public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Michel Lind <salimma@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/python-django-allauth] f44: Update to version 65.18.0; Resolves RHBZ#2334129
Date: Tue, 16 Jun 2026 13:49:17 GMT [thread overview]
Message-ID: <178161775718.1.5548685995769861339.rpms-python-django-allauth-d85d4c0361bb@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/python-django-allauth
Branch : f44
Commit : d85d4c0361bb048153879942f4d21c76d9e0d131
Author : Michel Lind <salimma@fedoraproject.org>
Date : 2026-06-16T13:43:44+01:00
Stats : +54/-85 in 9 file(s)
URL : https://src.fedoraproject.org/rpms/python-django-allauth/c/d85d4c0361bb048153879942f4d21c76d9e0d131?branch=f44
Log:
Update to version 65.18.0; Resolves RHBZ#2334129
- Fixes CVE-2026-27982: Open redirect via crafted URL in SAML IdP initiated SSO
Signed-off-by: Michel Lind <salimma@fedoraproject.org>
---
diff --git a/.gitignore b/.gitignore
index 0a54138..db6069e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@
/django-allauth-65.2.0.tar.gz
/django-allauth-65.3.0.tar.gz
/django-allauth-65.8.1.tar.gz
+/django-allauth-65.18.0.tar.gz
diff --git a/django-allauth-lower_pytest-asyncio_req.diff b/django-allauth-lower_pytest-asyncio_req.diff
deleted file mode 100644
index 524b5f0..0000000
--- a/django-allauth-lower_pytest-asyncio_req.diff
+++ /dev/null
@@ -1,22 +0,0 @@
---- a/setup.cfg
-+++ b/setup.cfg
-@@ -44,7 +44,7 @@ zip_safe = false
- tests_require =
- Pillow >= 9.0
- pytest >= 7.4
-- pytest-asyncio == 0.23.8
-+ pytest-asyncio >= 0.23.6
- pytest-django >= 4.5.2
- install_requires =
- Django >= 4.2.16
---- a/tox.ini
-+++ b/tox.ini
-@@ -26,7 +26,7 @@ deps =
- coverage
- Pillow>=9.0
- pytest>=7.4
-- pytest-asyncio == 0.23.8
-+ pytest-asyncio >= 0.23.6
- pytest-django>=4.5.2
- django42: Django==4.2.*
- django50: Django==5.0.*
diff --git a/django-allauth-no-django-ninja.diff b/django-allauth-no-django-ninja.diff
deleted file mode 100644
index a2ab2d8..0000000
--- a/django-allauth-no-django-ninja.diff
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/tox.ini
-+++ b/tox.ini
-@@ -39,7 +39,6 @@ deps =
- pyyaml>=6.0.2
- psycopg2>=2.9.10,<3
- djangorestframework>=3.15.2,<4
-- django-ninja>=1.3.0,<2
- extras =
- mfa
- openid
diff --git a/django-allauth-no-setuptools_scm.diff b/django-allauth-no-setuptools_scm.diff
new file mode 100644
index 0000000..9fa4474
--- /dev/null
+++ b/django-allauth-no-setuptools_scm.diff
@@ -0,0 +1,9 @@
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -1,5 +1,5 @@
+ [build-system]
+-requires = ["setuptools>=75.3.0", "setuptools-scm>=8"]
++requires = ["setuptools>=75.3.0"]
+ build-backend = "setuptools.build_meta"
+
+ [project]
diff --git a/django-allauth-relax-coverage-version.diff b/django-allauth-relax-coverage-version.diff
deleted file mode 100644
index a7705d9..0000000
--- a/django-allauth-relax-coverage-version.diff
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/tox.ini
-+++ b/tox.ini
-@@ -23,7 +23,7 @@ setenv =
- # https://github.com/xmlsec/python-xmlsec/issues/320#issuecomment-2129076807
- install_command = pip install --no-binary xmlsec --no-binary lxml {opts} {packages}
- deps =
-- coverage==7.6.1
-+ coverage
- Pillow>=9.0
- pytest>=7.4
- pytest-asyncio == 0.23.8
diff --git a/django-allauth-relax-xmlsec-version.diff b/django-allauth-relax-xmlsec-version.diff
deleted file mode 100644
index 97fc2b5..0000000
--- a/django-allauth-relax-xmlsec-version.diff
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/tox.ini
-+++ b/tox.ini
-@@ -34,7 +34,7 @@ deps =
- django52: Django==5.2.*
- djangomain: git+https://github.com/django/django.git@main#egg=django
- python3-saml>=1.15.0,<2.0.0
-- xmlsec==1.3.15
-+ xmlsec>=1.3.15,<1.4.0
- lxml==5.3.1
- pyyaml>=6.0.2
- psycopg2>=2.9.10,<3
diff --git a/python-django-allauth.spec b/python-django-allauth.spec
index 15fe5d2..26d51e8 100644
--- a/python-django-allauth.spec
+++ b/python-django-allauth.spec
@@ -1,34 +1,40 @@
-# Some tests fail. Pass --with all_tests to retry
-%bcond_with all_tests
+%bcond tests 1
+%bcond pypi_source 0
%global forgeurl https://codeberg.org/allauth/django-allauth
Name: python-django-allauth
-Version: 65.8.1
+Version: 65.18.0
Release: %autorelease
Summary: Integrated set of Django authentication apps
License: MIT
URL: https://allauth.org/
+%if %{with pypi_source}
# PyPI source has no tests
-# Source0: %%{pypi_source django-allauth}
