[Python-modules-commits] [python-django] 06/19: Import python-django_1.7.7-1%2Bdeb8u2.dsc

Luke Faraone lfaraone at moszumanska.debian.org
Thu Jul 21 02:34:40 UTC 2016


This is an automated email from the git hooks/post-receive script.

lfaraone pushed a commit to branch debian/jessie
in repository python-django.

commit addba51ebbc19ea00ed09359df0e677515020ac6
Author: Luke W Faraone <lfaraone at debian.org>
Date:   Thu Jul 21 04:33:04 2016 +0200

    Import python-django_1.7.7-1%2Bdeb8u2.dsc
---
 debian/changelog                                   | 1047 ++++++++++++++++++++
 debian/compat                                      |    1 +
 debian/contrib/default                             |   16 +
 debian/contrib/initscript                          |  131 +++
 debian/contrib/migrate-south                       |   14 +
 debian/control                                     |  121 +++
 debian/copyright                                   |  312 ++++++
 debian/django-admin                                |   23 +
 debian/gbp.conf                                    |    3 +
 .../patches/02_disable-sources-in-sphinxdoc.diff   |   23 +
 debian/patches/03_manpage.diff                     |   23 +
 .../06_use_debian_geoip_database_as_default.diff   |   60 ++
 debian/patches/newlines-1.7.x.diff                 |  149 +++
 debian/patches/series                              |    6 +
 debian/patches/session-1.7.x.diff                  |  155 +++
 debian/patches/session-store-1.7.x.diff            |  246 +++++
 debian/python-django-common.install                |    2 +
 debian/python-django-common.lintian-overrides      |    5 +
 debian/python-django-common.manpages               |    1 +
 debian/python-django-doc.doc-base                  |   19 +
 debian/python-django-doc.docs                      |    1 +
 debian/python-django-doc.examples                  |    1 +
 debian/python-django.NEWS                          |   24 +
 debian/python-django.README.Debian                 |  178 ++++
 debian/python-django.docs                          |    2 +
 debian/python-django.examples                      |    1 +
 debian/rules                                       |   94 ++
 debian/source/format                               |    1 +
 debian/watch                                       |    3 +
 29 files changed, 2662 insertions(+)

diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..a127191
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,1047 @@
+python-django (1.7.7-1+deb8u2) jessie-security; urgency=medium
+
+  * SECURITY UPDATE:
+    - CVE-2015-5963: Possible denial-of-service via logout()
+
+ -- Luke Faraone <lfaraone at debian.org>  Tue, 18 Aug 2015 04:51:04 +0000
+
+python-django (1.7.7-1+deb8u1) jessie-security; urgency=high
+
+  * SECURITY UPDATE:
+    - CVE-2015-5143: possible denial-of-service via session store
+    - CVE-2015-5144: email header injection via newlines
+
+ -- Luke Faraone <lfaraone at debian.org>  Tue, 07 Jul 2015 05:07:10 +0000
+
+python-django (1.7.7-1) unstable; urgency=high
+
+  * New upstream security and bugfix release:
+    https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
+    It fixes:
+    - CVE-2015-2317: possible XSS attack via user-supplied redirect URLs
+      Closes: #780873
+    - CVE-2015-2316: Denial-of-service possibility with strip_tags()
+      Closes: #780874
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 23 Mar 2015 20:41:13 +0100
+
+python-django (1.7.6-1) unstable; urgency=high
+
+  * New upstream security release:
+    https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
+  * Fixes CVE-2015-2241: XSS attack via properties in
+    ModelAdmin.readonly_fields
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 09 Mar 2015 21:40:34 +0100
+
+python-django (1.7.5-1) unstable; urgency=medium
+
+  [ Chris Lamb ]
+  * Remove myself from Uploaders.
+
+  [ Raphaël Hertzog ]
+  * New upstream bugfix release:
+    https://docs.djangoproject.com/en/1.7/releases/1.7.5/
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Fri, 06 Mar 2015 21:13:54 +0100
+
+python-django (1.7.4-1) unstable; urgency=medium
+
+  * Release to unstable and hopefully to Jessie too.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 09 Feb 2015 10:39:15 +0100
+
+python-django (1.7.4-1~exp1) experimental; urgency=medium
+
+  * New upstream bugfix release.
+  * Drop fix-24193-python34-test-failure.diff, merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 28 Jan 2015 09:38:24 +0100
+
+python-django (1.7.3-1~exp1) experimental; urgency=high
+
+  [ Luke Faraone ]
+  * New upstream security release.
+    - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219)
+    - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220)
+    - DoS attack against django.views.static.serve (CVE-2015-0221)
+    - Database DoS with ModelMultipleChoiceField (CVE-2015-0222)
+    Closes: #775375
+
+  [ Raphaël Hertzog ]
+  * Add patch fix-24193-python34-test-failure.diff to fix a test failure with
+    Python3.4.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 21 Jan 2015 09:56:19 +0100
+
+python-django (1.7.2-1) experimental; urgency=medium
+
+  [ Raphaël Hertzog ]
+  * Add geoip-database-extra as an alternative to geoip-database-contrib.
+
+  [ Brian May ]
+  * New upstream version.
