commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2020-09-04 11:02:55
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.3399 (New)
Package is "python-bleach"
Fri Sep 4 11:02:55 2020 rev:12 rq:830713 version:3.1.5
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2020-05-08 23:02:09.297470434 +0200
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.3399/python-bleach.changes
2020-09-04 11:03:47.710773896 +0200
@@ -1,0 +2,5 @@
+Mon Aug 31 09:15:22 UTC 2020 - Tomáš Chvátal
+
+- Skip tests that fail with html5lib 1.1 ref the upstream ticket
+
+---
@@ -5 +10 @@
- * * replace missing ``setuptools`` dependency with ``packaging``. Thank you
Benjamin Peterson.
+ * replace missing ``setuptools`` dependency with ``packaging``. Thank you
Benjamin Peterson.
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.PpQ5mk/_old 2020-09-04 11:03:49.370774785 +0200
+++ /var/tmp/diff_new_pack.PpQ5mk/_new 2020-09-04 11:03:49.374774787 +0200
@@ -67,7 +67,8 @@
%check
# gh#mozilla/bleach#503
-%pytest -k 'not test_uri_value_allowed_protocols'
+# https://github.com/mozilla/bleach/issues/543
+%pytest -k 'not (test_uri_value_allowed_protocols or test_bleach_html_parser
or test_css_parsing_gauntlet_regex_backtracking)'
%files %{python_files}
%license LICENSE
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2020-05-08 23:02:04
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.2738 (New)
Package is "python-bleach"
Fri May 8 23:02:04 2020 rev:11 rq:800583 version:3.1.5
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2020-04-05 20:51:52.177086435 +0200
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.2738/python-bleach.changes
2020-05-08 23:02:09.297470434 +0200
@@ -1,0 +2,6 @@
+Wed May 6 07:12:54 UTC 2020 - Tomáš Chvátal
+
+- Update to 3.1.5:
+ * * replace missing ``setuptools`` dependency with ``packaging``. Thank you
Benjamin Peterson.
+
+---
Old:
bleach-3.1.4.tar.gz
New:
bleach-3.1.5.tar.gz
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.94SedR/_old 2020-05-08 23:02:11.317474560 +0200
+++ /var/tmp/diff_new_pack.94SedR/_new 2020-05-08 23:02:11.321474568 +0200
@@ -19,23 +19,22 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:3.1.4
+Version:3.1.5
Release:0
Summary:A whitelist-based HTML-sanitizing tool
License:Apache-2.0
-Group: Development/Languages/Python
URL:https://github.com/jsocol/bleach
Source:
https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz
Patch0: de-vendor.patch
BuildRequires: %{python_module html5lib >= 1.0.0}
-# https://github.com/mozilla/bleach/issues/459
-BuildRequires: %{python_module pytest < 5.0}
-BuildRequires: %{python_module pytest-runner >= 2.0}
+BuildRequires: %{python_module packaging}
+BuildRequires: %{python_module pytest}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module six >= 1.9}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: python-html5lib >= 1.0.0
+Requires: python-packaging
Requires: python-six >= 1.9
BuildArch: noarch
%python_subpackages
++ bleach-3.1.4.tar.gz -> bleach-3.1.5.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.4/CHANGES new/bleach-3.1.5/CHANGES
--- old/bleach-3.1.4/CHANGES2020-03-26 15:36:36.0 +0100
+++ new/bleach-3.1.5/CHANGES2020-04-29 20:26:09.0 +0200
@@ -1,6 +1,21 @@
Bleach changes
==
+Version 3.1.5 (April 29th, 2020)
+
+
+**Security fixes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+* replace missing ``setuptools`` dependency with ``packaging``. Thank you
Benjamin Peterson.
+
Version 3.1.4 (March 24th, 2020)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.4/CONTRIBUTORS
new/bleach-3.1.5/CONTRIBUTORS
--- old/bleach-3.1.4/CONTRIBUTORS 2020-03-17 16:26:03.0 +0100
+++ new/bleach-3.1.5/CONTRIBUTORS 2020-04-29 20:26:09.0 +0200
@@ -29,6 +29,7 @@
- Antoine Leclair
- Anton Backer
- Anton Kovalyov
+- Benjamin Peterson
- Chad Birch
- Chris Beaven
- Dan Gayle
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.4/PKG-INFO new/bleach-3.1.5/PKG-INFO
--- old/bleach-3.1.4/PKG-INFO 2020-03-26 15:38:47.279794700 +0100
+++ new/bleach-3.1.5/PKG-INFO 2020-04-29 20:28:12.843282000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.2
Name: bleach
-Version: 3.1.4
+Version: 3.1.5
Summary: An easy safelist-based HTML-sanitizing tool.
Home-page: https://github.com/mozilla/bleach
Maintainer: Will Kahn-Greene
@@ -124,6 +124,21 @@
Bleach changes
==
+Version 3.1.5 (April 29th, 2020)
+
+
+**Security fixes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+* replace missing ``setuptools`` dependency with ``packaging``. Thank
you Benjamin Peterson.
+
Version 3.1.4 (March 24th, 2020)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.4/bleach/__init__.py
new/bleach-3.1.5/bleach/__init__.py
--- old/bleach-3.1.4/bleach/__init__.py 2020-03-26 15:36:36.0 +0100
+++ new/bleach-3.1.5/bleach/__init__.py 2020-04-29 20:26:09.0 +0200
@@ -2,7 +2,7 @@
from __future__ import unicode_literals
-from pkg_resources
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2020-04-05 20:51:47
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.3248 (New)
Package is "python-bleach"
Sun Apr 5 20:51:47 2020 rev:10 rq:790549 version:3.1.4
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2020-03-27 00:28:20.960349560 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.3248/python-bleach.changes
2020-04-05 20:51:52.177086435 +0200
@@ -1,0 +2,12 @@
+Wed Apr 1 11:18:24 UTC 2020 - Dirk Mueller
+
+- update to 3.1.4 (bsc#1168280, CVE-2020-6817):
+ * ``bleach.clean`` behavior parsing style attributes could result in a
+regular expression denial of service (ReDoS).
+Calls to ``bleach.clean`` with an allowed tag with an allowed
+``style`` attribute were vulnerable to ReDoS. For example,
+``bleach.clean(..., attributes={'a': ['style']})``.
+ * Style attributes with dashes, or single or double quoted values are
+cleaned instead of passed through.
+
+---
@@ -4 +16 @@
-- update to 3.1.3 (bsc#1167379):
+- update to 3.1.3 (bsc#1167379, CVE-2020-6816):
@@ -18,2 +29,0 @@
-This security issue was confirmed in Bleach version v3.1.1. Earlier
-versions are likely affected too.
Old:
bleach-3.1.3.tar.gz
New:
bleach-3.1.4.tar.gz
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.vuo4uk/_old 2020-04-05 20:51:52.837087066 +0200
+++ /var/tmp/diff_new_pack.vuo4uk/_new 2020-04-05 20:51:52.837087066 +0200
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:3.1.3
+Version:3.1.4
Release:0
Summary:A whitelist-based HTML-sanitizing tool
License:Apache-2.0
++ bleach-3.1.3.tar.gz -> bleach-3.1.4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.3/CHANGES new/bleach-3.1.4/CHANGES
--- old/bleach-3.1.3/CHANGES2020-03-17 16:28:50.0 +0100
+++ new/bleach-3.1.4/CHANGES2020-03-26 15:36:36.0 +0100
@@ -1,6 +1,39 @@
Bleach changes
==
+Version 3.1.4 (March 24th, 2020)
+
+
+**Security fixes**
+
+* ``bleach.clean`` behavior parsing style attributes could result in a
+ regular expression denial of service (ReDoS).
+
+ Calls to ``bleach.clean`` with an allowed tag with an allowed
+ ``style`` attribute were vulnerable to ReDoS. For example,
+ ``bleach.clean(..., attributes={'a': ['style']})``.
+
+ This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1,
+ v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar
+ regular expression and should be considered vulnerable too.
+
+ Anyone using Bleach <=v3.1.3 is encouraged to upgrade.
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
+
+**Backwards incompatible changes**
+
+* Style attributes with dashes, or single or double quoted values are
+ cleaned instead of passed through.
+
+**Features**
+
+None
+
+**Bug fixes**
+
+None
+
Version 3.1.3 (March 17th, 2020)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.3/PKG-INFO new/bleach-3.1.4/PKG-INFO
--- old/bleach-3.1.3/PKG-INFO 2020-03-17 16:29:18.039319300 +0100
+++ new/bleach-3.1.4/PKG-INFO 2020-03-26 15:38:47.279794700 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.2
Name: bleach
-Version: 3.1.3
+Version: 3.1.4
Summary: An easy safelist-based HTML-sanitizing tool.
Home-page: https://github.com/mozilla/bleach
Maintainer: Will Kahn-Greene
@@ -124,6 +124,39 @@
Bleach changes
==
+Version 3.1.4 (March 24th, 2020)
+
+
+**Security fixes**
+
+* ``bleach.clean`` behavior parsing style attributes could result in a
+ regular expression denial of service (ReDoS).
+
+ Calls to ``bleach.clean`` with an allowed tag with an allowed
+ ``style`` attribute were vulnerable to ReDoS. For example,
+ ``bleach.clean(..., attributes={'a': ['style']})``.
+
+ This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1,
+ v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar
+ regular expression and should be considered vulnerable too.
+
+ Anyone using Bleach <=v3.1.3 is encouraged to upgrade.
+
+
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2020-03-27 00:28:19
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.3160 (New)
Package is "python-bleach"
Fri Mar 27 00:28:19 2020 rev:9 rq:787398 version:3.1.3
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2020-03-08 22:22:02.59130 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.3160/python-bleach.changes
2020-03-27 00:28:20.960349560 +0100
@@ -1,0 +2,20 @@
+Mon Mar 23 10:09:15 UTC 2020 - Dirk Mueller
+
+- update to 3.1.3 (bsc#1167379):
+ * Add relative link to code of conduct. (#442)
+ * Drop deprecated 'setup.py test' support. (#507)
+ * Fix typo: curren -> current in tests/test_clean.py (#504)
+ * Test on PyPy 7
+ * Drop test support for end of life Python 3.4
+ * ``bleach.clean`` behavior parsing embedded MathML and SVG content
+with RCDATA tags did not match browser behavior and could result in
+a mutation XSS.
+Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
+``svg`` tags and one or more of the RCDATA tags ``script``,
+``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
+``xmp`` in the allowed tags whitelist were vulnerable to a mutation
+XSS.
+This security issue was confirmed in Bleach version v3.1.1. Earlier
+versions are likely affected too.
+
+---
Old:
bleach-3.1.1.tar.gz
New:
bleach-3.1.3.tar.gz
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.NyFNLB/_old 2020-03-27 00:28:22.164350170 +0100
+++ /var/tmp/diff_new_pack.NyFNLB/_new 2020-03-27 00:28:22.164350170 +0100
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:3.1.1
+Version:3.1.3
Release:0
Summary:A whitelist-based HTML-sanitizing tool
License:Apache-2.0
@@ -56,7 +56,7 @@
%prep
%setup -q -n bleach-%{version}
-%patch0 -p1
+%patch0
rm -rf bleach/_vendor
%build
++ bleach-3.1.1.tar.gz -> bleach-3.1.3.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.1/CHANGES new/bleach-3.1.3/CHANGES
--- old/bleach-3.1.1/CHANGES2020-02-19 18:34:36.0 +0100
+++ new/bleach-3.1.3/CHANGES2020-03-17 16:28:50.0 +0100
@@ -1,6 +1,67 @@
Bleach changes
==
+Version 3.1.3 (March 17th, 2020)
+
+
+**Security fixes**
+
+None
+
+**Backwards incompatible changes**
+
+None
+
+**Features**
+
+* Add relative link to code of conduct. (#442)
+
+* Drop deprecated 'setup.py test' support. (#507)
+
+* Fix typo: curren -> current in tests/test_clean.py (#504)
+
+* Test on PyPy 7
+
+* Drop test support for end of life Python 3.4
+
+**Bug fixes**
+
+None
+
+Version 3.1.2 (March 11th, 2020)
+
+
+**Security fixes**
+
+* ``bleach.clean`` behavior parsing embedded MathML and SVG content
+ with RCDATA tags did not match browser behavior and could result in
+ a mutation XSS.
+
+ Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
+ ``svg`` tags and one or more of the RCDATA tags ``script``,
+ ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
+ ``xmp`` in the allowed tags whitelist were vulnerable to a mutation
+ XSS.
+
+ This security issue was confirmed in Bleach version v3.1.1. Earlier
+ versions are likely affected too.
+
+ Anyone using Bleach <=v3.1.1 is encouraged to upgrade.
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1621692
+
+**Backwards incompatible changes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+None
+
Version 3.1.1 (February 13th, 2020)
---
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.1/CONTRIBUTORS
new/bleach-3.1.3/CONTRIBUTORS
--- old/bleach-3.1.1/CONTRIBUTORS 2020-02-13 20:19:16.0 +0100
+++ new/bleach-3.1.3/CONTRIBUTORS 2020-03-17 16:26:03.0 +0100
@@ -1,12 +1,13 @@
Bleach was originally written and maintained by James Socol and various
contributors within and without the Mozilla Corporation and Foundation.
-It is currently maintained by Will Kahn-Greene an Greg Guthe.
+It is currently maintained by Will Kahn-Greene, Greg Guthe, and Jon Dufresne.
Maintainers:
- Will Kahn-Greene
- Greg Guthe
+- Jon Dufresne
Maintainer emeritus:
@@ -32,6 +33,7 @@
- Chris Beaven
- Dan Gayle
- dave-shawley
+- dbxnr
- Erik Rose
- Gaurav
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2020-03-08 22:22:00
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.26092 (New)
Package is "python-bleach"
Sun Mar 8 22:22:00 2020 rev:8 rq:780475 version:3.1.1
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2019-07-30 13:02:45.638422088 +0200
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.26092/python-bleach.changes
2020-03-08 22:22:02.59130 +0100
@@ -1,0 +2,13 @@
+Fri Feb 28 16:13:43 UTC 2020 - Alexandros Toptsoglou
+
+- Update to V3.1.1: Security update for CVE-2020-6802
+
+ * CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303).
+
+---
+Wed Jan 8 10:35:41 CET 2020 - Matej Cepl
+
+- Switch off test_uri_value_allowed_protocols test to work around
+ gh#mozilla/bleach#503.
+
+---
Old:
bleach-3.1.0.tar.gz
New:
bleach-3.1.1.tar.gz
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.tY5L92/_old 2020-03-08 22:22:03.28354 +0100
+++ /var/tmp/diff_new_pack.tY5L92/_new 2020-03-08 22:22:03.284000357 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-bleach
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2015 LISA GmbH, Bingen, Germany.
#
# All modifications and additions to the file contributed by third parties
@@ -19,12 +19,12 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:3.1.0
+Version:3.1.1
Release:0
Summary:A whitelist-based HTML-sanitizing tool
License:Apache-2.0
Group: Development/Languages/Python
-URL:http://github.com/jsocol/bleach
+URL:https://github.com/jsocol/bleach
Source:
https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz
Patch0: de-vendor.patch
BuildRequires: %{python_module html5lib >= 1.0.0}
@@ -67,7 +67,8 @@
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
-%pytest
+# gh#mozilla/bleach#503
+%pytest -k 'not test_uri_value_allowed_protocols'
%files %{python_files}
%license LICENSE
++ bleach-3.1.0.tar.gz -> bleach-3.1.1.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.0/CHANGES new/bleach-3.1.1/CHANGES
--- old/bleach-3.1.0/CHANGES2019-01-09 16:09:41.0 +0100
+++ new/bleach-3.1.1/CHANGES2020-02-19 18:34:36.0 +0100
@@ -1,6 +1,41 @@
Bleach changes
==
+Version 3.1.1 (February 13th, 2020)
+---
+
+**Security fixes**
+
+* ``bleach.clean`` behavior parsing ``noscript`` tags did not match
+ browser behavior.
+
+ Calls to ``bleach.clean`` allowing ``noscript`` and one or more of
+ the raw text tags (``title``, ``textarea``, ``script``, ``style``,
+ ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable
+ to a mutation XSS.
+
+ This security issue was confirmed in Bleach versions v2.1.4, v3.0.2,
+ and v3.1.0. Earlier versions are probably affected too.
+
+ Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade.
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1615315
+
+**Backwards incompatible changes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+None
+
+Bleach changes
+==
+
Version 3.1.0 (January 9th, 2019)
-
@@ -76,7 +111,7 @@
* Fix ``list`` object has no attribute ``lower`` in ``clean``. (#398)
* Fix ``abbr`` getting escaped in ``linkify``. (#400)
-
+
Version 3.0.0 (October 3rd, 2018)
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-3.1.0/PKG-INFO new/bleach-3.1.1/PKG-INFO
--- old/bleach-3.1.0/PKG-INFO 2019-01-09 16:10:47.0 +0100
+++ new/bleach-3.1.1/PKG-INFO 2020-02-19 18:39:45.758497500 +0100
@@ -1,12 +1,11 @@
Metadata-Version: 1.2
Name: bleach
-Version: 3.1.0
+Version: 3.1.1
Summary: An easy safelist-based HTML-sanitizing tool.
