Bug#683634: unblock: python-django/1.4.1-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package python-django
This new upstream release is a stable maintenance and security releases.
There are no new features and upstream is sane. It fixes 3 security bugs (cf
#683364 and
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/).
I attach a filtered debdiff dropping documentation and test suite
changes to ease your review.
unblock python-django/1.4.1-1
$ diffstat /tmp/debdiff-filtered
PKG-INFO | 4 +-
debian/changelog | 9 ++++++
debian/patches/01_disable_broken_test.diff | 26 ------------------
debian/patches/04_hyphen-manpage.diff | 18 ------------
debian/patches/series | 2 -
django/__init__.py | 2 -
django/conf/project_template/project_name/settings.py | 5 ---
django/contrib/admin/filters.py | 5 ++-
django/contrib/admin/options.py | 10 +++---
django/contrib/admin/static/admin/css/widgets.css | 3 +-
django/contrib/admin/views/main.py | 2 -
django/contrib/markup/templatetags/markup.py | 4 +-
django/contrib/staticfiles/storage.py | 9 ++++--
django/core/files/images.py | 7 ++++
django/core/management/commands/testserver.py | 9 +++++-
django/db/backends/mysql/base.py | 15 ++++++++--
django/db/models/fields/related.py | 2 -
django/forms/fields.py | 18 ++----------
django/forms/widgets.py | 11 ++++---
django/http/__init__.py | 22 ++++++++-------
django/test/testcases.py | 7 ++++
django/views/debug.py | 17 +++++++++--
django/views/decorators/debug.py | 12 ++++----
setup.py | 2 -
24 files changed, 111 insertions(+), 110 deletions(-)
-- System Information:
Debian Release: wheezy/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.4-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru python-django-1.4/debian/changelog python-django-1.4.1/debian/changelog
--- python-django-1.4/debian/changelog 2012-03-31 14:59:53.000000000 +0200
+++ python-django-1.4.1/debian/changelog 2012-08-02 10:52:42.000000000 +0200
@@ -1,3 +1,12 @@
+python-django (1.4.1-1) unstable; urgency=low
+
+ * New upstream security and maintenance release. Closes: #683364
+ Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444
+ * Drop 01_disable_broken_test.diff and 04_hyphen-manpage.diff which
+ have been merged upstream.
+
+ -- Raphaël Hertzog <hertzog@debian.org> Thu, 02 Aug 2012 10:44:02 +0200
+
python-django (1.4-1) unstable; urgency=low
* New upstream release. Closes: #666003
diff -Nru python-django-1.4/debian/patches/01_disable_broken_test.diff python-django-1.4.1/debian/patches/01_disable_broken_test.diff
--- python-django-1.4/debian/patches/01_disable_broken_test.diff 2012-03-31 14:16:54.000000000 +0200
+++ python-django-1.4.1/debian/patches/01_disable_broken_test.diff 1970-01-01 01:00:00.000000000 +0100
@@ -1,26 +0,0 @@
-Description: Disable non working test
- The HTMLParser in recent Python versions accepts "<!--" which used
- to be rejected up to now. The test suite ensure that HTMLParser
- rejected those and is thus currently broken.
- .
- Until we have a proper upstream fix, we just disable the non-working
- test.
-Author: Raphaël Hertzog <hertzog@debian.org>
-Bug: https://code.djangoproject.com/ticket/18027
-Forwarded: not-needed
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/tests/regressiontests/test_utils/tests.py
-+++ b/tests/regressiontests/test_utils/tests.py
-@@ -422,8 +422,9 @@ class HTMLEqualTests(TestCase):
- self.assertHTMLEqual('', '<p>')
- with self.assertRaises(HTMLParseError):
- parse_html('</p>')
-- with self.assertRaises(HTMLParseError):
-- parse_html('<!--')
-+ # Disabled because it does not work as expected with Python >= 2.7.3
-+ #with self.assertRaises(HTMLParseError):
-+ # parse_html('<!--')
-
- def test_contains_html(self):
- response = HttpResponse('''<body>
diff -Nru python-django-1.4/debian/patches/04_hyphen-manpage.diff python-django-1.4.1/debian/patches/04_hyphen-manpage.diff
--- python-django-1.4/debian/patches/04_hyphen-manpage.diff 2012-03-31 13:14:53.000000000 +0200
+++ python-django-1.4.1/debian/patches/04_hyphen-manpage.diff 1970-01-01 01:00:00.000000000 +0100
@@ -1,18 +0,0 @@
-Description: Properly escape a dash in the django-admin manual page
- Fix a lintian I: message about improper usage of minus instead
- of hyphen.
