Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-HyperKitty for
openSUSE:Factory checked in at 2021-12-29 21:10:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-HyperKitty (Old)
and /work/SRC/openSUSE:Factory/.python-HyperKitty.new.2520 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-HyperKitty"
Wed Dec 29 21:10:43 2021 rev:13 rq:941157 version:1.3.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-HyperKitty/python-HyperKitty.changes
2021-06-04 00:33:32.280889885 +0200
+++
/work/SRC/openSUSE:Factory/.python-HyperKitty.new.2520/python-HyperKitty.changes
2021-12-29 21:10:50.322279706 +0100
@@ -1,0 +2,19 @@
+Fri Dec 17 10:25:31 UTC 2021 - Matej Cepl <[email protected]>
+
+- Add hyperkitty-fix-mistune-2.0-imports.patch ... two function
+ moved in mistune 2.0 (gl#mailman/hyperkitty#379).
+
+-------------------------------------------------------------------
+Thu Dec 16 15:11:02 UTC 2021 - Sasi Olin <[email protected]>
+
+- Add a patch that fixes compatibility with the full release of mistune 2.0
+
+-------------------------------------------------------------------
+Wed Nov 17 08:30:52 UTC 2021 - Andreas Schneider <[email protected]>
+
+- Update to version 1.3.5
+ * https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst
+- Fixes CVE-2021-35057
+- Removed obsolete python-HyperKitty-CVE-2021-33038.patch
+
+-------------------------------------------------------------------
Old:
----
HyperKitty-1.3.4.tar.gz
python-HyperKitty-CVE-2021-33038.patch
New:
----
HyperKitty-1.3.5.tar.gz
hyperkitty-fix-mistune-2.0-imports.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-HyperKitty.spec ++++++
--- /var/tmp/diff_new_pack.Nhq8zt/_old 2021-12-29 21:10:50.870280157 +0100
+++ /var/tmp/diff_new_pack.Nhq8zt/_new 2021-12-29 21:10:50.874280160 +0100
@@ -35,7 +35,7 @@
# mailman is built only for primary python3 flavor
%define pythons python3
Name: python-HyperKitty
-Version: 1.3.4
+Version: 1.3.5
Release: 0
Summary: A web interface to access GNU Mailman v3 archives
License: GPL-3.0-only
@@ -53,13 +53,17 @@
#
Source30: README.SUSE.md
#
+# PATCH-FIX-OPENSUSE hyperkitty-settings.patch [email protected]
+# hard-code locations of configuration files
Patch0: hyperkitty-settings.patch
-# CVE-2021-33038 [bsc#1186575], information disclosure when importing a
private mailing list
-Patch1: python-HyperKitty-CVE-2021-33038.patch
+# PATCH-FIX-UPSTREAM hyperkitty-fix-mistune-2.0-imports.patch
gl#mailman/hyperkitty#379 [email protected]
+# Two elements moved in mistune 2.0
+Patch1: hyperkitty-fix-mistune-2.0-imports.patch
#
BuildRequires: %{python_module django-debug-toolbar >= 2.2}
BuildRequires: %{python_module isort}
BuildRequires: %{python_module libsass}
+BuildRequires: %{python_module mistune >= 2.0}
BuildRequires: %{python_module setuptools}
BuildRequires: acl
BuildRequires: fdupes
@@ -73,12 +77,13 @@
Requires: python-django-extensions >= 1.3.7
Requires: python-django-gravatar2 >= 1.0.6
Requires: python-django-haystack >= 2.8.0
-Requires: python-django-mailman3 >= 1.2.0
-Requires: python-django-q >= 1.0.0
+Requires: python-django-mailman3 >= 1.3.7
+Requires: python-django-q >= 1.3.9
Requires: python-djangorestframework >= 3.0.0
Requires: python-flufl.lock
Requires: python-libsass
-Requires: python-mailmanclient >= 3.1.1
+Requires: python-mailmanclient >= 3.3.2
+Requires: python-mistune
Requires: python-networkx >= 1.9.1
Requires: python-python-dateutil >= 2.0
Requires: python-pytz >= 2012
@@ -93,12 +98,14 @@
BuildRequires: %{python_module django-extensions >= 1.3.7}
BuildRequires: %{python_module django-gravatar2 >= 1.0.6}
BuildRequires: %{python_module django-haystack >= 2.8.0}
-BuildRequires: %{python_module django-mailman3 >= 1.2.0}
-BuildRequires: %{python_module django-q >= 1.0.0}
+BuildRequires: %{python_module django-mailman3 >= 1.3.7}
+BuildRequires: %{python_module django-q >= 1.3.9}
BuildRequires: %{python_module djangorestframework >= 3.0.0}
BuildRequires: %{python_module elasticsearch}
BuildRequires: %{python_module flufl.lock}
-BuildRequires: %{python_module mailmanclient >= 3.1.1}
+BuildRequires: %{python_module lxml}
+BuildRequires: %{python_module mailmanclient >= 3.3.2}
+BuildRequires: %{python_module mistune}
BuildRequires: %{python_module mock}
BuildRequires: %{python_module networkx >= 1.9.1}
BuildRequires: %{python_module pytest-django}
++++++ HyperKitty-1.3.4.tar.gz -> HyperKitty-1.3.5.tar.gz ++++++
++++ 79534 lines of diff (skipped)
++++++ hyperkitty-fix-mistune-2.0-imports.patch ++++++
>From 2c3c189c9aacef3f54de2ae0f653aa13c6167093 Mon Sep 17 00:00:00 2001
From: David Runge <[email protected]>
Date: Sun, 5 Dec 2021 12:39:01 +0100
Subject: [PATCH 1/3] Fix mistune imports for mistune >= 2.0.0
hyperkitty/lib/renderer.py:
With mistune 2.0.0 the `escape_url()` and `escape_html()` are moved to
mistune.util.
---
hyperkitty/lib/renderer.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hyperkitty/lib/renderer.py b/hyperkitty/lib/renderer.py
index cf54e7c0..96f026db 100644
--- a/hyperkitty/lib/renderer.py
+++ b/hyperkitty/lib/renderer.py
@@ -4,7 +4,7 @@ from django.conf import settings
import mistune
from mistune.plugins.extra import plugin_url
-from mistune.scanner import escape_html, escape_url
+from mistune.util import escape_html, escape_url
class MyRenderer(mistune.HTMLRenderer):
--
GitLab
>From 0807a57860c57ebfe0542cc9d58fedf1ed5582d5 Mon Sep 17 00:00:00 2001
From: David Runge <[email protected]>
Date: Sun, 5 Dec 2021 12:40:10 +0100
Subject: [PATCH 2/3] Require mistune >= 2.0.0
setup.py:
Require mistune >= 2.0.0 to rely on a stable mistune release.
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 6cc7636e..c16294b0 100755
--- a/setup.py
+++ b/setup.py
@@ -45,7 +45,7 @@ REQUIRES = [
"pytz>=2012",
"django-compressor>=1.3",
"mailmanclient>=3.3.3",
- "mistune>=2.0.0rc1",
+ "mistune>=2.0.0",
"python-dateutil >= 2.0",
"networkx>=2.0",
"django-haystack>=2.8.0",
--
GitLab
++++++ hyperkitty-settings.patch ++++++
--- /var/tmp/diff_new_pack.Nhq8zt/_old 2021-12-29 21:10:51.294280506 +0100
+++ /var/tmp/diff_new_pack.Nhq8zt/_new 2021-12-29 21:10:51.298280509 +0100
@@ -1,8 +1,8 @@
-Index: HyperKitty-1.3.3/example_project/settings.py
+Index: HyperKitty-1.3.5/example_project/settings.py
===================================================================
---- HyperKitty-1.3.3.orig/example_project/settings.py
-+++ HyperKitty-1.3.3/example_project/settings.py
-@@ -134,7 +134,7 @@ DATABASES = {
+--- HyperKitty-1.3.5.orig/example_project/settings.py 2021-10-12
23:40:25.000000000 +0200
++++ HyperKitty-1.3.5/example_project/settings.py 2021-11-17
09:36:12.809720361 +0100
+@@ -135,7 +135,7 @@ DATABASES = {
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or
'oracle'.
'ENGINE': 'django.db.backends.sqlite3',
# DB name or path to database file if using sqlite3.
@@ -11,7 +11,7 @@
# The following settings are not used with sqlite3:
'USER': 'hyperkitty',
'PASSWORD': 'hkpass',
-@@ -202,7 +202,7 @@ USE_TZ = True
+@@ -203,7 +203,7 @@ USE_TZ = True
# Don't put anything in this directory yourself; store your static files
# in apps' "static/" subdirectories and in STATICFILES_DIRS.
# Example: "/var/www/example.com/static/"
@@ -20,7 +20,7 @@
# URL prefix for static files.
# Example: "http://example.com/static/";, "http://static.example.com/";
-@@ -395,7 +395,7 @@ LOGGING = {
+@@ -396,7 +396,7 @@ LOGGING = {
'level': 'INFO',
#'class': 'logging.handlers.RotatingFileHandler',
'class': 'logging.handlers.WatchedFileHandler',
@@ -28,5 +28,5 @@
+ 'filename': '/var/log/hyperkitty/hyperkitty.log',
'formatter': 'verbose',
},
- },
+ 'console': {
