Package Release Info

python-Django-2.2.4-bp151.3.3.1

Update Info: openSUSE-2019-1872
Available in Package Hub : 15 SP1 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

python3-Django

Change Logs

* Thu Aug 01 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 2.2.4:
  * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
    bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
  * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
  * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
  * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
  * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).
* Thu Jul 18 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 2.2.3:
  * CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS
* Mon Jun 03 2019 Ond?ej Súkup <mimi.vx@gmail.com>
- update to 2.2.2
  * Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468)
  * Fixes CVE-2019-11358: Prototype pollution
Version: 2.2.28-bp154.2.15.1
* Mon Oct 16 2023 Daniel Garcia Moreno <daniel.garcia@suse.com>
- Add CVE-2023-43665.patch (bsc#1215978, CVE-2023-43665)
  * Denial-of-service possibility in django.utils.text.Truncator
Version: 2.2.28-bp154.2.12.1
* Mon Jul 10 2023 Alberto Planas Dominguez <aplanas@suse.com>
- Add fix-cve-2023-36053.patch (bsc#1212742, CVE-2023-36053)
Version: 2.2.28-bp155.5.1
* Wed Apr 03 2019 Ondřej Súkup <mimi.vx@gmail.com>
- update to 2.2
- drop pyyaml5.patch
- add i18n_test.patch
  * HttpRequest.headers to allow simple access to a request’s headers.
  * Database-level constraints on models.
  * Watchman compatibility for runserver to improve the performance
* Sat Mar 23 2019 Tomáš Chvátal <tchvatal@suse.com>
- Add patch to build with PyYAML >5:
  * pyyaml5.patch
Version: 2.2.28-bp154.2.9.1
* Thu Feb 23 2023 Matej Cepl <mcepl@suse.com>
- Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580,
  bsc#1208082) to prevent DOS in file uploads.
* Fri Apr 03 2020 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.12:
  * Added the ability to handle .po files containing different plural
    equations for the same language (#30439).
* Wed Mar 18 2020 Ondřej Súkup <mimi.vx@gmail.com>
- update to 2.2.11
  * fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance
  parameter in GIS functions and aggregates on Oracle
* Tue Feb 04 2020 Ondřej Súkup <mimi.vx@gmail.com>
- update to 2.2.10
- drop pyyaml53.patch
  * fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)``
* Wed Jan 15 2020 Ondřej Súkup <mimi.vx@gmail.com>
- add pyyaml53.patch - fix tests with PyYAML 5.3
* Sun Dec 29 2019 Ondřej Súkup <mimi.vx@gmail.com>
- Update to 2.2.9
  * CVE-2019-19844: Potential account hijack via password reset form (bsc#1159447)
  * Fixed a data loss possibility in SplitArrayField.
* Fri Nov 15 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.7:
  * Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform (#30826).
  * Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan (#30870).
  * Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses (#30903).
  * Restored the ability to override get_FOO_display() (#30931).
* Fri Nov 15 2019 Tomáš Chvátal <tchvatal@suse.com>
- Require full python interpreter on build and runtime
* Mon Oct 07 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.6:
  * Fixed migrations crash on SQLite when altering a model
    containing partial indexes (#30754).
  * Fixed a regression in Django 2.2.4 that caused a crash when
    filtering with a Subquery() annotation of a queryset containing
    JSONField or HStoreField (#30769).
* Mon Sep 16 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.5:
  * Relaxed the system check added in Django 2.2 for models to reallow use of the same db_table by multiple models when database routers are installed (#30673).
  * Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672).
  * Fixed a regression in Django 2.2 where ModelAdmin.list_filter choices to foreign objects don’t respect a model’s Meta.ordering (#30449).
  * Fixed a race condition in loading URLconf module that could cause a crash of auto-reloader on Python 3.5 and below (#30500).
* Thu Aug 01 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.4:
  * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
    bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
  * Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
  * Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
  * Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
  * Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).
* Thu Jul 18 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.2.3:
  * CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶
* Mon Jun 03 2019 Ondřej Súkup <mimi.vx@gmail.com>
- update to 2.2.2
  * Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468)
  * Fixes CVE-2019-11358: Prototype pollution
* Tue May 07 2019 Tomáš Chvátal <tchvatal@suse.com>
- Update keyring file
Version: 2.2.28-bp154.2.6.1
* Thu Feb 02 2023 Alberto Planas Dominguez <aplanas@suse.com>
- Add fix-cve-2023-23969.patch (bsc#1207565, CVE-2023-23969)
Version: 2.2.28-bp153.2.3.1
* Tue Oct 04 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Add fix-cve-2022-41323.patch (bsc#1203793, CVE-2022-41323)
  * Backport fix and tests from uptream branch 3.2.X
- Add test_custom_fields.patch
  * Required to fix an inspectdb test
* Mon Aug 08 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Add fix-cve-2022-36359.patch (CVE-2022-36359, bsc#1201923)
  * Backport fix and tests from uptream branch 3.2.X
- Rename Django-2.2.28.tar.gz.asc to Django-2.2.28.checksum.txt
  * The source validator try to validate the signature agains
    Django-2.2.28.tar.gz, instead of the checksum message itself
* Mon Apr 11 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Update to 2.2.28 (bsc#1198297)
  * Many CVEs fixes (check https://github.com/django/django/blob/main/docs/releases/)
Version: 2.2.12-bp152.1.3
* Fri Apr 03 2020 Tomá? Chvátal <tchvatal@suse.com>
- Update to 2.2.12:
  * Added the ability to handle .po files containing different plural
    equations for the same language (#30439).
* Wed Mar 18 2020 Ond?ej Súkup <mimi.vx@gmail.com>
- update to 2.2.11
  * fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance
  parameter in GIS functions and aggregates on Oracle
* Tue Feb 04 2020 Ond?ej Súkup <mimi.vx@gmail.com>
- update to 2.2.10
- drop pyyaml53.patch
  * fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)``
* Wed Jan 15 2020 Ond?ej Súkup <mimi.vx@gmail.com>
- add pyyaml53.patch - fix tests with PyYAML 5.3
* Sun Dec 29 2019 Ond?ej Súkup <mimi.vx@gmail.com>
- Update to 2.2.9
  * CVE-2019-19844: Potential account hijack via password reset form (bsc#1159447)
  * Fixed a data loss possibility in SplitArrayField.
Version: 2.2.1-bp151.2.2
* Tue May 07 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update keyring file
* Mon May 06 2019 Alberto Planas Dominguez <aplanas@suse.com>
- Update to 2.2.1
  * Fixed a regression in Django 2.1 that caused the incorrect quoting
    of database user password when using dbshell on Oracle (#30307).
  * Added compatibility for psycopg2 2.8 (#30331).
  * Fixed a regression in Django 2.2 that caused a crash when loading
    the template for the technical 500 debug page (#30324).
  * Fixed crash of ordering argument in ArrayAgg and StringAgg when it
    contains an expression with params (#30332).
  * Fixed a regression in Django 2.2 that caused a single instance
    fast-delete to not set the primary key to None (#30330).
  * Prevented makemigrations from generating infinite migrations for
    check constraints and partial indexes when condition contains a
    range object (#30350).  Reverted an optimization in Django 2.2
    (#29725) that caused the inconsistent behavior of count() and
    exists() on a reverse many-to-many relationship with a custom
    manager (#30325).
  * Fixed a regression in Django 2.2 where Paginator crashes if
    object_list is a queryset ordered or aggregated over a nested
    JSONField key transform (#30335).
  * Fixed a regression in Django 2.2 where IntegerField validation of
    database limits crashes if limit_value attribute in a custom
    validator is callable (#30328).
  * Fixed a regression in Django 2.2 where SearchVector generates SQL
    that is not indexable (#30385).
  * Fixed a regression in Django 2.2 that caused an exception to be
    raised when a custom error handler could not be imported (#30318).
  * Relaxed the system check added in Django 2.2 for the admin app’s
    dependencies to reallow use of SessionMiddleware subclasses,
    rather than requiring django.contrib.sessions to be in
    INSTALLED_APPS (#30312).
  * Increased the default timeout when using Watchman to 5 seconds to
    prevent falling back to StatReloader on larger projects and made
    it customizable via the DJANGO_WATCHMAN_TIMEOUT environment
    variable (#30361).
  * Fixed a regression in Django 2.2 that caused a crash when
    migrating permissions for proxy models if the target permissions
    already existed. For example, when a permission had been created
    manually or a model had been migrated from concrete to proxy
    (#30351).
  * Fixed a regression in Django 2.2 that caused a crash of runserver
    when URLConf modules raised exceptions (#30323).
  * Fixed a regression in Django 2.2 where changes were not reliably
    detected by auto-reloader when using StatReloader (#30323).
  * Fixed a migration crash on Oracle and PostgreSQL when adding a
    check constraint with a contains, startswith, or endswith lookup
    (or their case-insensitive variant) (#30408).
  * Fixed a migration crash on Oracle and SQLite when adding a check
    constraint with condition contains | (OR) operator (#30412).
* Wed Apr 10 2019 John Vandenberg <jayvdb@gmail.com>
- Add test_clear_site_cache-sort.patch to workaround flaky test
- Add bcond_with for selenium and memcached, as those tests are inactive,
  and add missing dependencies and setup for selenium testing
- Move removal of executable bit from a JavaScript file to %prep
- Fix fdupes
* Wed Apr 03 2019 Ond?ej Súkup <mimi.vx@gmail.com>
- update to 2.2
- drop pyyaml5.patch
- add i18n_test.patch
  * HttpRequest.headers to allow simple access to a request?s headers.
  * Database-level constraints on models.
  * Watchman compatibility for runserver to improve the performance
* Sat Mar 23 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add patch to build with PyYAML >5:
  * pyyaml5.patch
* Tue Feb 12 2019 Thomas Bechtold <tbechtold@suse.com>
- update to 2.1.7 (CVE-2019-6975, bsc#1124991):
  * Corrected packaging error from 2.1.6
  * Memory exhaustion in django.utils.numberformat.format()
    If django.utils.numberformat.format() ? used by contrib.admin as well
    as the the floatformat, filesizeformat, and intcomma templates
    filters ? received a Decimal with a large number of digits or a
    large exponent, it could lead to significant memory usage
    due to a call to '{:f}'.format().
    To avoid this, decimals with more than 200 digits are now formatted
    using scientific notation.
  * Made the obj argument of InlineModelAdmin.has_add_permission() optional
    to restore backwards compatibility with third-party code that doesn?t
    provide it
* Thu Jan 10 2019 Thomas Bechtold <tbechtold@suse.com>
- update to 2.1.5 (CVE-2019-3498, bsc#1120932):
  * CVE-2019-3498: Content spoofing possibility in the default 404 page
  * Fixed compatibility with mysqlclient 1.3.14 (#30013).
  * Fixed a schema corruption issue on SQLite 3.26+. You might have to drop
    and rebuild your SQLite database if you applied a migration while using
    an older version of Django with SQLite 3.26 or later (#29182).
  * Prevented SQLite schema alterations while foreign key checks are enabled
    to avoid the possibility of schema corruption (#30023).
  * Fixed a regression in Django 2.1.4 (which enabled keep-alive connections)
    where request body data isn?t properly consumed for such
    connections (#30015).
  * Fixed a regression in Django 2.1.4 where
    InlineModelAdmin.has_change_permission() is incorrectly called with
    a non-None obj argument during an object add (#30050).
* Mon Dec 10 2018 Ond?ej Súkup <mimi.vx@gmail.com>
- Update to version 2.1.4
  * Corrected the default password list that CommonPasswordValidator uses
    by lowercasing all passwords to match the format expected by the validator
  * Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in
    an attempt to fix a random crash involving LooseVersion
  * Fixed keep-alive support in runserver after it was disabled o 2.0
  * Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields
  * Fixed ?Please correct the errors below? error message when editing an object
    in the admin if the user only has the ?view? permission on inlines
  * Fixed a regression in Django 2.0 where combining Q objects with __in lookups
    and lists crashed
  * Fixed a regression in Django 2.0 where test databases aren?t reused
    with manage.py test --keepdb on MySQL
  * Fixed a regression where cached foreign keys that use to_field were
    incorrectly cleared in Model.save()
  * Fixed a regression in Django 2.0 where FileSystemStorage crashes
    with FileExistsError if concurrent saves try to create the same directory
* Thu Oct 04 2018 Alberto Planas Dominguez <aplanas@suse.com>
- Update to version 2.1.2
  * CVE-2018-16984: Password hash disclosure to ?view only? admin
    users
  * Fixed a regression where nonexistent joins in F() no longer raised
    FieldError (#29727).
  * Fixed a regression where files starting with a tilde or underscore
    weren?t ignored by the migrations loader (#29749).
  * Made migrations detect changes to Meta.default_related_name
    (#29755).
  * Added compatibility for cx_Oracle 7 (#29759).
  * Fixed a regression in Django 2.0 where unique index names weren?t
    quoted (#29778).
  * Fixed a regression where sliced queries with multiple columns with
    the same name crashed on Oracle 12.1 (#29630).
  * Fixed a crash when a user with the view (but not change)
    permission made a POST request to an admin user change form
    (#29809).
* Tue Sep 18 2018 Mat?j Cepl <mcepl@suse.com>
- Switch of BR selenium for non-Intel platforms.
* Tue Sep 04 2018 Ond?ej Súkup <mimi.vx@gmail.com>
- update to version 2.1.1
- drop django-urlencode.patch
  * Fixed a race condition in QuerySet.update_or_create() that could result
    in data loss
  * Fixed a regression where QueryDict.urlencode() crashed if the dictionary
    contains a non-string value
  * Fixed a regression in Django 2.0 where using manage.py test --keepdb fails
    on PostgreSQL if the database exists and the user doesn?t have permission
    to create databases
  * Fixed a regression in Django 2.0 where combining Q objects with __in
    lookups and lists crashed
  * Fixed translation failure of DurationField?s ?overflow? error message
  * Fixed a regression where the admin change form crashed if the user doesn?t
    have the ?add? permission to a model that uses TabularInline
  * Fixed a regression where a related_query_name reverse accessor wasn?t
    set up when a GenericRelation is declared on an abstract base model
  * Fixed the test client?s JSON serialization of a request data dictionary
    for structured content type suffixes
  * Made the admin change view redirect to the changelist view after a POST
    if the user has the ?view? permission
  * Fixed admin change view crash for view-only users if the form
    has an extra form field
  * Fixed a regression in Django 2.0.5 where QuerySet.values() or values_list()
    after combining querysets with extra() with union(), difference(),
    or intersection() crashed due to mismatching columns
* Tue Aug 14 2018 tchvatal@suse.com
- Apply patch to fix urlencode nonstring values:
  * django-urlencode.patch
* Wed Aug 08 2018 tchvatal@suse.com
- Enable testsuite
* Wed Aug 08 2018 mimi.vx@gmail.com
- update to version 2.1
- move bash completion to right location
- for full chanfges please see https://docs.djangoproject.com/en/2.1/releases/2.1/
  * Dropped support for MySQL 5.5
  * Dropped support for PostgreSQL 9.3
  * Support for SpatiaLite 4.0 is removed
  * Support for SQLite < 3.7.15 is removed.
* Mon Jul 02 2018 aplanas@suse.com
- update to version 2.0.7:
  * Fixed admin changelist crash when using a query expression without
    asc() or desc() in the page?s ordering (#29428).
  * Fixed admin check crash when using a query expression in
    ModelAdmin.ordering (#29428).
  * Fixed __regex and __iregex lookups with MySQL 8 (#29451).
  * Fixed migrations crash with namespace packages on Python 3.7
    (#28814).
- update to version 2.0.6
  * Fixed a regression that broke custom template filters that use
    decorators (#29400).
  * Fixed detection of custom URL converters in included patterns
    (#29415).
  * Fixed a regression that added an unnecessary subquery to the GROUP
    BY clause on MySQL when using a RawSQL annotation (#29416).
  * Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS
    3.6.1+ (#29460).
  * Fixed a regression in Django 1.10 that could result in large
    memory usage when making edits using ModelAdmin.list_editable
    (#28462).
- update to version 2.0.5
  * Corrected the import paths that inspectdb generates for
    django.contrib.postgres fields (#29307).
  * Fixed a regression in Django 1.11.8 where altering a field with a
    unique constraint may drop and rebuild more foreign keys than
    necessary (#29193).
  * Fixed crashes in django.contrib.admindocs when a view is a
    callable object, such as django.contrib.syndication.views.Feed
    (#29296).
  * Fixed a regression in Django 1.11.12 where QuerySet.values() or
    values_list() after combining an annotated and unannotated
    queryset with union(), difference(), or intersection() crashed due
    to mismatching columns (#29286).