- .
- This should be forwarded upstream.
-Author: Raphael Hertzog <hertzog@debian.org>
-
---- a/docs/man/django-admin.1
-+++ b/docs/man/django-admin.1
-@@ -194,7 +194,7 @@ The domain of the message files (default
- .TP
- .I \-e, \-\-extension=EXTENSION
- The file extension(s) to examine (separate multiple
--extensions with commas, or use -e multiple times) (makemessages command).
-+extensions with commas, or use \-e multiple times) (makemessages command).
- .TP
- .I \-s, \-\-symlinks
- Follows symlinks to directories when examining source code and templates for
diff -Nru python-django-1.4/debian/patches/series python-django-1.4.1/debian/patches/series
--- python-django-1.4/debian/patches/series 2012-03-31 14:10:22.000000000 +0200
+++ python-django-1.4.1/debian/patches/series 2012-08-02 10:48:35.000000000 +0200
@@ -1,5 +1,3 @@
-01_disable_broken_test.diff
02_disable-sources-in-sphinxdoc.diff
03_manpage.diff
-04_hyphen-manpage.diff
06_use_debian_geoip_database_as_default.diff
diff -Nru python-django-1.4/django/conf/project_template/project_name/settings.py python-django-1.4.1/django/conf/project_template/project_name/settings.py
--- python-django-1.4/django/conf/project_template/project_name/settings.py 2012-03-23 17:59:20.000000000 +0100
+++ python-django-1.4.1/django/conf/project_template/project_name/settings.py 2012-07-30 22:42:42.000000000 +0200
@@ -23,10 +23,7 @@
# Local time zone for this installation. Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
-# On Unix systems, a value of None will cause Django to use the same
-# timezone as the operating system.
-# If running in a Windows environment this must be set to the same as your
-# system time zone.
+# In a Windows environment this must be set to your system time zone.
TIME_ZONE = 'America/Chicago'
# Language code for this installation. All choices can be found here:
diff -Nru python-django-1.4/django/contrib/admin/filters.py python-django-1.4.1/django/contrib/admin/filters.py
--- python-django-1.4/django/contrib/admin/filters.py 2012-03-23 17:59:19.000000000 +0100
+++ python-django-1.4.1/django/contrib/admin/filters.py 2012-07-30 22:42:42.000000000 +0200
@@ -155,7 +155,10 @@
class RelatedFieldListFilter(FieldListFilter):
def __init__(self, field, request, params, model, model_admin, field_path):
other_model = get_model_from_relation(field)
- rel_name = other_model._meta.pk.name
+ if hasattr(field, 'rel'):
+ rel_name = field.rel.get_related_field().name
+ else:
+ rel_name = other_model._meta.pk.name
self.lookup_kwarg = '%s__%s__exact' % (field_path, rel_name)
self.lookup_kwarg_isnull = '%s__isnull' % field_path
self.lookup_val = request.GET.get(self.lookup_kwarg, None)
diff -Nru python-django-1.4/django/contrib/admin/options.py python-django-1.4.1/django/contrib/admin/options.py
--- python-django-1.4/django/contrib/admin/options.py 2012-03-23 17:59:19.000000000 +0100
+++ python-django-1.4.1/django/contrib/admin/options.py 2012-07-30 22:42:42.000000000 +0200
@@ -245,7 +245,7 @@
# if foo has been specificially included in the lookup list; so
# drop __id if it is the last part. However, first we need to find
# the pk attribute name.
- pk_attr_name = None
+ rel_name = None
for part in parts[:-1]:
try:
field, _, _, _ = model._meta.get_field_by_name(part)
@@ -255,13 +255,13 @@
return True
if hasattr(field, 'rel'):
model = field.rel.to
- pk_attr_name = model._meta.pk.name
+ rel_name = field.rel.get_related_field().name
elif isinstance(field, RelatedObject):
model = field.model
- pk_attr_name = model._meta.pk.name
+ rel_name = model._meta.pk.name
else:
- pk_attr_name = None
- if pk_attr_name and len(parts) > 1 and parts[-1] == pk_attr_name:
+ rel_name = None
+ if rel_name and len(parts) > 1 and parts[-1] == rel_name:
parts.pop()
if len(parts) == 1:
diff -Nru python-django-1.4/django/contrib/admin/static/admin/css/widgets.css python-django-1.4.1/django/contrib/admin/static/admin/css/widgets.css
--- python-django-1.4/django/contrib/admin/static/admin/css/widgets.css 2012-03-23 17:59:22.000000000 +0100
+++ python-django-1.4.1/django/contrib/admin/static/admin/css/widgets.css 2012-07-30 22:42:33.000000000 +0200
@@ -41,7 +41,8 @@
text-align: left;
}
-.selector .selector-filter label {
+.selector .selector-filter label,
+.inline-group .aligned .selector .selector-filter label {
width: 16px;
padding: 2px;
}
diff -Nru python-django-1.4/django/contrib/admin/views/main.py python-django-1.4.1/django/contrib/admin/views/main.py
--- python-django-1.4/django/contrib/admin/views/main.py 2012-03-23 17:59:20.000000000 +0100
+++ python-django-1.4.1/django/contrib/admin/views/main.py 2012-07-30 22:42:42.000000000 +0200
@@ -258,7 +258,7 @@
if not (set(ordering) & set(['pk', '-pk', pk_name, '-' + pk_name])):
# The two sets do not intersect, meaning the pk isn't present. So
# we add it.
- ordering.append('pk')
+ ordering.append('-pk')
return ordering
diff -Nru python-django-1.4/django/contrib/auth/tests/forms.py python-django-1.4.1/django/contrib/auth/tests/forms.py
diff -Nru python-django-1.4/django/contrib/markup/templatetags/markup.py python-django-1.4.1/django/contrib/markup/templatetags/markup.py
--- python-django-1.4/django/contrib/markup/templatetags/markup.py 2012-03-23 17:59:20.000000000 +0100
+++ python-django-1.4.1/django/contrib/markup/templatetags/markup.py 2012-07-30 22:42:42.000000000 +0200
@@ -65,8 +65,8 @@
safe_mode = True
else:
safe_mode = False
- python_markdown_deprecation = "The use of Python-Markdown "
- "< 2.1 in Django is deprecated; please update to the current version"
+ python_markdown_deprecation = ("The use of Python-Markdown "
+ "< 2.1 in Django is deprecated; please update to the current version")
# Unicode support only in markdown v1.7 or above. Version_info
# exist only in markdown v1.6.2rc-2 or above.
markdown_vers = getattr(markdown, "version_info", None)
diff -Nru python-django-1.4/django/contrib/staticfiles/storage.py python-django-1.4.1/django/contrib/staticfiles/storage.py
--- python-django-1.4/django/contrib/staticfiles/storage.py 2012-03-23 17:59:19.000000000 +0100
+++ python-django-1.4.1/django/contrib/staticfiles/storage.py 2012-07-30 22:42:42.000000000 +0200
@@ -190,8 +190,8 @@
if dry_run:
return
- # delete cache of all handled paths
- self.cache.delete_many([self.cache_key(path) for path in paths])
+ # where to store the new paths
+ hashed_paths = {}
# build a list of adjustable files
matches = lambda path: matches_patterns(path, self._patterns.keys())
@@ -240,9 +240,12 @@
hashed_name = force_unicode(saved_name.replace('\\', '/'))
# and then set the cache accordingly
- self.cache.set(self.cache_key(name), hashed_name)
+ hashed_paths[self.cache_key(name)] = hashed_name
yield name, hashed_name, processed
+ # Finally set the cache
+ self.cache.set_many(hashed_paths)
+
class CachedStaticFilesStorage(CachedFilesMixin, StaticFilesStorage):
"""
diff -Nru python-django-1.4/django/core/files/images.py python-django-1.4.1/django/core/files/images.py
--- python-django-1.4/django/core/files/images.py 2012-03-23 17:59:19.000000000 +0100
+++ python-django-1.4.1/django/core/files/images.py 2012-07-30 22:41:50.000000000 +0200
@@ -47,13 +47,18 @@
file = open(file_or_path, 'rb')
close = True
try:
+ # Most of the time PIL only needs a small chunk to parse the image and
+ # get the dimensions, but with some TIFF files PIL needs to parse the
+ # whole file.
+ chunk_size = 1024
while 1:
- data = file.read(1024)
+ data = file.read(chunk_size)
if not data:
break
p.feed(data)
if p.image:
return p.image.size
+ chunk_size = chunk_size*2
return None
finally:
if close:
diff -Nru python-django-1.4/django/core/management/commands/testserver.py python-django-1.4.1/django/core/management/commands/testserver.py
--- python-django-1.4/django/core/management/commands/testserver.py 2012-03-23 17:59:20.000000000 +0100
+++ python-django-1.4.1/django/core/management/commands/testserver.py 2012-07-30 22:42:34.000000000 +0200
@@ -35,4 +35,11 @@
# a strange error -- it causes this handle() method to be called
# multiple times.
shutdown_message = '\nServer stopped.\nNote that the test database, %r, has not been deleted. You can explore it on your own.' % db_name
- call_command('runserver', addrport=addrport, shutdown_message=shutdown_message, use_reloader=False, use_ipv6=options['use_ipv6'])
+ use_threading = connection.features.test_db_allows_multiple_connections
+ call_command('runserver',
+ addrport=addrport,
+ shutdown_message=shutdown_message,
+ use_reloader=False,
+ use_ipv6=options['use_ipv6'],
+ use_threading=use_threading
+ )
diff -Nru python-django-1.4/django/db/backends/mysql/base.py python-django-1.4.1/django/db/backends/mysql/base.py
--- python-django-1.4/django/db/backends/mysql/base.py 2012-03-23 17:59:20.000000000 +0100
+++ python-django-1.4.1/django/db/backends/mysql/base.py 2012-07-30 22:42:42.000000000 +0200
@@ -407,11 +407,20 @@
def get_server_version(self):
if not self.server_version:
+ new_connection = False
if not self._valid_connection():
- self.cursor()
- m = server_version_re.match(self.connection.get_server_info())
+ # Ensure we have a connection with the DB by using a temporary
+ # cursor
+ new_connection = True
+ self.cursor().close()
+ server_info = self.connection.get_server_info()
+ if new_connection:
+ # Make sure we close the connection
+ self.connection.close()
+ self.connection = None
+ m = server_version_re.match(server_info)
if not m:
- raise Exception('Unable to determine MySQL version from version string %r' % self.connection.get_server_info())
+ raise Exception('Unable to determine MySQL version from version string %r' % server_info)
self.server_version = tuple([int(x) for x in m.groups()])
return self.server_version
diff -Nru python-django-1.4/django/db/models/fields/related.py python-django-1.4.1/django/db/models/fields/related.py
--- python-django-1.4/django/db/models/fields/related.py 2012-03-23 17:59:20.000000000 +0100
+++ python-django-1.4.1/django/db/models/fields/related.py 2012-07-30 22:42:42.000000000 +0200
@@ -239,7 +239,7 @@
def get_prefetch_query_set(self, instances):
vals = set(instance._get_pk_val() for instance in instances)
params = {'%s__pk__in' % self.related.field.name: vals}
- return (self.get_query_set(instance=instances[0]),
+ return (self.get_query_set(instance=instances[0]).filter(**params),
attrgetter(self.related.field.attname),
lambda obj: obj._get_pk_val(),
True,
diff -Nru python-django-1.4/django/forms/fields.py python-django-1.4.1/django/forms/fields.py
--- python-django-1.4/django/forms/fields.py 2012-03-23 17:59:18.000000000 +0100
+++ python-django-1.4.1/django/forms/fields.py 2012-07-30 22:42:42.000000000 +0200
@@ -570,20 +570,10 @@
file = StringIO(data['content'])
try:
- # load() is the only method that can spot a truncated JPEG,
- # but it cannot be called sanely after verify()
- trial_image = Image.open(file)
- trial_image.load()
-
- # Since we're about to use the file again we have to reset the
- # file object if possible.
