| Message ID | 20231103184428.1029306-1-adam.duskett@amarulasolutions.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/python-django: security bump to 4.2.7 | expand |
On Fri, 3 Nov 2023 12:44:28 -0600 Adam Duskett <adam.duskett@amarulasolutions.com> wrote: > - Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() > with aggregates referencing expressions containing subqueries (#34798). > > - Restored, following a regression in Django 4.2, creating > varchar/text_pattern_ops indexes on CharField and TextField with > deterministic collations on PostgreSQL (#34932). > > Tested on Fedora 39 with: > ./support/testing/run-tests tests.package.test_python_django > > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > --- > package/python-django/python-django.hash | 4 ++-- > package/python-django/python-django.mk | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) Applied to master, thanks. Thomas
>>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: > - Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() > with aggregates referencing expressions containing subqueries (#34798). > - Restored, following a regression in Django 4.2, creating > varchar/text_pattern_ops indexes on CharField and TextField with > deterministic collations on PostgreSQL (#34932). > Tested on Fedora 39 with: > ./support/testing/run-tests tests.package.test_python_django > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> While this indeed is a security fix, it seems to be for a Windows-only issue: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/ Anyway, for 2023.02.x and 2023.08.x I have instead bumped to 4.1.13, which contains the same fix.
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash index b68f4231fa..98c338f9d4 100644 --- a/package/python-django/python-django.hash +++ b/package/python-django/python-django.hash @@ -1,5 +1,5 @@ # md5, sha256 from https://pypi.org/pypi/django/json -md5 ad84c2b9bbebaa26427a2a656fe5ceea Django-4.2.6.tar.gz -sha256 08f41f468b63335aea0d904c5729e0250300f6a1907bf293a65499496cdbc68f Django-4.2.6.tar.gz +md5 d7afe6a68b631725a1dac116a7832b10 Django-4.2.7.tar.gz +sha256 8e0f1c2c2786b5c0e39fe1afce24c926040fad47c8ea8ad30aaf1188df29fc41 Django-4.2.7.tar.gz # Locally computed sha256 checksums sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk index 79065ab60a..9b710412fa 100644 --- a/package/python-django/python-django.mk +++ b/package/python-django/python-django.mk @@ -4,10 +4,10 @@ # ################################################################################ -PYTHON_DJANGO_VERSION = 4.2.6 +PYTHON_DJANGO_VERSION = 4.2.7 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz # The official Django site has an unpractical URL -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/23/7b/f47d10d870fabfcaa1fba403460a4e482ab7dbba4d715d43981d1f8c8d85 +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/5c/62/0c6ab2f3ac9a242b4562b6be1c418685fa7d1ccb8ca302cdb97e0b23cf4b PYTHON_DJANGO_LICENSE = BSD-3-Clause PYTHON_DJANGO_LICENSE_FILES = LICENSE PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
- Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() with aggregates referencing expressions containing subqueries (#34798). - Restored, following a regression in Django 4.2, creating varchar/text_pattern_ops indexes on CharField and TextField with deterministic collations on PostgreSQL (#34932). Tested on Fedora 39 with: ./support/testing/run-tests tests.package.test_python_django Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- package/python-django/python-django.hash | 4 ++-- package/python-django/python-django.mk | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)