+
+ -- Brian May <bam at debian.org>  Mon, 05 Jan 2015 13:57:16 +1100
+
+python-django (1.7.1-1) unstable; urgency=medium
+
+  [ Raphaël Hertzog ]
+  * New upstream bugfix release.
+  * Drop 01_fix_test_loaddata_not_existant_fixture_file.patch, merged
+    upstream.
+  * Update Standards-Version to 3.9.6.
+  * Add lintian overrides for package-contains-timestamped-gzip (false
+    positive).
+
+  [ Brian May ]
+  * Fix django-admin wrapper to not even consider using python 2.6 as
+    that version is unsupported with Django 1.7.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 27 Oct 2014 16:37:41 +0100
+
+python-django (1.7-3) unstable; urgency=medium
+
+  * Add 01_fix_test_loaddata_not_existant_fixture_file.patch
+    to fix FTBFS with Python 3.4.2. Closes: #765117
+  * Improve migrate-south script to look for Python files in the current dir.
+    ./manage.py implicitely has the current directory but when we use
+    django-admin it's not the case. Thanks to Uwe Kleine-Koenig for the
+    report.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 15 Oct 2014 10:45:27 +0200
+
+python-django (1.7-2) unstable; urgency=medium
+
+  * Release to unstable.
+  * Add a migrate-south sample script to help users apply their South
+    migrations. Thanks to Brian May.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 17 Sep 2014 14:15:11 +0200
+
+python-django (1.7-1) experimental; urgency=medium
+
+  * New major upstream release.
+  * Add a NEWS file to document the incompatibility with South.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 08 Sep 2014 10:19:12 +0200
+
+python-django (1.7~c3-1) experimental; urgency=medium
+
+  * New upstream release candidate with security fixes:
+    https://www.djangoproject.com/weblog/2014/aug/20/security/
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Fri, 22 Aug 2014 22:50:32 +0200
+
+python-django (1.7~c2-2) experimental; urgency=medium
+
+  * Merge changes from 1.6.5-4:
+    * Don't output stuff to stdout in django-admin. Closes: #757145
+    * Update Vcs-* fields since the packaging repository moved to git.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Fri, 08 Aug 2014 14:26:47 +0200
+
+python-django (1.7~c2-1) experimental; urgency=medium
+
+  * New upstream release candidate.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 30 Jul 2014 20:47:10 +0200
+
+python-django (1.7~c1+20140722-2) experimental; urgency=medium
+
+  * Move django-admin manual page in python-django-common. Bump version
+    constraint in Breaks/Replaces accordingly.
+  * Drop conflicting django-admin in python-django and python3-django that
+    were not removed as usual because upstream stopped installing them as
+    django-admin.py.
+  * Drop extra license files.
+  * Fix shebang lines in python3-django.
+  * Drop empty left-over /usr/bin directories in python-django/python3-django.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Tue, 22 Jul 2014 23:29:30 +0200
+
+python-django (1.7~c1+20140722-1) experimental; urgency=medium
+
+  * New upstream release candidate. We want this version in jessie so we
+    should prepare now.
+  * Snapshot tarball generated with "python setup.py sdist" after having
+    applied fix submitted in https://code.djangoproject.com/ticket/23072
+  * Added python-sqlparse, python-tz to Recommends
+  * Added other optional dependencies (python-memcache, python-pil,
+    python-bcrypt) to Suggests
+  * Add all those dependencies in Build-Depends for the benefit of the
+    test suite.
+  * Run the test suite for python2 and python3.
+  * Differentiate descriptions of python2 and python3 packages. 
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 21 Jul 2014 21:57:07 +0200
+
+python-django (1.6.6-1) unstable; urgency=high
+
+  * New upstream security release.
+    - reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
+    - file upload denial of service (CVE-2014-0481)
+    - RemoteUserMiddleware session hijacking (CVE-2014-0482)
+    - data leakage via querystring manipulation in admin (CVE-2014-0483)
+
+  [ Brian May ]
+  * Don't output stuff to stdout in django-admin. Closes: #757145
+
+  [ Raphaël Hertzog ]
+  * Update Vcs-* fields since the packaging repository moved to git.
+
+ -- Luke Faraone <lfaraone at debian.org>  Wed, 20 Aug 2014 19:30:21 -0700
+
+python-django (1.6.5-3) unstable; urgency=low
+
+  * Replace django-admin with script that can be run as python and shell.
+
+    This means we can autodetect which python version to use when run as
+    shell, while maintaining compatability with processes that try to run it
+    with a specific python version.
+
+    e.g. See bugs #755341 and #755321.
+
+ -- Brian May <bam at debian.org>  Mon, 21 Jul 2014 10:18:39 +1000
+
+python-django (1.6.5-2) unstable; urgency=low
+
+  * python3-django package. Closes: #736878.
+
+ -- Brian May <bam at debian.org>  Tue, 24 Jun 2014 10:51:47 +1000
+
+python-django (1.6.5-1) unstable; urgency=high
+
+  * New upstream security release.
+   - Caches may be allowed to store and serve private data (CVE-2014-1418)
+   - Malformed URLs from user input incorrectly validated
+  * Drop partial_functions_reverse.patch (merged upstream).
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 14 May 2014 22:49:59 +0200
+
+python-django (1.6.3-2) unstable; urgency=high
+
+  * Fix regression of reverse() and partial views. (LP: #1311433)
+    Thanks Preston Timmons.
