Hello community,
here is the log from the commit of package python3-Werkzeug for
openSUSE:Factory checked in at 2016-09-27 13:44:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python3-Werkzeug (Old)
and /work/SRC/openSUSE:Factory/.python3-Werkzeug.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-Werkzeug"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python3-Werkzeug/python3-Werkzeug-doc.changes
2016-07-24 19:52:20.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.python3-Werkzeug.new/python3-Werkzeug-doc.changes
2016-09-27 13:44:17.000000000 +0200
@@ -1,0 +2,15 @@
+Sun Sep 11 15:46:07 UTC 2016 - [email protected]
+
+- update to version 0.11.11:
+ * Fix JSONRequestMixin for Python3. See #731
+ * Fix broken string handling in test client when passing
+ integers. See #852
+ * Fix a bug in "parse_options_header" where an invalid content type
+ starting with comma or semi-colon would result in an invalid
+ return value, see issue "#995".
+ * Fix a bug in multidicts when passing empty lists as values, see
+ issue "#979".
+ * Fix a security issue that allows XSS on the Werkzeug debugger. See
+ "#1001".
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/python3-Werkzeug/python3-Werkzeug.changes
2016-07-24 19:52:21.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.python3-Werkzeug.new/python3-Werkzeug.changes
2016-09-27 13:44:17.000000000 +0200
@@ -1,0 +2,20 @@
+Thu Sep 15 23:48:00 UTC 2016 - [email protected]
+
+- Implement unit tests
+
+-------------------------------------------------------------------
+Sun Sep 11 15:46:07 UTC 2016 - [email protected]
+
+- update to version 0.11.11:
+ * Fix JSONRequestMixin for Python3. See #731
+ * Fix broken string handling in test client when passing
+ integers. See #852
+ * Fix a bug in "parse_options_header" where an invalid content type
+ starting with comma or semi-colon would result in an invalid
+ return value, see issue "#995".
+ * Fix a bug in multidicts when passing empty lists as values, see
+ issue "#979".
+ * Fix a security issue that allows XSS on the Werkzeug debugger. See
+ "#1001".
+
+-------------------------------------------------------------------
Old:
----
Werkzeug-0.11.10.tar.gz
New:
----
Werkzeug-0.11.11.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python3-Werkzeug-doc.spec ++++++
--- /var/tmp/diff_new_pack.sm9Vuc/_old 2016-09-27 13:44:18.000000000 +0200
+++ /var/tmp/diff_new_pack.sm9Vuc/_new 2016-09-27 13:44:18.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python3-Werkzeug-doc
#
-# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: python3-Werkzeug-doc
-Version: 0.11.10
+Version: 0.11.11
Release: 0
Url: http://werkzeug.pocoo.org/
Summary: Documentation for python3-Werkzeug
@@ -25,8 +25,8 @@
Group: Documentation/Other
Source:
https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: python3-Werkzeug = %{version}
BuildRequires: python3-Sphinx
+BuildRequires: python3-Werkzeug = %{version}
BuildRequires: python3-setuptools
BuildArch: noarch
Requires: python3-Werkzeug = %{version}
++++++ python3-Werkzeug.spec ++++++
--- /var/tmp/diff_new_pack.sm9Vuc/_old 2016-09-27 13:44:18.000000000 +0200
+++ /var/tmp/diff_new_pack.sm9Vuc/_new 2016-09-27 13:44:19.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python3-Werkzeug
#
-# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: python3-Werkzeug
-Version: 0.11.10
+Version: 0.11.11
Release: 0
Url: http://werkzeug.pocoo.org/
Summary: The Swiss Army knife of Python web development
@@ -26,8 +26,8 @@
Source:
https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: python3-devel
+BuildRequires: python3-pytest
BuildRequires: python3-setuptools
-BuildRequires: python3-nose
BuildArch: noarch
%description
@@ -56,6 +56,9 @@
%install
python3 setup.py install --prefix=%{_prefix} --root=%{buildroot}
+%check
+python3 setup.py test
+
%files
%defattr(-,root,root,-)
%doc AUTHORS LICENSE CHANGES
++++++ Werkzeug-0.11.10.tar.gz -> Werkzeug-0.11.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/AUTHORS new/Werkzeug-0.11.11/AUTHORS
--- old/Werkzeug-0.11.10/AUTHORS 2016-05-24 10:19:16.000000000 +0200
+++ new/Werkzeug-0.11.11/AUTHORS 2016-08-31 15:12:07.000000000 +0200
@@ -28,6 +28,8 @@
- Daniel Neuhäuser
- Markus Unterwaditzer
- Joe Esposito <[email protected]>
+- Cédric Krier
+- Lars Holm Nielsen
Contributors of code for werkzeug/examples are:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/CHANGES new/Werkzeug-0.11.11/CHANGES
--- old/Werkzeug-0.11.10/CHANGES 2016-05-24 11:19:30.000000000 +0200
+++ new/Werkzeug-0.11.11/CHANGES 2016-08-31 15:12:53.000000000 +0200
@@ -1,6 +1,20 @@
Werkzeug Changelog
==================
+Version 0.11.11
+---------------
+
+Released on August 31st 2016.