Home-page: https://github.com/mozilla/bleach
-Author: Will Kahn-Greene
-Author-email: wil...@mozilla.com
+Maintainer: Will Kahn-Greene
+Maintainer-email: wil...@mozilla.com
License: Apache Software License
-Description-Content-Type: UNKNOWN
Description: ==
Bleach
==
@@ -129,6 +128,41 @@
Bleach changes
==
+Version 3.1.1 (February
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2019-07-30 13:02:43
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.4126 (New)
Package is "python-bleach"
Tue Jul 30 13:02:43 2019 rev:7 rq:717075 version:3.1.0
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2019-03-04 09:24:01.340561604 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.4126/python-bleach.changes
2019-07-30 13:02:45.638422088 +0200
@@ -1,0 +2,5 @@
+Fri Jul 19 12:02:58 UTC 2019 - Tomáš Chvátal
+
+- Restrict pytest to <5.0; upstream has an issue already reported
+
+---
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.TGwOsp/_old 2019-07-30 13:02:47.830421646 +0200
+++ /var/tmp/diff_new_pack.TGwOsp/_new 2019-07-30 13:02:47.886421636 +0200
@@ -28,7 +28,8 @@
Source:
https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz
Patch0: de-vendor.patch
BuildRequires: %{python_module html5lib >= 1.0.0}
-BuildRequires: %{python_module pytest >= 3.0.0}
+# https://github.com/mozilla/bleach/issues/459
+BuildRequires: %{python_module pytest < 5.0}
BuildRequires: %{python_module pytest-runner >= 2.0}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module six >= 1.9}
@@ -63,13 +64,10 @@
%install
%python_install
-
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
-%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib}
-py.test-%{$python_bin_suffix}
-}
+%pytest
%files %{python_files}
%license LICENSE
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2019-03-04 09:23:44
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.28833 (New)
Package is "python-bleach"
Mon Mar 4 09:23:44 2019 rev:6 rq:681085 version:3.1.0
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2018-12-13 19:47:16.276792118 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.28833/python-bleach.changes
2019-03-04 09:24:01.340561604 +0100
@@ -1,0 +2,51 @@
+Sun Mar 3 09:14:50 UTC 2019 - John Vandenberg
+
+- Add de-vendor.patch to avoid new vendoring of html5lib in v3.1.0
+- Remove direct dependency on webencodings, a dependency of html5lib
+- Update to v3.1.0
+ * Add ``recognized_tags`` argument to the linkify ``Linker`` class. This
+fixes issues when linkifying on its own and having some tags get escaped.
+It defaults to a list of HTML5 tags
+ * Add ``six>=1.9`` to requirements
+ * Fix cases where attribute names could have invalid characters in them.
+ * Fix problems with ``LinkifyFilter`` not being able to match links
+across .
+ * Fix ``InputStreamWithMemory`` when the ``BleachHTMLParser`` is
+parsing ``meta`` tags
+ * Fix doctests.
+- from v3.0.2
+ * Merge ``Characters`` tokens after sanitizing them. This fixes issues
+in the ``LinkifyFilter`` where it was only linkifying parts of urls
+- from v3.0.1
+ * Support Python 3.7. It supported Python 3.7 just fine, but 3.7 was
+added to the list of Python environments being test
+ * Fix ``list`` object has no attribute ``lower`` in ``clean``
+ * Fix ``abbr`` getting escaped in ``linkify``
+- from v3.0.0
+ * [breaking] A bunch of functions were moved from one module to another.
+These were moved from ``bleach.sanitizer`` to ``bleach.html5lib_shim``:
++ convert_entity
++ convert_entities
++ match_entity
++ next_possible_entity
++ BleachHTMLSerializer
++ BleachHTMLTokenizer
++ BleachHTMLParser
+These functions and classes weren't documented and aren't part of the
+public API, but people read code and might be using them so we're
+considering it an incompatible API change.
+If you're using them, you'll need to update your code.
+ * Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into
+Bleach. You can remove it from your requirements file if none of your other
+requirements require html5lib.
+This means Bleach will now work fine with other libraries that depend on
+html5lib regardless of what version of html5lib they require.
