[Python-modules-commits] [python-django] 11/12: change version to 1.9.7-1
Raphaël Hertzog
hertzog at moszumanska.debian.org
Mon Jun 13 22:16:12 UTC 2016
This is an automated email from the git hooks/post-receive script.
hertzog pushed a commit to branch debian/master
in repository python-django.
commit d64cf7304d563368ce56512c99a4512356024f5b
Merge: 76600dd 550694a
Author: Raphaël Hertzog <hertzog at debian.org>
Date: Tue Jun 14 00:03:22 2016 +0200
change version to 1.9.7-1
New upstream bugfix version.
AUTHORS | 2 +
Django.egg-info/PKG-INFO | 2 +-
Django.egg-info/SOURCES.txt | 1 +
PKG-INFO | 2 +-
debian/.git-dpm | 6 +-
debian/changelog | 5 +-
.../patches/02_disable-sources-in-sphinxdoc.diff | 6 +-
.../06_use_debian_geoip_database_as_default.diff | 2 +-
.../fix-25761-add-traceback-attribute.patch | 2 +-
django/__init__.py | 2 +-
django/contrib/admin/sites.py | 1 +
django/contrib/admin/templates/admin/login.html | 2 +-
django/contrib/auth/password_validation.py | 6 +-
django/contrib/gis/templates/gis/openlayers.html | 4 +-
django/contrib/postgres/forms/hstore.py | 12 +++-
django/db/backends/base/base.py | 11 ++-
django/db/backends/base/operations.py | 4 +-
django/db/backends/postgresql/client.py | 18 ++---
django/db/models/expressions.py | 2 +-
django/db/models/fields/related_descriptors.py | 4 +-
django/db/models/fields/related_lookups.py | 11 +--
django/http/utils.py | 2 +-
django/middleware/csrf.py | 2 +-
django/template/defaultfilters.py | 4 +-
django/template/loaders/cached.py | 4 +-
django/utils/cache.py | 2 +-
django/utils/http.py | 6 +-
django/views/defaults.py | 2 +-
docs/conf.py | 3 +
docs/howto/custom-lookups.txt | 6 +-
docs/howto/custom-management-commands.txt | 6 +-
docs/howto/deployment/checklist.txt | 2 +-
docs/howto/error-reporting.txt | 10 +--
docs/howto/outputting-csv.txt | 2 +-
docs/howto/static-files/deployment.txt | 6 +-
docs/internals/contributing/committing-code.txt | 2 +-
docs/internals/contributing/index.txt | 2 +-
.../writing-code/submitting-patches.txt | 2 +-
.../contributing/writing-documentation.txt | 9 ---
docs/intro/contributing.txt | 3 +-
docs/intro/overview.txt | 16 ++---
docs/intro/reusable-apps.txt | 6 +-
docs/intro/tutorial01.txt | 15 ++--
docs/intro/tutorial05.txt | 24 +++----
docs/intro/whatsnext.txt | 2 +-
docs/ref/class-based-views/base.txt | 6 +-
docs/ref/contrib/admin/index.txt | 33 +++++----
docs/ref/contrib/contenttypes.txt | 37 ++++------
docs/ref/contrib/gis/db-api.txt | 4 +-
docs/ref/contrib/gis/layermapping.txt | 2 +-
docs/ref/contrib/gis/tutorial.txt | 11 +--
docs/ref/contrib/index.txt | 8 +--
docs/ref/contrib/messages.txt | 9 +--
docs/ref/contrib/sites.txt | 10 ++-
docs/ref/csrf.txt | 40 +++++------
docs/ref/django-admin.txt | 9 +++
docs/ref/files/file.txt | 11 +++
docs/ref/forms/fields.txt | 23 ++++--
docs/ref/forms/widgets.txt | 10 ++-
docs/ref/models/expressions.txt | 5 +-
docs/ref/models/fields.txt | 50 ++++++++++---
docs/ref/models/instances.txt | 28 ++++----
docs/ref/models/querysets.txt | 30 +++++---
docs/ref/models/relations.txt | 5 +-
docs/ref/request-response.txt | 24 +++----
docs/ref/settings.txt | 27 +++----
docs/ref/templates/builtins.txt | 7 +-
docs/ref/utils.txt | 41 ++++++-----
docs/ref/views.txt | 6 +-
docs/releases/1.0.txt | 2 +-
docs/releases/1.1.txt | 9 ++-
docs/releases/1.2.txt | 18 ++---
docs/releases/1.3.txt | 32 +++------
docs/releases/1.4.txt | 28 ++++----
docs/releases/1.5.txt | 24 +++----
docs/releases/1.6.txt | 24 +++----
docs/releases/1.7.txt | 22 +++---
docs/releases/1.8.txt | 24 +++----
docs/releases/1.9.7.txt | 31 ++++++++
docs/releases/1.9.txt | 20 +++---
docs/releases/index.txt | 1 +
docs/topics/auth/customizing.txt | 11 +--
docs/topics/auth/default.txt | 8 ++-
docs/topics/cache.txt | 84 +++++++++-------------
docs/topics/conditional-view-processing.txt | 12 ++--
docs/topics/db/aggregation.txt | 1 +
docs/topics/db/examples/one_to_one.txt | 1 -
docs/topics/db/models.txt | 28 +++++++-
docs/topics/db/queries.txt | 19 +++--
docs/topics/email.txt | 66 ++++++++++++-----
docs/topics/files.txt | 5 +-
docs/topics/forms/modelforms.txt | 29 +++++---
docs/topics/http/file-uploads.txt | 51 ++++++++++++-
docs/topics/http/sessions.txt | 12 ----
docs/topics/http/shortcuts.txt | 8 +--
docs/topics/http/urls.txt | 2 +-
docs/topics/i18n/timezones.txt | 5 +-