+
+ -- Luke Faraone <lfaraone at debian.org>  Tue, 22 Apr 2014 20:44:18 -0700
+
+python-django (1.6.3-1) unstable; urgency=high
+
+  * New upstream security release.
+    - Unexpected code execution using ``reverse()``
+    - CVE-2014-0472
+    - Caching of anonymous pages could reveal CSRF token
+    - CVE-2014-0473
+    - MySQL typecasting could result in unexpected matches
+    - CVE-2014-0474
+  * Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
+    upstream
+
+ -- Luke Faraone <lfaraone at debian.org>  Mon, 21 Apr 2014 16:47:14 -0700
+
+python-django (1.6.1-2) unstable; urgency=medium
+
+  * Team upload.
+  * d/patches/ticket21869.diff: Cherry pick upstream fix for building 
+    documentation against Sphinx 1.2.1.
+
+ -- Barry Warsaw <barry at debian.org>  Wed, 29 Jan 2014 18:37:51 +0000
+
+python-django (1.6.1-1) unstable; urgency=medium
+
+  * New upstream version.
+  * Fix broken encoding in translations attribution. (Closes: #729194)
+
+ -- Luke Faraone <lfaraone at debian.org>  Thu, 12 Dec 2013 15:46:01 -0500
+
+python-django (1.6-1) unstable; urgency=low
+
+  * New upstream version. Closes: #557474, #724637.
+  * python-django now also suggests the installation of ipython,
+    bpython, python-django-doc, and libgdal1.
+    Closes: #636511, #686333, #704203
+  * Set package maintainer to Debian Python Modules Team.
+  * Bump standards version to 3.9.5, no changes needed.
+
+ -- Luke Faraone <lfaraone at debian.org>  Thu, 07 Nov 2013 15:33:49 -0500
+
+python-django (1.5.4-1) unstable; urgency=high
+
+  * New upstream security release. Fixes CVE-2013-1443. Closes: #723043.
+    https://www.djangoproject.com/weblog/2013/sep/15/security/
+    - Denial-of-service via large passwords. CVE-2013-1443
+
+ -- Luke Faraone <lfaraone at debian.org>  Sun, 15 Sep 2013 15:50:10 -0400
+
+python-django (1.5.3-1) unstable; urgency=high
+
+  * New upstream security release. Fixes CVE-2013-4315. Closes: #722605
+    https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/
+    - Directory traversal with ssi template tag
+  * Update doc-base file to drop some removed directory in the HTML doc.
+  * Update Standards-Version to 3.9.4.
+  * Bump debhelper compat level to 9.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Fri, 13 Sep 2013 00:05:19 +0200
+
+python-django (1.5.2-1) unstable; urgency=high
+
+  * New upstream security release.
+    https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
+    - Cross-site scripting (XSS) in admin interface
+    - Possible XSS via is_safe_url
+
+ -- Luke Faraone <lfaraone at debian.org>  Tue, 13 Aug 2013 16:49:39 -0400
+
+python-django (1.5.1-2) unstable; urgency=low
+
+  [ Jakub Wilk ]
+  * Use canonical URIs for Vcs-* fields.
+
+  [ Luke Faraone ]
+  * Upload to unstable.
+
+ -- Luke Faraone <lfaraone at debian.org>  Thu, 09 May 2013 15:10:47 -0400
+
+python-django (1.5.1-1) experimental; urgency=low
+
+  * New upstream release.
+  * Add self to uploaders field.
+
+ -- Luke Faraone <lfaraone at debian.org>  Thu, 28 Mar 2013 17:17:10 -0400
+
+python-django (1.5-1) experimental; urgency=low
+
+  * New upstream release. Closes: #646634, #663230, #436983
+
+ -- Luke Faraone <lfaraone at debian.org>  Fri, 22 Mar 2013 17:52:30 -0400
+
+python-django (1.4.5-1) unstable; urgency=high
+
+  * New upstream maintenance release dropping some undesired .pyc files
+    and fixing a documentation link.
+  * High urgency due to former security updates.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Sun, 24 Feb 2013 10:28:08 +0100
+
+python-django (1.4.4-1) unstable; urgency=low
+
+  * New upstream security and maintenance release. Closes: #701186 
+    https://www.djangoproject.com/weblog/2013/feb/19/security/
+    Fixes mulptiple security issues:
+    - Further fixes for Host header poisoning. CVE-2012-4520
+    - XML attacks via entity expansion. CVE-2013-1665
+    - Data leakage via admin history log. CVE-2013-0305
+    - Formset denial-of-service. CVE-2013-0306
+  * Add gettext to Suggests since it's required for django-admin
+    compilemessages / makemessages. Closes: #700483
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Sat, 23 Feb 2013 09:33:13 +0100
+
+python-django (1.4.3-1) unstable; urgency=high
+
+  * New upstream security and maintenance release. Closes: #696535
+    https://www.djangoproject.com/weblog/2012/dec/10/security/
+  * Drop debian/patches/01_fix-self-tests.diff, merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 26 Dec 2012 15:49:32 +0100
+
+python-django (1.4.2-2) unstable; urgency=low
+
+  * Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py.
+    Add upstream patch debian/patches/01_fix-self-tests.diff.
+    Thanks to Jamie Strandboge <jamie at ubuntu.com> for the report.