+
+- Fix JSONRequestMixin for Python3. See #731
+- Fix broken string handling in test client when passing integers. See #852
+- Fix a bug in ``parse_options_header`` where an invalid content type
+ starting with comma or semi-colon would result in an invalid return value,
+ see issue ``#995``.
+- Fix a bug in multidicts when passing empty lists as values, see issue
+ ``#979``.
+- Fix a security issue that allows XSS on the Werkzeug debugger. See ``#1001``.
+
Version 0.11.10
---------------
@@ -277,7 +291,7 @@
object (pull request ``#583``).
- The ``qop`` parameter for ``WWW-Authenticate`` headers is now always quoted,
as required by RFC 2617 (issue ``#633``).
-- Fix bug in ``werkzeug.contrib.cache.SimpleCache`` with Python 3 where
add/set
+- Fix bug in ``werkzeug.contrib.cache.SimpleCache`` with Python 3 where add/set
may throw an exception when pruning old entries from the cache (pull request
``#651``).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/PKG-INFO
new/Werkzeug-0.11.11/PKG-INFO
--- old/Werkzeug-0.11.10/PKG-INFO 2016-05-24 11:19:40.000000000 +0200
+++ new/Werkzeug-0.11.11/PKG-INFO 2016-08-31 15:13:05.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: Werkzeug
-Version: 0.11.10
+Version: 0.11.11
Summary: The Swiss Army knife of Python web development
Home-page: http://werkzeug.pocoo.org/
Author: Armin Ronacher
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/Werkzeug.egg-info/PKG-INFO
new/Werkzeug-0.11.11/Werkzeug.egg-info/PKG-INFO
--- old/Werkzeug-0.11.10/Werkzeug.egg-info/PKG-INFO 2016-05-24
11:19:40.000000000 +0200
+++ new/Werkzeug-0.11.11/Werkzeug.egg-info/PKG-INFO 2016-08-31
15:13:04.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: Werkzeug
-Version: 0.11.10
+Version: 0.11.11
Summary: The Swiss Army knife of Python web development
Home-page: http://werkzeug.pocoo.org/
Author: Armin Ronacher
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/Werkzeug.egg-info/SOURCES.txt
new/Werkzeug-0.11.11/Werkzeug.egg-info/SOURCES.txt
--- old/Werkzeug-0.11.10/Werkzeug.egg-info/SOURCES.txt 2016-05-24
11:19:40.000000000 +0200
+++ new/Werkzeug-0.11.11/Werkzeug.egg-info/SOURCES.txt 2016-08-31
15:13:04.000000000 +0200
@@ -11,10 +11,8 @@
Werkzeug.egg-info/dependency_links.txt
Werkzeug.egg-info/not-zip-safe
Werkzeug.egg-info/top_level.txt
-artwork/.DS_Store
artwork/logo.png
artwork/logo.svg
-docs/.DS_Store
docs/Makefile
docs/changes.rst
docs/conf.py
Files old/Werkzeug-0.11.10/artwork/.DS_Store and
new/Werkzeug-0.11.11/artwork/.DS_Store differ
Files old/Werkzeug-0.11.10/docs/.DS_Store and
new/Werkzeug-0.11.11/docs/.DS_Store differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/tests/contrib/test_wrappers.py
new/Werkzeug-0.11.11/tests/contrib/test_wrappers.py
--- old/Werkzeug-0.11.10/tests/contrib/test_wrappers.py 2015-09-20
20:59:05.000000000 +0200
+++ new/Werkzeug-0.11.11/tests/contrib/test_wrappers.py 2016-08-28
23:58:14.000000000 +0200
@@ -16,6 +16,16 @@
from werkzeug.wrappers import Request, Response
+def test_json_request_mixin():
+ class MyRequest(wrappers.JSONRequestMixin, Request):
+ pass
+ req = MyRequest.from_values(
+ data=u'{"foä": "bar"}'.encode('utf-8'),
+ content_type='text/json'
+ )