docs/topics/i18n/translation.txt | 13 ++--
docs/topics/logging.txt | 15 ++--
docs/topics/python3.txt | 8 +--
docs/topics/serialization.txt | 6 +-
docs/topics/settings.txt | 4 +-
docs/topics/testing/overview.txt | 2 +-
docs/topics/testing/tools.txt | 16 +++--
tests/admin_views/tests.py | 17 ++++-
tests/auth_tests/test_forms.py | 18 +++++
tests/dbshell/test_postgresql_psycopg2.py | 48 ++++++-------
tests/gis_tests/test_geoip.py | 2 +-
tests/i18n/test_extraction.py | 4 +-
tests/one_to_one/models.py | 6 +-
tests/one_to_one/tests.py | 10 ++-
tests/postgres_tests/test_hstore.py | 7 ++
tests/schema/tests.py | 2 +-
tests/template_tests/test_loaders.py | 10 +++
tests/transaction_hooks/tests.py | 14 ++++
115 files changed, 856 insertions(+), 602 deletions(-)
diff --cc debian/.git-dpm
index 9b6c725,0000000..59c56b4
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,11 -1,0 +1,11 @@@
+# see git-dpm(1) from git-dpm package
- 69a435475610422a03e78d2021aee1acf4d8388e
- 69a435475610422a03e78d2021aee1acf4d8388e
- 791b18a472adb4f71042d8fd08a6ed560e2c454e
++550694a2186bb09ebdeac0c14ee50c636ef0f763
++550694a2186bb09ebdeac0c14ee50c636ef0f763
++3ed79eadd5daa9e988aa7210d493692927b11b49
+3ed79eadd5daa9e988aa7210d493692927b11b49
+python-django_1.9.7.orig.tar.gz
+ea27c185acaf9ea39c692beca4c07ecf8974e72e
+7442680
+debianTag="debian/%e%v"
+patchedTag="debian/patches/%e%v"
+upstreamTag="upstream/%e%u"
diff --cc debian/changelog
index 6eac146,0000000..ea43447
mode 100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,1257 -1,0 +1,1258 @@@
- python-django (1.9.6-2) UNRELEASED; urgency=medium
++python-django (1.9.7-1) UNRELEASED; urgency=medium
+
+ [ Raphaël Hertzog ]
++ * New upstream bugfix release.
+ * Bump python-sphinx build dependency to >= 1.3. Closes: #824108
+ * Drop build dependency on locales. C.UTF-8 that we currently use is part of
+ libc-bin.
+
+ [ Chris Lamb ]
+ * Remove duplicated "of of" in python-django's README.Debian.
+
- -- Raphaël Hertzog <hertzog at debian.org> Fri, 13 May 2016 10:06:39 +0200
++ -- Raphaël Hertzog <hertzog at debian.org> Tue, 14 Jun 2016 00:03:22 +0200
+
+python-django (1.9.6-1) unstable; urgency=medium
+
+ * New upstream bugfix release.
+
+ -- Chris Lamb <lamby at debian.org> Sat, 07 May 2016 07:01:17 +0100
+
+python-django (1.9.5-2) unstable; urgency=medium
+
+ * Drop the dir_to_symlink transition that was only really needed
+ for upgrades between versions 1.9~rc2 and 1.9.4. Closes: #821789
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 20 Apr 2016 17:47:05 +0200
+
+python-django (1.9.5-1) unstable; urgency=medium
+
+ * New upstream bugfix release:
+ https://docs.djangoproject.com/en/1.9/releases/1.9.5/
+ * Fix the DEP-8 test suite (django-admin --with python3 failing
+ because ./manage.py does not have a good shebang).
+ * Update Standards-Version to 3.9.8.
+ * Add some lintian overrides.
+ * Tweak Vcs-Browser to use https.
+ * Drop obsolete parts of the copyright file.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 06 Apr 2016 18:05:42 +0200
+
+python-django (1.9.4-1) unstable; urgency=high
+
+ [ Luke Faraone ]
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
+ - CVE-2016-2512: Malicious redirect and possible XSS via user-supplied
+ redirect URLs containing basic auth
+ - CVE-2016-2513: User enumeration through timing difference on password
+ hasher work factor upgrade
+ Closes: #816434
+
+ [ Raphaël Hertzog ]
+ * Fix rules file to no longer mess with *_templates directories. They no
+ longer contain invalid .py files but only *-tpl template files that are
+ instantiated at runtime.
+
+ -- Luke Faraone <lfaraone at debian.org> Mon, 07 Mar 2016 17:09:54 +0000
+
+python-django (1.9.2-1) unstable; urgency=medium
+
+ * New upstream security release fixing:
+ - CVE-2016-2048: User with "change" but not "add" permission can create
+ objects for ModelAdmin objects with save_as=True
+ Closes: #813448
+
+ -- Raphaël Hertzog <hertzog at debian.org> Tue, 02 Feb 2016 09:06:46 +0100
+
+python-django (1.9.1-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Chris Lamb <lamby at debian.org> Mon, 04 Jan 2016 17:51:40 +0000
+
+python-django (1.9-2) unstable; urgency=medium
+
+ [ Chris Lamb ]
+ * Use dpkg-maintscript-helper's dir_to_symlink to correctly replace the
+ app_template and project_template symlinks added in 1.9~rc2-2.