Version: 2.0.4-bp150.2.4
* Sat Apr 07 2018 tbechtold@suse.com
- update to version 2.0.4:
  * Fixed #29265 -- Removed the suggestion to hardcode static URLs.
  * Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
  * Fixed #29195 -- Fixed Exists.output_field resolution on single-valued queries.
  * Fixed links to Sphinx docs.
  * Fixed typo in docs/releases/2.0.4.txt.
  * Clarified docs about ISO 8601 week numbering.
  * Fixed #29116 -- Fixed OpenLayersWidget deserialization ignoring the widget map's SRID.
  * Added CVE-2018-7536,7 to the security release archive.
  * Fixed #29221 -- Corrected admin's autocomplete widget to add a space after custom classes.
  * Fixed #29273 -- Prevented initial selection of empty choice in multiple choice widgets.
  * Added a pagination example to ListView docs.
  * Fixed #28514 -- Clarifed docs about idempotence of RelatedManager.add().
  * isorted import statements in tutorial example.
  * Fixed #29192 -- Corrected docs regarding overriding fields from abstract base classes.
  * Refs #11278 -- Clarified RelatedManager differences between reverse one-to-many and many-to-many relations.
  * Added stub release notes for 1.11.12.
  * Fixed #29165 -- Clarified how to load initial data with migrations.
  * Fixed #29213 -- Fixed autocomplete widget's translations for zh-hans/zh-hant.
  * Reverted "Expanded docs for AbstractBaseUser.has_usable_password()."
  * Fixed typo in docs/releases/2.0.4/1.11.12.txt.
  * Bumped version for 2.0.4 release.
  * Fixed #29250 -- Added 'django_version' context to startapp/project docs.
  * Added release date for 2.0.4 and 1.11.12.
  * Post-release version bump.
  * Clarified a sentence in docs/topics/i18n/translation.txt.
  * Fixed #29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection().
  * Added stub release notes for 2.0.4.
  * Fixed a couple mistakes in docs/ref/forms/widgets.txt.
  * Fixed #28655 -- Added more examples for customizing widgets in a form.
* Mon Mar 19 2018 tbechtold@suse.com
- update to 2.0.3 (bsc#1083305, bsc#1083304, CVE-2018-7536, CVE-2018-7537):
  * Fixed #29108 -- Fixed crash in aggregation of distinct+ordered+sliced querysets.
  * Added CVE-2018-6188 to the security release archive.
  * Post-release version bump.
  * Updated translations from Transifex
  * Added stub release notes for security releases.
  * Fixed incorrect regex in re_path() example.
  * Fixed #29125 -- Made Q.deconstruct() deterministic with multiple keyword arguments.
  * Fixed #29126 -- Doc'd the behavior of QuerySet.update_or_create() with manually specified pks.
  * Used a CSS positioning in tutorial 6 that doesn't differ across browsers.
  * Fixed typo in bulk_create() documentation.
  * Fixed #29176 -- Fixed AbstractBaseUser.normalize_username() crash if username isn't a string.
  * Removed blank lines per isort 4.3.0.
  * Added stub release notes for 2.0.3.
  * Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
  * Fixed #29172 -- Fixed crash with Window expression in a subquery.
  * Fixed #29166 -- Fixed crash in When() expression with a list argument.
  * Fixed #24270 -- Doc'd that django_bash_completion is only in the source distribution.
  * Improved clarity of docs/topics/install.txt.
  * Refs #29125 -- Made Q.deconstruct() omit 'query_utils' in the path and _connector='AND' since it's a default value.
  * Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
  * Bumped version for 2.0.3 release.
  * Corrected doc'd type of some parameters from string to str.
  * Fixed #29146 -- Readded ^ and $ inadvertently removed from re_path() examples.
  * Fixed #29107 -- Doc'd that ModelForm doesn't actually inherit from Form.
  * Switched test requirement to new psycopg2-binary package.
  * Added backticks around obj argument in admin docs.
  * Fixed typo in docs/topics/forms/media.txt.
  * Fixed #29109 -- Fixed the admin time picker widget for the Thai locale.
  * Fixed #29118 -- Fixed crash with QuerySet.order_by(Exists(...)).
* Wed Feb 07 2018 tbechtold@suse.com
- update to 2.0.2 (bsc#1077714, CVE-2018-6188):
  * Fixed #28883 -- Doc'd that the uuid URL path converter matches lowercase only letters.
  * Fixed a GeoIP2 test failure with the latest GeoIP2 database.
  * Added stub release notes for 2.0.1.
  * Bumped version for 2.0.2 release.
  * Fixed location of spatialite_source label.
  * Fixed #28958 -- Fixed admin changelist crash when using a query expression in the page's ordering.
  * Fixed #28231 -- Doc'd that QuerySet.bulk_create() casts objs to a list.
  * Fixed #29032 -- Fixed an example of using expressions in QuerySet.values().
  * Disambiguated "settings" in SpatiaLite note.
  * Fixed typo in docs/topics/testing/advanced.txt.
  * Post-release version bump.
  * Refs #25604 -- Removed docs for makemigrations --exit.
  * Fixed #29002 -- Corrected cached template loader docs about when it's automatically enabled.
  * Fixed typo in TemplateCommand argument help text.
  * Added stub release notes for 1.11.9.
  * Fixed #28915 -- Prevented SQLite from truncating trailing zeros in the fractional part of DecimalField.
  * Refs #29086 -- Doc'd how to detect bytestring mistakes.
  * Fixed #28886 -- Updated prefix for example django.contrib.auth.urls URLs.
  * Fixed #29081 -- Clarified comments in QuerySet.select_related() example.
  * Refs #27985 -- Reallowed using __exact=None as an alias for __isnull=True if a custom lookup class with lookup_name != None is registered as the exact lookup.
  * Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table.
  * Removed 'development' word in contributing docs
  * Fixed #29055 -- Doc'd that escapejs doesn't make template literals safe.
  * Fixed #29016 -- Fixed incorrect foreign key nullification on related instance deletion.
  * Fixed grammar in docs/releases/2.0.txt.
  * Fixed #29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn't accept a request but a later one does.
  * Fixed #28944 -- Fixed crash when chaining values()/values_list() after QuerySet.select_for_update(of=()).
  * Fixed #29091 -- Fixed makemigrations crash if migrations directory doesn't have __init__.py.
  * Fixed #28898 -- Corrected admin check to allow a OneToOneField in ModelAdmin.autocomplete_fields.
  * Fixed #28896 -- Reallowed filtering a queryset with GeometryField=None.
  * Fixed #28891 -- Documented Origin's loader attribute.
  * Confirmed support for PostGIS 2.4.
  * Wrapped an import per isort.
  * Added release date for 2.0.1 and 1.11.9.
  * Fixed #28884 -- Fixed crash on SQLite when renaming a field in a model referenced by a ManyToManyField.
  * Fixed "template tag" spelling in docs.
  * Fixed #28947 -- Fixed crash when coercing a translatable URL pattern to str.
  * Fixed typo in docs/topics/i18n/translation.txt.
  * Refs #28932 -- Skipped the failing test for refs #28915 on Oracle.
  * Refs #25181 -- Updated timezone.now() docs about obtaining the time in the current time zone.
  * Updated documented mysqlclient requirement to 1.3.7.
  * Fixed #28885 -- Fixed hidden content at the bottom of the "The install worked successfully!" page for some languages.
  * Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs.
  * Fixed #29067 -- Fixed regression in QuerySet.values_list(..., flat=True) followed by annotate().
  * Removed note in tutorial about bypassing manage.py.
  * Fixed #28929 -- Corrected QUnit examples.
  * Refs #28958 -- Added a test for ModelAdmin with query expressions in ordering.
  * Updated various links in docs to use HTTPS.
  * Expanded docs for AbstractBaseUser.has_usable_password().
  * Fixed #29017 -- Updated BaseCommand.leave_locale_alone doc per refs #24073.
  * Doc'd specifying the ENGINE setting as part of configuring contrib.gis.
  * Added stub release notes for 1.11.10.
  * Fixed #28881 -- Doc'd that CommonPasswordValidator's password list must be lowercase.
  * Fixed #28784 -- Clarified how migrate --fake works.
  * Fixed typo in docs/ref/models/expressions.txt.
  * Fixed #29094 -- Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields.
  * Refs #28876 -- Fixed incorrect foreign key constraint name for models with quoted db_table.
  * Bumped version for 2.0.1 release.
