Your message dated Thu, 2 Aug 2012 19:39:56 +0200 with message-id <20120802173956.GN17223@radis.cristau.org> and subject line Re: Bug#683634: unblock: python-django/1.4.1-1 has caused the Debian Bug report #683634, regarding unblock: python-django/1.4.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 683634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683634 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: python-django/1.4.1-1
- From: Raphaël Hertzog <hertzog@debian.org>
- Date: Thu, 02 Aug 2012 14:21:38 +0200
- Message-id: <[🔎] 20120802122138.13693.99484.reportbug@rivendell.localdomain>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package python-django This new upstream release is a stable maintenance and security releases. There are no new features and upstream is sane. It fixes 3 security bugs (cf #683364 and https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/). I attach a filtered debdiff dropping documentation and test suite changes to ease your review. unblock python-django/1.4.1-1 $ diffstat /tmp/debdiff-filtered PKG-INFO | 4 +- debian/changelog | 9 ++++++ debian/patches/01_disable_broken_test.diff | 26 ------------------ debian/patches/04_hyphen-manpage.diff | 18 ------------ debian/patches/series | 2 - django/__init__.py | 2 - django/conf/project_template/project_name/settings.py | 5 --- django/contrib/admin/filters.py | 5 ++- django/contrib/admin/options.py | 10 +++--- django/contrib/admin/static/admin/css/widgets.css | 3 +- django/contrib/admin/views/main.py | 2 - django/contrib/markup/templatetags/markup.py | 4 +- django/contrib/staticfiles/storage.py | 9 ++++-- django/core/files/images.py | 7 ++++ django/core/management/commands/testserver.py | 9 +++++- django/db/backends/mysql/base.py | 15 ++++++++-- django/db/models/fields/related.py | 2 - django/forms/fields.py | 18 ++---------- django/forms/widgets.py | 11 ++++--- django/http/__init__.py | 22 ++++++++------- django/test/testcases.py | 7 ++++ django/views/debug.py | 17 +++++++++-- django/views/decorators/debug.py | 12 ++++---- setup.py | 2 - 24 files changed, 111 insertions(+), 110 deletions(-) -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.4-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dashdiff -Nru python-django-1.4/debian/changelog python-django-1.4.1/debian/changelog --- python-django-1.4/debian/changelog 2012-03-31 14:59:53.000000000 +0200 +++ python-django-1.4.1/debian/changelog 2012-08-02 10:52:42.000000000 +0200 @@ -1,3 +1,12 @@ +python-django (1.4.1-1) unstable; urgency=low + + * New upstream security and maintenance release. Closes: #683364 + Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444 + * Drop 01_disable_broken_test.diff and 04_hyphen-manpage.diff which + have been merged upstream. + + -- Raphaël Hertzog <hertzog@debian.org> Thu, 02 Aug 2012 10:44:02 +0200 + python-django (1.4-1) unstable; urgency=low * New upstream release. Closes: #666003 diff -Nru python-django-1.4/debian/patches/01_disable_broken_test.diff python-django-1.4.1/debian/patches/01_disable_broken_test.diff --- python-django-1.4/debian/patches/01_disable_broken_test.diff 2012-03-31 14:16:54.000000000 +0200 +++ python-django-1.4.1/debian/patches/01_disable_broken_test.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -Description: Disable non working test - The HTMLParser in recent Python versions accepts "<!--" which used - to be rejected up to now. The test suite ensure that HTMLParser - rejected those and is thus currently broken. - . - Until we have a proper upstream fix, we just disable the non-working - test. -Author: Raphaël Hertzog <hertzog@debian.org> -Bug: https://code.djangoproject.com/ticket/18027 -Forwarded: not-needed ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/tests/regressiontests/test_utils/tests.py -+++ b/tests/regressiontests/test_utils/tests.py -@@ -422,8 +422,9 @@ class HTMLEqualTests(TestCase): - self.assertHTMLEqual('', '<p>') - with self.assertRaises(HTMLParseError): - parse_html('</p>') -- with self.assertRaises(HTMLParseError): -- parse_html('<!