+ (Closes: #807683)
+
+ [ Raphaël Hertzog ]
+ * Add some DEP-8 tests testing "django-admin" and running the test suite
+ against the installed package. In both cases, we do it with python2 and
+ python3.
+ * Add python-tblib and python3-tblib to Build-Depends for the benefit of
+ the parallel testing feature of the test suite.
+ * Add "set -e" in the command line running the tests with all supported
+ versions so that it actually fails as soon as one version is failing
+ (and thus disallow later successes to shadow earlier failures).
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 30 Dec 2015 16:44:04 +0100
+
+python-django (1.9-1) unstable; urgency=medium
+
+ * Upload to unstable
+ * Adjust uversionmangle in debian/watch to mangle "1.9rc2" scheme
+ (previously only "1.9-rc-2" would have matched).
+
+ -- Chris Lamb <lamby at debian.org> Thu, 03 Dec 2015 16:48:30 +0200
+
+python-django (1.9~rc2-2) experimental; urgency=medium
+
+ * Move {app,project}_template to python-django-common to prevent
+ byte-compilation (via pycompile) on installation, causing failure. They are
+ not valid Python files until variables have been interpolated.
+
+ -- Chris Lamb <lamby at debian.org> Thu, 26 Nov 2015 14:53:11 +0200
+
+python-django (1.9~rc2-1) experimental; urgency=medium
+
+ * New upstream release candidate.
+ * Add myself to Uploaders.
+
+ -- Chris Lamb <lamby at debian.org> Thu, 26 Nov 2015 10:14:15 +0200
+
+python-django (1.8.7-2) unstable; urgency=high
+
+ * Rely on C.UTF-8 to run the tests instead of building our locale ourselves.
+ * Add debian/patches/fix-25761-add-traceback-attribute.patch:
+ new patch to ensure exceptions registered in __cause__ attributes
+ have a __traceback__ attribute. Closes: #802677
+ * Extend lintian overrides to cover more false positives of
+ source-is-missing.
+ * Cleanup debian/copyright for dropped/renamed files.
+ * Run tests for all supported Python versions.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 25 Nov 2015 16:16:10 +0100
+
+python-django (1.8.7-1) unstable; urgency=high
+
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
+ It fixes:
+ - CVE-2015-8213: settings leak possibility in date template filter
+
+ -- Luke Faraone <lfaraone at debian.org> Wed, 25 Nov 2015 04:24:27 +0000
+
+python-django (1.8.6-1) unstable; urgency=medium
+
+ * New upstream bugfix release.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Sun, 15 Nov 2015 18:29:11 +0100
+
+python-django (1.8.5-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 02 Nov 2015 15:56:10 +0100
+
+python-django (1.8.5-1) experimental; urgency=medium
+
+ * New upstream bugfix release:
+ https://www.djangoproject.com/weblog/2015/oct/03/bugfix-release-issued/
+
+ -- Raphaël Hertzog <hertzog at debian.org> Tue, 13 Oct 2015 11:37:24 +0200
+
+python-django (1.8.4-1) experimental; urgency=medium
+
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
+ It fixes:
+ - CVE-2015-5964: possible denial-of-service in logout() view
+ * Update debian/copyright to copyright-format 1.0.
+
+ -- Luke Faraone <lfaraone at debian.org> Wed, 19 Aug 2015 03:55:47 +0000
+
+python-django (1.8.3-1) experimental; urgency=medium
+
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
+ It fixes:
+ - CVE-2015-5143: possible denial-of-service by filling session store
+ - CVE-2015-5144: possible header injection since validators accept
+ newlines in input
+ - CVE-2015-5145: possible denial-of-service in URL validation
+ * Drop fix-assertRaisesMessage.patch and
+ fix-test-extended-length-storage.patch which have been merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Thu, 09 Jul 2015 01:53:02 +0200
+
+python-django (1.8.2-1) experimental; urgency=medium
+
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2015/may/20/security-release/
+ * Install bash completion file into /usr/share/bash-completion/completions/
+
+ -- Raphaël Hertzog <hertzog at debian.org> Thu, 21 May 2015 15:59:36 +0200
+
+python-django (1.8.1-1) experimental; urgency=medium
+
+ * New major upstream release:
+ https://docs.djangoproject.com/en/1.8/releases/1.8/
+ https://docs.djangoproject.com/en/1.8/releases/1.8.1/
+ * Refresh all patches.
+ * Drop 03_manpage.diff, merged upstream.
+ * Clean up rules since we can use the pristine docs directory, now
+ that they refer to django-admin and not django-admin.py
+ * Add jinja2 and mock as build dependencies required by the test
+ suite.
+ * Add fix-assertRaisesMessage.patch to make the package build with
+ python 2.7.10~rc1 which is affected by
+ https://bugs.python.org/issue24134
+ * Add fix-test-extended-length-storage.patch to make the package build
+ even when AUFS is in use (and when the max length of a filename is
+ shorter than usual).