  * Fixed #25277 -- Restored test dependency to the original python-memcached.
  * Fixed #28761 -- Documented how an inline formset's prefix works.
  * Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI.
  * Fixed #28966 -- Doc'd that the uuid URL path converter requires dashes
  * Fixed #29054 -- Fixed a regression where a queryset that annotates with geometry objects crashes.
  * Reverted "[1.11.x] Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI."
  * Added "Python 3 Only" trove classifier.
  * Fixed #28941 -- Fixed crash in testserver command startup.
  * Fixed import in docs/ref/models/conditional-expressions.txt example.
  * Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
  * Fixed #28594 -- Removed Jython docs and specific code
  * Renamed the "Supported versions" label.
  * Fixed #28878 -- Added python_requires in setup.py and a warning for older pips that don't recognize it.
  * Fixed typo in docs/ref/contrib/admin/index.txt.
  * Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI.
  * Added stub release notes for 2.0.2.
  * Fixed #28938 -- Corrected Python compatibility in the tutorial.
  * Fixed #28890 -- Removed newlines between MultiWidget's subwidgets.
* Tue Dec 12 2017 mimi.vx@gmail.com
- update to 2.0
  * drop python 2 support
  * Simplified URL routing syntax
  * Mobile-friendly contrib.admin
  * Window expressions
  * Removed support for bytestrings in some places
  * Dropped support for Oracle 11.2
- Please read Release Notes - https://docs.djangoproject.com/en/2.0/releases/2.0/
* Tue Dec 12 2017 tbechtold@suse.com
- update to 1.11.8:
  * Fixed #28488 -- Reallowed error handlers to access CSRF tokens.
  * Fixed #28856 -- Fixed a regression in caching of a GenericForeignKey
    pointing to a MTI model.
  * Fixed #28597 -- Fixed crash with the name of a model's autogenerated primary
    key in an Index's fields.
  * Added stub release notes for 1.11.7.
  * Fixed #28305 -- Fixed "Cannot change column 'x': used in a foreign key constraint"
    crash on MySQL with a sequence of AlterField or RenameField operations.
  * Fixed #28689 -- Fixed unquoted table names in Subquery SQL when using OuterRef.
  * Added assertion helpers for PostgreSQL's server-side cursor tests.
  * Fixed #28729 -- Replaced a numbered list with unordered list in TemplatesSetting docs.
  * Fixed #28786 -- Doc'd middleware ordering considerations due to
    CommonMiddleware setting Content-Length.
  * Added release date for 1.11.8.
  * Fixed #28702 -- Made query lookups for CIText fields use citext.
  * Added 2017-12794 to the security release archive.
  * Fixed typo in docs/topics/cache.txt.
  * Bumped version for 1.11.6 release.
  * Added release date for 1.11.6.
  * Fixed #28648 -- Corrected typo in docs/topics/db/queries.txt.
  * Bumped version for 1.11.7 release.
  * Added stub release notes for 1.11.8.
  * Fixed #28848 -- Fixed SQLite/MySQL crash when ordering by a filtered
    subquery that uses nulls_first/nulls_last.
  * Fixed typo in docs/topics/db/aggregation.txt.
  * Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt.
  * Fixed typo in docs/topics/forms/media.txt.
  * Bumped version for 1.11.8 release.
  * Fixed typo in docs/ref/models/querysets.txt.
  * Fixed test failures due to ordering differences on PostgreSQL 10.
  * Fixed #28710 -- Fixed the Basque DATE_FORMAT string
  * Added stub release notes for 1.11.6.
  * Fixed #28747 -- Fixed typos in django/conf/global_settings.py comments.
  * Fixed #28817 -- Made QuerySet.iterator() use server-side cursors after
    values() and values_list().
  * Post-release version bump.
  * Fixed #28792 -- Fixed index name truncation of namespaced tables.
  * Fixed #28781 -- Added QuerySet.values()/values_list() support for union(),
    difference(), and intersection().
  * Fixed #28722 -- Made QuerySet.reverse() affect nulls_first/nulls_last.
  * Refs #28710 -- Simplified l10n format test
  * Initialized CsrfViewMiddleware once in csrf_tests.
  * Added release date for 1.11.7.
  * Linked to prefetch_related_objects func in DB optimization docs.
  * Fixed #28645 -- Reallowed AuthenticationForm to raise the inactive user
    error when using ModelBackend.
  * Fixed #28653 -- Added missing ForeignKey.on_delete argument in docs.
  * Fixed #28561 -- Removed inaccurate docs about QuerySet.order_by() and joins.
  * Fixed #28555 -- Made CharField convert whitespace-only values to the
    empty_value when strip is enabled.
  * Fixed #28601 -- Prevented cache.get_or_set() from caching None if default
    is a callable that returns None.
* Wed Sep 20 2017 toddrme2178@gmail.com
- update to version 1.11.5
  * CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page
  * Fixed GEOS version parsing if the version has a commit hash at the end (new
    in GEOS 3.6.2) (:ticket:`28441`).
  * Added compatibility for ``cx_Oracle`` 6 (:ticket:`28498`).
  * Fixed select widget rendering when option values are tuples (:ticket:`28502`).
  * Django 1.11 inadvertently changed the sequence and trigger naming scheme on
    Oracle. This causes errors on INSERTs for some tables if
    ``'use_returning_into': False`` is in the ``OPTIONS`` part of ``DATABASES``.
    The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
    requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
    upgrade script in :ticket:`28451` comment 8 to update sequence and trigger
    names to use the pre-1.11 naming scheme.
  * Added POST request support to ``LogoutView``, for equivalence with the
    function-based ``logout()`` view (:ticket:`28513`).
  * Omitted ``pages_per_range`` from ``BrinIndex.deconstruct()`` if it's ``None``
    (:ticket:`25809`).
  * Fixed a regression where ``SelectDateWidget`` localized the years in the
    select box (:ticket:`28530`).
  * Fixed a regression in 1.11.4 where ``runserver`` crashed with non-Unicode
    system encodings on Python 2 + Windows (:ticket:`28487`).
  * Fixed a regression in Django 1.10 where changes to a ``ManyToManyField``
    weren't logged in the admin change history (:ticket:`27998`) and prevented
    ``ManyToManyField`` initial data in model forms from being affected by
    subsequent model changes (:ticket:`28543`).
  * Fixed non-deterministic results or an ``AssertionError`` crash in some
    queries with multiple joins (:ticket:`26522`).
  * Fixed a regression in ``contrib.auth``'s ``login()`` and ``logout()`` views
    where they ignored positional arguments (:ticket:`28550`).
* Thu Aug 10 2017 tbechtold@suse.com
- update to version 1.11.4:
  * Fixed #27939 -- Updated OpenLayersWidget.map_srid for OpenLayers 3.
  * Fixed #27956 -- Fixed display of errors in an {% extends %} child.
  * Updated various links in docs to avoid redirects
  * Fixed typo in docs/topics/auth/default.txt.
  * Double quoted HTML attributes in widget docs
  * Fixed #28303 -- Prevented localization of attribute values in the DTL attrs.html widget template.
  * Added stub release notes for 1.11.3.
  * Documented OSMWidget.default_lat/lon.
  * Fixed #28101 -- Fixed a regression with nested __in subquery lookups and to_field.
  * Bumped version for 1.11.4 release.
  * Bumped version for 1.11.3 release.
  * Updated translations from Transifex
  * Fixed #28039 -- Fixed crash in BaseGeometryWidget.subwidgets().
  * Fixed #28242 -- Moved ImageField file extension validation to the form field.
  * Made docs/topics/migrations.txt use single quotes consistently.
  * Fixed #28355 -- Fixed widget rendering of non-ASCII date/time formats on Python 2.
  * Updated name of topics/db/queries link on index.
  * Fixed #28025 -- Fixed typo in docs/ref/models/querysets.txt.
  * Fixed #28043 -- Prevented AddIndex and RemoveIndex from mutating model state.
  * Fixed #28207 -- Fixed contrib.auth.authenticate() if multiple auth backends don't accept a request.
  * Fixed #28361 -- Fixed possible time-related failure in was_published_recently() tutorial test.
  * Fixed #28265 -- Prevented renderer warning on Widget.render() with **kwargs.
  * Fixed typo in docs/topics/testing/advanced.txt.
  * Fixed #28125 -- Clarified 1.11 release note about Template.render() prohibiting non-dict context.
  * Refs #18974 -- Added stacklevel for permalink() deprecation.