+ * Fixed tags getting added when using clean or linkify. This was a
+long-standing regression from the Bleach 2.0 rewrite
+ * Fixed getting replaced with a string. Now it gets escaped or
+stripped depending on whether it's in the allowed tags or not
+- from v2.1.4
+ * Dropped support for Python 3.3
+ * Handle ambiguous ampersands in correctly
+
+---
Old:
bleach-2.1.3.tar.gz
New:
bleach-3.1.0.tar.gz
de-vendor.patch
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.I4RIPU/_old 2019-03-04 09:24:02.148561459 +0100
+++ /var/tmp/diff_new_pack.I4RIPU/_new 2019-03-04 09:24:02.172561454 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-bleach
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2015 LISA GmbH, Bingen, Germany.
#
# All modifications and additions to the file contributed by third parties
@@ -19,24 +19,23 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:2.1.3
+Version:3.1.0
Release:0
Summary:A whitelist-based HTML-sanitizing tool
License:Apache-2.0
Group: Development/Languages/Python
URL:http://github.com/jsocol/bleach
Source:
https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz
-BuildRequires: %{python_module html5lib >= 0.}
-BuildRequires: %{python_module pytest-runner}
-BuildRequires: %{python_module pytest}
+Patch0: de-vendor.patch
+BuildRequires: %{python_module html5lib >= 1.0.0}
+BuildRequires: %{python_module pytest >= 3.0.0}
+BuildRequires: %{python_module pytest-runner >= 2.0}
BuildRequires: %{python_module setuptools}
-BuildRequires: %{python_module six}
-BuildRequires: %{python_module webencodings}
+BuildRequires: %{python_module six >= 1.9}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
-Requires:
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2018-12-13 19:47:15
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new.28833 (New)
Package is "python-bleach"
Thu Dec 13 19:47:15 2018 rev:5 rq:655395 version:2.1.3
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2018-03-20 22:01:35.371026086 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new.28833/python-bleach.changes
2018-12-13 19:47:16.276792118 +0100
@@ -1,0 +2,10 @@
+Wed Dec 5 01:56:44 UTC 2018 - Jan Engelhardt
+
+- Trim rhetorics and bias from descriptions.
+
+---
+Tue Dec 4 12:46:11 UTC 2018 - Matej Cepl
+
+- Remove superfluous devel dependency for noarch package
+
+---
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.4Vdwcc/_old 2018-12-13 19:47:16.828791402 +0100
+++ /var/tmp/diff_new_pack.4Vdwcc/_new 2018-12-13 19:47:16.832791397 +0100
@@ -13,7 +13,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -21,12 +21,11 @@
Name: python-bleach
Version:2.1.3
Release:0
-Summary:An easy whitelist-based HTML-sanitizing tool
+Summary:A whitelist-based HTML-sanitizing tool
License:Apache-2.0
Group: Development/Languages/Python
-Url:http://github.com/jsocol/bleach
+URL:http://github.com/jsocol/bleach
Source:
https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz
-BuildRequires: %{python_module devel}
BuildRequires: %{python_module html5lib >= 0.}
BuildRequires: %{python_module pytest-runner}
BuildRequires: %{python_module pytest}
@@ -38,30 +37,22 @@
Requires: python-html5lib >= 0.
Requires: python-six
Requires: python-webencodings
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
-
%python_subpackages
%description
-Bleach is an HTML sanitizing library that escapes or strips markup and
+Bleach is an HTML sanitation library that escapes or strips markup and
attributes based on a white list. Bleach can also linkify text safely, applying
filters that Django's ``urlize`` filter cannot, and optionally setting ``rel``
attributes, even on links already in the text.
-Bleach is intended for sanitizing text from *untrusted* sources. If you find
-yourself jumping through hoops to allow your site administrators to do lots of
-things, you're probably outside the use cases. Either trust those users, or
-don't.
+Bleach is intended for sanitizing text from *untrusted* sources.
Because it relies on html5lib, Bleach is as good as modern browsers at dealing
-with weird, quirky HTML fragments. And *any* of Bleach's methods will fix
+with weird, quirky HTML fragments. Bleach's methods will fix
unbalanced or mis-nested tags.
-The version on GitHub_ is the most up-to-date and contains the latest bug
-fixes. You can find full documentation on `ReadTheDocs`.
-
-http://bleach.readthedocs.org/
+Documentation is at http://bleach.readthedocs.org/ .
%prep
%setup -q -n bleach-%{version}
@@ -80,8 +71,8 @@
}
%files %{python_files}
-%defattr(-,root,root,-)
-%doc CHANGES LICENSE README.rst
+%license LICENSE
+%doc CHANGES README.rst
%{python_sitelib}/*
%changelog
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2018-03-20 22:01:11
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new (New)
Package is "python-bleach"
Tue Mar 20 22:01:11 2018 rev:4 rq:589030 version:2.1.3
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2017-12-11 18:56:36.934239885 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes
2018-03-20 22:01:35.371026086 +0100
@@ -1,0 +2,10 @@
+Tue Mar 20 08:38:36 UTC 2018 - kbabi...@suse.com
+
+- Update to version 2.1.3:
+ * Attributes that have URI values weren't properly sanitized if the
+values contained character entities. Using character entities, it
+was possible to construct a URI value with a scheme that was not
+allowed that would slide through unsanitized.
+(CVE-2018-7753 bnc#1085969)
+
+---
Old:
bleach-2.1.2.tar.gz
New:
bleach-2.1.3.tar.gz
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.g376Il/_old 2018-03-20 22:01:36.390989363 +0100
+++ /var/tmp/diff_new_pack.g376Il/_new 2018-03-20 22:01:36.394989219 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-bleach
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2015 LISA GmbH, Bingen, Germany.
#
# All modifications and additions to the file contributed by third parties
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:2.1.2
+Version:2.1.3
Release:0
Summary:An easy whitelist-based HTML-sanitizing tool
License:Apache-2.0
++ bleach-2.1.2.tar.gz -> bleach-2.1.3.tar.gz ++
1828 lines of diff (skipped)
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2017-12-11 18:56:32
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new (New)
Package is "python-bleach"
Mon Dec 11 18:56:32 2017 rev:3 rq:34 version:2.1.2
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2017-11-15 16:57:52.779858595 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes
2017-12-11 18:56:36.934239885 +0100
@@ -1,0 +2,12 @@
+Thu Dec 7 16:50:14 UTC 2017 - a...@gmx.de
+
+- specfile:
+ * update copyright year
+
+- update to version 2.1.2:
+ * Bug fixes
++ Support html5lib-python 1.0.1. (#337)
++ Add deprecation warning for supporting html5lib-python < 1.0.
++ Switch to semver.
+
+---
Old:
bleach-2.1.1.tar.gz
New:
bleach-2.1.2.tar.gz
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.eEOkmD/_old 2017-12-11 18:56:37.478213975 +0100
+++ /var/tmp/diff_new_pack.eEOkmD/_new 2017-12-11 18:56:37.482213784 +0100
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:2.1.1
+Version:2.1.2
Release:0
Summary:An easy whitelist-based HTML-sanitizing tool
License:Apache-2.0
@@ -28,6 +28,7 @@
Source:
https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz
BuildRequires: %{python_module devel}
BuildRequires: %{python_module html5lib >= 0.}
+BuildRequires: %{python_module pytest-runner}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module six}
++ bleach-2.1.1.tar.gz -> bleach-2.1.2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-2.1.1/CHANGES new/bleach-2.1.2/CHANGES
--- old/bleach-2.1.1/CHANGES2017-10-02 20:45:41.0 +0200
+++ new/bleach-2.1.2/CHANGES2017-12-07 17:01:22.0 +0100
@@ -1,6 +1,30 @@
Bleach Changes
==
+Version 2.1.2 (December 7th, 2017)
+--
+
+**Security fixes**
+
+None
+
+**Backwards incompatible changes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+* Support html5lib-python 1.0.1. (#337)
+
+* Add deprecation warning for supporting html5lib-python < 1.0.
+
+* Switch to semver.
+
+
Version 2.1.1 (October 2nd, 2017)
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-2.1.1/PKG-INFO new/bleach-2.1.2/PKG-INFO
--- old/bleach-2.1.1/PKG-INFO 2017-10-02 20:46:17.0 +0200
+++ new/bleach-2.1.2/PKG-INFO 2017-12-07 17:02:05.0 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: bleach
-Version: 2.1.1
+Version: 2.1.2
Summary: An easy safelist-based HTML-sanitizing tool.
Home-page: http://github.com/mozilla/bleach
Author: Will Kahn-Greene
@@ -17,7 +17,7 @@
.. image:: https://badge.fury.io/py/bleach.svg
:target: http://badge.fury.io/py/bleach
-Bleach is a allowed-list-based HTML sanitizing library that escapes or
strips
+Bleach is an allowed-list-based HTML sanitizing library that escapes
or strips
markup and attributes.
Bleach can also linkify text safely, applying filters that Django's
``urlize``
@@ -133,6 +133,30 @@
Bleach Changes
==
+Version 2.1.2 (December 7th, 2017)
+--
+
+**Security fixes**
+
+None
+
+**Backwards incompatible changes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+* Support html5lib-python 1.0.1. (#337)
+
+* Add deprecation warning for supporting html5lib-python < 1.0.
+
+* Switch to semver.
+
+
Version 2.1.1 (October 2nd, 2017)
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/bleach-2.1.1/README.rst new/bleach-2.1.2/README.rst
--- old/bleach-2.1.1/README.rst 2017-10-02 20:45:41.0 +0200
+++ new/bleach-2.1.2/README.rst 2017-12-07 17:01:22.0 +0100
@@ -8,7 +8,7 @@
.. image:: https://badge.fury.io/py/bleach.svg
:target: http://badge.fury.io/py/bleach
-Bleach is a allowed-list-based HTML sanitizing library that escapes or strips
+Bleach is an
commit python-bleach for openSUSE:Factory
Hello community,
here is the log from the commit of package python-bleach for openSUSE:Factory
checked in at 2017-11-15 16:57:49
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
and /work/SRC/openSUSE:Factory/.python-bleach.new (New)
Package is "python-bleach"
Wed Nov 15 16:57:49 2017 rev:2 rq:541217 version:2.1.1
Changes:
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes
2017-05-09 18:04:02.741297971 +0200
+++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes
2017-11-15 16:57:52.779858595 +0100
@@ -1,0 +2,41 @@
+Sat Nov 11 17:17:50 UTC 2017 - a...@gmx.de
+
+- specfile:
+ * update copyright year
+
+- update to version 2.1.1:
+ * Bug fixes
++ Fix setup.py opening files when LANG=. (#324)
+
+- changes from version 2.1:
+ * Security fixes
++ Convert control characters (backspace particularly) to “?”
+ preventing malicious copy-and-paste situations. (#298)
+ See https://github.com/mozilla/bleach/issues/298 for more details.
+ This affects all previous versions of Bleach. Check the comments
+ on that issue for ways to alleviate the issue if you can’t
+ upgrade to Bleach 2.1.
+ * Backwards incompatible changes
++ Redid versioning. bleach.VERSION is no longer available. Use the
+ string version at bleach.__version__ and parse it with
+ pkg_resources.parse_version. (#307)
++ clean, linkify: linkify and clean should only accept text types;
+ thank you, Janusz! (#292)
++ clean, linkify: accept only unicode or utf-8-encoded str (#176)
+ * Bug fixes
++ bleach.clean() no longer unescapes entities including ones that
+ are missing a ; at the end which can happen in urls and other
+ places. (#143)
++ linkify: fix http links inside of mailto links; thank you,
+ sedrubal! (#300)
++ clarify security policy in docs (#303)
++ fix dependency specification for html5lib 1.0b8, 1.0b9, and
+ 1.0b10; thank you, Zoltán! (#268)
++ add Bleach vs. html5lib comparison to README; thank you, Stu
+ Cox! (#278)
++ fix KeyError exceptions on tags without href attr; thank you,
+ Alex Defsen! (#273)
++ add test website and scripts to test bleach.clean() output in
+ browser; thank you, Greg Guthe!
+
+---
Old:
bleach-2.0.0.tar.gz
New:
bleach-2.1.1.tar.gz
Other differences:
--
++ python-bleach.spec ++
--- /var/tmp/diff_new_pack.JKLCVd/_old 2017-11-15 16:57:54.011813458 +0100
+++ /var/tmp/diff_new_pack.JKLCVd/_new 2017-11-15 16:57:54.015813312 +0100
@@ -19,21 +19,21 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-bleach
-Version:2.0.0
+Version:2.1.1
Release:0
Summary:An easy whitelist-based HTML-sanitizing tool
License:Apache-2.0
Group: Development/Languages/Python
Url:http://github.com/jsocol/bleach
Source:
https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz
-BuildRequires: fdupes
-BuildRequires: python-rpm-macros
BuildRequires: %{python_module devel}
-BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module html5lib >= 0.}
BuildRequires: %{python_module pytest}
+BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module six}
BuildRequires: %{python_module webencodings}
+BuildRequires: fdupes
+BuildRequires: python-rpm-macros
Requires: python-html5lib >= 0.
Requires: python-six
Requires: python-webencodings
++ bleach-2.0.0.tar.gz -> bleach-2.1.1.tar.gz ++
5089 lines of diff (skipped)
