messages.storage.cookie.CookieStorage, in the pre-Django 3.2 format + Fixed a regression in Django 3.2 that stopped the shift-key modifier selecting multiple rows in the admin changelist + Fixed a bug in Django 3.2 where a system check would crash on the STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path) + Fixed a long standing bug involving queryset bitwise combination when used with subqueries that began manifesting in Django 3.2, due to a separate fix using Exists to exclude() multi-valued relationships + Fixed a bug in Django 3.2 where variable lookup errors were logged when rendering some admin templates + Fixed a bug in Django 3.2 where an admin changelist would crash when deleting objects filtered against multi-valued relationships + Fixed a regression in Django 3.2 where the calling process environment would not be passed to the dbshell command on PostgreSQL + Fixed a performance regression in Django 3.2 when building complex filters with subqueries
* Tue Apr 06 2021 Alberto Planas Dominguez - Update to 3.2.0 + Automatic ~django.apps.AppConfig discovery + Customizing type of auto-created primary keys + Functional indexes + pymemcache support + New decorators for the admin site + For a complete description of new features check: https://github.com/django/django/blob/main/docs/releases/3.2.txt- Update PYTHOPATH to include the local tests- Drop i18n_test.patch, i18n_test_extraction.patch, test_clear_site_cache-sort.patch
* Sat Feb 13 2021 Ben Greiner - Don\'t install python36-numpy for testing. It is no longer available. (The tests or portions of tests requiring numpy are skipped automatically in this case.)- Let the singlespec macro do its job to set the primary provider for python3-django and python3-South on the primary flavor only.- Fix mtime of cache file by recompiling.
* Wed Dec 09 2020 Ondřej Súkup - Update to 3.1.4
* Fixed setting the Content-Length HTTP header in AsyncRequestFactory
* Fixed passing extra HTTP headers to AsyncRequestFactory request methods
* Fixed crash of key transforms for JSONField on PostgreSQL when usingi on a Subquery() annotation
* Fixed a regression in Django 3.1 that caused the incorrect grouping by a Q object annotation
* Fixed a regression in Django 3.1 that caused suppressing connection errors when JSONField is used on SQLite
* Fixed a crash on SQLite, when QuerySet.values()/values_list() contained key transforms for JSONField returning non-string primitive values
* Mon Nov 02 2020 Ondřej Súkup - Update to 3.1.3
* Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin changelist search bar
* Fixed a regression in Django 3.1.2 that caused the incorrect width of the admin changelist search bar on a filtered page
* Fixed displaying Unicode characters in forms.JSONField and read-only models.JSONField values in the admin
* Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg with ordering on key transforms for JSONField
* Fixed a regression in Django 3.1 that caused a crash of __in lookup when using key transforms for JSONField in the lookup value
* Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with key transforms for JSONField
* Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL when adding an ExclusionConstraint with key transforms for JSONField in expressions
* Fixed a regression in Django 3.1 where ProtectedError.protected_objects and RestrictedError.restricted_objects attributes returned iterators instead of set of objects
* Fixed a regression in Django 3.1.2 that caused incorrect form input layout on small screens in the admin change form view
* Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset tokens
* Added support for asgiref 3.3
* Fixed a regression in Django 3.1 that caused incorrect textarea layout on medium-sized screens in the admin change form view with the sidebar open
* Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases in the GROUP BY clause
* Fixed a bug in Django 3.1 where FileField instances with a callable storage were not correctly deconstructed
* Fixed a regression in Django 3.1 where the QuerySet.ordered attribute returned incorrectly True for GROUP BY queries (e.g. .annotate().values()) on models with Meta.ordering. A model’s Meta.ordering doesn’t affect such queries
* Fixed a regression in Django 3.1 where a queryset would crash if it contained an aggregation and a Q object annotation
* Fixed a bug in Django 3.1 where a test database was not synced during creation when using the MIGRATE test database setting
* Fixed a django.contrib.admin.EmptyFieldListFilter crash when using on a GenericRelation
* Fixed a regression in Django 3.1.1 where the admin changelist filter sidebar would not scroll for a long list of available filters
* Wed Sep 09 2020 Marketa Calabkova - Update to 3.1.1
* CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
* CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+
* Fixed a data loss possibility in the select_for_update(). When using related fields pointing to a proxy model in the of argument, the corresponding model was not locked
