Ubuntu
python-django package

lp:~smoser/ubuntu/oneiric/python-django/merge-debian-1.3-2

  1. Oneiric (11.10)
  2. merge-debian-1.3-2
Created by Scott Moser and last modified
Get this branch:
bzr branch lp:~smoser/ubuntu/oneiric/python-django/merge-debian-1.3-2
Only Scott Moser can upload to this branch. If you are Scott Moser please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Scott Moser
Status:
Development

Recent revisions

33. By Scott Moser

* Merge from debian unstable (LP: #796649). Remaining changes:
  - debian/control: don't Build-Depends on locales-all, which doesn't exist
    in oneiric
* Team upload.
* Don't remove "backup~" test file - upstream did ship it; we were just
  removing it with dh_clean.
* Fix builds with non-default Python versions installed
* Bump Standards-Version to 3.9.2 (no changes needed)
* New upstream release.
  - Update 01_disable_url_verify_regression_tests.diff.
  - Update 07_disable_url_verify_model_tests.diff.
  - Merge patch from Krzysztof Klimonda to disable more network access tests.
    (Closes: #598674)
* Add workaround for missing "backup~" file in release tarball. See
  <http://code.djangoproject.com/ticket/15677>.

32. By Jamie Strandboge

* Merge from Debian for security fixes (LP: #719031). Remaining changes:
  - debian/control: don't Build-Depends on locales-all, which doesn't exist
    in natty
* Drop the following patches, now included upstream:
  - debian/patches/07_security_admin_infoleak.diff
  - debian/patches/08_security_pasword_reset_dos.diff

31. By Jamie Strandboge

* SECURITY UPDATE: information leak in admin interface
  - debian/patches/07_security_admin_infoleak.diff: validate querystring
    lookup arguments either specify only fields on the model being viewed,
    or cross relations which have been explicitly whitelisted.
  - CVE-2010-XXXX
* SECURITY UPDATE:
  - debian/patches/08_security_pasword_reset_dos.diff: adjust
    base36_to_int() function in django.utils.http will now validate the
    length of its input; on input longer than 13 digits (sufficient to
    base36-encode any 64-bit integer), it will now raise ValueError.
    Additionally, the default URL patterns for django.contrib.auth will now
    enforce a maximum length on the relevant parameters.
  - CVE-2010-XXXX

30. By Jamie Strandboge

* SECURITY UPDATE: XSS in CSRF protections. New upstream release
  - CVE-2010-3082
* debian/patches/01_disable_url_verify_regression_tests.diff:
  - updated to disable another test that fails without internet connection
  - patch based on work by Kai Kasurinen and Krzysztof Klimonda
* debian/control: don't Build-Depends on locales-all, which doesn't exist
  in maverick

29. By lamby

New upstream bugfix release.

28. By lamby

New upstream stable release.

27. By James Westby

Fix django test client cookie handling.

26. By lamby

* Remove embedded "decimal" code copy and use system version instead. The
  "doctest" code copy cannot be removed as parts of Django depend on modified
  behaviour. (Closes: #555419)
* Fix FTBFS in November by applying patch from upstream bug #12125.
  (Closes: #555931)
* Fix FTBFS under Python 2.6.3 by applying patch from upstream bug #11993.
  (Closes: #555969)

25. By Krzysztof Klimonda

* Merge python-django 1.1.1-1 from debian unstable (LP: #447617)
  for security and bug fixes, all Ubuntu changes merged by Debian.
* Add to debian/patches:
  - 20_python2.6.3_regression.patch - backported upstream commit 11620
    to make Django work with Python 2.6.3 properly. (LP: #445639)

24. By Krzysztof Klimonda

* debian/patches/20_disable_url_verify_regression_tests.diff
  - Disable regression tests that require internet connection.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/oneiric/python-django
This branch contains Public information 
Everyone can see this information.

Subscribers