python-django/python-django.spec

%global _empty_manifest_terminate_build 0
Name:		python-django
Version:	4.2.15
Release:	5
Summary:	A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
License:	Apache-2.0 and Python-2.0 and BSD-3-Clause
URL:		https://www.djangoproject.com/
Source0:        https://files.pythonhosted.org/packages/source/d/Django/Django-%{version}.tar.gz
Patch0:		CVE-2024-45230.patch
Patch1:		CVE-2024-45231.patch
Patch2:		CVE-2024-53907.patch
Patch3:		CVE-2024-53908.patch
Patch4:		CVE-2024-56374.patch
Patch5:		backport-CVE-2025-26699.patch 

BuildArch:	noarch
%description
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.


%package -n python3-Django
Summary:	A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Provides:	python-Django, python3-django
BuildRequires:	python3-devel
BuildRequires:	python3-setuptools
Requires:	python3-pytz
Requires:	python3-sqlparse
Requires:	python3-argon2-cffi
Requires:	python3-bcrypt
%description -n python3-Django
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.


%package help
Summary:	Development documents and examples for Django
Provides:	python3-Django-doc
%description help
Development documents and examples for Django

%prep
%autosetup -n Django-%{version} -p1

%build
%py3_build

%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .

%files -n python3-Django -f filelist.lst
%dir %{python3_sitelib}/*

%files help -f doclist.lst
%{_docdir}/*

%changelog
* Mon Mar 10 2025 changtao <changtao@kylinos.cn> - 4.2.15-5
- Type:CVE
- CVE:CVE-2025-26699
- SUG:NA
- DESC:fix CVE-2025-26699

* Fri Jan 17 2025 yaoxin <1024769339@qq.com> - 4.2.15-4
- Fix CVE-2024-56374

* Mon Dec 09 2024 wangkai <13474090681@163.com> - 4.2.15-3
- Fix CVE-2024-53907 CVE-2024-53908

* Thu Oct 10 2024 zhangxianting <zhangxianting@uniontech.com> - 4.2.15-2
- Fix CVE-2024-45230 CVE-2024-45231

* Thu Aug 08 2024 yaoxin <yao_xin001@hoperun.com> - 4.2.15-1
- Update to 4.2.15
  * CVE-2024-41989: Memory exhaustion in ``django.utils.numberformat.floatformat()``
  * CVE-2024-41990: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
  * CVE-2024-41991: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` and ``AdminURLFieldWidget``
  * CVE-2024-42005: Potential SQL injection in ``QuerySet.values()`` and ``values_list()``
  * Fixed a regression in Django 4.2.14 that caused a crash in ``LocaleMiddleware`` when processing a language code over 500 characters

* Fri Jul 12 2024 yaoxin <yao_xin001@hoperun.com> - 4.2.14-1
- Update to 4.2.14
  * CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()
  * CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords
  * CVE-2024-39330: Potential directory-traversal via Storage.save()
  * CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant()

* Tue Mar 05 2024 yaoxin <yao_xin001@hoperun.com> - 4.2.3-7
- Fix CVE-2024-27351

* Wed Feb 07 2024 yaoxin <yao_xin001@hoperun.com> - 4.2.3-6
- Fix CVE-2024-24680

* Fri Sep 15 2023 xu_ping <707078654@qq.com> - 4.2.3-5
- Fix changelog bad date

* Mon Nov 06 2023 yaoxin <yao_xin001@hoperun.com> - 4.2.3-4
- Fix CVE-2023-46695

* Sun Oct 08 2023 yaoxin <yao_xin001@hoperun.com> - 4.2.3-3
- Fix CVE-2023-43665

* Thu Sep 14 2023 wangkai <13474090681@163.com> - 4.2.3-2
- Fix CVE-2023-41164

* Tue Jul 11 2023 chenzixuan <chenzixuan@kylinos.cn> - 4.2.3-1
- Update to 4.2.3

* Tue May 16 2023 yaoxin <yao_xin001@hoperun.com> - 4.1.7-2
- Fix CVE-2023-31047

* Tue Apr 11 2023 yaoxin <yao_xin001@hoperun.com> - 4.1.7-1
- Update to 4.1.7

* Sat Feb 25 2023 yaoxin <yaoxin30@h-partners.com> - 4.1.4-3
- Fix CVE-2023-24580

* Mon Feb 13 2023 yaoxin <yaoxin30@h-partners.com> - 4.1.4-2
- Fix CVE-2023-23969

* Fri Dec 09 2022 chendexi <chendexi@kylinos.cn> - 4.1.4-1
- Upgrade package to version 4.1.4

* Tue Aug 09 2022 huangduirong <huangduirong@huawei.com> - 3.2.12-3
- Type: bugfix
- CVE: CVE-2022-36359
- SUG: NA
- DESC: Fix CVE-2022-36359

* Tue Jul 05 2022 yaoxin <yaoxin30@h-partners.com> - 3.2.12-2
- Fix CVE-2022-34265

* Wed May 18 2022 xigaoxinyan <xigaoxinyan@h-partners.com> - 3.2.12-1
- Update to 3.2.12

* Thu Apr 21 2022 yaoxin <yaoxin30@h-partners.com> - 2.2.27-2
- Fix CVE-2022-28346 CVE-2022-28347

* Thu Feb 10 2022 houyingchao <houyingchao@huawei.com> - 2.2.27-1
- Upgrade to 2.2.27
- Fix CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818 CVE-2022-23833

* Fri Jul 09 2021 openstack-sig <openstack@openeuler.org>
- Update to 2.2.19

* Tue Feb 09 2021 wangxiyuan <wangxiyuan1007@gmail.com> - 2.2.3-2
- Add python3-django for correct package name. Due to backward compatibility, the python3-Django is kept and it should be removed in the future.

* Fri Jan 08 2021 Python_Bot <Python_Bot@openeuler.org> - 2.2.3-1
- Package Spec generated