commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2020-09-04 11:02:55 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.3399 (New) Package is "python-bleach" Fri Sep 4 11:02:55 2020 rev:12 rq:830713 version:3.1.5 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2020-05-08 23:02:09.297470434 +0200 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.3399/python-bleach.changes 2020-09-04 11:03:47.710773896 +0200 @@ -1,0 +2,5 @@ +Mon Aug 31 09:15:22 UTC 2020 - Tomáš Chvátal + +- Skip tests that fail with html5lib 1.1 ref the upstream ticket + +--- @@ -5 +10 @@ - * * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. + * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.PpQ5mk/_old 2020-09-04 11:03:49.370774785 +0200 +++ /var/tmp/diff_new_pack.PpQ5mk/_new 2020-09-04 11:03:49.374774787 +0200 @@ -67,7 +67,8 @@ %check # gh#mozilla/bleach#503 -%pytest -k 'not test_uri_value_allowed_protocols' +# https://github.com/mozilla/bleach/issues/543 +%pytest -k 'not (test_uri_value_allowed_protocols or test_bleach_html_parser or test_css_parsing_gauntlet_regex_backtracking)' %files %{python_files} %license LICENSE
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2020-05-08 23:02:04 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.2738 (New) Package is "python-bleach" Fri May 8 23:02:04 2020 rev:11 rq:800583 version:3.1.5 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2020-04-05 20:51:52.177086435 +0200 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.2738/python-bleach.changes 2020-05-08 23:02:09.297470434 +0200 @@ -1,0 +2,6 @@ +Wed May 6 07:12:54 UTC 2020 - Tomáš Chvátal + +- Update to 3.1.5: + * * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. + +--- Old: bleach-3.1.4.tar.gz New: bleach-3.1.5.tar.gz Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.94SedR/_old 2020-05-08 23:02:11.317474560 +0200 +++ /var/tmp/diff_new_pack.94SedR/_new 2020-05-08 23:02:11.321474568 +0200 @@ -19,23 +19,22 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:3.1.4 +Version:3.1.5 Release:0 Summary:A whitelist-based HTML-sanitizing tool License:Apache-2.0 -Group: Development/Languages/Python URL:https://github.com/jsocol/bleach Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz Patch0: de-vendor.patch BuildRequires: %{python_module html5lib >= 1.0.0} -# https://github.com/mozilla/bleach/issues/459 -BuildRequires: %{python_module pytest < 5.0} -BuildRequires: %{python_module pytest-runner >= 2.0} +BuildRequires: %{python_module packaging} +BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module six >= 1.9} BuildRequires: fdupes BuildRequires: python-rpm-macros Requires: python-html5lib >= 1.0.0 +Requires: python-packaging Requires: python-six >= 1.9 BuildArch: noarch %python_subpackages ++ bleach-3.1.4.tar.gz -> bleach-3.1.5.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.4/CHANGES new/bleach-3.1.5/CHANGES --- old/bleach-3.1.4/CHANGES2020-03-26 15:36:36.0 +0100 +++ new/bleach-3.1.5/CHANGES2020-04-29 20:26:09.0 +0200 @@ -1,6 +1,21 @@ Bleach changes == +Version 3.1.5 (April 29th, 2020) + + +**Security fixes** + +None + +**Features** + +None + +**Bug fixes** + +* replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. + Version 3.1.4 (March 24th, 2020) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.4/CONTRIBUTORS new/bleach-3.1.5/CONTRIBUTORS --- old/bleach-3.1.4/CONTRIBUTORS 2020-03-17 16:26:03.0 +0100 +++ new/bleach-3.1.5/CONTRIBUTORS 2020-04-29 20:26:09.0 +0200 @@ -29,6 +29,7 @@ - Antoine Leclair - Anton Backer - Anton Kovalyov +- Benjamin Peterson - Chad Birch - Chris Beaven - Dan Gayle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.4/PKG-INFO new/bleach-3.1.5/PKG-INFO --- old/bleach-3.1.4/PKG-INFO 2020-03-26 15:38:47.279794700 +0100 +++ new/bleach-3.1.5/PKG-INFO 2020-04-29 20:28:12.843282000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: bleach -Version: 3.1.4 +Version: 3.1.5 Summary: An easy safelist-based HTML-sanitizing tool. Home-page: https://github.com/mozilla/bleach Maintainer: Will Kahn-Greene @@ -124,6 +124,21 @@ Bleach changes == +Version 3.1.5 (April 29th, 2020) + + +**Security fixes** + +None + +**Features** + +None + +**Bug fixes** + +* replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. + Version 3.1.4 (March 24th, 2020) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.4/bleach/__init__.py new/bleach-3.1.5/bleach/__init__.py --- old/bleach-3.1.4/bleach/__init__.py 2020-03-26 15:36:36.0 +0100 +++ new/bleach-3.1.5/bleach/__init__.py 2020-04-29 20:26:09.0 +0200 @@ -2,7 +2,7 @@ from __future__ import unicode_literals -from pkg_resources impo