+ assert req.json == {u'foä': 'bar'}
+
+
def test_reverse_slash_behavior():
class MyRequest(wrappers.ReverseSlashBehaviorRequestMixin, Request):
pass
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_datastructures.py
new/Werkzeug-0.11.11/tests/test_datastructures.py
--- old/Werkzeug-0.11.10/tests/test_datastructures.py 2016-05-24
10:19:16.000000000 +0200
+++ new/Werkzeug-0.11.11/tests/test_datastructures.py 2016-08-31
15:12:07.000000000 +0200
@@ -377,6 +377,15 @@
assert list(zip(iterkeys(md), iterlistvalues(md))) == \
list(iterlists(md))
+ def test_getitem_raise_badrequestkeyerror_for_empty_list_value(self):
+ mapping = [('a', 'b'), ('a', 'c')]
+ md = self.storage_class(mapping)
+
+ md.setlistdefault('empty', [])
+
+ with pytest.raises(KeyError):
+ md['empty']
+
class TestOrderedMultiDict(_MutableMultiDictTests):
storage_class = datastructures.OrderedMultiDict
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_http.py
new/Werkzeug-0.11.11/tests/test_http.py
--- old/Werkzeug-0.11.10/tests/test_http.py 2016-02-14 18:55:15.000000000
+0100
+++ new/Werkzeug-0.11.11/tests/test_http.py 2016-08-31 15:12:07.000000000
+0200
@@ -266,6 +266,15 @@
'text/x-dvi; q=0.8, text/x-c') == \
('text/plain', {'q': '0.5'})
+ def test_parse_options_header_broken_values(self):
+ # Issue #995
+ assert http.parse_options_header(' ') == ('', {})
+ assert http.parse_options_header(' , ') == ('', {})
+ assert http.parse_options_header(' ; ') == ('', {})
+ assert http.parse_options_header(' ,; ') == ('', {})
+ assert http.parse_options_header(' , a ') == ('', {})
+ assert http.parse_options_header(' ; a ') == ('', {})
+
def test_dump_options_header(self):
assert http.dump_options_header('foo', {'bar': 42}) == \
'foo; bar=42'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_test.py
new/Werkzeug-0.11.11/tests/test_test.py
--- old/Werkzeug-0.11.10/tests/test_test.py 2015-09-20 20:59:05.000000000
+0200
+++ new/Werkzeug-0.11.11/tests/test_test.py 2016-08-31 15:12:07.000000000
+0200
@@ -143,6 +143,7 @@
assert b.content_type == 'application/x-www-form-urlencoded'
b.files.add_file('test', BytesIO(b'test contents'), 'test.txt')
assert b.files['test'].content_type == 'text/plain'
+ b.form['test_int'] = 1
assert b.content_type == 'multipart/form-data'
req = b.get_request()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_wrappers.py
new/Werkzeug-0.11.11/tests/test_wrappers.py
--- old/Werkzeug-0.11.10/tests/test_wrappers.py 2016-05-24 10:19:16.000000000
+0200
+++ new/Werkzeug-0.11.11/tests/test_wrappers.py 2016-08-31 15:12:07.000000000
+0200
@@ -639,17 +639,25 @@
def test_form_parsing_failed():
- data = (
- b'--blah\r\n'
- )
- data = wrappers.Request.from_values(
+ data = b'--blah\r\n'
+ request = wrappers.Request.from_values(
input_stream=BytesIO(data),
content_length=len(data),
content_type='multipart/form-data; boundary=foo',
method='POST'
)
- assert not data.files
- assert not data.form
+ assert not request.files
+ assert not request.form
+
+ # Bad Content-Type
+ data = b'test'
+ request = wrappers.Request.from_values(
+ input_stream=BytesIO(data),
+ content_length=len(data),
+ content_type=', ',
+ method='POST'
+ )
+ assert not request.form
def test_file_closing():