+    Closes: #693752 LP: #1080204
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Tue, 20 Nov 2012 08:28:37 +0100
+
+python-django (1.4.2-1) unstable; urgency=high
+
+  * New upstream security and maintenance release. Closes: #691145
+    Fixes: CVE-2012-4520
+  * Drop 01_use_stdlib_htmlparser_when_possible.diff which has been
+    merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 22 Oct 2012 10:53:30 +0200
+
+python-django (1.4.1-2) unstable; urgency=low
+
+  * New patch 01_use_stdlib_htmlparser_when_possible.diff to not override
+    Python stdlib's HTMLParser with Python versions which are unaffected by
+    http://bugs.python.org/issue670664 Closes: #683648
+    Thanks to David Watson <david at planetwatson.co.uk> for the patch.
+  * Update the above patch to use the version committed upstream (commit
+    57d9ccc).
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Tue, 21 Aug 2012 08:42:10 +0200
+
+python-django (1.4.1-1) unstable; urgency=low
+
+  * New upstream security and maintenance release. Closes: #683364
+    Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444
+  * Drop 01_disable_broken_test.diff and 04_hyphen-manpage.diff which
+    have been merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Thu, 02 Aug 2012 10:44:02 +0200
+
+python-django (1.4-1) unstable; urgency=low
+
+  * New upstream release. Closes: #666003
+  * Fix watch file to correctly extract the version number from the URL.
+  * Updated Standards-Version to 3.9.3 (no change needed).
+  * Drop 01_disable_url_verify_regression_tests.diff since upstream test
+    suite has been modified to work even without internet connection.
+  * Update 04_hyphen-manpage.diff to apply again.
+  * Drop 05_fix_djangodocs_sphinx_ext.diff which has been merged
+    upstream.
+  * Update 06_use_debian_geoip_database_as_default.diff to apply on
+    renamed file.
+  * Drop 07_fix_for_sphinx1.1.2.diff merged upstream.
+  * Drop 08_fix_test_week_view_allow_future.diff, merged upstream.
+  * Add 01_disable_broken_test.diff to disable a test that fails with
+    the current python 2.7 version in Debian.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Sat, 31 Mar 2012 14:48:00 +0200
+
+python-django (1.3.1-4) unstable; urgency=medium
+
+  * Add 08_fix_test_week_view_allow_future.diff to fix a regression test that
+    only worked in 2011. Closes: #655666
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Tue, 17 Jan 2012 08:55:58 +0100
+
+python-django (1.3.1-3) unstable; urgency=low
+
+  * Add 06_use_debian_geoip_database_as_default.diff to use the default
+    location of the GeoIP database used by the Debian package
+    geoip-database-contrib. Closes: #645094
+    Add this package to suggests. Thanks to Tapio Rantala
+    <tapio.rantala at iki.fi> for the patch.
+  * Bump build-dep on python-sphinx to 1.0.8 to ensure we have a version
+    where #641710 is fixed. Closes: #647134
+  * Add 07_fix_for_sphinx1.1.2.diff to fix build with Sphinx 1.1.2. Thanks to
+    Jakub Wilk for the advance warning. Closes: #649624
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Mon, 28 Nov 2011 09:03:13 +0100
+
+python-django (1.3.1-2) unstable; urgency=low
+
+  * Update Build-Depends on locales to included a version requirement
+    so that locales-all cannot satisfy it with its Provides: locales.
+    Thanks to Jakub Wilk for the suggestion.
+  * Enable 02_disable-sources-in-sphinxdoc.diff since #641710 has been
+    fixed.
+  * Add 05_fix_djangodocs_sphinx_ext.diff to support Sphinx 1.0.8.
+    Closes: #643758
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Wed, 12 Oct 2011 08:45:26 +0200
+
+python-django (1.3.1-1) unstable; urgency=low
+
+  * New upstream release. It includes security updates described here:
+    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
+    Closes: #641405
+  * Update 01_disable_url_verify_regression_tests.diff and merge
+    07_disable_url_verify_model_tests.diff into it.
+  * Update patch headers to conform to DEP-3.
+  * Apply patch from Steve Langasek to dynamically build the UTF-8
+    locale required by the test-suite instead of build-depending on
+    locales-all. Closes: #630421
+  * Use "dh --with sphinxdoc" to clean up the Sphinx generated documentation
+    and avoid the embedded-javascript-library lintian warning. Build-Depends
+    on python-sphinx >= 1.0.7+dfsg-1 for this and also add
+    ${sphinxdoc:Depends} to python-django-doc Depends field.
+  * Cleanup build-dependencies now that even oldstable has python 2.5.
+  * Switch to dh_python2 as python helper tool. Drop legacy files
+    debian/pyversions and debian/pycompat.
+  * New patch 02_disable-sources-in-sphinxdoc.diff to not generate
+    the _sources directory that we used to remove manually within the rules
+    file. But must be kept disabled until #641710 is fixed.
+  * Properly support DEB_BUILD_OPTIONS=nocheck despite the override
+    of dh_auto_test.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Thu, 15 Sep 2011 12:43:51 +0200
+
+python-django (1.3-2) unstable; urgency=low
+
+  * Team upload.
+
+  [ Chris Lamb ]
+  * Don't remove "backup~" test file - upstream did ship it; we were just
+    removing it with dh_clean.