--') -+ # Disabled because it does not work as expected with Python >= 2.7.3 -+ #with self.assertRaises(HTMLParseError): -+ # parse_html('<!--') - - def test_contains_html(self): - response = HttpResponse('''<body> diff -Nru python-django-1.4/debian/patches/04_hyphen-manpage.diff python-django-1.4.1/debian/patches/04_hyphen-manpage.diff --- python-django-1.4/debian/patches/04_hyphen-manpage.diff 2012-03-31 13:14:53.000000000 +0200 +++ python-django-1.4.1/debian/patches/04_hyphen-manpage.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ -Description: Properly escape a dash in the django-admin manual page - Fix a lintian I: message about improper usage of minus instead - of hyphen. - . - This should be forwarded upstream. -Author: Raphael Hertzog <hertzog@debian.org> - ---- a/docs/man/django-admin.1 -+++ b/docs/man/django-admin.1 -@@ -194,7 +194,7 @@ The domain of the message files (default - .TP - .I \-e, \-\-extension=EXTENSION - The file extension(s) to examine (separate multiple --extensions with commas, or use -e multiple times) (makemessages command). -+extensions with commas, or use \-e multiple times) (makemessages command). - .TP - .I \-s, \-\-symlinks - Follows symlinks to directories when examining source code and templates for diff -Nru python-django-1.4/debian/patches/series python-django-1.4.1/debian/patches/series --- python-django-1.4/debian/patches/series 2012-03-31 14:10:22.000000000 +0200 +++ python-django-1.4.1/debian/patches/series 2012-08-02 10:48:35.000000000 +0200 @@ -1,5 +1,3 @@ -01_disable_broken_test.diff 02_disable-sources-in-sphinxdoc.diff 03_manpage.diff -04_hyphen-manpage.diff 06_use_debian_geoip_database_as_default.diff diff -Nru python-django-1.4/django/conf/project_template/project_name/settings.py python-django-1.4.1/django/conf/project_template/project_name/settings.py --- python-django-1.4/django/conf/project_template/project_name/settings.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/conf/project_template/project_name/settings.py 2012-07-30 22:42:42.000000000 +0200 @@ -23,10 +23,7 @@ # Local time zone for this installation. Choices can be found here: # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name # although not all choices may be available on all operating systems. -# On Unix systems, a value of None will cause Django to use the same -# timezone as the operating system. -# If running in a Windows environment this must be set to the same as your -# system time zone. +# In a Windows environment this must be set to your system time zone. TIME_ZONE = 'America/Chicago' # Language code for this installation. All choices can be found here: diff -Nru python-django-1.4/django/contrib/admin/filters.py python-django-1.4.1/django/contrib/admin/filters.py --- python-django-1.4/django/contrib/admin/filters.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/filters.py 2012-07-30 22:42:42.000000000 +0200 @@ -155,7 +155,10 @@ class RelatedFieldListFilter(FieldListFilter): def __init__(self, field, request, params, model, model_admin, field_path): other_model = get_model_from_relation(field) - rel_name = other_model._meta.pk.name + if hasattr(field, 'rel'): + rel_name = field.rel.get_related_field().name + else: + rel_name = other_model._meta.pk.name self.lookup_kwarg = '%s__%s__exact' % (field_path, rel_name) self.lookup_kwarg_isnull = '%s__isnull' % field_path self.lookup_val = request.GET.get(self.lookup_kwarg, None) diff -Nru python-django-1.4/django/contrib/admin/options.py python-django-1.4.1/django/contrib/admin/options.py --- python-django-1.4/django/contrib/admin/options.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/options.py 2012-07-30 22:42:42.000000000 +0200 @@ -245,7 +245,7 @@ # if foo has been specificially included in the lookup list; so # drop __id if it is the last part. However, first we need to find # the pk attribute name. - pk_attr_name = None + rel_name = None for part in parts[:-1]: try: field, _, _, _ = model._meta.get_field_by_name(part) @@ -255,13 +255,13 @@ return True if hasattr(field, 'rel'): model = field.rel.to - pk_attr_name = model._meta.pk.name + rel_name = field.rel.get_related_field().name elif isinstance(field, RelatedObject): model = field.model - pk_attr_name = model._meta.pk.name + rel_name = model._meta.pk.name else: - pk_attr_name = None - if pk_attr_name and len(parts) > 1 and parts[-1] == pk_attr_name: + rel_name = None + if rel_name and len(parts) > 1 and parts[-1] == rel_name: parts.pop() if len(parts) == 1: diff -Nru python-django-1.4/django/contrib/admin/static/admin/css/widgets.css python-django-1.4.1/django/contrib/admin/static/admin/css/widgets.css --- python-django-1.4/django/contrib/admin/static/admin/css/widgets.css 2012-03-23 17:59:22.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/static/admin/css/widgets.css 2012-07-30 22:42:33.000000000 +0200 @@ -41,7 +41,8 @@ text-align: left; } -.selector .selector-filter label { +.selector .selector-filter label, +.inline-group .aligned .selector .selector-filter label { width: 16px; padding: 2px; } diff -Nru python-django-1.4/django/contrib/admin/views/main.py python-django-1.4.1/django/contrib/admin/views/main.py --- python-django-1.4/django/contrib/admin/views/main.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/contrib/admin/views/main.py 2012-07-30 22:42:42.000000000 +0200 @@ -258,7 +258,7 @@ if not (set(ordering) & set(['pk', '-pk', pk_name, '-' + pk_name])): # The two sets do not intersect, meaning the pk isn't present. So # we add it. - ordering.append('pk') + ordering.append('-pk') return ordering diff -Nru python-django-1.4/django/contrib/auth/tests/forms.py python-django-1.4.1/django/contrib/auth/tests/forms.py diff -Nru python-django-1.4/django/contrib/markup/templatetags/markup.py python-django-1.4.1/django/contrib/markup/templatetags/markup.py --- python-django-1.4/django/contrib/markup/templatetags/markup.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/contrib/markup/templatetags/markup.py 2012-07-30 22:42:42.000000000 +0200 @@ -65,8 +65,8 @@ safe_mode = True else: safe_mode = False - python_markdown_deprecation = "The use of Python-Markdown " - "< 2.1 in Django is deprecated; please update to the current version" + python_markdown_deprecation = ("The use of Python-Markdown " + "< 2.1 in Django is deprecated; please update to the current version") # Unicode support only in markdown v1.7 or above. Version_info # exist only in markdown v1.6.2rc-2 or above. markdown_vers = getattr(markdown, "version_info", None) diff -Nru python-django-1.4/django/contrib/staticfiles/storage.py python-django-1.4.1/django/contrib/staticfiles/storage.py --- python-django-1.4/django/contrib/staticfiles/storage.