Hello community, here is the log from the commit of package python-Werkzeug for openSUSE:Factory checked in at 2017-08-14 12:37:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Werkzeug (Old) and /work/SRC/openSUSE:Factory/.python-Werkzeug.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Werkzeug" Mon Aug 14 12:37:24 2017 rev:18 rq:515246 version:0.12.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Werkzeug/python-Werkzeug-doc.changes 2017-04-24 09:47:55.995175037 +0200 +++ /work/SRC/openSUSE:Factory/.python-Werkzeug.new/python-Werkzeug-doc.changes 2017-08-14 12:37:28.193487409 +0200 @@ -1,0 +2,9 @@ +Tue Aug 8 19:29:05 UTC 2017 - [email protected] + +- update to 0.12.2: + - Fix regression: Pull request ``#892`` prevented Werkzeug from correctly + logging the IP of a remote client behind a reverse proxy, even when using + `ProxyFix`. + - Fix a bug in `safe_join` on Windows. + +------------------------------------------------------------------- python-Werkzeug.changes: same change Old: ---- Werkzeug-0.12.1.tar.gz New: ---- Werkzeug-0.12.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Werkzeug-doc.spec ++++++ --- /var/tmp/diff_new_pack.9vim4T/_old 2017-08-14 12:37:30.125216148 +0200 +++ /var/tmp/diff_new_pack.9vim4T/_new 2017-08-14 12:37:30.137214462 +0200 @@ -18,7 +18,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-Werkzeug-doc -Version: 0.12.1 +Version: 0.12.2 Release: 0 Url: http://werkzeug.pocoo.org/ Summary: Documentation for python-Werkzeug ++++++ python-Werkzeug.spec ++++++ --- /var/tmp/diff_new_pack.9vim4T/_old 2017-08-14 12:37:30.225202107 +0200 +++ /var/tmp/diff_new_pack.9vim4T/_new 2017-08-14 12:37:30.229201545 +0200 @@ -19,7 +19,7 @@ %define oldpython python %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-Werkzeug -Version: 0.12.1 +Version: 0.12.2 Release: 0 Summary: The Swiss Army knife of Python web development License: BSD-3-Clause ++++++ Werkzeug-0.12.1.tar.gz -> Werkzeug-0.12.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/AUTHORS new/Werkzeug-0.12.2/AUTHORS --- old/Werkzeug-0.12.1/AUTHORS 2017-03-10 12:20:24.000000000 +0100 +++ new/Werkzeug-0.12.2/AUTHORS 2017-05-16 08:35:59.000000000 +0200 @@ -36,6 +36,7 @@ - Lars Holm Nielsen - Joël Charles - Benjamin Dopplinger +- Nils Steinger Contributors of code for werkzeug/examples are: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/CHANGES new/Werkzeug-0.12.2/CHANGES --- old/Werkzeug-0.12.1/CHANGES 2017-03-15 18:07:53.000000000 +0100 +++ new/Werkzeug-0.12.2/CHANGES 2017-05-16 08:37:33.000000000 +0200 @@ -1,6 +1,16 @@ Werkzeug Changelog ================== +Version 0.12.2 +-------------- + +Released on May 16 2017 + +- Fix regression: Pull request ``#892`` prevented Werkzeug from correctly + logging the IP of a remote client behind a reverse proxy, even when using + `ProxyFix`. +- Fix a bug in `safe_join` on Windows. + Version 0.12.1 -------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/PKG-INFO new/Werkzeug-0.12.2/PKG-INFO --- old/Werkzeug-0.12.1/PKG-INFO 2017-03-15 18:08:13.000000000 +0100 +++ new/Werkzeug-0.12.2/PKG-INFO 2017-05-16 08:37:41.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: Werkzeug -Version: 0.12.1 +Version: 0.12.2 Summary: The Swiss Army knife of Python web development Home-page: http://werkzeug.pocoo.org/ Author: Armin Ronacher diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/Werkzeug.egg-info/PKG-INFO new/Werkzeug-0.12.2/Werkzeug.egg-info/PKG-INFO --- old/Werkzeug-0.12.1/Werkzeug.egg-info/PKG-INFO 2017-03-15 18:08:08.000000000 +0100 +++ new/Werkzeug-0.12.2/Werkzeug.egg-info/PKG-INFO 2017-05-16 08:37:40.