  * Fixed #28350 -- Fixed UnboundLocalError crash in RenameField with nonexistent field.
  * Fixed #28051 -- Made migrations respect Index's name argument.
  * Fixed #28420 -- Doc'd 'is' comparison restriction for User.is_authenticated/anonymous.
  * Added release date for 1.11.4.
  * Refs #28174 -- Fixed autoreload test crash on Python 2/non-ASCII path.
  * Fixed #28389 -- Fixed pickling of LazyObject on Python 2 when wrapped object doesn't have __reduce__().
  * Fixed #28148 -- Doc'd ImageField name validation concerns with the test client.
  * Added stub release notes for 1.11.2.
  * Fixed #27890 -- Fixed FileNotFoundError cleanup exception in runtests.py on Python 3.6+.
  * Fixed #28138 -- Used output type handler instead of numbersAsStrings on Oracle cursor.
  * Fixed widgets module path in docs/ref/contrib/gis/forms-api.txt.
  * Fixed #27947 -- Doc'd that model Field.error_messages often don't propagate to forms.
  * Fixed #28067 -- Clarified __str__() return type when using python_2_unicode_compatible().
  * Fixed docstring typo in django/contrib/admin/actions.py.
  * Fixed #28102 -- Doc'd how to compute path to built-in widget template directories.
  * Fixed #28352 -- Corrected QuerySet.values_list() return type in docs examples.
  * Fixed #28181 -- Added detection for GDAL 2.1 and 2.0.
  * Refs #23853 -- Updated sql.query.Query.join() docstring.
  * Added a test for Model._meta._property_names.
  * Refs #27919 -- Changed Widget.get_context() attrs kwarg to an arg.
  * Fixed #28415 -- Clarified what characters ASCII/UnicodeUsernameValidator accept.
  * Fixed #28074 -- Doc'd template-based widget rendering changes for contrib.gis.
  * Fixed #28278 -- Fixed invalid HTML for a required AdminFileWidget.
  * Added content_type filtering in Permission querying example.
  * Corrected FileExtensionValidator doc regarding the value being validated.
  * Fixed #27960 -- Set errcheck=False for GDALAllRegister to prevent crash.
  * Fixed #28097 -- Fixed layout of ReadOnlyPasswordHashWidget.
  * Fixed #27969 -- Fixed models.Field.formfield() setting 'disabled' for fields with choices.
  * Post-release version bump.
  * Fixed #28298 -- Prevented a primary key alteration from adding a foreign key constraint if db_constraint=False.
  * Refs #28192 -- Fixed documentation of ChoiceField choices requirement
  * Fixed #27966 -- Bumped required psycopg2 version to 2.5.4.
  * Linked GIS QuerySet API docs to corresponding PostGIS docs.
  * Fixed #27974 -- Kept resolved templates constant during one rendering cycle.
  * Refs #28100 -- Fixed URL in el, es_MX, and pt auth translations
  * Fixed typo in docs/ref/request-response.txt.
  * Fixed #27963 -- Removed unneeded docstring example in contributing docs.
  * Added stub release notes for security releases.
  * Fixed #28349 -- Doc'd how to upgrade Django from LTS to LTS.
  * Fixed typo in docs/ref/forms/fields.txt.
  * Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve().
  * Fixed #28170 -- Fixed file_move_safe() crash when moving files to a CIFS mount.
  * Fixed broken links to Oracle docs.
  * Fixed #27554 -- Fixed prefetch_related() crash when fetching relations in nested Prefetches.
  * Added links and cosmetic edits to docs/ref/request-response.txt.
  * Added stub release notes for 1.11.1.
  * Fixed #28079 -- Restored "No POST data" (rather than an empty table) in HTML debug page.
  * Removed incorrect "required" attribute in docs/ref/forms/fields.txt.
  * Fixed #28176 -- Restored the uncasted option value in ChoiceWidget template context.
  * Refs #24423 -- Readded inadvertently deleted i18n tests.
  * Fixed #27965 -- Fixed precision comparison in a geoforms test (refs #27939).
  * Corrected post-release version bump.
  * Made runtests.py run gis_tests only when using a GIS database backend.
  * Fixed #28230 -- Allowed DjangoJsonEncoder to serialize CallableBool.
  * Fixed broken link to QUnit docs.
  * Removed MySQL (unsupported) from Perimeter docs.
  * Fixed #28266 -- Fixed typo in docs/ref/models/instances.txt.
  * Fixed #28139 -- Added another level of headings in the topics index.
  * Fixed #28003 -- Doc'd what an auto-created OneToOneField parent_link looks like.
  * Fixed #28160 -- Prevented hiding GDAL exceptions when it's not installed.
  * Updated man page for Django 1.11.
  * Fixed #27988 -- Fixed typo in docs/ref/django-admin.txt.
  * Fixed #28199 -- Fixed Subquery generating unnecessary/invalid CAST.
  * Fixed #28122 -- Fixed crash when overriding views.static.directory_index()'s template.
  * Fixed AppRegistryNotReady error when running gis_tests in isolation on PostGIS.
  * Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD.
  * Fixed #28040 -- Updated SplitArrayWidget to use template-based widget rendering.
  * Fixed #28269 -- Fixed Model.__init__() crash on models with a field that has an instance only descriptor.
  * Tested EmailMessage(attachments=[MIMEText])
  * Clarified return value of NumGeometries GIS function.
  * Refs #27935 -- Fixed BrinIndex.max_name_length if a project's default database isn't PostgreSQL.
  * Fixed #28058 -- Restored empty BoundFields evaluating to True.
  * Replaced "not A== B" with "A != B" in docs/howto/writing-migrations.txt.
  * Added CVE-2017-7233,4 to the security release archive.
  * Fixed #28204 -- Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if InvalidPage message contains non-ASCII.
  * Fixed #27935 -- Fixed crash with BrinIndex name > 30 characters.
  * Fixed #28293 -- Fixed union(), intersection(), and difference() when combining with an EmptyQuerySet.
  * Fixed #28222 -- Allowed settable properties in QuerySet.update_or_create()/get_or_create() defaults.
  * Refs #27556, #27488 -- Updated support backends docs for isvalid lookup.
  * Fixed nondeterministic ordering test failure in model_forms.
  * Fixed #28345 -- Applied limit_choices_to during ModelForm.__init__().
  * Fixed #27981 -- Doc'd date/time filter l10n changes in refs #25758.
  * Made a few cosmetic updates to "Migrations that add unique fields".
  * Bumped version for 1.11 release.
  * Fixed #28004 -- Doc'd how to create migrations for an app without a migrations directory.
  * Fixed #28202 -- Fixed FieldListFilter.get_queryset() crash on invalid input.
  * Fixed #27949 -- Doc'd how OpenLayers 3 widgets work.
  * Pass type to sql_alter_column_* where it was missing.
  * Fixed #27866 -- Made ChoiceWidget.format_value() return a list
  * Fixed #28308 -- Doc'd removal of Select.render_option() (refs #15667).
  * Fixed #28178 -- Changed contrib.gis to raise ImproperlyConfigured if gdal isn't installed.
  * Fixed #28284 -- Prevented Paginator's unordered object list warning from evaluating a QuerySet.
  * Fixed #28209 -- Made date-based generic views return a 404 rather than crash when given an out of range date.
  * Fixed #28161 -- Fixed return type of ArrayField(CITextField()).
  * Corrected docs regarding MySQL support of Length GIS function.
  * Fixed #28175 -- Fixed __in lookups on a foreign key when using the foreign key's parent model as the lookup value.
  * Refs #18247 -- Fixed SQLite QuerySet filtering on decimal result of Least and Greatest.
  * Refs #28207 -- Fixed contrib.auth.authenticate() if 'backend' is in the credentials.
  * Fixed #27644 -- Doc'd FileSystemStorage.get_created_time().
  * Added test for intersection() when combining with a queryset raising EmptyResultSet.
  * Fixed #28197 -- Fixed introspection of index field ordering on PostgreSQL.
  * Removed extra characters in docs header underlines.
  * Fixed GEOSGeometry reference in GIS tutorial.
  * Refs #28066 -- Fixed Python 2 failures in sessions_tests.
  * Removed obsolete Widget.format_output() in tests.
  * Fixed #28059 -- Restored class attribute in <ul> of widgets that use multiple_input.html.
  * Fixed typo in docs/ref/contrib/postgres/fields.txt.
