Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2015-01-14 11:45:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-Django" Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2015-01-12 09:50:08.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new/python-Django.changes 2015-01-14 11:46:07.000000000 +0100 @@ -1,0 +2,24 @@ +Wed Jan 14 07:57:46 UTC 2015 - mcihar@suse.cz + +- Update to Django 1.7.3: + Security fixes: + * WSGI header spoofing via underscore/dash conflation. + * Mitigated possible XSS attack via user-supplied redirect URLs. + * Denial-of-service attack against django.views.static.serve. + * Database denial-of-service with ModelMultipleChoiceField. + Bug fixes: + * The default iteration count for the PBKDF2 password hasher has been + increased by 25%. This part of the normal major release process was + inadvertently omitted in 1.7. This backwards compatible change will not + affect users who have subclassed + django.contrib.auth.hashers.PBKDF2PasswordHasher to change the default + value. + * Fixed a crash in the CSRF middleware when handling non-ASCII referer + header (#23815). + * Fixed a crash in the django.contrib.auth.redirect_to_login view when + passing a reverse_lazy() result on Python 3 (#24097). + * Added correct formats for Greek (el) (#23967). + * Fixed a migration crash when unapplying a migration where multiple + operations interact with the same model (#24110). + +------------------------------------------------------------------- Old: ---- Django-1.7.2.checksum.txt Django-1.7.2.tar.gz New: ---- Django-1.7.3.checksum.txt Django-1.7.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.Sew7c4/_old 2015-01-14 11:46:08.000000000 +0100 +++ /var/tmp/diff_new_pack.Sew7c4/_new 2015-01-14 11:46:08.000000000 +0100 @@ -17,7 +17,7 @@ Name: python-Django -Version: 1.7.2 +Version: 1.7.3 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-1.7.2.checksum.txt -> Django-1.7.3.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-1.7.2.checksum.txt 2015-01-08 23:03:17.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new/Django-1.7.3.checksum.txt 2015-01-14 11:46:07.000000000 +0100 @@ -2,14 +2,14 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball of Django 1.7.2, released January 2, 2015. +tarball of Django 1.7.3, released January 13, 2015. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring; this key has the ID ``1E8ABDC773EDE252`` and can be imported from the MIT keyserver. For example, if using the open-source GNU Privacy Guard -implementation of PGP:: +implementation of PGP: gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252 @@ -22,42 +22,42 @@ package and compare them to the checksums listed below. Release packages: -================ +================= -Django 1.7.2 (tar.gz): https://www.djangoproject.com/m/releases/1.7/Django-1.7.2.tar.gz -Django 1.7.2 (.whl): https://www.djangoproject.com/m/releases/1.7/Django-1.7.2-py2.py3-none-any.w... +Django 1.7.3 (tar.tgz): https://www.djangoproject.com/m/releases/1.7/Django-1.7.3.tar.gz +Django 1.7.3 (.whl): https://www.djangoproject.com/m/releases/1.7/Django-1.7.3-py2.py3-none-any.w... -MD5 checksum: -============= +MD5 checksums: +============== -MD5(Django-1.7.2.tar.gz)= 855a53a9a5581c62b6031c9b3bd80ec5 -MD5(Django-1.7.2-py2.py3-none-any.whl)= b57f9a2dec214b60e338aa80fb902936 +bd24beec81e161d30ad925aef9d23e57 Django-1.7.3-py2.py3-none-any.whl +ea9a3fe7eca2280b233938a98c4a35a0 Django-1.7.3.tar.gz -SHA1 checksum: -============== +SHA1 checksums: +=============== -SHA1(Django-1.7.2.tar.gz)= 142168eef96423d3586d9bd99ca9b3c8d6ae652a -SHA1(Django-1.7.2-py2.py3-none-any.whl)= b259a071161566a5797af26aa446f9cf127849ce +74a977b77880818335cf6ff3ae8d5d28bfadaaf6 Django-1.7.3-py2.py3-none-any.whl +2577e8e40999f5120b091c17e8cabfb518917ca2 Django-1.7.3.tar.gz -SHA256 checksum: -================ +SHA256 checksums: +================= -SHA256(Django-1.7.2.tar.gz)= 31c6c3c229f8c04b3be87e6afc3492903b57ec8f1188a47b6ae160d90cf653c8 -SHA256(Django-1.7.2-py2.py3-none-any.whl)= b22871edc9ddf3e57b18989c3c7e9174b4c168dc7b8dbe3f31d4101a73bf2006 +72edd47b55ae748d29f1a71d5ca4b86e785c9fb974407cf242b3168e6f1b177e Django-1.7.3-py2.py3-none-any.whl +f226fb8aa438456968d403f6739de1cf2dad128db86f66ee2b41dfebe3645c5b Django-1.7.3.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 -iQIcBAEBCAAGBQJUp0TWAAoJEB6Kvcdz7eJS3P8P/i8ffgRtwTaR/DgYMOa8IR9f -NRe5hSq2BgS2kxjOBapXkFvR/Zin8OGby9fi7Cv2bvRko1nokXfI+3M0IxjrgnO8 -7WjYtqvL/3HrI6L+81mEzJdWR2kuX28qcEBMTcjplgLvzCKf21Ptvs/+E4sTyQVu -9kIO8K+tPvG5k9oYJgmZmmC9YY7ipvPzX7MUI9NB2kMVvT3yUvZLZ4IIaC+qecZo -UHbGhfk1152mqtgVcsOtQEZOSY7KTdXFhgreWd1R9bVzHCjUdSb/PA/ygHTd/cD/ -VusiqilD0SqJqNMDpAFJNhBnjCu9bHjuolUk4fjK+lTR8ADLIXeXPGvA8j2QALlI -k2AicDH4UjqxV3r8QdWxOlSdoQkEt5jv4LhjxjbyFBmFLrtKEWEsmRZw8gj6HbqP -z4iX11KaRHiEhNiWwj/iZl84+1KiesQjJFAJQy9Y8k1Hb1qaDh/QT5OSRGIJQAMc -hHlL8jCHsQRoieRulMw/jMitWBEAcy4otkQyI/grC0t2QXXIMskFy/Xgs+d5IozH -TCTn7kinjBlGurP3Zg0q7bKZEqlvbD3qxmdr7Q8GIwHrQTcztKQSsyLRGLw75e3F -s9/yk+cSF5D6BQ7W7prgfQdW01h8fyXGXDYgrE/2u5hDdabYZptBv15bDP6bazh+ -a42qx2m55ko80vcwgooa -=9WtV +iQIbBAEBCAAGBQJUtWTMAAoJEB6Kvcdz7eJSrX0P91/cNLe5oISzWH/viWQpj3C7 +khbTl61sRakbx45mEqhW6GJqNxJwsyZuVDzL8sxXGvyRqRsLE2nd5stM2xHqXxMN +vZJUYeyUCBaH1ozCzhvA4k8mXSX7twy6puYKgk0FcuMbgFepkuqnqep6cryAmgOk +5tcTgxwF/bxUZ7YGa3AdQsIvLU6rGLupDIqMmG+8W94VwKg2+PhOEAv3iB6e1DxA +aOKI/leMbkxF3eG4HnvPTdO80cM63Sp+654Kj9d+Q94nMQY/pAp5q6j9lCxZFwYj +eak/joly9UZwlRMO1HeV8jCzcq/7xDe4OIQR1o2YY1hWK89yA1I1fT4TQTTlbBk3 +lPKrdkSxievYy7Ggs0+3f4534A5g3I05sd/w5R68L6QuXxZt/yZDQzpxkdE+bT4D +ZO0nVc3fZ0qlmTJIohtHjKK6MBcG9igAWz7VYmr/iDeUCdK1Y/b1TN+i4pmth2tX +NJJw9c0bev/A4+Qe1WCRodqd9Ipcs4MLKJMzIho75rhOLfUyC8JQWrISqSNc9PmQ +lj7sITcASQL7T55CdNalB1XRZig/Il0Qhoil7Mwae7/gwqz9IHMlW1VDntfaCdTN +83Nm80mDhgdm0i0lJHbUmlNAAgYT3W0mEyH3+5uep0PNn02ZhTTTPL7wzfZmCs+N +7PWSYlGP8/4JjD65yqw= +=/LA8 -----END PGP SIGNATURE----- ++++++ Django-1.7.2.tar.gz -> Django-1.7.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/Django-1.7.2.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new/Django-1.7.3.tar.gz differ: char 5, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org