Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-bottle.15793 for
openSUSE:Leap:15.2:Update checked in at 2021-02-16 16:21:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/python-bottle.15793 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.python-bottle.15793.new.28504
(New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bottle.15793"
Tue Feb 16 16:21:43 2021 rev:1 rq:872806 version:0.12.13
Changes:
--------
New Changes file:
--- /dev/null 2021-01-11 18:20:20.070723563 +0100
+++
/work/SRC/openSUSE:Leap:15.2:Update/.python-bottle.15793.new.28504/python-bottle.changes
2021-02-16 16:21:44.227438758 +0100
@@ -0,0 +1,114 @@
+-------------------------------------------------------------------
+Fri Feb 12 12:48:18 UTC 2021 - John Paul Adrian Glaubitz
<[email protected]>
+
+- Add patch to fix Web Cache Poisoning vulnerability (bsc#1182181,
CVE-2020-28473)
+ + 0001_Do_not_split_query_strings_on_semicolon_anymore.patch
+
+-------------------------------------------------------------------
+Wed Mar 29 15:24:50 UTC 2017 - [email protected]
+
+- update pdf doc file.
+
+-------------------------------------------------------------------
+Thu Mar 23 18:09:54 UTC 2017 - [email protected]
+
+- update for singlespec
+- use automation for docs
+- update to 0.12.13
+ * bugfix release
+ * fixed TypeError on unicode WSGI headers
+ * fixed get_header on FileUpload
+ * fixed crlf header injection (CVE-2016-9964)
+ * switch to setuptools for build
+ * allow multiline dict/list/set comprehensions in templates
+ * allow unicode keys in ConfigDict
+
+-------------------------------------------------------------------
+Sun Apr 26 18:21:13 UTC 2015 - [email protected]
+
+- update to version 0.12.8: no upstream changelog
+- update bottle-docs.pdf
+- point the source URL of the pdf to the project homepage
+- create of separate subpackage for the pdf documentation
+
+-------------------------------------------------------------------
+Tue May 20 12:20:37 UTC 2014 - [email protected]
+
+- Update to 0.12.7
+ * No upstream changelog
+- Update to 0.12
+ * New SimpleTemplate parser implementation
+ * Support for multi-line code blocks (<% ... %>).
+ * The keywords include and rebase are functions now
+ and can accept variable template names.
+ * The new BaseRequest.route() property returns the Route
+ that originally matched the request.
+ * Removed the BaseRequest.MAX_PARAMS limit.
+ The hash collision bug in CPythons dict() implementation was
+ fixed over a year ago. If you are still using Python 2.5 in
+ production, consider upgrading or at least make sure that you
+ get security fixed from your distributor.
+ * New ConfigDict API (see Configuration (DRAFT))
+
+-------------------------------------------------------------------
+Tue Sep 17 19:50:09 UTC 2013 - [email protected]
+
+- Update to 0.11.6:
+ * Fix content-type header in mounted apps
+- Changes from 0.11.5:
+ * Update HTTPResponse call when mounting apps
+ * BUg fix: Some cookies are lost when using mount()
+
+-------------------------------------------------------------------
+Thu Nov 22 13:35:28 UTC 2012 - [email protected]
+
+- Update to version 0.11.4:
+ + Upstream provides no changelog
+- Changes from version 0.11:
+ + Native support for Python 2.x and 3.x syntax. No need to run 2to3 anymore.
+ + Support for partial downloads (Range header) in static_file().
+ + The new ResourceManager interface helps locating files bundled with an
+ application.
+ + Added a server adapter for waitress.
+ + New Bottle.merge() method to install all routes from one application
+ into another.
+ + New BaseRequest.app property to get the application object that
+ handles a request.
+ + Added FormsDict.decode() to get an all-unicode version (needed by WTForms).
+ + MultiDict and subclasses are now pickle-able.
+ + Response.status is a read-write property that can be assigned either a
+ numeric status code or a status string with a reason phrase (200 OK). The
+ return value is now a string to better match existing APIs (WebOb,
+ werkzeug). To be absolutely clear, you can use the read-only properties
+ BaseResponse.status_code and BaseResponse.status_line.
+ + SimpleTALTemplate is now deprecating. There seems to be no demand.
+
+-------------------------------------------------------------------
+Wed Aug 15 03:24:14 UTC 2012 - [email protected]
+
+- updated to 0.10.11
+- python3 package added
+- spec improved (files section)
+
+-------------------------------------------------------------------
+Mon Mar 12 20:46:22 UTC 2012 - [email protected]
+
+- update to version 0.10.9
+
+-------------------------------------------------------------------
+Fri Sep 23 13:53:20 UTC 2011 - [email protected]
+
+- Update to version 0.9.6
+- Removed file LICENSE, upstream now has LICENSE.txt
+
+-------------------------------------------------------------------
+Fri Nov 19 10:38:29 UTC 2010 - [email protected]
+
+- Added LICENSE and bottle-docs.pdf.
+- Removed dead symlink README
+
+-------------------------------------------------------------------
+Fri Nov 19 09:21:46 UTC 2010 - [email protected]
+
+- Initial build
+
New:
----
0001_Do_not_split_query_strings_on_semicolon_anymore.patch
bottle-0.12.13.tar.gz
bottle-docs.pdf
python-bottle.changes
python-bottle.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-bottle.spec ++++++
#
# spec file for package python-bottle
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bottle
Version: 0.12.13
Release: 0
Url: http://bottlepy.org/
Summary: Fast and simple WSGI-framework for small web-applications
License: MIT
Group: Development/Languages/Python
Source:
https://files.pythonhosted.org/packages/source/b/bottle/bottle-%{version}.tar.gz
Source1: http://bottlepy.org/docs/0.12/bottle-docs.pdf
Patch: 0001_Do_not_split_query_strings_on_semicolon_anymore.patch
BuildRequires: %{python_module setuptools}
BuildRequires: python-rpm-macros
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%python_subpackages
%description
Bottle is a fast and simple micro-framework for small web-applications. It
offers request dispatching (Routes) with url parameter support, Templates, a
built-in HTTP Server and adapters for many third party WSGI/HTTP-server and
template engines. All in a single file and with no dependencies other than the
Python Standard Library.
%package -n %{name}-doc
Summary: Documentation for %{name}
Group: Documentation/Other
Requires: %{name} = %{version}
Provides: %{python_module bottle-doc = %{version}}
%description -n %{name}-doc
Bottle is a fast and simple micro-framework for small web-applications. It
offers request dispatching (Routes) with url parameter support, Templates, a
built-in HTTP Server and adapters for many third party WSGI/HTTP-server and
template engines. All in a single file and with no dependencies other than the
Python Standard Library.
This subpackage contains the PDF documentation for %{name}.
%prep
%setup -q -n bottle-%{version}
%patch -p1
cp %{SOURCE1} .
%build
%python_build
%install
%python_install
%python_clone %{buildroot}%{_bindir}/bottle.py
%files %{python_files}
%defattr(-,root,root,-)
%doc README.rst
%{_bindir}/bottle.py-%{python_bin_suffix}
%python3_only %{_bindir}/bottle.py
%{python_sitelib}/bottle.py*
%pycache_only %{python_sitelib}/__pycache__
%{python_sitelib}/bottle-%{version}-py%{python_version}.egg-info
%files -n %{name}-doc
%defattr(-,root,root,-)
%doc bottle-docs.pdf
%changelog
++++++ 0001_Do_not_split_query_strings_on_semicolon_anymore.patch ++++++
>From 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <[email protected]>
Date: Wed, 11 Nov 2020 19:24:29 +0100
Subject: [PATCH] Do not split query strings on `;` anymore.
Using `;` as a separator instead of `&` was allowed a long time ago,
but is now obsolete and actually invalid according to the 2014 W3C
recommendations. Even if this change is technically backwards-incompatible,
no real-world application should depend on broken behavior. If you REALLY
need this functionality, monkey-patch the _parse_qsl() function.
---
bottle.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bottle.py b/bottle.py
index bcfc5e62..417b01b9 100644
--- a/bottle.py
+++ b/bottle.py
@@ -2585,7 +2585,7 @@ def parse_range_header(header, maxlen=0):
def _parse_qsl(qs):
r = []
- for pair in qs.replace(';','&').split('&'):
+ for pair in qs.split('&'):
if not pair: continue
nv = pair.split('=', 1)
if len(nv) != 2: nv.append('')