+# Source: %%{pypi_source django-allauth}
+%else
Source: %{forgeurl}/archive/%{version}.tar.gz#/django-allauth-%{version}.tar.gz
-# unpin coverage version
-Patch: django-allauth-relax-coverage-version.diff
-# Temporarily lower from == 0.23.8 to >= 0.23.6
-# 0.24 is out, the breaking change should not affect this package
-# (it requires pytest >= 8.2)
-Patch: django-allauth-lower_pytest-asyncio_req.diff
-# remove django-ninja dependency, only needed by react-spa example and tests
-Patch: django-allauth-no-django-ninja.diff
-# rather than hardcode 1.3.15, allow >= 1.3.15, < 1.4.0
-Patch: django-allauth-relax-xmlsec-version.diff
-# likewise, allow lxml >= 5.3.1 as F43+ has 6.0.1
-Patch: django-allauth-relax-lxml-version.diff
+%endif
+Patch: django-allauth-no-setuptools_scm.diff
BuildArch: noarch
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
+BuildRequires: sed
+%if %{with tests}
+BuildRequires: python3dist(pytest)
+# pytest-django reads DJANGO_SETTINGS_MODULE from pytest.ini and runs
+# django.setup() before conftest.py is imported; without it the test suite
+# fails to collect (INSTALLED_APPS undefined / "Apps aren't loaded yet")
+BuildRequires: python3dist(pytest-django)
+# async tests require the asyncio plugin
+BuildRequires: python3dist(pytest-asyncio)
+# other test dependencies
+BuildRequires: python3dist(djangorestframework)
+BuildRequires: python3dist(psycopg)
+BuildRequires: python3dist(pyyaml)
+%endif
%global _description %{expand:
Integrated set of Django applications addressing authentication, registration,
@@ -64,16 +70,30 @@ Summary: %{summary}
%pyproject_extras_subpkg -n python%{python3_pkgversion}-django-allauth mfa openid saml socialaccount steam
+
%prep
%autosetup -p1 -n django-allauth
-%if %{without failedtests}
-%endif
-# we don't have this packaged yet
+# we don't have django-ninja packaged yet: remove the unusable ninja modules
+# (deleting source so an unsatisfiable `import ninja` fails at build, not at the
+# user's runtime), their now-dead tests, and the test-project URLs that include
+# them -- otherwise the broken include cascades through the shared URLconf and
+# fails ~all tests.
rm -rf allauth/headless/contrib/ninja/
+rm -rf allauth/idp/oidc/contrib/ninja/
+rm -rf tests/apps/headless/contrib/ninja/
+rm -rf tests/apps/idp/oidc/contrib/ninja/
+rm -rf tests/projects/common/idp/ninja/
+rm -rf tests/projects/common/headless/ninja/
+sed -i '/ninja/d' tests/projects/common/idp/urls.py \
+ tests/projects/common/headless/urls.py
+# the JWT strategy tests also probe a removed /headless/ninja/resource endpoint
+# inline; drop those list entries so the (non-ninja) JWT/DRF coverage still runs
+sed -i '\#/headless/ninja/resource#d' \
+ tests/apps/headless/tokens/test_jwttokenstrategy.py
%generate_buildrequires
-%pyproject_buildrequires -t -x mfa,openid,saml,socialaccount,steam
+%pyproject_buildrequires -x mfa,openid,saml,socialaccount,steam
%build
@@ -86,12 +106,9 @@ rm -rf allauth/headless/contrib/ninja/
%check
-%pytest -v \
-%if %{without all_tests}
- --deselect allauth/socialaccount/providers/openid/tests.py::OpenIDTests::test_login \
- --deselect allauth/socialaccount/providers/openid/tests.py::OpenIDTests::test_login_with_extra_attributes \
+%if %{with tests}
+%pytest -v
%endif
-;
%files -n python%{python3_pkgversion}-django-allauth -f %{pyproject_files}
diff --git a/series b/series
index fc236ec..411c56f 100644
--- a/series
+++ b/series
@@ -1,5 +1 @@
-django-allauth-relax-coverage-version.diff
-django-allauth-lower_pytest-asyncio_req.diff
-django-allauth-no-django-ninja.diff
-django-allauth-relax-xmlsec-version.diff
-django-allauth-relax-lxml-version.diff
+django-allauth-no-setuptools_scm.diff
diff --git a/sources b/sources
index b3d96c5..e543bdc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (django-allauth-65.8.1.tar.gz) = d02633c84c0a7921755b6ab09b73d39ad7f16b45227ab83c4b351cb81c78016e6e79f429bb15d9df61085a6df6b25c30c4b72f894a1aa3dc48ba1ded5e0187fd
+SHA512 (django-allauth-65.18.0.tar.gz) = 5abd5841c925836aa2a40b25eb0e46b19a606f714058c2daf0968afc4734ab914eba7b07777e483fa99c825a40e60c52ecdab857c6aebb4f4c487dfdfbb41fc6
reply other threads:[~2026-06-16 13:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178161775718.1.5548685995769861339.rpms-python-django-allauth-d85d4c0361bb@fedoraproject.org \
--to=salimma@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox