File python-django.changes of Package python-django

-------------------------------------------------------------------
Wed Sep  3 12:15:52 UTC 2014 - bwiedemann@suse.com

- Update to version 1.5.10:
  + Prevented reverse() from generating URLs pointing to other hosts
    to prevent phishing attacks (bnc#893087, CVE-2014-0480)
  + Removed O(n) algorithm when uploading duplicate file names
    to fix file upload denial of service (bnc#893088, CVE-2014-0481)
  + Modified RemoteUserMiddleware to logout on REMOTE_USE change
    to prevent session hijacking (bnc#893089, CVE-2014-0482)
  + Prevented data leakage in contrib.admin via query string manipulation
    (bnc#893090, CVE-2014-0483)

-------------------------------------------------------------------
Mon May 26 07:22:53 UTC 2014 - bwiedemann@suse.com

- Update to version 1.5.8:
  + Fixed: Caches may incorrectly be allowed to store and serve private data
    (bnc#877993, CVE-2014-1418)
  + Fixed: Malformed redirect URLs from user input not correctly validated
    (bnc#878641, CVE-2014-3730)
  + Fixed queries that may return unexpected results on MySQL
    due to typecasting (bnc#874956, CVE-2014-0474)
  + Prevented leaking the CSRF token through caching
    (bnc#874955, CVE-2014-0473)
  + Fixed a remote code execution vulnerabilty in URL reversing
    (bnc#874950, CVE-2014-0472)
  + Properly rotate CSRF token on login

-------------------------------------------------------------------
Tue Sep 17 12:37:53 UTC 2013 - speilicke@suse.com

- Update to version 1.5.4:
  + Fixed denial-of-service via large passwords
- Changes from version 1.5.3:
  + Fixed directory traversal with ssi template tag

-------------------------------------------------------------------
Wed Aug 14 05:49:54 UTC 2013 - alexandre@exatati.com.br

- Update to 1.5.2:
  - Security release, please check release notes for details:
    https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued

-------------------------------------------------------------------
Thu Mar 28 23:27:01 UTC 2013 - alexandre@exatati.com.br

- Update to 1.5.1:
   - Memory leak fix, please read release announcement at
     https://www.djangoproject.com/weblog/2013/mar/28/django-151.

-------------------------------------------------------------------
Tue Feb 26 19:49:02 UTC 2013 - alexandre@exatati.com.br

- Update to 1.5:
  - Please read the release notes
    https://docs.djangoproject.com/en/1.5/releases/1.5

-------------------------------------------------------------------
Tue Dec 11 12:27:50 UTC 2012 - alexandre@exatati.com.br

- Update to 1.4.3:
  - Security release:
    - Host header poisoning
    - Redirect poisoning
  - Please check release notes for details:
    https://www.djangoproject.com/weblog/2012/dec/10/security

-------------------------------------------------------------------
Sat Oct 20 13:41:10 UTC 2012 - saschpe@suse.de

- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin

-------------------------------------------------------------------
Wed Oct 17 22:51:36 UTC 2012 - alexandre@exatati.com.br

- Update to 1.4.2:
  - Security release:
    - Host header poisoning
  - Please check release notes for details:
    https://www.djangoproject.com/weblog/2012/oct/17/security

-------------------------------------------------------------------
Mon Jul 30 21:38:31 UTC 2012 - alexandre@exatati.com.br

- Update to 1.4.1:
  - Security release:
    - Cross-site scripting in authentication views
    - Denial-of-service in image validation
    - Denial-of-service via get_image_dimensions()
  - Please check release notes for details:
    https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued

-------------------------------------------------------------------
Tue Jun 19 11:27:33 UTC 2012 - saschpe@suse.de

- Add patch to support CSRF_COOKIE_HTTPONLY config

-------------------------------------------------------------------
Fri Mar 23 18:39:40 UTC 2012 - alexandre@exatati.com.br

- Update to 1.4:
  - Please read the release notes
    https://docs.djangoproject.com/en/dev/releases/1.4
- Removed Patch2, it was merged on upstream,

-------------------------------------------------------------------
Thu Nov 24 12:30:40 UTC 2011 - saschpe@suse.de

- Set license to SDPX style (BSD-3-Clause)
- Package AUTHORS, LICENE and README files
- No CFLAGS for noarch package
- Drop runtime dependency on gettext-tools

-------------------------------------------------------------------
Sat Sep 10 12:05:07 UTC 2011 - alexandre@exatati.com.br

- Update to 1.3.1 to fix security issues, please read
  https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued.

-------------------------------------------------------------------
Thu Mar 31 15:09:16 UTC 2011 - alexandre@exatati.com.br

- Fix build on SLES_9.

-------------------------------------------------------------------
Wed Mar 23 11:39:53 UTC 2011 - alexandre@exatati.com.br

- Update to 1.3 final;
- Refresh patch empty-ip-2.diff.

-------------------------------------------------------------------
Fri Mar 18 03:45:45 UTC 2011 - alexandre@exatati.com.br

- Update to 1.3-rc1;
- Regenerated spec file with py2pack;
- No more need to fix wrong line endings;
- Refresh patch empty-ip-2.diff with -p0.

-------------------------------------------------------------------
Thu Mar  3 09:32:52 UTC 2011 - saschpe@suse.de

- Spec file cleanup:
  * Removed empty lines, package authors from description
  * Cleanup duplicates
  * Corrected wrong file endings
  * Added zero-length rpmlint filter
- Added AUTHORS, LICENSE and doc files

-------------------------------------------------------------------
Wed Feb  9 03:37:29 UTC 2011 - alexandre@exatati.com.br

- Update to 1.2.5:
  - This is a security update that fix:
    - Flaw in CSRF handling;
    - Potential XSS in file field rendering.

