[Python-modules-commits] [python-django] 01/10: Merge branch 'debian/jessie' into debian/jessie-updates
Raphaël Hertzog
hertzog at moszumanska.debian.org
Mon Jul 25 07:57:02 UTC 2016
This is an automated email from the git hooks/post-receive script.
hertzog pushed a commit to branch debian/jessie-updates
in repository python-django.
commit a6c7a9499cf0967587dec5bb99db7225beaa38fa
Merge: fbf92fb 4eee5af
Author: Raphaël Hertzog <hertzog at debian.org>
Date: Mon Jul 25 09:13:25 2016 +0200
Merge branch 'debian/jessie' into debian/jessie-updates
debian/.git-dpm | 2 +-
debian/changelog | 21 ++
debian/control | 1 +
.../patches/02_disable-sources-in-sphinxdoc.diff | 4 +-
debian/patches/03_manpage.diff | 9 +-
.../06_use_debian_geoip_database_as_default.diff | 16 +-
debian/patches/CVE-2016-2512-regression.diff | 50 +++
debian/patches/CVE-2016-2512.diff | 61 ++++
debian/patches/CVE-2016-2513.diff | 387 +++++++++++++++++++++
debian/patches/CVE-2016-6186.diff | 65 ++++
debian/patches/series | 4 +
django/contrib/auth/hashers.py | 77 ++--
django/contrib/auth/tests/test_hashers.py | 60 ++++
django/utils/http.py | 13 +-
django/views/debug.py | 4 +-
docs/topics/auth/passwords.txt | 113 ++++++
tests/admin_views/admin.py | 3 +-
tests/admin_views/models.py | 4 +
tests/utils_tests/test_http.py | 25 ++
19 files changed, 875 insertions(+), 44 deletions(-)
diff --cc debian/.git-dpm
index 31bbdae,d035d29..27d87b4
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,11 -1,11 +1,11 @@@
# see git-dpm(1) from git-dpm package
-NONE
-eda2ca849c2c951862ec28a3b04deed0325ee598
-7a41006b464c23d415485ebd4284c1957e5e47e2
-7a41006b464c23d415485ebd4284c1957e5e47e2
-python-django_1.7.7.orig.tar.gz
-614cc9f8e1af6630c54300f6bdd88e7b783614c3
-7603286
+e4cd95fc1d5322f9bff209890b71f57ee9d36e62
- e4cd95fc1d5322f9bff209890b71f57ee9d36e62
++a471ae74d0b79b8896dc5411f40840ffa1737dc6
+2d07f4b16101fcc8973128c4e4920b41f87175ee
+2d07f4b16101fcc8973128c4e4920b41f87175ee
+python-django_1.7.11.orig.tar.gz
+f9abaf7eacec73bc1c5e6080e2778a7174ebf9d4
+7586798
debianTag="debian/%e%v"
patchedTag="patched/%e%v"
upstreamTag="upstream/%e%u"
diff --cc debian/changelog
index db546b1,2335048..c3ddbbe
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,14 -1,24 +1,35 @@@
+python-django (1.7.11-1) jessie; urgency=medium
+
+ * New upstream release incorporating former security updates and
+ multiple bugfixes. Detailed changes documented here:
+ - https://docs.djangoproject.com/en/1.7/releases/1.7.8/
+ - https://docs.djangoproject.com/en/1.7/releases/1.7.9/
+ - https://docs.djangoproject.com/en/1.7/releases/1.7.10/
+ - https://docs.djangoproject.com/en/1.7/releases/1.7.11/
+
+ -- Raphaël Hertzog <hertzog at debian.org> Fri, 11 Dec 2015 10:44:42 +0100
+
+ python-django (1.7.7-1+deb8u5) jessie-security; urgency=high
+
+ * SECURITY UPDATE:
+ - CVE-2016-6186: XSS in admin's add/change related popup
+
+ -- Luke Faraone <lfaraone at debian.org> Sat, 16 Jul 2016 16:58:24 +0000
+
+ python-django (1.7.7-1+deb8u4) jessie-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * CVE-2016-2512: Prevented spoofing is_safe_url() with basic auth.