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 20 May 2015 09:54:47 +0200
+
+python-django (1.7.10-1) unstable; urgency=medium
+
+ * Fix Python 3.5 HTMLParseError issue. Closes: #800137.
+ * New upstream version. Fixes CVE-2015-5963, CVE-2015-5964. Closes: #796104.
+ * Add numpy 1.9 support. Closes: #801554.
+
+ -- Brian May <bam at debian.org> Mon, 12 Oct 2015 12:59:43 +1100
+
+python-django (1.7.9-1) unstable; urgency=medium
+
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
+ It fixes:
+ - CVE-2015-5143: possible denial-of-service by filling session store
+ - CVE-2015-5144: possible header injection since validators accept
+ newlines in input
+
+ -- Raphaël Hertzog <hertzog at debian.org> Thu, 09 Jul 2015 01:33:31 +0200
+
+python-django (1.7.7-1) unstable; urgency=high
+
+ * New upstream security and bugfix release:
+ https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
+ It fixes:
+ - CVE-2015-2317: possible XSS attack via user-supplied redirect URLs
+ Closes: #780873
+ - CVE-2015-2316: Denial-of-service possibility with strip_tags()
+ Closes: #780874
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 23 Mar 2015 20:41:13 +0100
+
+python-django (1.7.6-1) unstable; urgency=high
+
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
+ * Fixes CVE-2015-2241: XSS attack via properties in
+ ModelAdmin.readonly_fields
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 09 Mar 2015 21:40:34 +0100
+
+python-django (1.7.5-1) unstable; urgency=medium
+
+ [ Chris Lamb ]
+ * Remove myself from Uploaders.
+
+ [ Raphaël Hertzog ]
+ * New upstream bugfix release:
+ https://docs.djangoproject.com/en/1.7/releases/1.7.5/
+
+ -- Raphaël Hertzog <hertzog at debian.org> Fri, 06 Mar 2015 21:13:54 +0100
+
+python-django (1.7.4-1) unstable; urgency=medium
+
+ * Release to unstable and hopefully to Jessie too.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 09 Feb 2015 10:39:15 +0100
+
+python-django (1.7.4-1~exp1) experimental; urgency=medium
+
+ * New upstream bugfix release.
+ * Drop fix-24193-python34-test-failure.diff, merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 28 Jan 2015 09:38:24 +0100
+
+python-django (1.7.3-1~exp1) experimental; urgency=high
+
+ [ Luke Faraone ]
+ * New upstream security release.
+ - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219)
+ - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220)
+ - DoS attack against django.views.static.serve (CVE-2015-0221)
+ - Database DoS with ModelMultipleChoiceField (CVE-2015-0222)
+ Closes: #775375
+
+ [ Raphaël Hertzog ]
+ * Add patch fix-24193-python34-test-failure.diff to fix a test failure with
+ Python3.4.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 21 Jan 2015 09:56:19 +0100
+
+python-django (1.7.2-1) experimental; urgency=medium
+
+ [ Raphaël Hertzog ]
+ * Add geoip-database-extra as an alternative to geoip-database-contrib.
+
+ [ Brian May ]
+ * New upstream version.
+
+ -- Brian May <bam at debian.org> Mon, 05 Jan 2015 13:57:16 +1100
+
+python-django (1.7.1-1) unstable; urgency=medium
+
+ [ Raphaël Hertzog ]
+ * New upstream bugfix release.
+ * Drop 01_fix_test_loaddata_not_existant_fixture_file.patch, merged
+ upstream.
+ * Update Standards-Version to 3.9.6.
+ * Add lintian overrides for package-contains-timestamped-gzip (false
+ positive).
+
+ [ Brian May ]
+ * Fix django-admin wrapper to not even consider using python 2.6 as
+ that version is unsupported with Django 1.7.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 27 Oct 2014 16:37:41 +0100
+
+python-django (1.7-3) unstable; urgency=medium
+
+ * Add 01_fix_test_loaddata_not_existant_fixture_file.patch
+ to fix FTBFS with Python 3.4.2. Closes: #765117
+ * Improve migrate-south script to look for Python files in the current dir.
+ ./manage.py implicitely has the current directory but when we use
+ django-admin it's not the case. Thanks to Uwe Kleine-Koenig for the
+ report.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 15 Oct 2014 10:45:27 +0200
+
+python-django (1.7-2) unstable; urgency=medium
+
+ * Release to unstable.
+ * Add a migrate-south sample script to help users apply their South
+ migrations. Thanks to Brian May.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 17 Sep 2014 14:15:11 +0200
+
+python-django (1.7-1) experimental; urgency=medium
+
+ * New major upstream release.
+ * Add a NEWS file to document the incompatibility with South.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 08 Sep 2014 10:19:12 +0200
+
+python-django (1.7~c3-1) experimental; urgency=medium
+
+ * New upstream release candidate with security fixes:
+ https://www.djangoproject.com/weblog/2014/aug/20/security/
+
+ -- Raphaël Hertzog <hertzog at debian.org> Fri, 22 Aug 2014 22:50:32 +0200
+
+python-django (1.7~c2-2) experimental; urgency=medium
+
+ * Merge changes from 1.6.5-4:
+ * Don't output stuff to stdout in django-admin. Closes: #757145
+ * Update Vcs-* fields since the packaging repository moved to git.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Fri, 08 Aug 2014 14:26:47 +0200
+
+python-django (1.7~c2-1) experimental; urgency=medium
+
+ * New upstream release candidate.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 30 Jul 2014 20:47:10 +0200
+
+python-django (1.7~c1+20140722-2) experimental; urgency=medium
+
+ * Move django-admin manual page in python-django-common. Bump version
+ constraint in Breaks/Replaces accordingly.
+ * Drop conflicting django-admin in python-django and python3-django that
+ were not removed as usual because upstream stopped installing them as
+ django-admin.py.
+ * Drop extra license files.
+ * Fix shebang lines in python3-django.
+ * Drop empty left-over /usr/bin directories in python-django/python3-django.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Tue, 22 Jul 2014 23:29:30 +0200
+
+python-django (1.7~c1+20140722-1) experimental; urgency=medium
+
+ * New upstream release candidate. We want this version in jessie so we
+ should prepare now.
+ * Snapshot tarball generated with "python setup.py sdist" after having
+ applied fix submitted in https://code.djangoproject.com/ticket/23072
+ * Added python-sqlparse, python-tz to Recommends
+ * Added other optional dependencies (python-memcache, python-pil,
+ python-bcrypt) to Suggests
+ * Add all those dependencies in Build-Depends for the benefit of the
+ test suite.
+ * Run the test suite for python2 and python3.
+ * Differentiate descriptions of python2 and python3 packages.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 21 Jul 2014 21:57:07 +0200
+
+python-django (1.6.6-1) unstable; urgency=high
+
+ * New upstream security release.
+ - reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
+ - file upload denial of service (CVE-2014-0481)
+ - RemoteUserMiddleware session hijacking (CVE-2014-0482)
+ - data leakage via querystring manipulation in admin (CVE-2014-0483)
+
+ [ Brian May ]
+ * Don't output stuff to stdout in django-admin. Closes: #757145
+
+ [ Raphaël Hertzog ]
+ * Update Vcs-* fields since the packaging repository moved to git.
+
+ -- Luke Faraone <lfaraone at debian.org> Wed, 20 Aug 2014 19:30:21 -0700
+
+python-django (1.6.5-3) unstable; urgency=low
+
+ * Replace django-admin with script that can be run as python and shell.
+
+ This means we can autodetect which python version to use when run as
+ shell, while maintaining compatability with processes that try to run it
+ with a specific python version.
+
+ e.g. See bugs #755341 and #755321.
+
+ -- Brian May <bam at debian.org> Mon, 21 Jul 2014 10:18:39 +1000
+
+python-django (1.6.5-2) unstable; urgency=low
+
+ * python3-django package. Closes: #736878.
+
+ -- Brian May <bam at debian.org> Tue, 24 Jun 2014 10:51:47 +1000
+
+python-django (1.6.5-1) unstable; urgency=high
+
+ * New upstream security release.
+ - Caches may be allowed to store and serve private data (CVE-2014-1418)
+ - Malformed URLs from user input incorrectly validated
+ * Drop partial_functions_reverse.patch (merged upstream).
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 14 May 2014 22:49:59 +0200
+
+python-django (1.6.3-2) unstable; urgency=high
+
+ * Fix regression of reverse() and partial views. (LP: #1311433)
+ Thanks Preston Timmons.
+
+ -- Luke Faraone <lfaraone at debian.org> Tue, 22 Apr 2014 20:44:18 -0700
+
+python-django (1.6.3-1) unstable; urgency=high
+
+ * New upstream security release.
+ - Unexpected code execution using ``reverse()``
+ - CVE-2014-0472
+ - Caching of anonymous pages could reveal CSRF token
+ - CVE-2014-0473
+ - MySQL typecasting could result in unexpected matches
+ - CVE-2014-0474
+ * Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
+ upstream
+
+ -- Luke Faraone <lfaraone at debian.org> Mon, 21 Apr 2014 16:47:14 -0700
+
+python-django (1.6.1-2) unstable; urgency=medium
+
+ * Team upload.
+ * d/patches/ticket21869.diff: Cherry pick upstream fix for building
+ documentation against Sphinx 1.2.1.
+
+ -- Barry Warsaw <barry at debian.org> Wed, 29 Jan 2014 18:37:51 +0000
+
+python-django (1.6.1-1) unstable; urgency=medium
+
+ * New upstream version.
+ * Fix broken encoding in translations attribution. (Closes: #729194)
+
+ -- Luke Faraone <lfaraone at debian.org> Thu, 12 Dec 2013 15:46:01 -0500
+
+python-django (1.6-1) unstable; urgency=low
+
+ * New upstream version. Closes: #557474, #724637.
+ * python-django now also suggests the installation of ipython,
+ bpython, python-django-doc, and libgdal1.
+ Closes: #636511, #686333, #704203
+ * Set package maintainer to Debian Python Modules Team.
+ * Bump standards version to 3.9.5, no changes needed.
+
+ -- Luke Faraone <lfaraone at debian.org> Thu, 07 Nov 2013 15:33:49 -0500
+
+python-django (1.5.4-1) unstable; urgency=high
+
+ * New upstream security release. Fixes CVE-2013-1443. Closes: #723043.
+ https://www.djangoproject.com/weblog/2013/sep/15/security/
+ - Denial-of-service via large passwords. CVE-2013-1443
+
+ -- Luke Faraone <lfaraone at debian.org> Sun, 15 Sep 2013 15:50:10 -0400
+
+python-django (1.5.3-1) unstable; urgency=high
+
+ * New upstream security release. Fixes CVE-2013-4315. Closes: #722605
+ https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/
+ - Directory traversal with ssi template tag
+ * Update doc-base file to drop some removed directory in the HTML doc.
+ * Update Standards-Version to 3.9.4.
+ * Bump debhelper compat level to 9.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Fri, 13 Sep 2013 00:05:19 +0200
+
+python-django (1.5.2-1) unstable; urgency=high
+
+ * New upstream security release.
+ https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
+ - Cross-site scripting (XSS) in admin interface
+ - Possible XSS via is_safe_url
+
+ -- Luke Faraone <lfaraone at debian.org> Tue, 13 Aug 2013 16:49:39 -0400
+
+python-django (1.5.1-2) unstable; urgency=low
+
+ [ Jakub Wilk ]
+ * Use canonical URIs for Vcs-* fields.
+
+ [ Luke Faraone ]
+ * Upload to unstable.
+
+ -- Luke Faraone <lfaraone at debian.org> Thu, 09 May 2013 15:10:47 -0400
+
+python-django (1.5.1-1) experimental; urgency=low
+
+ * New upstream release.
+ * Add self to uploaders field.
+
+ -- Luke Faraone <lfaraone at debian.org> Thu, 28 Mar 2013 17:17:10 -0400
+
+python-django (1.5-1) experimental; urgency=low
+
+ * New upstream release. Closes: #646634, #663230, #436983
+
+ -- Luke Faraone <lfaraone at debian.org> Fri, 22 Mar 2013 17:52:30 -0400
+
+python-django (1.4.5-1) unstable; urgency=high
+
+ * New upstream maintenance release dropping some undesired .pyc files
+ and fixing a documentation link.
+ * High urgency due to former security updates.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Sun, 24 Feb 2013 10:28:08 +0100
+
+python-django (1.4.4-1) unstable; urgency=low
+
+ * New upstream security and maintenance release. Closes: #701186
+ https://www.djangoproject.com/weblog/2013/feb/19/security/
+ Fixes mulptiple security issues:
+ - Further fixes for Host header poisoning. CVE-2012-4520
+ - XML attacks via entity expansion. CVE-2013-1665
+ - Data leakage via admin history log. CVE-2013-0305
+ - Formset denial-of-service. CVE-2013-0306
+ * Add gettext to Suggests since it's required for django-admin
+ compilemessages / makemessages. Closes: #700483
+
+ -- Raphaël Hertzog <hertzog at debian.org> Sat, 23 Feb 2013 09:33:13 +0100
+
+python-django (1.4.3-1) unstable; urgency=high
+
+ * New upstream security and maintenance release. Closes: #696535
+ https://www.djangoproject.com/weblog/2012/dec/10/security/
+ * Drop debian/patches/01_fix-self-tests.diff, merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 26 Dec 2012 15:49:32 +0100
+
+python-django (1.4.2-2) unstable; urgency=low
+
+ * Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py.
+ Add upstream patch debian/patches/01_fix-self-tests.diff.
+ Thanks to Jamie Strandboge <jamie at ubuntu.com> for the report.
+ Closes: #693752 LP: #1080204
+
+ -- Raphaël Hertzog <hertzog at debian.org> Tue, 20 Nov 2012 08:28:37 +0100
+
+python-django (1.4.2-1) unstable; urgency=high
+
+ * New upstream security and maintenance release. Closes: #691145
+ Fixes: CVE-2012-4520
+ * Drop 01_use_stdlib_htmlparser_when_possible.diff which has been
+ merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 22 Oct 2012 10:53:30 +0200
+
+python-django (1.4.1-2) unstable; urgency=low
+
+ * New patch 01_use_stdlib_htmlparser_when_possible.diff to not override
+ Python stdlib's HTMLParser with Python versions which are unaffected by
+ http://bugs.python.org/issue670664 Closes: #683648
+ Thanks to David Watson <david at planetwatson.co.uk> for the patch.
+ * Update the above patch to use the version committed upstream (commit
+ 57d9ccc).
+
+ -- Raphaël Hertzog <hertzog at debian.org> Tue, 21 Aug 2012 08:42:10 +0200
+
+python-django (1.4.1-1) unstable; urgency=low
+
+ * New upstream security and maintenance release. Closes: #683364
+ Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444
+ * Drop 01_disable_broken_test.diff and 04_hyphen-manpage.diff which
+ have been merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Thu, 02 Aug 2012 10:44:02 +0200
+
+python-django (1.4-1) unstable; urgency=low
+
+ * New upstream release. Closes: #666003
+ * Fix watch file to correctly extract the version number from the URL.
+ * Updated Standards-Version to 3.9.3 (no change needed).
+ * Drop 01_disable_url_verify_regression_tests.diff since upstream test
+ suite has been modified to work even without internet connection.
+ * Update 04_hyphen-manpage.diff to apply again.
+ * Drop 05_fix_djangodocs_sphinx_ext.diff which has been merged
+ upstream.
+ * Update 06_use_debian_geoip_database_as_default.diff to apply on
+ renamed file.
+ * Drop 07_fix_for_sphinx1.1.2.diff merged upstream.
+ * Drop 08_fix_test_week_view_allow_future.diff, merged upstream.
+ * Add 01_disable_broken_test.diff to disable a test that fails with
+ the current python 2.7 version in Debian.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Sat, 31 Mar 2012 14:48:00 +0200
+
+python-django (1.3.1-4) unstable; urgency=medium
+
+ * Add 08_fix_test_week_view_allow_future.diff to fix a regression test that
+ only worked in 2011. Closes: #655666
+
+ -- Raphaël Hertzog <hertzog at debian.org> Tue, 17 Jan 2012 08:55:58 +0100
+
+python-django (1.3.1-3) unstable; urgency=low
+
+ * Add 06_use_debian_geoip_database_as_default.diff to use the default
+ location of the GeoIP database used by the Debian package
+ geoip-database-contrib. Closes: #645094
+ Add this package to suggests. Thanks to Tapio Rantala
+ <tapio.rantala at iki.fi> for the patch.
+ * Bump build-dep on python-sphinx to 1.0.8 to ensure we have a version
+ where #641710 is fixed. Closes: #647134
+ * Add 07_fix_for_sphinx1.1.2.diff to fix build with Sphinx 1.1.2. Thanks to
+ Jakub Wilk for the advance warning. Closes: #649624
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 28 Nov 2011 09:03:13 +0100
+
+python-django (1.3.1-2) unstable; urgency=low
+
+ * Update Build-Depends on locales to included a version requirement
+ so that locales-all cannot satisfy it with its Provides: locales.
+ Thanks to Jakub Wilk for the suggestion.
+ * Enable 02_disable-sources-in-sphinxdoc.diff since #641710 has been
+ fixed.
+ * Add 05_fix_djangodocs_sphinx_ext.diff to support Sphinx 1.0.8.
+ Closes: #643758
+
+ -- Raphaël Hertzog <hertzog at debian.org> Wed, 12 Oct 2011 08:45:26 +0200
+
+python-django (1.3.1-1) unstable; urgency=low
+
+ * New upstream release. It includes security updates described here:
+ https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
+ Closes: #641405
+ * Update 01_disable_url_verify_regression_tests.diff and merge
+ 07_disable_url_verify_model_tests.diff into it.
+ * Update patch headers to conform to DEP-3.
+ * Apply patch from Steve Langasek to dynamically build the UTF-8
+ locale required by the test-suite instead of build-depending on
+ locales-all. Closes: #630421
+ * Use "dh --with sphinxdoc" to clean up the Sphinx generated documentation
+ and avoid the embedded-javascript-library lintian warning. Build-Depends
+ on python-sphinx >= 1.0.7+dfsg-1 for this and also add
+ ${sphinxdoc:Depends} to python-django-doc Depends field.
+ * Cleanup build-dependencies now that even oldstable has python 2.5.
+ * Switch to dh_python2 as python helper tool. Drop legacy files
+ debian/pyversions and debian/pycompat.
+ * New patch 02_disable-sources-in-sphinxdoc.diff to not generate
+ the _sources directory that we used to remove manually within the rules
+ file. But must be kept disabled until #641710 is fixed.
+ * Properly support DEB_BUILD_OPTIONS=nocheck despite the override
+ of dh_auto_test.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Thu, 15 Sep 2011 12:43:51 +0200
+
+python-django (1.3-2) unstable; urgency=low
+
+ * Team upload.
+
+ [ Chris Lamb ]
+ * Don't remove "backup~" test file - upstream did ship it; we were just
+ removing it with dh_clean.
+
+ [ Piotr Ożarowski ]
+ * Fix builds with non-default Python versions installed
+ * Bump Standards-Version to 3.9.2 (no changes needed)
+
+ -- Piotr Ożarowski <piotr at debian.org> Mon, 02 May 2011 22:23:37 +0200
+
+python-django (1.3-1) unstable; urgency=low
+
+ * New upstream release.
+ - Update 01_disable_url_verify_regression_tests.diff.
+ - Update 07_disable_url_verify_model_tests.diff.
+ - Merge patch from Krzysztof Klimonda to disable more network access tests.
+ (Closes: #598674)
+ * Add workaround for missing "backup~" file in release tarball. See
+ <http://code.djangoproject.com/ticket/15677>.
+
+ -- Chris Lamb <lamby at debian.org> Thu, 24 Mar 2011 15:04:53 +0000
+
+python-django (1.2.5-1) unstable; urgency=low
+
+ * New upstream release.
+ * Do not compress objects.inv used by Sphinx generated documentation.
+ Thanks to Michael Fladischer for the report. Closes: #608769
+
+ -- Raphaël Hertzog <hertzog at debian.org> Sat, 12 Feb 2011 08:59:33 +0100
+
+python-django (1.2.4-1) unstable; urgency=high
+
+ * New bugfix-only upstream release. It includes security fixes.
+ http://www.djangoproject.com/weblog/2010/dec/22/security/
+ * Drop patches merged upstream:
+ - debian/patches/05_fix_regression_tests.diff
+ - debian/patches/06_fix_regression_tests.diff
+ * Update 01_disable_url_verify_regression_tests.diff to cope with the
+ updated regressions tests.
+ * Update 03_manpage.diff and 04_hyphen-manpage.diff to cope with changes in
+ the manual page.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Fri, 31 Dec 2010 11:40:28 +0100
+
+python-django (1.2.3-2) unstable; urgency=low
+
+ * Team upload.