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/contrib/staticfiles/storage.py 2012-07-30 22:42:42.000000000 +0200 @@ -190,8 +190,8 @@ if dry_run: return - # delete cache of all handled paths - self.cache.delete_many([self.cache_key(path) for path in paths]) + # where to store the new paths + hashed_paths = {} # build a list of adjustable files matches = lambda path: matches_patterns(path, self._patterns.keys()) @@ -240,9 +240,12 @@ hashed_name = force_unicode(saved_name.replace('\\', '/')) # and then set the cache accordingly - self.cache.set(self.cache_key(name), hashed_name) + hashed_paths[self.cache_key(name)] = hashed_name yield name, hashed_name, processed + # Finally set the cache + self.cache.set_many(hashed_paths) + class CachedStaticFilesStorage(CachedFilesMixin, StaticFilesStorage): """ diff -Nru python-django-1.4/django/core/files/images.py python-django-1.4.1/django/core/files/images.py --- python-django-1.4/django/core/files/images.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/core/files/images.py 2012-07-30 22:41:50.000000000 +0200 @@ -47,13 +47,18 @@ file = open(file_or_path, 'rb') close = True try: + # Most of the time PIL only needs a small chunk to parse the image and + # get the dimensions, but with some TIFF files PIL needs to parse the + # whole file. + chunk_size = 1024 while 1: - data = file.read(1024) + data = file.read(chunk_size) if not data: break p.feed(data) if p.image: return p.image.size + chunk_size = chunk_size*2 return None finally: if close: diff -Nru python-django-1.4/django/core/management/commands/testserver.py python-django-1.4.1/django/core/management/commands/testserver.py --- python-django-1.4/django/core/management/commands/testserver.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/core/management/commands/testserver.py 2012-07-30 22:42:34.000000000 +0200 @@ -35,4 +35,11 @@ # a strange error -- it causes this handle() method to be called # multiple times. shutdown_message = '\nServer stopped.\nNote that the test database, %r, has not been deleted. You can explore it on your own.' % db_name - call_command('runserver', addrport=addrport, shutdown_message=shutdown_message, use_reloader=False, use_ipv6=options['use_ipv6']) + use_threading = connection.features.test_db_allows_multiple_connections + call_command('runserver', + addrport=addrport, + shutdown_message=shutdown_message, + use_reloader=False, + use_ipv6=options['use_ipv6'], + use_threading=use_threading + ) diff -Nru python-django-1.4/django/db/backends/mysql/base.py python-django-1.4.1/django/db/backends/mysql/base.py --- python-django-1.4/django/db/backends/mysql/base.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/db/backends/mysql/base.py 2012-07-30 22:42:42.000000000 +0200 @@ -407,11 +407,20 @@ def get_server_version(self): if not self.server_version: + new_connection = False if not self._valid_connection(): - self.cursor() - m = server_version_re.match(self.connection.get_server_info()) + # Ensure we have a connection with the DB by using a temporary + # cursor + new_connection = True + self.cursor().close() + server_info = self.connection.get_server_info() + if new_connection: + # Make sure we close the connection + self.connection.close() + self.connection = None + m = server_version_re.match(server_info) if not m: - raise Exception('Unable to determine MySQL version from version string %r' % self.connection.get_server_info()) + raise Exception('Unable to determine MySQL version from version string %r' % server_info) self.server_version = tuple([int(x) for x in m.groups()]) return self.server_version diff -Nru python-django-1.4/django/db/models/fields/related.py python-django-1.4.1/django/db/models/fields/related.py --- python-django-1.4/django/db/models/fields/related.py 2012-03-23 17:59:20.000000000 +0100 +++ python-django-1.4.1/django/db/models/fields/related.py 2012-07-30 22:42:42.000000000 +0200 @@ -239,7 +239,7 @@ def get_prefetch_query_set(self, instances): vals = set(instance._get_pk_val() for instance in instances) params = {'%s__pk__in' % self.related.field.name: vals} - return (self.get_query_set(instance=instances[0]), + return (self.get_query_set(instance=instances[0]).filter(**params), attrgetter(self.related.field.attname), lambda obj: obj._get_pk_val(), True, diff -Nru python-django-1.4/django/forms/fields.py python-django-1.4.1/django/forms/fields.py --- python-django-1.4/django/forms/fields.