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/__init__.py
new/Werkzeug-0.11.11/werkzeug/__init__.py
--- old/Werkzeug-0.11.10/werkzeug/__init__.py 2016-05-24 11:19:39.000000000
+0200
+++ new/Werkzeug-0.11.11/werkzeug/__init__.py 2016-08-31 15:13:02.000000000
+0200
@@ -20,7 +20,7 @@
from werkzeug._compat import iteritems
# the version. Usually set automatically by a script.
-__version__ = '0.11.10'
+__version__ = '0.11.11'
# This import magic raises concerns quite often which is why the implementation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/contrib/wrappers.py
new/Werkzeug-0.11.11/werkzeug/contrib/wrappers.py
--- old/Werkzeug-0.11.10/werkzeug/contrib/wrappers.py 2015-09-20
20:59:05.000000000 +0200
+++ new/Werkzeug-0.11.11/werkzeug/contrib/wrappers.py 2016-08-31
15:12:07.000000000 +0200
@@ -56,7 +56,7 @@
if 'json' not in self.environ.get('CONTENT_TYPE', ''):
raise BadRequest('Not a JSON request')
try:
- return loads(self.data)
+ return loads(self.data.decode(self.charset, self.encoding_errors))
except Exception:
raise BadRequest('Unable to read JSON request')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/datastructures.py
new/Werkzeug-0.11.11/werkzeug/datastructures.py
--- old/Werkzeug-0.11.10/werkzeug/datastructures.py 2016-05-24
10:19:16.000000000 +0200
+++ new/Werkzeug-0.11.11/werkzeug/datastructures.py 2016-08-31
15:12:07.000000000 +0200
@@ -372,6 +372,8 @@
tmp = {}
for key, value in iteritems(mapping):
if isinstance(value, (tuple, list)):
+ if len(value) == 0:
+ continue
value = list(value)
else:
value = [value]
@@ -398,7 +400,9 @@
:raise KeyError: if the key does not exist.
"""
if key in self:
- return dict.__getitem__(self, key)[0]
+ lst = dict.__getitem__(self, key)
+ if len(lst) > 0:
+ return lst[0]
raise exceptions.BadRequestKeyError(key)
def __setitem__(self, key, value):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/debug/tbtools.py
new/Werkzeug-0.11.11/werkzeug/debug/tbtools.py
--- old/Werkzeug-0.11.10/werkzeug/debug/tbtools.py 2015-10-24
22:22:59.000000000 +0200
+++ new/Werkzeug-0.11.11/werkzeug/debug/tbtools.py 2016-08-31
15:12:01.000000000 +0200
@@ -358,7 +358,7 @@
'exception': exc,
'exception_type': escape(self.exception_type),
'summary': self.render_summary(include_title=False),
- 'plaintext': self.plaintext,
+ 'plaintext': escape(self.plaintext),
'plaintext_cs': re.sub('-{2,}', '-', self.plaintext),
'traceback_id': self.id,
'secret': secret
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/http.py
new/Werkzeug-0.11.11/werkzeug/http.py
--- old/Werkzeug-0.11.10/werkzeug/http.py 2016-05-24 10:19:16.000000000
+0200
+++ new/Werkzeug-0.11.11/werkzeug/http.py 2016-08-31 15:12:07.000000000
+0200
@@ -336,7 +336,6 @@
:return: (mimetype, options) or (mimetype, options, mimetype, options, …)
if multiple=True
"""
-
if not value:
return '', {}
@@ -368,7 +367,7 @@
return tuple(result)
value = rest
- return tuple(result)
+ return tuple(result) if result else ('', {})
def parse_accept_header(value, cls=None):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/test.py
new/Werkzeug-0.11.11/werkzeug/test.py
--- old/Werkzeug-0.11.10/werkzeug/test.py 2015-09-20 20:59:05.000000000
+0200
+++ new/Werkzeug-0.11.11/werkzeug/test.py 2016-08-31 15:12:07.000000000
+0200
@@ -99,8 +99,8 @@
else:
if not isinstance(value, string_types):
value = str(value)
- else:
- value = to_bytes(value, charset)
+
+ value = to_bytes(value, charset)
write('\r\n\r\n')
write_binary(value)
write('\r\n')