* Fixed a regression in Django 3.1 that caused a crash when decoding an invalid session data
* Fixed __in lookup on key transforms for JSONField with MariaDB, MySQL, Oracle, and SQLite
* Fixed a regression in Django 3.1 that caused permission errors in CommonPasswordValidator and settings.py
* Wed Sep 09 2020 John Vandenberg - Require asgiref >= 3.2.10 per upstream
* Tue Aug 11 2020 Alberto Planas Dominguez - Update to 3.1
* Asynchronous views and middleware support
* JSONField for all supported database backends
* DEFAULT_HASHING_ALGORITHM settings¶
* Read https://docs.djangoproject.com/en/3.1/releases/3.1/- Drop fix-selenium-test.patch. Already upstream.- Add i18n_test_extraction.patch to support xgettext 0.21
* Thu Aug 06 2020 Ondřej Súkup - update to 3.0.9
* Allowed setting the SameSite cookie flag in HttpResponse.delete_cookie()
* Fixed crash when sending emails to addresses with display names longer than 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+
* Wed Jul 08 2020 Ondřej Súkup - update to 3.0.8
* Fixed messages of InvalidCacheKey exceptions and CacheKeyWarning warnings raised by cache key validation
* Fixed a regression in Django 3.0.7 that caused a queryset crash when grouping by a many-to-one relationship
* Reallowed, following a regression in Django 3.0, non-expressions having a filterable attribute to be used as the right-hand side in queryset filters
* Fixed a regression in Django 3.0.2 that caused a migration crash on PostgreSQL when adding a foreign key to a model with a namespaced db_table
* Added compatibility for cx_Oracle 8
* Thu Jun 04 2020 Ondřej Súkup - update to 3.0.7- drop 32bit.patch
* boo#1172167 - CVE-2020-13254: Potential data leakage via malformed memcached keys
* boo#1172167 - CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget
* many other bugfixes
* Thu Apr 30 2020 Tomáš Chvátal - Add patch to fix the 32bit build:
* 32bit.patch
* Thu Apr 23 2020 Marcus Rueckert - Update to 3.0.5 https://docs.djangoproject.com/en/3.0/releases/3.0.5/ https://docs.djangoproject.com/en/3.0/releases/3.0.4/ https://docs.djangoproject.com/en/3.0/releases/3.0.3/ https://docs.djangoproject.com/en/3.0/releases/3.0.2/ https://docs.djangoproject.com/en/3.0/releases/3.0.1/ https://docs.djangoproject.com/en/3.0/releases/3.0/- new dependency: python-asgiref
* Fri Apr 03 2020 Tomáš Chvátal - Update to 2.2.12:
* Added the ability to handle .po files containing different plural equations for the same language (#30439).
* Wed Mar 18 2020 Ondřej Súkup - update to 2.2.11
* fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle
* Tue Feb 04 2020 Ondřej Súkup - update to 2.2.10- drop pyyaml53.patch
* fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)``
* Wed Jan 15 2020 Ondřej Súkup - add pyyaml53.patch - fix tests with PyYAML 5.3
* Sun Dec 29 2019 Ondřej Súkup - Update to 2.2.9
* CVE-2019-19844: Potential account hijack via password reset form (bsc#1159447)
* Fixed a data loss possibility in SplitArrayField.
* Mon Dec 02 2019 Alberto Planas Dominguez - Update to 2.2.8
* CVE-2019-19118: Privilege escalation in the Django admin (boo#1157705)
* Fixed a data loss possibility in the admin changelist view when a custom formset’s prefix contains regular expression special characters, e.g. \'$\'
* Fixed a regression in Django 2.2.1 that caused a crash when migrating permissions for proxy models with a multiple database setup if the default entry was empty
* Fixed a data loss possibility in the select_for_update(). When using \'self\' in the of argument with multi-table inheritance, a parent model was locked instead of the queryset’s model- Add patch fix-selenium-test.patch to fix a test when selenium is missing
* Fri Nov 15 2019 Tomáš Chvátal - Update to 2.2.7:
* Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826).
* Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870).
* Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903).
* Restored the ability to override get_FOO_display() (#30931).
* Fri Nov 15 2019 Tomáš Chvátal - Require full python interpreter on build and runtime
* Mon Oct 07 2019 Tomáš Chvátal - Update to 2.2.6:
* Fixed migrations crash on SQLite when altering a model containing partial indexes (#30754).
* Fixed a regression in Django 2.2.4 that caused a crash when filtering with a Subquery() annotation of a queryset containing JSONField or HStoreField (#30769).
* Mon Sep 16 2019 Tomáš Chvátal - Update to 2.2.5:
* Relaxed the system check added in Django 2.2 for models to reallow use of the same db_table by multiple models when database routers are installed (#30673).
* Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672).
* Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign objects don’t respect a model’s Meta.ordering (#30449).
* Fixed a race condition in loading URLconf module that could cause a crash of auto-reloader on Python 3.5 and below (#30500).
* Thu Aug 01 2019 Tomáš Chvátal - Update to 2.2.4:
* CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
* Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters (\'\\x00\') (#30506).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).