  * Refs #27025 -- Fixed "invalid escape sequence" warning in auth_tests on Python 3.6.
  * Fixed #28031 -- Removed notes about old uWSGI/sentry versions (refs #20537).
  * Removed unexpected initial attribute in data migration examples.
  * Renamed "Mac OS X" to "macOS" in docs.
  * Sorted imports per isort 4.2.9.
  * Refs #28138 -- Added release notes for d52577b62b3138674807ac74251fab7faed48331.
  * Back to the future.
  * Fixed #27993 -- Fixed model form default fallback for SelectMultiple.
  * Refs #27866 -- Adapted backport for Python 2 compatibility
  * Removed unused links in docs/internals/contributing/triaging-tickets.txt.
  * Clarified QuerySet.iterator()'s docs on server-side cursors.
  * Fixed #28096 -- Allowed prefetch calls with ModelIterable subclasses
  * Fixed #28414 -- Fixed ClearableFileInput rendering as a subwidget of MultiWidget.
  * Corrected REPL example in forms docs for Python 3.
  * Refs #28181 -- Corrected detection of GDAL 2.1 on Windows.
  * Fixed #28075 -- Prevented ChoiceWidget from localizing option values.
  * Fixed #28282 -- Fixed class-based indexes name for models that only inherit Model.
  * Fixed #28038 -- Restored casting to text of builtin lookups on PostgreSQL.
  * Fixed #28418 -- Fixed queryset crash when using a GenericRelation to a proxy model.
  * Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL.
  * Fixed #28105 -- Fixed crash in BaseGeometryWidget.get_context() when overriding existing attrs.
  * Refs #28160 -- Skipped a GeoManager test if not using a GIS database backend.
  * Fixed #28157 -- Fixed choice ordering in form fields with grouped and non-grouped options.
  * Fixed #28095 -- Doc'd Widget.build_attrs() signature change in Django 1.11.
  * Fixed a forms test after updated translations.
  * Fixed 403 link in docs/ref/contrib/gis/install/spatialite.txt.
  * Simplified schema.tests with assertForeignKeyExists()/assertForeignKeyNotExists().
  * Fixed #28336 -- Fixed typo in docs/ref/settings.txt.
  * Fixed #28378 -- Fixed union() and difference() when combining with a queryset raising EmptyResultSet.
  * Refs #28052 -- Cleaned up some indexes in schema tests.
  * Fixed #28047 -- Fixed QuerySet.filter() crash when it uses the name of a OneToOneField pk.
  * Added release date for 1.11.1.
  * Fixed #28327 -- Removed contradictory description of mod_wsgi docs.
  * Clarified "newly-introduced features" in the supported versions policy.
  * Fixed docs build with Sphinx 1.6.
  * Fixed #28239 -- Removed docs for a removed arg of template.Context.
  * Bumped version for 1.11.2 release.
  * Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.
  * Updated postgis.net and gaia-gis.it links to https.
  * Fixed typos in docs/topic/db/search.txt.
  * Fixed #28174 -- Fixed crash in runserver's autoreload with Python 2 on Windows with non-str environment variables.
  * Fixed typos in docs/howto/static-files/index.txt.
  * Fixed #28294 -- Doc'd request/args/kwargs attributes of class-based views.
  * Fixed #27967 -- Fixed KeyError in admin's inline form with inherited non-editable pk.
  * Fixed db backend discovery in admin_scripts tests.
  * Fixed outdated TIME_FORMAT in docs/ref/templates/builtins.txt.
  * Fixed #26028 -- Added overriding templates howto.
  * Updated was_published_recently() tutorial test to check boundary condition.
  * Fix a typo in django/db/transaction.py
  * Fixed #28109 -- Corrected the stack level of unordered queryset pagination warnings.
  * Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.
  * Refs #22397 -- Removed model in test cleanup
  * Fixed #28052 -- Prevented dropping Meta.indexes when changing db_index to False.
  * Fixed #18485 -- Doc'd behavior of PostgreSQL when manually setting AutoField.
  * Updated core translations from Transifex
  * Fixed #28166 -- Fixed Model._state.db on MTI parent model after saving child model.
  * Added missing import in docs/topics/db/queries.txt.
  * Refs #27919 -- Passed ChoiceWidget.create_option() kwargs as expected.
  * Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
  * Fixed #27975 -- Fixed crash if ModelChoiceField's queryset=None.
  * Added release date for 1.11.2.
  * Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
  * Fixed #28159 -- Fixed BaseInlineFormSet._construct_form() crash when using save_as_new.
  * Removed an obsolete temporal reference in docs/faq/general.txt.
  * Fixed #28042 -- Fixed crash when using a two-tuple in EmailMessage's attachments arg.
  * Fixed #27945 -- Clarified that RegexValidator searches with the regex.
  * Linked GIS functions docs to corresponding PostGIS docs.
  * Refs #17453 -- Fixed broken link to #django IRC logs.
  * Fixed gis_tests.geoapp test with incorrect geodetic coordinates.
  * Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.
  * Fixed #27730 -- Doc'd that template vars created outside a block can't be used in it.
  * Fixed #28069 -- Moved setup_test_environment() warning in tutorial 5.
  * Fixed #28130 -- Fixed formset min_num validation with initial, unchanged forms.
  * Fixed #28091 -- Re-raised original exception when closing cursor cleanup fails
  * Clarified backend support of Area GIS function.
  * Fixed #28387 -- Fixed has_changed() for disabled form fields that subclass it.
  * Fixed #27915 -- Allowed Meta.indexes to be defined in abstract models.
  * Fixed #26755 -- Fixed test_middleware_classes_headers if Django source isn't writable.
  * Fixed #28188 -- Fixed crash when pickling model fields.
  * Fixed typo in docs/ref/models/querysets.txt.
  * Pointed Dive into Python links to python3 site
  * Refs #25240 -- Added ExtractWeek examples.
  * Added some shell output in tutorial 2.
  * Removed inappropriate highlighting in committing-code.txt.
  * Fixed #28399 -- Fixed QuerySet.count() for union(), difference(), and intersection() queries.
  * Fixed #28212 -- Allowed customizing the port that LiveServerTestCase uses.
  * Fixed flake8 warning on Python 2.
  * Clarified meaning of "Optional" in auth.models.User field docs.
  * Clarified HStoreField model/form difference in 1.11 release notes.
  * Removed self from method signatures in docs.
  * Added stub release notes for 1.11.4.
  * Updated tests after French translation update
  * Fixed #27603 -- Fixed AsKML when queryset is evaluated more than once.
  * Fixed #28262 -- Fixed incorrect DisallowedModelAdminLookup when a nested reverse relation is in list_filter.
  * Fixed #27434 -- Doc'd how to raise a model validation error for a field not in a model form.
  * Refs #21415 -- Fixed contrib.humanize translations for es_AR
  * Fixed #27655 -- Added some guidelines to the coding style docs.
  * Updated contrib translations from Transifex
  * Removed nonexistent methods from File's docs.
  * Doc'd the need to remove default ordering on Subquery aggregates.
  * Fixed broken link to mysqlclient docs.
  * Fixed #28210 -- Fixed Model._state.adding on MTI parent model after saving child model.
  * Removed usage of deprecated sphinx.util.compat.Directive.
  * Refs #28100 -- Added 1.11.1 release note for e6bfd3d751278d7cfd09af1120c4bbce509c05da.
  * Fixed #28190 -- Clarifed how include/extends treat template names.
  * Refs #26294 -- Fixed typo in docs/ref/django-admin.txt.
  * Refs #28091 -- Fixed typo and rephrased 1.11.1 release note.
  * Fixed typo in docs/ref/class-based-views/mixins-single-object.txt.
  * Bumped version for 1.11.1 release.
  * Added release date for 1.11.3.
  * Bumped version for 1.11 release candidate 1.
  * Simplified tutorial's test names and docstrings.
  * Fixed typo in django/db/backends/base/schema.py comment.
  * Fixed #28233 -- Used a simpler example in the aggregation "cheat sheet" docs.
- Require python-pytz and Recommend python-bcrypt
* Wed Aug 09 2017 toddrme2178@gmail.com
- Fix building on older Python versions.
* Mon Jul 10 2017 toddrme2178@gmail.com
- Fix wrong-script-interpreter rpmlint error.
* Mon May 08 2017 toddrme2178@gmail.com
- django-admin.py should be the master, not django-admin.
* Sat May 06 2017 toddrme2178@gmail.com
- Don't provide python2-django or python2-South, singlespec
  packages should use correct name.