+ Malicious redirect and possible XSS attack via user-supplied redirect
+ URLs containing basic auth. (Closes: #816434)
+ * is_safe_url() crashes with a byestring URL on Python 2.
+ Fixes a regression introduced by the original fix for CVE-2016-2512.
+ * CVE-2016-2513: Fixed user enumeration timing attack during login
+ (Closes: #816434)
+ * Add Build-Depends on python-mock and python3-mock
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sat, 12 Mar 2016 17:13:01 +0100
+
python-django (1.7.7-1+deb8u3) jessie-security; urgency=high
* SECURITY UPDATE:
diff --cc debian/patches/02_disable-sources-in-sphinxdoc.diff
index 4c9a225,0e00a13..1de2dd1
--- a/debian/patches/02_disable-sources-in-sphinxdoc.diff
+++ b/debian/patches/02_disable-sources-in-sphinxdoc.diff
@@@ -7,19 -3,13 +7,21 @@@ Subject: Disable creation of _sources d
are not really useful in a binary package.
.
This is a Debian specific patch.
++
Forwarded: not-needed
+ Author: Raphaël Hertzog <hertzog at debian.org>
Origin: vendor
+Patch-Name: 02_disable-sources-in-sphinxdoc.diff
+---
+ docs/conf.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/docs/conf.py b/docs/conf.py
+index 6df8dd8..90e4d69 100644
--- a/docs/conf.py
+++ b/docs/conf.py
- @@ -200,7 +200,10 @@ html_additional_pages = {}
+ @@ -196,7 +196,10 @@ html_additional_pages = {}
#html_split_index = False
# If true, links to the reST sources are added to the pages.
diff --cc debian/patches/03_manpage.diff
index 938edd8,b44b0a2..098f767
--- a/debian/patches/03_manpage.diff
+++ b/debian/patches/03_manpage.diff
@@@ -8,16 -3,10 +8,11 @@@ Subject: Update manual page to refer t
django-admin.py as that's the name used by the Debian package.
.
This is a Debian specific patch.
++
Forwarded: not-needed
+ Author: Brett Parker <iDunno at sommitrealweird.co.uk>
Origin: vendor
- Patch-Name: 03_manpage.diff
- ---
- docs/man/django-admin.1 | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
- diff --git a/docs/man/django-admin.1 b/docs/man/django-admin.1
- index c9932ac..bdb6438 100644
--- a/docs/man/django-admin.1
+++ b/docs/man/django-admin.1
@@ -1,8 +1,8 @@
diff --cc debian/patches/06_use_debian_geoip_database_as_default.diff
index ebfdd84,bfe3690..2ab652a
--- a/debian/patches/06_use_debian_geoip_database_as_default.diff
+++ b/debian/patches/06_use_debian_geoip_database_as_default.diff
@@@ -7,16 -3,10 +7,11 @@@ Subject: Use Debian GeoIP database pat
file. Avoids the need to declare them in each project.
.
This is a Debian specific patch.
++
Bug-Debian: http://bugs.debian.org/645094
Forwarded: not-needed
+ Author: Tapio Rantala <tapio.rantala at iki.fi>
- Patch-Name: 06_use_debian_geoip_database_as_default.diff
- ---
- django/contrib/gis/geoip/base.py | 19 ++++++++++---------
- 1 file changed, 10 insertions(+), 9 deletions(-)
-
- diff --git a/django/contrib/gis/geoip/base.py b/django/contrib/gis/geoip/base.py
- index 9295030..0b05f43 100644
--- a/django/contrib/gis/geoip/base.py
+++ b/django/contrib/gis/geoip/base.py
@@ -67,7 +67,8 @@ class GeoIP(object):
diff --cc debian/patches/series
index c73a668,6f8416f..35c5250
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,3 -1,11 +1,7 @@@
02_disable-sources-in-sphinxdoc.diff
03_manpage.diff
06_use_debian_geoip_database_as_default.diff
-newlines-1.7.x.diff
-session-1.7.x.diff
-session-store-1.7.x.diff
-date-leak-1.7.diff
+ CVE-2016-2512.diff
+ CVE-2016-2512-regression.diff
+ CVE-2016-2513.diff
+ CVE-2016-6186.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-django.git
More information about the Python-modules-commits
mailing list