- if hasattr(file, 'reset'):
- file.reset()
-
- # verify() is the only method that can spot a corrupt PNG,
- # but it must be called immediately after the constructor
- trial_image = Image.open(file)
- trial_image.verify()
+ # load() could spot a truncated JPEG, but it loads the entire
+ # image in memory, which is a DoS vector. See #3848 and #18520.
+ # verify() must be called immediately after the constructor.
+ Image.open(file).verify()
except ImportError:
# Under PyPy, it is possible to import PIL. However, the underlying
# _imaging C module isn't available, so an ImportError will be
diff -Nru python-django-1.4/django/forms/widgets.py python-django-1.4.1/django/forms/widgets.py
--- python-django-1.4/django/forms/widgets.py 2012-03-23 17:59:18.000000000 +0100
+++ python-django-1.4.1/django/forms/widgets.py 2012-07-30 22:42:42.000000000 +0200
@@ -487,15 +487,18 @@
pass
return super(TimeInput, self)._has_changed(self._format_value(initial), data)
+
+# Defined at module level so that CheckboxInput is picklable (#17976)
+def boolean_check(v):
+ return not (v is False or v is None or v == '')
+
+
class CheckboxInput(Widget):
def __init__(self, attrs=None, check_test=None):
super(CheckboxInput, self).__init__(attrs)
# check_test is a callable that takes a value and returns True
# if the checkbox should be checked for that value.
- if check_test is None:
- self.check_test = lambda v: not (v is False or v is None or v == '')
- else:
- self.check_test = check_test
+ self.check_test = boolean_check if check_test is None else check_test
def render(self, name, value, attrs=None):
final_attrs = self.build_attrs(attrs, type='checkbox', name=name)
diff -Nru python-django-1.4/django/http/__init__.py python-django-1.4.1/django/http/__init__.py
--- python-django-1.4/django/http/__init__.py 2012-03-23 17:59:18.000000000 +0100
+++ python-django-1.4.1/django/http/__init__.py 2012-07-30 22:42:42.000000000 +0200
@@ -9,7 +9,7 @@
from pprint import pformat
from urllib import urlencode, quote
-from urlparse import urljoin
+from urlparse import urljoin, urlparse
try:
from cStringIO import StringIO
except ImportError:
@@ -114,7 +114,7 @@
from django.conf import settings
from django.core import signing
-from django.core.exceptions import ImproperlyConfigured
+from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation
from django.core.files import uploadhandler
from django.http.multipartparser import MultiPartParser
from django.http.utils import *
@@ -731,19 +731,21 @@
raise Exception("This %s instance cannot tell its position" % self.__class__)
return sum([len(str(chunk)) for chunk in self._container])
-class HttpResponseRedirect(HttpResponse):
- status_code = 302
+class HttpResponseRedirectBase(HttpResponse):
+ allowed_schemes = ['http', 'https', 'ftp']
def __init__(self, redirect_to):
- super(HttpResponseRedirect, self).__init__()
+ super(HttpResponseRedirectBase, self).__init__()
+ parsed = urlparse(redirect_to)
+ if parsed.scheme and parsed.scheme not in self.allowed_schemes:
+ raise SuspiciousOperation("Unsafe redirect to URL with scheme '%s'" % parsed.scheme)
self['Location'] = iri_to_uri(redirect_to)
-class HttpResponsePermanentRedirect(HttpResponse):
- status_code = 301
+class HttpResponseRedirect(HttpResponseRedirectBase):
+ status_code = 302
- def __init__(self, redirect_to):
- super(HttpResponsePermanentRedirect, self).__init__()
- self['Location'] = iri_to_uri(redirect_to)
+class HttpResponsePermanentRedirect(HttpResponseRedirectBase):
+ status_code = 301
class HttpResponseNotModified(HttpResponse):
status_code = 304
diff -Nru python-django-1.4/django/__init__.py python-django-1.4.1/django/__init__.py
--- python-django-1.4/django/__init__.py 2012-03-23 17:59:16.000000000 +0100
+++ python-django-1.4.1/django/__init__.py 2012-07-30 22:43:10.000000000 +0200
@@ -1,4 +1,4 @@
-VERSION = (1, 4, 0, 'final', 0)
+VERSION = (1, 4, 1, 'final', 0)
def get_version(version=None):
"""Derives a PEP386-compliant version number from VERSION."""