-------------------------------------------------------------------
Thu Dec 23 10:20:03 UTC 2010 - alexandre@exatati.com.br

- Update to 1.2.4:
  - Information leakage in Django administrative interface;
  - Denial-of-service attack in password-reset mechanism.
- This is a mandatory security update.

-------------------------------------------------------------------
Sat Sep 11 11:46:41 UTC 2010 - alexandre@exatati.com.br

- Update to 1.2.3:
  - The patch applied for the security issue covered in Django
    1.2.2 caused issues with non-ASCII responses using CSRF
    tokens. This has been remedied;
  - The patch also caused issues with some forms, most notably
    the user-editing forms in the Django administrative interface.
    This has been remedied.
  - The packaging manifest did not contain the full list of
    required files. This has been remedied.

-------------------------------------------------------------------
Thu Sep  9 01:06:43 UTC 2010 - alexandre@exatati.com.br

- Update to 1.2.2.
- This is a ciritical security update fixing a default XSS bug!

-------------------------------------------------------------------
Fri Jul  9 11:27:26 UTC 2010 - jfunk@funktronics.ca

- Added patch to fix upstream bug 5622: Empty ipaddress raises an error

-------------------------------------------------------------------
Mon May 17 21:14:11 UTC 2010 - alexandre@exatati.com.br

- Update to 1.2.1.

-------------------------------------------------------------------
Mon May 17 18:35:20 UTC 2010 - alexandre@exatati.com.br

- Update to 1.2.

-------------------------------------------------------------------
Thu May  6 13:46:03 UTC 2010 - alexandre@exatati.com.br

- Update to 1.2-rc-1.

-------------------------------------------------------------------
Mon Apr  5 02:21:44 UTC 2010 - alexandre@exatati.com.br

- Spec file cleaned with spec-cleaner;
- Minor manual adjusts on spec file.

-------------------------------------------------------------------
Thu Mar 18 17:47:12 UTC 2010 - alexandre@exatati.com.br

- Moved autocomplete file path from /etc/profile.d to
  /etc/bash_completion.d. Then it works with konsole too.

-------------------------------------------------------------------
Mon Mar 15 01:53:50 UTC 2010 - alexandre@exatati.com.br

- Update to 1.2-beta-1;
- Using -q option on prep section of spec file;
- Using INSTALLED_FILES instead of declaring files;
- Removed dummy changelog section of spec file;
- Update completion bash patch.

-------------------------------------------------------------------
Sun Oct 11 07:51:32 UTC 2009 - nix@opensuse.org

- Update to 1.1.1 due to security issue described at
  http://www.djangoproject.com/weblog/2009/oct/09/security/

-------------------------------------------------------------------
Sat Oct 10 12:18:31 UTC 2009 - alexandre@exatati.com.br

- Removed old tarball file (Django-1.1.tar.bz2).

-------------------------------------------------------------------
Tue Aug 25 12:23:09 CEST 2009 - garloff@suse.de

- Fix python version check. 

-------------------------------------------------------------------
Sat Aug 22 13:39:35 CEST 2009 - garloff@suse.de

- Don't require python-sqlite2 for python >= 2.6.

-------------------------------------------------------------------
Fri Aug 21 11:38:03 CEST 2009 - garloff@suse.de

- Build as noarch on factory. 

-------------------------------------------------------------------
Wed Aug 19 17:40:46 CEST 2009 - poeml@suse.de

- don't run bash completion on shells other than bash. Avoiding
  error messages produced at login when using other shells.

-------------------------------------------------------------------
Fri Aug 14 18:05:42 UTC 2009 - alexandre@exatati.com.br

- Added bash auto-complete to openSUSE.

-------------------------------------------------------------------
Wed Jul 29 00:00:00 CEST 2009 - listuser@peternixon.net

- update to version 1.1
- add python-django-rpmlintrc to quiet rpmlint complaints about -lang

-------------------------------------------------------------------
Wed Jul  1 19:04:26 CEST 2009 - poeml@suse.de

- add python-xml to the Requires (./manage.py syncdb crashes
  otherwise)

-------------------------------------------------------------------
Sat Sep 13 00:00:00 UTC 2008 - listuser@peternixon.net

- update to version 1.0
- Fix build on SLES9

-------------------------------------------------------------------
Thu Sep  4 10:40:58 CEST 2008 - crrodriguez@suse.de

- update to version 1.0 final 

-------------------------------------------------------------------
Wed May 14 00:00:00 UTC 2008 - listuser@peternixon.net

- update to version 0.96.2

-------------------------------------------------------------------
Thu Feb 21 00:00:00 UTC 2008 - jfunk@funktronics.ca

- The way simplejson is included in this package is not useful to other
  packages. Removed from provides

-------------------------------------------------------------------
Fri Oct 26 20:20:08 UTC 2007 - crrodriguez@suse.de

- verion 0.96.1 fixes D.o.S attack in the i18n module 

-------------------------------------------------------------------
Fri Mar 23 00:00:00 UTC 2007 - crrodriguez@suse.de

- update to version 0.96
  see http://www.djangoproject.com/documentation/release_notes_0.96 for details
- this package provides python-simplejson too.

openSUSE Build Service is sponsored by