* Thu May 04 2017 toddrme2178@gmail.com
- Implement single-spec version.
* Tue Apr 04 2017 appleonkel@opensuse.org
- Update to 1.10.7
  Bugfixes
  * Made admin?s RelatedFieldWidgetWrapper use the wrapped widget?s
    value_omitted_from_data() method (#27905)
  * Fixed model form default fallback for SelectMultiple (#27993)
* Wed Mar 01 2017 appleonkel@opensuse.org
- Update to 1.10.6
  Bugfixes
  * Fixed ClearableFileInput?s ?Clear? checkbox on model form fields where the
    model field has a default
  * Fixed RequestDataTooBig and TooManyFieldsSent exceptions crashing rather than
    generating a bad request response
  * Fixed a crash on Oracle and PostgreSQL when subtracting DurationField or
    IntegerField from DateField
  * Fixed query expression date subtraction accuracy on PostgreSQL for differences
    large an a month
  * Fixed a GDALException raised by GDALClose on GDAL >= 2.0
* Tue Jan 31 2017 michal@cihar.com
- Update to 1.10.5
  * See https://docs.djangoproject.com/en/1.10/releases/1.10/
  * Full text search for PostgreSQL
  * New-style middleware
  * Official support for Unicode usernames
* Fri Dec 02 2016 appleonkel@opensuse.org
- Update to 1.9.12
  Bugfixes
  * Quoted the Oracle test user?s password in queries to fix the ?ORA-00922: missing
    or invalid option? error when the password starts with a number or
    special character (#27420)
  * DNS rebinding vulnerability when DEBUG=True
  * CSRF protection bypass on a site with Google Analytics
Version: 1.9.9-2.1
* Sat Sep 24 2016 sbahling@suse.com
- Change Requires: python-Pillow to python-imaging for compatibility
  with SLE-12 which provides PIL instead of Pillow.
* Tue Aug 09 2016 aplanas@suse.com
- Update to 1.9.9
  Bugfixes
  * Fixed invalid HTML in template postmortem on the debug page
    (#26938).
  * Fixed some GIS database function crashes on MySQL 5.7 (#26657).
- Update to 1.9.8
  Fix XSS in admin?s add/change related popup (bsc#988420)
  Unsafe usage of JavaScript?s Element.innerHTML could result in XSS
  in the admin?s add/change related popup. Element.textContent is now
  used to prevent execution of the data.
  The debug view also used innerHTML. Although a security issue wasn?t
  identified there, out of an abundance of caution it?s also updated
  to use textContent.
  Bugfixes
  * Fixed missing varchar/text_pattern_ops index on CharField and
    TextField respectively when using AddField on PostgreSQL (#26889).
  * Fixed makemessages crash on Python 2 with non-ASCII file names
    (#26897).
- Update to 1.9.7
  Bugfixes
  * Removed the need for the request context processor on the admin
    login page to fix a regression in 1.9 (#26558).
  * Fixed translation of password validators? help_text in forms
    (#26544).
  * Fixed a regression causing the cached template loader to crash
    when using lazy template names (#26603).
  * Fixed on_commit callbacks execution order when callbacks make
    transactions (#26627).
  * Fixed HStoreField to raise a ValidationError instead of crashing
    on non-dictionary JSON input (#26672).
  * Fixed dbshell crash on PostgreSQL with an empty database name
    (#26698).
  * Fixed a regression in queries on a OneToOneField that has to_field
    and primary_key=True (#26667).
* Tue May 03 2016 aplanas@suse.com
- Update to 1.9.6
  Bugfixes
  * Added support for relative path redirects to the test client and
    to SimpleTestCase.assertRedirects() because Django 1.9 no longer
    converts redirects to absolute URIs (#26428).
  * Fixed TimeField microseconds round-tripping on MySQL and SQLite
    (#26498).
  * Prevented makemigrations from generating infinite migrations for a
    model field that references a functools.partial (#26475).
  * Fixed a regression where SessionBase.pop() returned None rather
    than raising a KeyError for nonexistent values (#26520).
  * Fixed a regression causing the cached template loader to crash
    when using template names starting with a dash (#26536).
  * Restored conversion of an empty string to null when saving values
    of GenericIPAddressField on SQLite and MySQL (#26557).
  * Fixed a makemessages regression where temporary .py extensions
    were leaked in source file paths (#26341).
* Sun May 01 2016 michael@stroeder.com
- Update to 1.9.5
* Tue Feb 02 2016 aplanas@suse.com
- Update to 1.9.2
  Security issue
  * User with "change" but not "add" permission can create objects for
    ModelAdmin's with save_as=True
  Backwards incompatible change
  * .py-tpl files rewritten in project/app templates
  Bugfixes
  * Fixed a regression in ConditionalGetMiddleware causing
    If-None-Match checks to always return HTTP 200 (#26024).
  * Fixed a regression that caused the "user-tools" items to display
    on the admin's logout page (#26035).
  * Fixed a crash in the translations system when the current language
    has no translations (#26046).
  * Fixed a regression that caused the incorrect day to be selected
    when opening the admin calendar widget for timezones from GMT+0100
    to GMT+1200 (#24980).
  * Fixed a regression in the admin's edit related model popup that
    caused an escaped value to be displayed in the select dropdown of
    the parent window (#25997).
  * Fixed a regression in 1.8.8 causing incorrect index handling in
    migrations on PostgreSQL when adding db_index=True or unique=True
    to a CharField or TextField that already had the other specified,
    or when removing one of them from a field that had both, or when
    adding unique=True to a field already listed in unique_together
    (#26034).
  * Fixed a regression where defining a relation on an abstract
    model's field using a string model name without an app_label no
    longer resolved that reference to the abstract model's app if
    using that model in another application (#25858).
  * Fixed a crash when destroying an existing test database on MySQL
    or PostgreSQL (#26096).
  * Fixed CSRF cookie check on POST requests when
    USE_X_FORWARDED_PORT=True (#26094).
  * Fixed a QuerySet.order_by() crash when ordering by a relational
    field of a ManyToManyField through model (#26092).
  * Fixed a regression that caused an exception when making database
    queries on SQLite with more than 2000 parameters when DEBUG is
    True on distributions that increase the SQLITE_MAX_VARIABLE_NUMBER
    compile-time limit to over 2000, such as Debian (#26063).
  * Fixed a crash when using a reverse OneToOneField in
    ModelAdmin.readonly_fields (#26060).
  * Fixed a crash when calling the migrate command in a test case with
    the available_apps attribute pointing to an application with
    migrations disabled using the MIGRATION_MODULES setting (#26135).
  * Restored the ability for testing and debugging tools to determine
    the template from which a node came from, even during template
    inheritance or inclusion. Prior to Django 1.9, debugging tools
    could access the template origin from the node via
    Node.token.source[0]. This was an undocumented, private API. The
    origin is now available directly on each node using the
    Node.origin attribute (#25848).
  * Fixed a regression in Django 1.8.5 that broke copying a
    SimpleLazyObject with copy.copy() (#26122).
  * Always included geometry_field in the GeoJSON serializer output
    regardless of the fields parameter (#26138).
  * Fixed the contrib.gis map widgets when using
    USE_THOUSAND_SEPARATOR=True (#20415).
  * Made invalid forms display the initial of values of their disabled
    fields (#26129).
* Wed Jan 27 2016 aplanas@suse.com
- Update to 1.9.1
  Bugfixes
  * Fixed BaseCache.get_or_set() with the DummyCache backend (#25840).
  * Fixed a regression in FormMixin causing forms to be validated
    twice (#25548, #26018).
  * Fixed a system check crash with nested ArrayFields (#25867).
  * Fixed a state bug when migrating a SeparateDatabaseAndState
    operation backwards (#25896).
  * Fixed a regression in CommonMiddleware causing If-None-Match
    checks to always return HTTP 200 (#25900).
  * Fixed missing varchar/text_pattern_ops index on CharField and
    TextField respectively when using AlterField on PostgreSQL
    (#25412).
  * Fixed admin’s delete confirmation page’s summary counts of related
    objects (#25883).
  * Added from __future__ import unicode_literals to the default
    apps.py created by startapp on Python 2 (#25909). Add this line to
    your own apps.py files created using Django 1.9 if you want your
    migrations to work on both Python 2 and Python 3.
  * Prevented QuerySet.delete() from crashing on MySQL when querying
    across relations.