diff -Nru python-django-1.4/django/test/testcases.py python-django-1.4.1/django/test/testcases.py
--- python-django-1.4/django/test/testcases.py 2012-03-23 17:59:18.000000000 +0100
+++ python-django-1.4.1/django/test/testcases.py 2012-07-30 22:42:42.000000000 +0200
@@ -1143,4 +1143,11 @@
if hasattr(cls, 'server_thread'):
# Terminate the live server's thread
cls.server_thread.join()
+
+ # Restore sqlite connections' non-sharability
+ for conn in connections.all():
+ if (conn.settings_dict['ENGINE'] == 'django.db.backends.sqlite3'
+ and conn.settings_dict['NAME'] == ':memory:'):
+ conn.allow_thread_sharing = False
+
super(LiveServerTestCase, cls).tearDownClass()
diff -Nru python-django-1.4/django/views/debug.py python-django-1.4.1/django/views/debug.py
--- python-django-1.4/django/views/debug.py 2012-03-23 17:59:18.000000000 +0100
+++ python-django-1.4.1/django/views/debug.py 2012-07-30 22:42:42.000000000 +0200
@@ -155,9 +155,20 @@
Replaces the values of variables marked as sensitive with
stars (*********).
"""
- func_name = tb_frame.f_code.co_name
- func = tb_frame.f_globals.get(func_name)
- sensitive_variables = getattr(func, 'sensitive_variables', [])
+ # Loop through the frame's callers to see if the sensitive_variables
+ # decorator was used.
+ current_frame = tb_frame.f_back
+ sensitive_variables = None
+ while current_frame is not None:
+ if (current_frame.f_code.co_name == 'sensitive_variables_wrapper'
+ and 'sensitive_variables_wrapper' in current_frame.f_locals):
+ # The sensitive_variables decorator was used, so we take note
+ # of the sensitive variables' names.
+ wrapper = current_frame.f_locals['sensitive_variables_wrapper']
+ sensitive_variables = getattr(wrapper, 'sensitive_variables', None)
+ break
+ current_frame = current_frame.f_back
+
cleansed = []
if self.is_active(request) and sensitive_variables:
if sensitive_variables == '__ALL__':
diff -Nru python-django-1.4/django/views/decorators/debug.py python-django-1.4.1/django/views/decorators/debug.py
--- python-django-1.4/django/views/decorators/debug.py 2012-03-23 17:59:19.000000000 +0100
+++ python-django-1.4.1/django/views/decorators/debug.py 2012-07-30 22:42:34.000000000 +0200
@@ -26,13 +26,13 @@
"""
def decorator(func):
@functools.wraps(func)
- def wrapper(*args, **kwargs):
+ def sensitive_variables_wrapper(*args, **kwargs):
if variables:
- wrapper.sensitive_variables = variables
+ sensitive_variables_wrapper.sensitive_variables = variables
else:
- wrapper.sensitive_variables = '__ALL__'
+ sensitive_variables_wrapper.sensitive_variables = '__ALL__'
return func(*args, **kwargs)
- return wrapper
+ return sensitive_variables_wrapper
return decorator
@@ -61,11 +61,11 @@
"""
def decorator(view):
@functools.wraps(view)
- def wrapper(request, *args, **kwargs):
+ def sensitive_post_parameters_wrapper(request, *args, **kwargs):
if parameters:
request.sensitive_post_parameters = parameters
else:
request.sensitive_post_parameters = '__ALL__'
return view(request, *args, **kwargs)
- return wrapper
+ return sensitive_post_parameters_wrapper
return decorator
diff -Nru python-django-1.4/docs/conf.py python-django-1.4.1/docs/conf.py
diff -Nru python-django-1.4/docs/faq/models.txt python-django-1.4.1/docs/faq/models.txt