* Thu Jul 18 2019 Tomáš Chvátal - Update to 2.2.3:
* CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶
* Mon Jun 03 2019 Ondřej Súkup - update to 2.2.2
* Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468)
* Fixes CVE-2019-11358: Prototype pollution
* Tue May 07 2019 Tomáš Chvátal - Update keyring file
* Mon May 06 2019 Alberto Planas Dominguez - Update to 2.2.1
* Fixed a regression in Django 2.1 that caused the incorrect quoting of database user password when using dbshell on Oracle (#30307).
* Added compatibility for psycopg2 2.8 (#30331).
* Fixed a regression in Django 2.2 that caused a crash when loading the template for the technical 500 debug page (#30324).
* Fixed crash of ordering argument in ArrayAgg and StringAgg when it contains an expression with params (#30332).
* Fixed a regression in Django 2.2 that caused a single instance fast-delete to not set the primary key to None (#30330).
* Prevented makemigrations from generating infinite migrations for check constraints and partial indexes when condition contains a range object (#30350). Reverted an optimization in Django 2.2 (#29725) that caused the inconsistent behavior of count() and exists() on a reverse many-to-many relationship with a custom manager (#30325).
* Fixed a regression in Django 2.2 where Paginator crashes if object_list is a queryset ordered or aggregated over a nested JSONField key transform (#30335).
* Fixed a regression in Django 2.2 where IntegerField validation of database limits crashes if limit_value attribute in a custom validator is callable (#30328).
* Fixed a regression in Django 2.2 where SearchVector generates SQL that is not indexable (#30385).
* Fixed a regression in Django 2.2 that caused an exception to be raised when a custom error handler could not be imported (#30318).
* Relaxed the system check added in Django 2.2 for the admin app’s dependencies to reallow use of SessionMiddleware subclasses, rather than requiring django.contrib.sessions to be in INSTALLED_APPS (#30312).
* Increased the default timeout when using Watchman to 5 seconds to prevent falling back to StatReloader on larger projects and made it customizable via the DJANGO_WATCHMAN_TIMEOUT environment variable (#30361).
* Fixed a regression in Django 2.2 that caused a crash when migrating permissions for proxy models if the target permissions already existed. For example, when a permission had been created manually or a model had been migrated from concrete to proxy (#30351).
* Fixed a regression in Django 2.2 that caused a crash of runserver when URLConf modules raised exceptions (#30323).
* Fixed a regression in Django 2.2 where changes were not reliably detected by auto-reloader when using StatReloader (#30323).
* Fixed a migration crash on Oracle and PostgreSQL when adding a check constraint with a contains, startswith, or endswith lookup (or their case-insensitive variant) (#30408).
* Fixed a migration crash on Oracle and SQLite when adding a check constraint with condition contains | (OR) operator (#30412).
* Wed Apr 10 2019 John Vandenberg - Add test_clear_site_cache-sort.patch to workaround flaky test- Add bcond_with for selenium and memcached, as those tests are inactive, and add missing dependencies and setup for selenium testing- Move removal of executable bit from a JavaScript file to %prep- Fix fdupes
* Wed Apr 03 2019 Ondřej Súkup - update to 2.2- drop pyyaml5.patch- add i18n_test.patch
* HttpRequest.headers to allow simple access to a request’s headers.
* Database-level constraints on models.
* Watchman compatibility for runserver to improve the performance
* Sat Mar 23 2019 Tomáš Chvátal - Add patch to build with PyYAML >5:
* pyyaml5.patch
* Tue Feb 12 2019 Thomas Bechtold - update to 2.1.7 (CVE-2019-6975, bsc#1124991):
* Corrected packaging error from 2.1.6
* Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to \'{:f}\'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation.
* Made the obj argument of InlineModelAdmin.has_add_permission() optional to restore backwards compatibility with third-party code that doesn’t provide it
* Thu Jan 10 2019 Thomas Bechtold - update to 2.1.5 (CVE-2019-3498, bsc#1120932):
* CVE-2019-3498: Content spoofing possibility in the default 404 page
* Fixed compatibility with mysqlclient 1.3.14 (#30013).
* Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and rebuild your SQLite database if you applied a migration while using an older version of Django with SQLite 3.26 or later (#29182).
* Prevented SQLite schema alterations while foreign key checks are enabled to avoid the possibility of schema corruption (#30023).
* Fixed a regression in Django 2.1.4 (which enabled keep-alive connections) where request body data isn’t properly consumed for such connections (#30015).
* Fixed a regression in Django 2.1.4 where InlineModelAdmin.has_change_permission() is incorrectly called with a non-None obj argument during an object add (#30050).
  
ICM