+
+  [ Piotr Ożarowski ]
+  * Fix builds with non-default Python versions installed
+  * Bump Standards-Version to 3.9.2 (no changes needed)
+
+ -- Piotr Ożarowski <piotr at debian.org>  Mon, 02 May 2011 22:23:37 +0200
+
+python-django (1.3-1) unstable; urgency=low
+
+  * New upstream release.
+    - Update 01_disable_url_verify_regression_tests.diff.
+    - Update 07_disable_url_verify_model_tests.diff.
+    - Merge patch from Krzysztof Klimonda to disable more network access tests.
+      (Closes: #598674)
+  * Add workaround for missing "backup~" file in release tarball. See
+    <http://code.djangoproject.com/ticket/15677>.
+
+ -- Chris Lamb <lamby at debian.org>  Thu, 24 Mar 2011 15:04:53 +0000
+
+python-django (1.2.5-1) unstable; urgency=low
+
+  * New upstream release.
+  * Do not compress objects.inv used by Sphinx generated documentation.
+    Thanks to Michael Fladischer for the report. Closes: #608769 
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Sat, 12 Feb 2011 08:59:33 +0100
+
+python-django (1.2.4-1) unstable; urgency=high
+
+  * New bugfix-only upstream release. It includes security fixes.
+    http://www.djangoproject.com/weblog/2010/dec/22/security/
+  * Drop patches merged upstream:
+    - debian/patches/05_fix_regression_tests.diff
+    - debian/patches/06_fix_regression_tests.diff
+  * Update 01_disable_url_verify_regression_tests.diff to cope with the
+    updated regressions tests.
+  * Update 03_manpage.diff and 04_hyphen-manpage.diff to cope with changes in
+    the manual page.
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Fri, 31 Dec 2010 11:40:28 +0100
+
+python-django (1.2.3-2) unstable; urgency=low
+
+  * Team upload.
+  * Disable model tests that require an internet connection.
+    Closes: #601070
+  * Include python.mk conditionally as explained in its header.
+    Helps backports to Lenny which has no python.mk.
+    Closes: #601608
+
+ -- Evgeni Golov <evgeni at debian.org>  Thu, 28 Oct 2010 12:37:15 +0200
+
+python-django (1.2.3-1) unstable; urgency=low
+
+  [ Krzysztof Klimonda ]
+  * New upstream release. Closes: #596893 LP: #636482
+  * Fixes both a XSS vulnerability introduced in 1.2 series and
+    the regressions caused by 1.2.2 release. Closes: #596205
+  * debian/control:
+    - depend on language packs for en_US.utf8 locales required for unit tests.
+  * debian/rules:
+    - re-enable build time tests.
+    - set LC_ALL to en_US.utf8 for test suite.
+  * debian/patches/series:
+    - two new patches: 05_fix_regression_tests.diff and
+      06_fix_regression_tests.diff backported from 1.2.x branch to fix
+      test suite failures.
+
+  [ Raphaël Hertzog ]
+  * Update Standards-Version to 3.9.1.
+  * Drop "--with quilt" and quilt build-dependency since the package is
+    already using source format "3.0 (quilt)".
+
+ -- Raphaël Hertzog <hertzog at debian.org>  Sat, 18 Sep 2010 19:37:03 +0200
+
+python-django (1.2.1-1) unstable; urgency=low
+
+  * New upstream bugfix release.
+
+ -- Chris Lamb <lamby at debian.org>  Mon, 24 May 2010 22:44:32 +0100
+
+python-django (1.2-1) unstable; urgency=low
+
+  * New upstream stable release.
+
+ -- Chris Lamb <lamby at debian.org>  Fri, 21 May 2010 07:52:55 +0100
+
+python-django (1.2~rc1-1) experimental; urgency=low
+
+  * New upstream release candidate.
+  * Remove "02-embedded_code_copies.diff" - not needed anymore.
+  * Refresh "01_disable_url_verify_regression_tests.diff".
+  * Refresh "04_hyphen-manpage.diff".
+  * Temporarily disable test runner due to failing date-related tests.
+
+ -- Chris Lamb <lamby at debian.org>  Thu, 06 May 2010 10:25:10 +0100
+
+python-django (1.2~beta1-1) experimental; urgency=low
+
+  * New upstream development release.
+  * Switch to dpkg-source 3.0 (quilt) format
+  * Bump Standards-Version to 3.8.4.
+  * Remove "0.96 -> 1.x" NEWS entry.
+  * jQuery added to admin system upstream:
+    - Add libjs-jquery to python-django's Recommends
+    - Use symlinks so we use the version from libjs-query over an embedded code
+      copy.
+
+ -- Chris Lamb <lamby at debian.org>  Tue, 09 Feb 2010 13:47:34 +0000
+
+python-django (1.2~alpha1-1) experimental; urgency=low
+
+  * New upstream development release:
+
+     This is the first in a series of preview/development releases leading up
+     to the eventual release of Django 1.2, currently scheduled to take place
+     in March 2010. 
+
+     <http://docs.djangoproject.com/en/dev//releases/1.2-alpha-1/>
+
+  * Update "01_disable_url_verify_regression_tests.diff" - tests now use the
+    unittest module instead of doctests.
+  * Update "02-embedded_code_copies.diff".
+  * Remove "05_ftbfs_in_november.diff" - applied upstream.