diff -Nru python-django-1.4/docs/howto/custom-management-commands.txt python-django-1.4.1/docs/howto/custom-management-commands.txt
diff -Nru python-django-1.4/docs/howto/custom-model-fields.txt python-django-1.4.1/docs/howto/custom-model-fields.txt
diff -Nru python-django-1.4/docs/howto/deployment/wsgi/uwsgi.txt python-django-1.4.1/docs/howto/deployment/wsgi/uwsgi.txt
diff -Nru python-django-1.4/docs/howto/outputting-pdf.txt python-django-1.4.1/docs/howto/outputting-pdf.txt
Les fichiers binaires /tmp/f_LcC7UEUu/python-django-1.4/docs/intro/_images/admin12t.png et /tmp/Y536zR3R0v/python-django-1.4.1/docs/intro/_images/admin12t.png sont différents
diff -Nru python-django-1.4/docs/intro/install.txt python-django-1.4.1/docs/intro/install.txt
diff -Nru python-django-1.4/docs/intro/tutorial02.txt python-django-1.4.1/docs/intro/tutorial02.txt
diff -Nru python-django-1.4/docs/intro/whatsnext.txt python-django-1.4.1/docs/intro/whatsnext.txt
diff -Nru python-django-1.4/docs/man/django-admin.1 python-django-1.4.1/docs/man/django-admin.1
diff -Nru python-django-1.4/docs/ref/contrib/admin/index.txt python-django-1.4.1/docs/ref/contrib/admin/index.txt
diff -Nru python-django-1.4/docs/ref/contrib/gis/install.txt python-django-1.4.1/docs/ref/contrib/gis/install.txt
diff -Nru python-django-1.4/docs/ref/contrib/markup.txt python-django-1.4.1/docs/ref/contrib/markup.txt
diff -Nru python-django-1.4/docs/ref/contrib/syndication.txt python-django-1.4.1/docs/ref/contrib/syndication.txt
diff -Nru python-django-1.4/docs/ref/databases.txt python-django-1.4.1/docs/ref/databases.txt
diff -Nru python-django-1.4/docs/ref/django-admin.txt python-django-1.4.1/docs/ref/django-admin.txt
diff -Nru python-django-1.4/docs/ref/forms/widgets.txt python-django-1.4.1/docs/ref/forms/widgets.txt
diff -Nru python-django-1.4/docs/ref/middleware.txt python-django-1.4.1/docs/ref/middleware.txt
diff -Nru python-django-1.4/docs/ref/models/fields.txt python-django-1.4.1/docs/ref/models/fields.txt
diff -Nru python-django-1.4/docs/ref/models/instances.txt python-django-1.4.1/docs/ref/models/instances.txt
diff -Nru python-django-1.4/docs/ref/models/options.txt python-django-1.4.1/docs/ref/models/options.txt
diff -Nru python-django-1.4/docs/ref/settings.txt python-django-1.4.1/docs/ref/settings.txt
diff -Nru python-django-1.4/docs/ref/templates/builtins.txt python-django-1.4.1/docs/ref/templates/builtins.txt
diff -Nru python-django-1.4/docs/releases/1.4.txt python-django-1.4.1/docs/releases/1.4.txt
diff -Nru python-django-1.4/docs/topics/auth.txt python-django-1.4.1/docs/topics/auth.txt
diff -Nru python-django-1.4/docs/topics/db/models.txt python-django-1.4.1/docs/topics/db/models.txt
diff -Nru python-django-1.4/docs/topics/db/transactions.txt python-django-1.4.1/docs/topics/db/transactions.txt
diff -Nru python-django-1.4/docs/topics/email.txt python-django-1.4.1/docs/topics/email.txt
diff -Nru python-django-1.4/docs/topics/forms/index.txt python-django-1.4.1/docs/topics/forms/index.txt
diff -Nru python-django-1.4/docs/topics/http/middleware.txt python-django-1.4.1/docs/topics/http/middleware.txt
diff -Nru python-django-1.4/docs/topics/http/shortcuts.txt python-django-1.4.1/docs/topics/http/shortcuts.txt
diff -Nru python-django-1.4/docs/topics/security.txt python-django-1.4.1/docs/topics/security.txt
diff -Nru python-django-1.4/docs/topics/testing.txt python-django-1.4.1/docs/topics/testing.txt
diff -Nru python-django-1.4/PKG-INFO python-django-1.4.1/PKG-INFO
--- python-django-1.4/PKG-INFO 2012-03-23 17:59:43.000000000 +0100
+++ python-django-1.4.1/PKG-INFO 2012-07-30 22:47:53.000000000 +0200
@@ -1,12 +1,12 @@
Metadata-Version: 1.0
Name: Django
-Version: 1.4
+Version: 1.4.1
Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Home-page: http://www.djangoproject.com/
Author: Django Software Foundation
Author-email: foundation@djangoproject.com
License: UNKNOWN
-Download-URL: https://www.djangoproject.com/m/releases/1.4/Django-1.4.tar.gz
+Download-URL: https://www.djangoproject.com/m/releases/1.4/Django-1.4.1.tar.gz
Description: UNKNOWN
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
diff -Nru python-django-1.4/setup.py python-django-1.4.1/setup.py
--- python-django-1.4/setup.py 2012-03-23 17:59:15.000000000 +0100
+++ python-django-1.4.1/setup.py 2012-07-30 22:43:01.000000000 +0200
@@ -75,7 +75,7 @@
author = 'Django Software Foundation',
author_email = 'foundation@djangoproject.com',
description = 'A high-level Python Web framework that encourages rapid development and clean, pragmatic design.',
- download_url = 'https://www.djangoproject.com/m/releases/1.4/Django-1.4.tar.gz',
+ download_url = 'https://www.djangoproject.com/m/releases/1.4/Django-1.4.1.tar.gz',
packages = packages,
cmdclass = cmdclasses,
data_files = data_files,
diff -Nru python-django-1.4/tests/modeltests/prefetch_related/tests.py python-django-1.4.1/tests/modeltests/prefetch_related/tests.py
diff -Nru python-django-1.4/tests/regressiontests/admin_changelist/models.py python-django-1.4.1/tests/regressiontests/admin_changelist/models.py
diff -Nru python-django-1.4/tests/regressiontests/admin_changelist/tests.py python-django-1.4.1/tests/regressiontests/admin_changelist/tests.py
diff -Nru python-django-1.4/tests/regressiontests/admin_filters/models.py python-django-1.4.1/tests/regressiontests/admin_filters/models.py
diff -Nru python-django-1.4/tests/regressiontests/admin_filters/tests.py python-django-1.4.1/tests/regressiontests/admin_filters/tests.py
diff -Nru python-django-1.4/tests/regressiontests/admin_views/tests.py python-django-1.4.1/tests/regressiontests/admin_views/tests.py
diff -Nru python-django-1.4/tests/regressiontests/backends/tests.py python-django-1.4.1/tests/regressiontests/backends/tests.py
diff -Nru python-django-1.4/tests/regressiontests/forms/tests/fields.py python-django-1.4.1/tests/regressiontests/forms/tests/fields.py
diff -Nru python-django-1.4/tests/regressiontests/httpwrappers/tests.py python-django-1.4.1/tests/regressiontests/httpwrappers/tests.py
diff -Nru python-django-1.4/tests/regressiontests/test_utils/tests.py python-django-1.4.1/tests/regressiontests/test_utils/tests.py
diff -Nru python-django-1.4/tests/regressiontests/views/tests/debug.py python-django-1.4.1/tests/regressiontests/views/tests/debug.py
diff -Nru python-django-1.4/tests/regressiontests/views/views.py python-django-1.4.1/tests/regressiontests/views/views.py
Reply to: