Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2021-04-14 13:05:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bleach" Wed Apr 14 13:05:10 2021 rev:13 rq:884911 version:3.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2020-09-04 11:03:47.710773896 +0200 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.2401/python-bleach.changes 2021-04-14 13:05:12.965457447 +0200 @@ -1,0 +2,17 @@ +Tue Apr 13 09:20:21 UTC 2021 - Andreas Stieger <[email protected]> + +- update to 3.3.0: + * Backwards incompatible change: clean escapes HTML comments + even when strip_comments=False + * Fix CVE-2021-23980: mutation XSS on bleach.clean with specific + combinations of allowed tags (boo#1184547) +- includes changes from 3.2.3: + * fix clean and linkify raising ValueErrors for certain inputs +- includes changes from 3.2.2: + * fix linkify raising an IndexError on certain inputs +- includes changes from 3.2.1: + * change linkifier to add rel="nofollow" as documented +- includes changes from 3.2.0: + * html5lib dependency increased to 1.1.0 + +------------------------------------------------------------------- Old: ---- bleach-3.1.5.tar.gz New: ---- bleach-3.3.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-bleach.spec ++++++ --- /var/tmp/diff_new_pack.i6TKFz/_old 2021-04-14 13:05:13.629458106 +0200 +++ /var/tmp/diff_new_pack.i6TKFz/_new 2021-04-14 13:05:13.629458106 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-bleach # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # Copyright (c) 2015 LISA GmbH, Bingen, Germany. # # All modifications and additions to the file contributed by third parties @@ -19,21 +19,21 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version: 3.1.5 +Version: 3.3.0 Release: 0 Summary: A whitelist-based HTML-sanitizing tool License: Apache-2.0 URL: https://github.com/jsocol/bleach Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz Patch0: de-vendor.patch -BuildRequires: %{python_module html5lib >= 1.0.0} +BuildRequires: %{python_module html5lib >= 1.1} BuildRequires: %{python_module packaging} BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module six >= 1.9} BuildRequires: fdupes BuildRequires: python-rpm-macros -Requires: python-html5lib >= 1.0.0 +Requires: python-html5lib >= 1.1 Requires: python-packaging Requires: python-six >= 1.9 BuildArch: noarch ++++++ bleach-3.1.5.tar.gz -> bleach-3.3.0.tar.gz ++++++ ++++ 9371 lines of diff (skipped) ++++++ de-vendor.patch ++++++ --- /var/tmp/diff_new_pack.i6TKFz/_old 2021-04-14 13:05:13.757458234 +0200 +++ /var/tmp/diff_new_pack.i6TKFz/_new 2021-04-14 13:05:13.761458238 +0200 @@ -1,48 +1,87 @@ ---- bleach/html5lib_shim.py +Index: bleach/html5lib_shim.py +=================================================================== +--- bleach/html5lib_shim.py.orig +++ bleach/html5lib_shim.py -@@ -11,23 +11,23 @@ - - import six +@@ -18,44 +18,44 @@ warnings.filterwarnings( + "ignore", + message="html5lib's sanitizer is deprecated", + category=DeprecationWarning, +- module="bleach._vendor.html5lib", ++ module="html5lib", + ) --from bleach._vendor.html5lib import ( -+from html5lib import ( +-from bleach._vendor.html5lib import ( # noqa: E402 module level import not at top of file ++from html5lib import ( # noqa: E402 module level import not at top of file HTMLParser, getTreeWalker, ) --from bleach._vendor.html5lib import constants --from bleach._vendor.html5lib.constants import ( -+from html5lib import constants -+from html5lib.constants import ( +-from bleach._vendor.html5lib import ( ++from html5lib import ( + constants, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.constants import ( # noqa: E402 module level import not at top of file ++from html5lib.constants import ( # noqa: E402 module level import not at top of file namespaces, prefixes, ) --from bleach._vendor.html5lib.constants import _ReparseException as ReparseException --from bleach._vendor.html5lib.filters.base import Filter --from bleach._vendor.html5lib.filters.sanitizer import allowed_protocols --from bleach._vendor.html5lib.filters.sanitizer import Filter as SanitizerFilter --from bleach._vendor.html5lib._inputstream import HTMLInputStream --from bleach._vendor.html5lib.serializer import HTMLSerializer --from bleach._vendor.html5lib._tokenizer import HTMLTokenizer --from bleach._vendor.html5lib._trie import Trie -+from html5lib.constants import _ReparseException as ReparseException -+from html5lib.filters.base import Filter -+from html5lib.filters.sanitizer import allowed_protocols -+from html5lib.filters.sanitizer import Filter as SanitizerFilter -+from html5lib._inputstream import HTMLInputStream -+from html5lib.serializer import HTMLSerializer -+from html5lib._tokenizer import HTMLTokenizer -+from html5lib._trie import Trie - +-from bleach._vendor.html5lib.constants import ( ++from html5lib.constants import ( + _ReparseException as ReparseException, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.filters.base import ( ++from html5lib.filters.base import ( + Filter, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.filters.sanitizer import ( ++from html5lib.filters.sanitizer import ( + allowed_protocols, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.filters.sanitizer import ( ++from html5lib.filters.sanitizer import ( + Filter as SanitizerFilter, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib._inputstream import ( ++from html5lib._inputstream import ( + HTMLInputStream, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.serializer import ( ++from html5lib.serializer import ( + escape, + HTMLSerializer, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib._tokenizer import ( ++from html5lib._tokenizer import ( + attributeMap, + HTMLTokenizer, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib._trie import ( ++from html5lib._trie import ( + Trie, + ) # noqa: E402 module level import not at top of file - #: Map of entity name to expanded entity ---- tests/test_clean.py +Index: tests/test_clean.py +=================================================================== +--- tests/test_clean.py.orig +++ tests/test_clean.py -@@ -7,7 +7,7 @@ +@@ -7,7 +7,7 @@ import pytest from bleach import clean from bleach.html5lib_shim import Filter from bleach.sanitizer import Cleaner -from bleach._vendor.html5lib.constants import rcdataElements +from html5lib.constants import rcdataElements + def test_clean_idempotent(): - """Make sure that applying the filter twice doesn't change anything.""" +Index: bleach/sanitizer.py +=================================================================== +--- bleach/sanitizer.py.orig ++++ bleach/sanitizer.py +@@ -283,7 +283,7 @@ class BleachSanitizerFilter(html5lib_shi + "ignore", + message="html5lib's sanitizer is deprecated", + category=DeprecationWarning, +- module="bleach._vendor.html5lib", ++ module="html5lib", + ) + return super(BleachSanitizerFilter, self).__init__(source, **kwargs) +