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/forms/fields.py 2012-07-30 22:42:42.000000000 +0200 @@ -570,20 +570,10 @@ file = StringIO(data['content']) try: - # load() is the only method that can spot a truncated JPEG, - # but it cannot be called sanely after verify() - trial_image = Image.open(file) - trial_image.load() - - # Since we're about to use the file again we have to reset the - # file object if possible. - if hasattr(file, 'reset'): - file.reset() - - # verify() is the only method that can spot a corrupt PNG, - # but it must be called immediately after the constructor - trial_image = Image.open(file) - trial_image.verify() + # load() could spot a truncated JPEG, but it loads the entire + # image in memory, which is a DoS vector. See #3848 and #18520. + # verify() must be called immediately after the constructor. + Image.open(file).verify() except ImportError: # Under PyPy, it is possible to import PIL. However, the underlying # _imaging C module isn't available, so an ImportError will be diff -Nru python-django-1.4/django/forms/widgets.py python-django-1.4.1/django/forms/widgets.py --- python-django-1.4/django/forms/widgets.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/forms/widgets.py 2012-07-30 22:42:42.000000000 +0200 @@ -487,15 +487,18 @@ pass return super(TimeInput, self)._has_changed(self._format_value(initial), data) + +# Defined at module level so that CheckboxInput is picklable (#17976) +def boolean_check(v): + return not (v is False or v is None or v == '') + + class CheckboxInput(Widget): def __init__(self, attrs=None, check_test=None): super(CheckboxInput, self).__init__(attrs) # check_test is a callable that takes a value and returns True # if the checkbox should be checked for that value. - if check_test is None: - self.check_test = lambda v: not (v is False or v is None or v == '') - else: - self.check_test = check_test + self.check_test = boolean_check if check_test is None else check_test def render(self, name, value, attrs=None): final_attrs = self.build_attrs(attrs, type='checkbox', name=name) diff -Nru python-django-1.4/django/http/__init__.py python-django-1.4.1/django/http/__init__.py --- python-django-1.4/django/http/__init__.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/http/__init__.py 2012-07-30 22:42:42.000000000 +0200 @@ -9,7 +9,7 @@ from pprint import pformat from urllib import urlencode, quote -from urlparse import urljoin +from urlparse import urljoin, urlparse try: from cStringIO import StringIO except ImportError: @@ -114,7 +114,7 @@ from django.conf import settings from django.core import signing -from django.core.exceptions import ImproperlyConfigured +from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation from django.core.files import uploadhandler from django.http.multipartparser import MultiPartParser from django.http.utils import * @@ -731,19 +731,21 @@ raise Exception("This %s instance cannot tell its position" % self.__class__) return sum([len(str(chunk)) for chunk in self._container]) -class HttpResponseRedirect(HttpResponse): - status_code = 302 +class HttpResponseRedirectBase(HttpResponse): + allowed_schemes = ['http', 'https', 'ftp'] def __init__(self, redirect_to): - super(HttpResponseRedirect, self).__init__() + super(HttpResponseRedirectBase, self).__init__() + parsed = urlparse(redirect_to) + if parsed.scheme and parsed.scheme not in self.allowed_schemes: + raise SuspiciousOperation("Unsafe redirect to URL with scheme '%s'" % parsed.scheme) self['Location'] = iri_to_uri(redirect_to) -class HttpResponsePermanentRedirect(HttpResponse): - status_code = 301 +class HttpResponseRedirect(HttpResponseRedirectBase): + status_code = 302 - def __init__(self, redirect_to): - super(HttpResponsePermanentRedirect, self).__init__() - self['Location'] = iri_to_uri(redirect_to) +class HttpResponsePermanentRedirect(HttpResponseRedirectBase): + status_code = 301 class HttpResponseNotModified(HttpResponse): status_code = 304 diff -Nru python-django-1.4/django/__init__.py python-django-1.4.1/django/__init__.py --- python-django-1.4/django/__init__.py 2012-03-23 17:59:16.000000000 +0100 +++ python-django-1.4.1/django/__init__.py 2012-07-30 22:43:10.000000000 +0200 @@ -1,4 +1,4 @@ -VERSION = (1, 4, 0, 'final', 0) +VERSION = (1, 4, 1, 'final', 0) def get_version(version=None): """Derives a PEP386-compliant version number from VERSION.""" diff -Nru python-django-1.4/django/test/testcases.py python-django-1.4.1/django/test/testcases.py --- python-django-1.4/django/test/testcases.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/test/testcases.py 2012-07-30 22:42:42.000000000 +0200 @@ -1143,4 +1143,11 @@ if hasattr(cls, 'server_thread'): # Terminate the live server's thread cls.server_thread.join() + + # Restore sqlite connections' non-sharability + for conn in connections.all(): + if (conn.settings_dict['ENGINE'] == 'django.db.backends.sqlite3' + and conn.settings_dict['NAME'] == ':memory:'): + conn.allow_thread_sharing = False + super(LiveServerTestCase, cls).tearDownClass() diff -Nru python-django-1.4/django/views/debug.py python-django-1.4.1/django/views/debug.py --- python-django-1.4/django/views/debug.py 2012-03-23 17:59:18.000000000 +0100 +++ python-django-1.4.1/django/views/debug.py 2012-07-30 22:42:42.000000000 +0200 @@ -155,9 +155,20 @@ Replaces the values of variables marked as sensitive with stars (*********). """ - func_name = tb_frame.f_code.co_name - func = tb_frame.f_globals.get(func_name) - sensitive_variables = getattr(func, 'sensitive_variables', []) + # Loop through the frame's callers to see if the sensitive_variables + # decorator was used. + current_frame = tb_frame.f_back + sensitive_variables = None + while current_frame is not None: + if (current_frame.f_code.co_name == 'sensitive_variables_wrapper' + and 'sensitive_variables_wrapper' in current_frame.f_locals): + # The sensitive_variables decorator was used, so we take note + # of the sensitive variables' names. + wrapper = current_frame.f_locals['sensitive_variables_wrapper'] + sensitive_variables = getattr(wrapper, 'sensitive_variables', None) + break + current_frame = current_frame.f_back + cleansed = [] if self.is_active(request) and sensitive_variables: if sensitive_variables == '__ALL__': diff -Nru python-django-1.4/django/views/decorators/debug.py python-django-1.4.1/django/views/decorators/debug.py --- python-django-1.4/django/views/decorators/debug.py 2012-03-23 17:59:19.000000000 +0100 +++ python-django-1.4.1/django/views/decorators/debug.py 2012-07-30 22:42:34.000000000 +0200 @@ -26,13 +26,13 @@ """ def decorator(func): @functools.wraps(func) - def wrapper(*args, **kwargs): + def sensitive_variables_wrapper(*args, **kwargs): if variables: - wrapper.sensitive_variables = variables + sensitive_variables_wrapper.sensitive_variables = variables else: - wrapper.sensitive_variables = '__ALL__' + sensitive_variables_wrapper.sensitive_variables = '__ALL__' return func(*args, **kwargs) - return wrapper + return sensitive_variables_wrapper return decorator @@ -61,11 +61,11 @@ """ def decorator(view): @functools.wraps(view) - def wrapper(request, *args, **kwargs): + def sensitive_post_parameters_wrapper(request, *args, **kwargs): if parameters: request.sensitive_post_parameters = parameters else: request.sensitive_post_parameters = '__ALL__' return view(request, *args, **kwargs) - return wrapper + return sensitive_post_parameters_wrapper return decorator diff -Nru python-django-1.4/docs/conf.py python-django-1.4.1/docs/conf.py diff -Nru python-django-1.4/docs/faq/models.txt python-django-1.4.1/docs/faq/models.txt diff -Nru python-django-1.4/docs/howto/custom-management-commands.txt python-django-1.4.1/docs/howto/custom-management-commands.txt diff -Nru python-django-1.4/docs/howto/custom-model-fields.txt python-django-1.4.1/docs/howto/custom-model-fields.txt diff -Nru python-django-1.4/docs/howto/deployment/wsgi/uwsgi.txt python-django-1.4.1/docs/howto/deployment/wsgi/uwsgi.txt diff -Nru python-django-1.4/docs/howto/outputting-pdf.txt python-django-1.4.1/docs/howto/outputting-pdf.txt Les fichiers binaires /tmp/f_LcC7UEUu/python-django-1.4/docs/intro/_images/admin12t.png et /tmp/Y536zR3R0v/python-django-1.4.1/docs/intro/_images/admin12t.png sont différents diff -Nru python-django-1.4/docs/intro/install.txt python-django-1.4.1/docs/intro/install.txt diff -Nru python-django-1.4/docs/intro/tutorial02.txt python-django-1.4.1/docs/intro/tutorial02.txt diff -Nru python-django-1.4/docs/intro/whatsnext.txt python-django-1.4.1/docs/intro/whatsnext.txt diff -Nru python-django-1.4/docs/man/django-admin.1 python-django-1.4.1/docs/man/django-admin.1 diff -Nru python-django-1.4/docs/ref/contrib/admin/index.txt python-django-1.4.1/docs/ref/contrib/admin/index.txt diff -Nru python-django-1.4/docs/ref/contrib/gis/install.txt python-django-1.4.1/docs/ref/contrib/gis/install.txt diff -Nru python-django-1.4/docs/ref/contrib/markup.txt python-django-1.4.1/docs/ref/contrib/markup.txt diff -Nru python-django-1.4/docs/ref/contrib/syndication.txt python-django-1.4.1/docs/ref/contrib/syndication.txt diff -Nru python-django-1.4/docs/ref/databases.txt python-django-1.4.1/docs/ref/databases.txt diff -Nru python-django-1.4/docs/ref/django-admin.txt python-django-1.4.1/docs/ref/django-admin.txt diff -Nru python-django-1.4/docs/ref/forms/widgets.txt python-django-1.4.1/docs/ref/forms/widgets.txt diff -Nru python-django-1.4/docs/ref/middleware.txt python-django-1.4.1/docs/ref/middleware.txt diff -Nru python-django-1.4/docs/ref/models/fields.txt python-django-1.4.1/docs/ref/models/fields.txt diff -Nru python-django-1.4/docs/ref/models/instances.txt python-django-1.4.1/docs/ref/models/instances.txt diff -Nru python-django-1.4/docs/ref/models/options.txt python-django-1.4.1/docs/ref/models/options.txt diff -Nru python-django-1.4/docs/ref/settings.txt python-django-1.4.1/docs/ref/settings.txt diff -Nru python-django-1.4/docs/ref/templates/builtins.txt python-django-1.4.1/docs/ref/templates/builtins.txt diff -Nru python-django-1.4/docs/releases/1.4.txt python-django-1.4.1/docs/releases/1.4.txt diff -Nru python-django-1.4/docs/topics/auth.txt python-django-1.4.1/docs/topics/auth.txt diff -Nru python-django-1.4/docs/topics/db/models.txt python-django-1.4.1/docs/topics/db/models.txt diff -Nru python-django-1.4/docs/topics/db/transactions.txt python-django-1.4.1/docs/topics/db/transactions.txt diff -Nru python-django-1.4/docs/topics/email.txt python-django-1.4.1/docs/topics/email.txt diff -Nru python-django-1.4/docs/topics/forms/index.txt python-django-1.4.1/docs/topics/forms/index.txt diff -Nru python-django-1.4/docs/topics/http/middleware.txt python-django-1.4.1/docs/topics/http/middleware.txt diff -Nru python-django-1.4/docs/topics/http/shortcuts.txt python-django-1.4.1/docs/topics/http/shortcuts.txt diff -Nru python-django-1.4/docs/topics/security.txt python-django-1.4.1/docs/topics/security.txt