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: Werkzeug -Version: 0.12.1 +Version: 0.12.2 Summary: The Swiss Army knife of Python web development Home-page: http://werkzeug.pocoo.org/ Author: Armin Ronacher diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/werkzeug/__init__.py new/Werkzeug-0.12.2/werkzeug/__init__.py --- old/Werkzeug-0.12.1/werkzeug/__init__.py 2017-03-15 18:08:06.000000000 +0100 +++ new/Werkzeug-0.12.2/werkzeug/__init__.py 2017-05-16 08:37:39.000000000 +0200 @@ -19,7 +19,7 @@ from werkzeug._compat import iteritems -__version__ = '0.12.1' +__version__ = '0.12.2' # This import magic raises concerns quite often which is why the implementation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/werkzeug/datastructures.py new/Werkzeug-0.12.2/werkzeug/datastructures.py --- old/Werkzeug-0.12.1/werkzeug/datastructures.py 2017-03-15 18:05:59.000000000 +0100 +++ new/Werkzeug-0.12.2/werkzeug/datastructures.py 2017-05-16 08:37:10.000000000 +0200 @@ -13,7 +13,7 @@ import mimetypes from copy import deepcopy from itertools import repeat -from collections import Container, Iterable, Mapping, MutableSet +from collections import Container, Iterable, MutableSet from werkzeug._internal import _missing, _empty_stream from werkzeug._compat import iterkeys, itervalues, iteritems, iterlists, \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/werkzeug/security.py new/Werkzeug-0.12.2/werkzeug/security.py --- old/Werkzeug-0.12.1/werkzeug/security.py 2017-03-10 12:20:24.000000000 +0100 +++ new/Werkzeug-0.12.2/werkzeug/security.py 2017-05-16 08:35:59.000000000 +0200 @@ -248,17 +248,23 @@ return safe_str_cmp(_hash_internal(method, salt, password)[0], hashval) -def safe_join(directory, filename): - """Safely join `directory` and `filename`. If this cannot be done, - this function returns ``None``. +def safe_join(directory, *pathnames): + """Safely join `directory` and one or more untrusted `pathnames`. If this + cannot be done, this function returns ``None``. :param directory: the base directory. :param filename: the untrusted filename relative to that directory. """ - filename = posixpath.normpath(filename) - for sep in _os_alt_seps: - if sep in filename: + parts = [directory] + for filename in pathnames: + if filename != '': + filename = posixpath.normpath(filename) + for sep in _os_alt_seps: + if sep in filename: + return None + if os.path.isabs(filename) or \ + filename == '..' or \ + filename.startswith('../'): return None - if os.path.isabs(filename) or filename.startswith('../'): - return None - return os.path.join(directory, filename) + parts.append(filename) + return posixpath.join(*parts) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.12.1/werkzeug/serving.py new/Werkzeug-0.12.2/werkzeug/serving.py --- old/Werkzeug-0.12.1/werkzeug/serving.py 2017-03-12 20:39:00.000000000 +0100 +++ new/Werkzeug-0.12.2/werkzeug/serving.py 2017-05-16 08:37:10.000000000 +0200 @@ -279,7 +279,10 @@ return BaseHTTPRequestHandler.version_string(self).strip() def address_string(self): - return self.client_address[0] + if getattr(self, 'environ', None): + return self.environ['REMOTE_ADDR'] + else: + return self.client_address[0] def port_integer(self): return self.client_address[1]