+  * Remove "06_python_2.6.3_regression.diff" - applied upstream.
+  * Update dh_auto_test - database engine is set differently in 1.2.
+  * Remove useless ._DS_Store files.
+
+ -- Chris Lamb <lamby at debian.org>  Wed, 06 Jan 2010 14:34:37 +0000
+
+python-django (1.1.1-2) unstable; urgency=low
+
+  * Remove embedded "decimal" code copy and use system version instead. The
+    "doctest" code copy cannot be removed as parts of Django depend on modified
+    behaviour. (Closes: #555419)
+  * Fix FTBFS in November by applying patch from upstream bug #12125.
+    (Closes: #555931)
+  * Fix FTBFS under Python 2.6.3 by applying patch from upstream bug #11993.
+    (Closes: #555969)
+
+ -- Chris Lamb <lamby at debian.org>  Tue, 01 Dec 2009 23:46:22 +0000
+
+python-django (1.1.1-1) unstable; urgency=high
+
+  * New upstream security release - fixes pathological regular expression
+    backtracking performance in URL and email fields which can be used as part
+    of a denial of service attack.
+  * Set Maintainer: to myself with thanks to Brett Parker.
+  * Bump versioned build dependency on quilt to help backporters.
+    (Closes: #547955)
+
+ -- Chris Lamb <lamby at debian.org>  Sat, 10 Oct 2009 10:17:52 +0100
+
+python-django (1.1-4) unstable; urgency=low
+
+  * Sourceful upload to drop dependency on Python 2.4.
+
+ -- Chris Lamb <lamby at debian.org>  Mon, 24 Aug 2009 08:16:11 +0100
+
+python-django (1.1-3) unstable; urgency=low
+
+  * Disable regression tests that require an internet connection. Patch by
+    Krzysztof Klimonda <kklimonda at syntaxhighlighted.com>. (Closes: #542996)
+  * Bump Standards-Version to 3.8.3.
+
+ -- Chris Lamb <lamby at debian.org>  Sun, 23 Aug 2009 18:13:18 +0100
+
+python-django (1.1-2) unstable; urgency=low
+
+  * Run testsuite on build.
+  * Use "--with quilt" over specifying $(QUILT_STAMPFN)/unpatch dependencies.
+  * Override clean target correctly.
+
+ -- Chris Lamb <lamby at debian.org>  Fri, 14 Aug 2009 08:06:29 +0100
+
+python-django (1.1-1) unstable; urgency=low
+
+  * New upstream release.
+  * Merge from experimental:
+    - Ship FastCGI initscript and /etc/default file in python-django's examples
+      directory (Closes: #538863)
+    - Drop "05_10539-sphinx06-compatibility.diff"; it has been applied
+      upstream.
+    - Bump Standards-Version to 3.8.2.
+
+ -- Chris Lamb <lamby at debian.org>  Wed, 29 Jul 2009 11:26:28 +0200
+
+python-django (1.0.2-7) unstable; urgency=low
+
+  * Fix compatibility with Python 2.6 and Python transitions in general.
+    Thanks to Krzysztof Klimonda <kklimonda at syntaxhighlighted.com>.
+
+ -- Chris Lamb <lamby at debian.org>  Sat, 16 May 2009 00:09:47 +0100
+
+python-django (1.0.2-6) unstable; urgency=low
+
+  * Backport patch from <http://code.djangoproject.com/ticket/10539> to fix
+    FTBFS when using python-sphinx >= 0.6. (Closes: #527492)
+
+ -- Chris Lamb <lamby at debian.org>  Sun, 10 May 2009 22:11:09 +0100
+
+python-django (1.0.2-5) unstable; urgency=low
+
+  * Fix issue where newly created projects do not have their manage.py file
+    executable.
+
+ -- Chris Lamb <lamby at debian.org>  Thu, 26 Mar 2009 23:42:14 +0000
+
+python-django (1.0.2-4) unstable; urgency=low
+
+  * Programatically replace most references to "django-admin.py" with
+    "django-admin" in the generated documentation. (Closes: #519937)
+  * Bump Standards-Version to 3.8.1; no changes.
+
+ -- Chris Lamb <lamby at debian.org>  Tue, 24 Mar 2009 00:50:26 +0000
+
+python-django (1.0.2-3) unstable; urgency=low
+
+  * Split documentation into a separate python-django-doc package due to size
+    (approximately 6Mb).
+
+ -- Chris Lamb <lamby at debian.org>  Tue, 10 Mar 2009 21:13:57 +0000
+
+python-django (1.0.2-2) unstable; urgency=low
+
+  * Don't rely on the internal layout of python-support. (Closes: #517052)
+  * Move to debhelper-based packaging for operational clarity:
+    - Remove bashisms from binary-post-install.
+    - Use quilt instead of simple-patchsys.mk and adjust existing patches so
+      that we can apply with -p1 for the "quilt" source package type.
+  * Adjust Build-Depends:
+    - Bump debhelper requirement 7.0.50 for override_* feature.
+    - Drop cdbs, python-dev and python-setuptools requirement.
+    - Just Build-Depend on `python', not `python-dev'.
+    - Drop versions on Build-Depends where they are satisfied in current
+      oldstable (ie. etch).
+  * debian/control:
+    - Add python-sqlite to Suggests.