  * Fixed evaluation of zero-length slices of QuerySet.values()
    (#25894).
  * ...
  * https://docs.djangoproject.com/en/1.9/releases/1.9.1/
* Wed Dec 02 2015 aplanas@suse.com
- update to 1.9
  * https://docs.djangoproject.com/en/1.9/releases/1.9/
  * Performing actions after a transaction commit
  * Password validation
  * Permission mixins for class-based views
  * New styling for "contrib.admin"
  * Running tests in parallel
* Tue Nov 10 2015 tbechtold@suse.com
- update to 1.8.6:
  * https://docs.djangoproject.com/en/1.8/releases/1.8.5/
  * https://docs.djangoproject.com/en/1.8/releases/1.8.6/
* Tue Nov 10 2015 tbechtold@suse.com
- add missing Requires for python-setuptools (bsc#952198)
  /usr/bin/django-admin needs the pkg_resources framework from
  python-setuptools to run properly.
* Sun Sep 20 2015 tbechtold@suse.com
- update to 1.8.4 (CVE-2015-5963):
  * https://docs.djangoproject.com/en/1.8/releases/1.8.4/
* Fri Jul 10 2015 astieger@suse.com
- add keyring and verify source signature
* Fri Jul 10 2015 dmueller@suse.com
- update to 1.8.3:
  * https://docs.djangoproject.com/en/1.8/releases/1.8.3/
  Various bugfixes/security fixes (CVE-2015-5145, bsc#937524)
* Tue May 26 2015 dmueller@suse.com
- update to 1.8.2 (CVE-2015-3982):
  * https://docs.djangoproject.com/en/1.8/releases/1.8.2/
  * https://docs.djangoproject.com/en/1.8/releases/1.8.1/
* Thu Apr 02 2015 aplanas@suse.com
- Update to Django 1.8
  * "Long-Term Support" (LTS) release
  New features:
  * Model._meta API
  * Multiple template engines
  * Security enhancements
  * New PostgreSQL specific functionality
  * New data types
  * Query Expressions, Conditional Expressions, and Database Functions
  * TestCase data setup
  Backwards incompatible changes:
  * Related object operations are run in a transaction
  * Assigning unsaved objects to relations raises an error
  * Management commands that only accept positional arguments
  * Custom test management command arguments through test runner
  * Model check ensures auto-generated column names are within limits
    specified by database
  * Query relation lookups now check object types
  * select_related() now checks given fields
  * Default EmailField.max_length increased to 254
  * (DROP) Support for PostgreSQL versions older than 9.0
  * (DROP) Support for MySQL versions older than 5.5
  * (DROP) Support for Oracle versions older than 11.1
  * Specific privileges used instead of roles for tests on Oracle
  * ...
* Mon Mar 23 2015 mcihar@suse.cz
- Update to Django 1.7.7:
  Security issues:
  * Denial-of-service possibility with strip_tags()
  * Mitigated possible XSS attack via user-supplied redirect URLs
  Bugfixes:
  * Fixed renaming of classes in migrations where renaming a subclass would
    cause incorrect state to be recorded for objects that referenced the
    superclass (#24354).
  * Stopped writing migration files in dry run mode when merging migration
    conflicts. When makemigrations --merge is called with verbosity=3 the
    migration file is written to stdout (:ticket: 24427).
* Wed Mar 11 2015 aplanas@suse.com
- Update to Djano 1.7.6:
  Bugfixes
  * Mitigated an XSS attack via properties in
    "ModelAdmin.readonly_fields"
  * Fixed crash when coercing "ManyRelatedManager" to a string
    (#24352).
  * Fixed a bug that prevented migrations from adding a foreign key
    constraint when converting an existing field to a foreign key
    (#24447).
* Fri Feb 27 2015 aplanas@suse.com
- Update to Django 1.7.5:
  Bugfixes
  * Reverted a fix that prevented a migration crash when unapplying
    contrib.contenttypes's or contrib.auth's first migration (#24075)
    due to severe impact on the test performance (#24251) and problems
    in multi-database setups (#24298).
  * Fixed a regression that prevented custom fields inheriting from
    ManyToManyField from being recognized in migrations (#24236).
  * Fixed crash in contrib.sites migrations when a default database
    isn't used (#24332).
  * Added the ability to set the isolation level on PostgreSQL with
    psycopg2 >= 2.4.2 (#24318). It was advertised as a new feature in
    Django 1.6 but it didn't work in practice.
  * Formats for the Azerbaijani locale (az) have been added.
* Fri Jan 30 2015 aplanas@suse.com
- Update to Django 1.7.4:
  Bugfixes
  * Fixed a migration crash when unapplying ``contrib.contenttypes``?s
    or ``contrib.auth``?s first migration (:ticket:`24075`).
  * Made the migration's ``RenameModel`` operation rename
    ``ManyToManyField`` tables (:ticket:`24135`).
  * Fixed a migration crash on MySQL when migrating from a
    ``OneToOneField`` to a ``ForeignKey`` (:ticket:`24163`).
  * Prevented the ``static.serve`` view from producing
    ``ResourceWarning``\s in certain circumstances (security fix
    regression, :ticket:`24193`).
  * Fixed schema check for ManyToManyField to look for internal type
    instead of checking class instance, so you can write custom
    m2m-like fields with the same behavior. (:ticket:`24104`).
* Wed Jan 14 2015 mcihar@suse.cz
- Update to Django 1.7.3:
  Security fixes:
  * WSGI header spoofing via underscore/dash conflation.
  * Mitigated possible XSS attack via user-supplied redirect URLs.
  * Denial-of-service attack against django.views.static.serve.
  * Database denial-of-service with ModelMultipleChoiceField.
  Bug fixes:
  * The default iteration count for the PBKDF2 password hasher has been
    increased by 25%. This part of the normal major release process was
    inadvertently omitted in 1.7. This backwards compatible change will not
    affect users who have subclassed
    django.contrib.auth.hashers.PBKDF2PasswordHasher to change the default
    value.
  * Fixed a crash in the CSRF middleware when handling non-ASCII referer
    header (#23815).
  * Fixed a crash in the django.contrib.auth.redirect_to_login view when
    passing a reverse_lazy() result on Python 3 (#24097).
  * Added correct formats for Greek (el) (#23967).
  * Fixed a migration crash when unapplying a migration where multiple
    operations interact with the same model (#24110).
* Sun Jan 11 2015 p.drouand@gmail.com
- South has been merged in main Django; provide and obsolete it
Version: 1.11.15-2.1
* Thu Feb 09 2023 mcepl@suse.com
- Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580,
  bsc#1208082) to prevent DOS in file uploads.
- .sig file is actually not available (and
  https://www.djangoproject.com/download/1.7.11/checksum/ is not
  it), so stop pretending we can cryptographically verify the
  tarball.
* Fri Aug 10 2018 mimi.vx@gmail.com
- update to 2.0.8
  * CVE-2018-14574: Open redirect possibility in CommonMiddleware boo#1102680
  * Fixed a regression in Django 2.0.7 that broke the regex lookup on MariaD
  * Fixed a regression where django.template.Template crashed if
    the template_string argument is lazy
  * Fixed __regex and __iregex lookups with MySQL
  * Fixed admin check crash when using a query expression in ModelAdmin.ordering
  * Fixed admin changelist crash when using a query expression without asc()
    or desc() in the page?s ordering
  * Fixed a regression that broke custom template filters that use decorators
  * Fixed detection of custom URL converters in included pattern
  * Fixed a regression that added an unnecessary subquery to the GROUP BY clause
    on MySQL when using a RawSQL annotation
  * Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+
  * Fixed a regression in Django 1.10 that could result in large memory usage
    when making edits using ModelAdmin.list_editable
  * Corrected the import paths that inspectdb generates for django.contrib.postgres fields
  * Fixed crashes in django.contrib.admindocs when a view is a callable object,
    such as django.contrib.syndication.views.Feed
  * Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list()
    after combining an annotated and unannotated queryset with union(),
    difference(), or intersection() crashed due to mismatching columns
Version: 1.11.11-8.1
* Wed Mar 07 2018 idonmez@suse.com
- Update to 1.11.11
  * Fixes CVE-2018-7536, CVE-2018-7537
Version: 1.11.10-5.1
* Thu Mar 01 2018 idonmez@suse.com
- Update to 1.11.10 LTS
  * Fixes CVE-2018-6188 bsc#1077714, CVE-2017-7234, CVE-2017-7233,
    CVE-2017-12794