diff -Nru python-django-1.4/docs/topics/testing.txt python-django-1.4.1/docs/topics/testing.txt diff -Nru python-django-1.4/PKG-INFO python-django-1.4.1/PKG-INFO --- python-django-1.4/PKG-INFO 2012-03-23 17:59:43.000000000 +0100 +++ python-django-1.4.1/PKG-INFO 2012-07-30 22:47:53.000000000 +0200 @@ -1,12 +1,12 @@ Metadata-Version: 1.0 Name: Django -Version: 1.4 +Version: 1.4.1 Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Home-page: http://www.djangoproject.com/ Author: Django Software Foundation Author-email: foundation@djangoproject.com License: UNKNOWN -Download-URL: https://www.djangoproject.com/m/releases/1.4/Django-1.4.tar.gz +Download-URL: https://www.djangoproject.com/m/releases/1.4/Django-1.4.1.tar.gz Description: UNKNOWN Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable diff -Nru python-django-1.4/setup.py python-django-1.4.1/setup.py --- python-django-1.4/setup.py 2012-03-23 17:59:15.000000000 +0100 +++ python-django-1.4.1/setup.py 2012-07-30 22:43:01.000000000 +0200 @@ -75,7 +75,7 @@ author = 'Django Software Foundation', author_email = 'foundation@djangoproject.com', description = 'A high-level Python Web framework that encourages rapid development and clean, pragmatic design.', - download_url = 'https://www.djangoproject.com/m/releases/1.4/Django-1.4.tar.gz', + download_url = 'https://www.djangoproject.com/m/releases/1.4/Django-1.4.1.tar.gz', packages = packages, cmdclass = cmdclasses, data_files = data_files, diff -Nru python-django-1.4/tests/modeltests/prefetch_related/tests.py python-django-1.4.1/tests/modeltests/prefetch_related/tests.py diff -Nru python-django-1.4/tests/regressiontests/admin_changelist/models.py python-django-1.4.1/tests/regressiontests/admin_changelist/models.py diff -Nru python-django-1.4/tests/regressiontests/admin_changelist/tests.py python-django-1.4.1/tests/regressiontests/admin_changelist/tests.py diff -Nru python-django-1.4/tests/regressiontests/admin_filters/models.py python-django-1.4.1/tests/regressiontests/admin_filters/models.py diff -Nru python-django-1.4/tests/regressiontests/admin_filters/tests.py python-django-1.4.1/tests/regressiontests/admin_filters/tests.py diff -Nru python-django-1.4/tests/regressiontests/admin_views/tests.py python-django-1.4.1/tests/regressiontests/admin_views/tests.py diff -Nru python-django-1.4/tests/regressiontests/backends/tests.py python-django-1.4.1/tests/regressiontests/backends/tests.py diff -Nru python-django-1.4/tests/regressiontests/forms/tests/fields.py python-django-1.4.1/tests/regressiontests/forms/tests/fields.py diff -Nru python-django-1.4/tests/regressiontests/httpwrappers/tests.py python-django-1.4.1/tests/regressiontests/httpwrappers/tests.py diff -Nru python-django-1.4/tests/regressiontests/test_utils/tests.py python-django-1.4.1/tests/regressiontests/test_utils/tests.py diff -Nru python-django-1.4/tests/regressiontests/views/tests/debug.py python-django-1.4.1/tests/regressiontests/views/tests/debug.py diff -Nru python-django-1.4/tests/regressiontests/views/views.py python-django-1.4.1/tests/regressiontests/views/views.py
--- End Message ---
--- Begin Message ---
- To: Raphaël Hertzog <hertzog@debian.org>, 683634-done@bugs.debian.org
- Subject: Re: Bug#683634: unblock: python-django/1.4.1-1
- From: Julien Cristau <jcristau@debian.org>
- Date: Thu, 2 Aug 2012 19:39:56 +0200
- Message-id: <20120802173956.GN17223@radis.cristau.org>
- In-reply-to: <[🔎] 20120802122138.13693.99484.reportbug@rivendell.localdomain>
- References: <[🔎] 20120802122138.13693.99484.reportbug@rivendell.localdomain>
On Thu, Aug 2, 2012 at 14:21:38 +0200, Raphaël Hertzog wrote: > unblock python-django/1.4.1-1 > Unblocked. Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---