+ * Disable model tests that require an internet connection.
+ Closes: #601070
+ * Include python.mk conditionally as explained in its header.
+ Helps backports to Lenny which has no python.mk.
+ Closes: #601608
+
+ -- Evgeni Golov <evgeni at debian.org> Thu, 28 Oct 2010 12:37:15 +0200
+
+python-django (1.2.3-1) unstable; urgency=low
+
+ [ Krzysztof Klimonda ]
+ * New upstream release. Closes: #596893 LP: #636482
+ * Fixes both a XSS vulnerability introduced in 1.2 series and
+ the regressions caused by 1.2.2 release. Closes: #596205
+ * debian/control:
+ - depend on language packs for en_US.utf8 locales required for unit tests.
+ * debian/rules:
+ - re-enable build time tests.
+ - set LC_ALL to en_US.utf8 for test suite.
+ * debian/patches/series:
+ - two new patches: 05_fix_regression_tests.diff and
+ 06_fix_regression_tests.diff backported from 1.2.x branch to fix
+ test suite failures.
+
+ [ Raphaël Hertzog ]
+ * Update Standards-Version to 3.9.1.
+ * Drop "--with quilt" and quilt build-dependency since the package is
+ already using source format "3.0 (quilt)".
+
+ -- Raphaël Hertzog <hertzog at debian.org> Sat, 18 Sep 2010 19:37:03 +0200
+
+python-django (1.2.1-1) unstable; urgency=low
+
+ * New upstream bugfix release.
+
+ -- Chris Lamb <lamby at debian.org> Mon, 24 May 2010 22:44:32 +0100
+
+python-django (1.2-1) unstable; urgency=low
+
+ * New upstream stable release.
+
+ -- Chris Lamb <lamby at debian.org> Fri, 21 May 2010 07:52:55 +0100
+
+python-django (1.2~rc1-1) experimental; urgency=low
+
+ * New upstream release candidate.
+ * Remove "02-embedded_code_copies.diff" - not needed anymore.
+ * Refresh "01_disable_url_verify_regression_tests.diff".
+ * Refresh "04_hyphen-manpage.diff".
+ * Temporarily disable test runner due to failing date-related tests.
+
+ -- Chris Lamb <lamby at debian.org> Thu, 06 May 2010 10:25:10 +0100
+
+python-django (1.2~beta1-1) experimental; urgency=low
+
+ * New upstream development release.
+ * Switch to dpkg-source 3.0 (quilt) format
+ * Bump Standards-Version to 3.8.4.
+ * Remove "0.96 -> 1.x" NEWS entry.
+ * jQuery added to admin system upstream:
+ - Add libjs-jquery to python-django's Recommends
+ - Use symlinks so we use the version from libjs-query over an embedded code
+ copy.
+
+ -- Chris Lamb <lamby at debian.org> Tue, 09 Feb 2010 13:47:34 +0000
+
+python-django (1.2~alpha1-1) experimental; urgency=low
+
+ * New upstream development release:
+
+ This is the first in a series of preview/development releases leading up
+ to the eventual release of Django 1.2, currently scheduled to take place
+ in March 2010.
+
+ <http://docs.djangoproject.com/en/dev//releases/1.2-alpha-1/>
+
+ * Update "01_disable_url_verify_regression_tests.diff" - tests now use the
+ unittest module instead of doctests.
+ * Update "02-embedded_code_copies.diff".
+ * Remove "05_ftbfs_in_november.diff" - applied upstream.
+ * Remove "06_python_2.6.3_regression.diff" - applied upstream.
+ * Update dh_auto_test - database engine is set differently in 1.2.
+ * Remove useless ._DS_Store files.
+
+ -- Chris Lamb <lamby at debian.org> Wed, 06 Jan 2010 14:34:37 +0000
+
+python-django (1.1.1-2) unstable; urgency=low
+
+ * Remove embedded "decimal" code copy and use system version instead. The
+ "doctest" code copy cannot be removed as parts of Django depend on modified
+ behaviour. (Closes: #555419)
+ * Fix FTBFS in November by applying patch from upstream bug #12125.
+ (Closes: #555931)
+ * Fix FTBFS under Python 2.6.3 by applying patch from upstream bug #11993.
+ (Closes: #555969)
+
+ -- Chris Lamb <lamby at debian.org> Tue, 01 Dec 2009 23:46:22 +0000
+
+python-django (1.1.1-1) unstable; urgency=high
+
+ * New upstream security release - fixes pathological regular expression
+ backtracking performance in URL and email fields which can be used as part
+ of a denial of service attack.
+ * Set Maintainer: to myself with thanks to Brett Parker.
+ * Bump versioned build dependency on quilt to help backporters.
+ (Closes: #547955)
+
+ -- Chris Lamb <lamby at debian.org> Sat, 10 Oct 2009 10:17:52 +0100
+
+python-django (1.1-4) unstable; urgency=low
+
+ * Sourceful upload to drop dependency on Python 2.4.
+
+ -- Chris Lamb <lamby at debian.org> Mon, 24 Aug 2009 08:16:11 +0100
+
+python-django (1.1-3) unstable; urgency=low
+
+ * Disable regression tests that require an internet connection. Patch by
+ Krzysztof Klimonda <kklimonda at syntaxhighlighted.com>. (Closes: #542996)
... 619 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-django.git
More information about the Python-modules-commits
mailing list