+    - Remove repeated 'Priority' line in binary package stanza.
+    - Update crufty long and short descriptions.
+    - Add ${misc:Depends} in binary stanza for debhelper-using package.
+
+ -- Chris Lamb <lamby at debian.org>  Sun, 08 Mar 2009 06:01:59 +0000
+
+python-django (1.0.2-1) unstable; urgency=low
+
+  [ Chris Lamb ]
+  * New upstream bugfix release. Closes: #505783
+  * Add myself to Uploaders with ACK from Brett.
+
+  [ David Spreen ]
+  * Remove python-pysqlite2 from Recommends because Python 2.5 includes
+    sqlite library used by Django. Closes: 497886
+
+  [ Sandro Tosi ]
+  * debian/control
+    - switch Vcs-Browser field to viewsvn
+
+ -- Chris Lamb <lamby at debian.org>  Wed, 19 Nov 2008 21:31:00 +0000
+
+python-django (1.0-1) unstable; urgency=low
+
+  [ David Spreen ]
+  * New _stable_ upstream release.
+
+  [ Raphael Hertzog ]
+  * This version fixes the latest security issue:
+    http://www.djangoproject.com/weblog/2008/sep/02/security/
+    Closes: #497765
+  * Don't include source files of documentation in the binary package,
+    keep only the HTML version.
+  * Updated README.Debian with information about the switch from 0.96 to
+    1.0.
+  * Remove execute right on /etc/bash_completion.d/django_bash_completion
+  * Add debian/patches/04_hyphen-manpage.diff to fix a lintian message
+    (hyphen-used-as-minus-sign usr/share/man/man1/django-admin.1.gz:156).
+  * Don't compress javascript files.
+  * Add libjs-jquery to Recommends since it's used by the HTML
+    documentation.
+
+ -- Raphael Hertzog <hertzog at debian.org>  Thu, 04 Sep 2008 08:33:32 +0200
+
+python-django (1.0~beta2+ds-1) unstable; urgency=low
+
+  * Bumping up upstream version to push sources into unstable.
+    (Thanks to Raphael Hertzog).
+
+ -- David Spreen <netzwurm at debian.org>  Sat, 30 Aug 2008 20:56:09 -0700
+
+python-django (1.0~beta2-3) unstable; urgency=low
+
+  [ David Spreen ]
+  * Updated the copyright information to include copyright and 
+    licenses for individual contributions. 
+  * Added the documentation to the main python-django package:
+  * debian/python-django.install
+    - Added installation of html documentation.
+  * debian/python-django.doc-base
+    - Added.
+  * debian/control
+    - Added Build-Depends-Indep on python-sphinx and libjs-jquery.
+  * debian/rules
+    - Readded code to build documentation.
+    - Readded code to link to libjs-jquery.
+  * debian/NEWS
+    - Fixed format.
+    - Added more comprehensive list of changes and references to 
+      local documentation as well as the wiki pages for 
+      backwards-incompatible changes.
+  * debian/python-django.docs
+    - Removed docs/*.txt since those are templates for the 
+      generated docs now included with doc-base.
+  
+ -- David Spreen <netzwurm at debian.org>  Fri, 29 Aug 2008 09:20:45 -0700
+
+python-django (1.0~beta2-2) unstable; urgency=low
+
+  [ David Spreen ]
+  * Removed all -doc related files temporarily to push beta2 into 
+    unstable for extensive testing. The -doc package will be 
+    readded once this package is in unstable as recommended in
+    http://lists.debian.org/debian-release/2008/08/msg01475.html.
+  * debian/python-django-doc.install
+    - Removed.
+  * debian/python-django-doc.doc-base
+    - Removed.
+  * debian/python-django-doc.examples
+    - Moved to python-django.examples.
+  * debian/rules
+    - Removed python-doc related build and post-installation.
+  * debian/control
+    - Removed binary package python-django-doc.
+    - Removed Build-Depends-Indep on python-sphinx and libjs-jquery.
+  * debian/python-django.install:
+    - Removed multiple package related issues.
+
+ -- David Spreen <netzwurm at debian.org>  Thu, 28 Aug 2008 20:15:21 -0700
+
+python-django (1.0~beta2-1) experimental; urgency=low
+
+  [ David Spreen ]
+  * The `hooray for the documentation' release!
+  * New upstream beta release. 
+  * debian/control 
+    - Updated standards version.
+    - Added python-sphinx and libjs-jquery.
+    - Added python-django-doc package depending on libjs-jquery.
+  * debian/docs
+    - Moved to debian/python-django.docs.
+  * debian/install
+    - Moved to debian/python-django.install.
+  * debian/manpages
+    - Moved to debian/python-django.manpages.
+  * debian/examples
+    - Moved to debian/python-django-doc.examples
+  * debian/README.Debian
+    - Moved to debian/python-django.README.Debian
+  * debian/python-django-doc.doc-base:
+    - Added doc-base file for the documentation.
+  * debian/python-django-doc.install:
+    - Added install file for sphinx generated documentation.
+  * debian/rules:
+    - Added code to generate documentation with sphinx and 
+      replace convenience file of jquery.js with the respective
+      symlink to libjs-jquery.
+  
+ -- David Spreen <netzwurm at debian.org>  Thu, 28 Aug 2008 10:22:29 -0700
+
+python-django (1.0~beta1-1) experimental; urgency=low
+
+  [ David Spreen ]
+  * New upstream beta release. Closes: #492956
+  * debian/control: Added myself to Uploaders field.
+  * debian/watch: Added mangling for filename and version. Old watch file would 
+    name the download 'tarball'. Also added mangling to handle alpha and beta 
+    versioning.
+  * Drop debian/patches/01_add_shebang.diff as this has been fixed upstream.
+  * Drop debian/patches/02_bash_completion.diff as this has been committed
+    upstream http://code.djangoproject.com/ticket/7268.
+  * debian/control: Added python-flup to the Suggest field. Closes: #488123
+  * debian/patches/03_manpage.diff: Adapted patch to new upstream version.
+  
+  [ Jan Dittberner ]
+  * add debian/watch file.
+  
+ -- David Spreen <netzwurm at debian.org>  Fri, 15 Aug 2008 16:05:07 -0700
+
+python-django (0.97~svn7534-1) experimental; urgency=low
+
+  * New upstream snapshot. Closes: #409565, #481051
+    - Include an XSS security fix (CVE-2008-2302). Closes: #481164
+  * Drop debian/patches/04_pg_version_fix.diff as another fix
+    has been committed upstream (see http://code.djangoproject.com/ticket/6433
+    and http://code.djangoproject.com/changeset/7415).
+  * Add some headers to the remaining patches.
+
+ -- Raphael Hertzog <hertzog at debian.org>  Mon, 19 May 2008 23:41:50 +0200
+
+python-django (0.97~svn7189-1) experimental; urgency=low
+
+  * New upstream snapshot including bash completion fix
+    Closes: #450913
+
+ -- Brett Parker <iDunno at sommitrealweird.co.uk>  Sun, 02 Mar 2008 12:59:03 +0000
+
+python-django (0.97~svn7047-2) experimental; urgency=low
+
+  [ Brett Parker ]
+  * Patch for postgresql version issue with 8.3 beta/rc releases
+    Closes: #462058
+
+  [ Raphael Hertzog ]
+  * Updated Standards-Version to 3.7.3.
+  * Adjusted build-dependency on python-setuptools to strip the -1 part.
+
+ -- Brett Parker <iDunno at sommitrealweird.co.uk>  Wed,  6 Feb 2008 15:15:37 +0000
+
+python-django (0.97~svn7047-1) experimental; urgency=low
+
+  * New upstream snapshot (rev 7047)
+  - tarball prepared by Gabriel Falcão Gonçalves de Moura
+    <gabriel at guake-terminal.org>
+
+ -- Gustavo Noronha Silva <kov at debian.org>  Tue, 29 Jan 2008 10:54:47 -0200
+
+python-django (0.97~svn6996-1) experimental; urgency=low
+
+  * New upstream snapshot
+  * debian/control:
+  - added myself to Uploaders
+
+ -- Gustavo Noronha Silva <kov at debian.org>  Sat, 05 Jan 2008 20:53:23 -0200
+
+python-django (0.97~svn6668-2) UNRELEASED; urgency=low
+
+  [ Raphael Hertzog ]
+  * Install examples with dh_installexamples instead of dh_installdocs
+    (change done by Ubuntu) as empty files are kept.
+
+  [ Sandro Tosi ]
+  * debian/control
+    - uniforming Vcs-Browser field
+
+ -- Raphael Hertzog <hertzog at debian.org>  Mon, 17 Dec 2007 09:09:16 +0100
+
+python-django (0.97~svn6668-1) experimental; urgency=low
+
+  * New SVN snapshot (rev 6668)
+    - Auth system delegations
+    - Apps can now have thier own management commands
+    - Fix for CVE-2007-5712 remote denial of service
+      Closes: #448838
+  * Fix missing upstream info in changelog
+    Closes: #450659
+
+ -- Brett Parker <iDunno at sommitrealweird.co.uk>  Sun, 11 Nov 2007 10:15:55 +0000
+
+python-django (0.96+svn6373-1) experimental; urgency=low
+
+  [ Raphael Hertzog ]
+  * New SVN snapshot (rev 6373, a few days after the last Django sprint).
+  * Note: The version 0.96+svn6034-1 never got uploaded.
+  * Rename XS-Vcs* fields to Vcs-* since they are now supported by dpkg.
+
+  [ Piotr Ożarowski ]
+  * XS-Vcs-Browser and Homepage fields added
+
+ -- Raphael Hertzog <hertzog at debian.org>  Thu, 04 Oct 2007 14:59:01 +0200
+
+python-django (0.96+svn6034-1) experimental; urgency=low
+
+  [ Brett Parker]
+  * New SVN snapshot (rev 6034).
+     * validate and runserver commands now display the number of errors
+       (returning back to previous functionality).
+     * Small documentation fixes
+     * assertRedirects handling for paths with get data
+     * start{project,app} no make sure files created are writable
+  * Add man page for django-admin to the debian package
+
+ -- Brett Parker <iDunno at sommitrealweird.co.uk>  Sat,  8 Sep 2007 10:37:00 +0100
+
+python-django (0.96+svn6020-1) experimental; urgency=low
+
+  * New SVN snapshot (rev 6020).
... 1873 lines suppressed ...

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-django.git



More information about the Python-modules-commits mailing list