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2020-04-05 20:51:47 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.3248 (New) Package is "python-bleach" Sun Apr 5 20:51:47 2020 rev:10 rq:790549 version:3.1.4 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2020-03-27 00:28:20.960349560 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.3248/python-bleach.changes 2020-04-05 20:51:52.177086435 +0200 @@ -1,0 +2,12 @@ +Wed Apr 1 11:18:24 UTC 2020 - Dirk Mueller + +- update to 3.1.4 (bsc#1168280, CVE-2020-6817): + * ``bleach.clean`` behavior parsing style attributes could result in a +regular expression denial of service (ReDoS). +Calls to ``bleach.clean`` with an allowed tag with an allowed +``style`` attribute were vulnerable to ReDoS. For example, +``bleach.clean(..., attributes={'a': ['style']})``. + * Style attributes with dashes, or single or double quoted values are +cleaned instead of passed through. + +--- @@ -4 +16 @@ -- update to 3.1.3 (bsc#1167379): +- update to 3.1.3 (bsc#1167379, CVE-2020-6816): @@ -18,2 +29,0 @@ -This security issue was confirmed in Bleach version v3.1.1. Earlier -versions are likely affected too. Old: bleach-3.1.3.tar.gz New: bleach-3.1.4.tar.gz Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.vuo4uk/_old 2020-04-05 20:51:52.837087066 +0200 +++ /var/tmp/diff_new_pack.vuo4uk/_new 2020-04-05 20:51:52.837087066 +0200 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:3.1.3 +Version:3.1.4 Release:0 Summary:A whitelist-based HTML-sanitizing tool License:Apache-2.0 ++ bleach-3.1.3.tar.gz -> bleach-3.1.4.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.3/CHANGES new/bleach-3.1.4/CHANGES --- old/bleach-3.1.3/CHANGES2020-03-17 16:28:50.0 +0100 +++ new/bleach-3.1.4/CHANGES2020-03-26 15:36:36.0 +0100 @@ -1,6 +1,39 @@ Bleach changes == +Version 3.1.4 (March 24th, 2020) + + +**Security fixes** + +* ``bleach.clean`` behavior parsing style attributes could result in a + regular expression denial of service (ReDoS). + + Calls to ``bleach.clean`` with an allowed tag with an allowed + ``style`` attribute were vulnerable to ReDoS. For example, + ``bleach.clean(..., attributes={'a': ['style']})``. + + This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, + v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar + regular expression and should be considered vulnerable too. + + Anyone using Bleach <=v3.1.3 is encouraged to upgrade. + + https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 + +**Backwards incompatible changes** + +* Style attributes with dashes, or single or double quoted values are + cleaned instead of passed through. + +**Features** + +None + +**Bug fixes** + +None + Version 3.1.3 (March 17th, 2020) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.3/PKG-INFO new/bleach-3.1.4/PKG-INFO --- old/bleach-3.1.3/PKG-INFO 2020-03-17 16:29:18.039319300 +0100 +++ new/bleach-3.1.4/PKG-INFO 2020-03-26 15:38:47.279794700 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: bleach -Version: 3.1.3 +Version: 3.1.4 Summary: An easy safelist-based HTML-sanitizing tool. Home-page: https://github.com/mozilla/bleach Maintainer: Will Kahn-Greene @@ -124,6 +124,39 @@ Bleach changes == +Version 3.1.4 (March 24th, 2020) + + +**Security fixes** + +* ``bleach.clean`` behavior parsing style attributes could result in a + regular expression denial of service (ReDoS). + + Calls to ``bleach.clean`` with an allowed tag with an allowed + ``style`` attribute were vulnerable to ReDoS. For example, + ``bleach.clean(..., attributes={'a': ['style']})``. + + This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, + v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar + regular expression and should be considered vulnerable too. + + Anyone using Bleach <=v3.1.3 is encouraged to upgrade. + + https://bugzilla.mozilla.
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2020-03-27 00:28:19 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.3160 (New) Package is "python-bleach" Fri Mar 27 00:28:19 2020 rev:9 rq:787398 version:3.1.3 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2020-03-08 22:22:02.59130 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.3160/python-bleach.changes 2020-03-27 00:28:20.960349560 +0100 @@ -1,0 +2,20 @@ +Mon Mar 23 10:09:15 UTC 2020 - Dirk Mueller + +- update to 3.1.3 (bsc#1167379): + * Add relative link to code of conduct. (#442) + * Drop deprecated 'setup.py test' support. (#507) + * Fix typo: curren -> current in tests/test_clean.py (#504) + * Test on PyPy 7 + * Drop test support for end of life Python 3.4 + * ``bleach.clean`` behavior parsing embedded MathML and SVG content +with RCDATA tags did not match browser behavior and could result in +a mutation XSS. +Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or +``svg`` tags and one or more of the RCDATA tags ``script``, +``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or +``xmp`` in the allowed tags whitelist were vulnerable to a mutation +XSS. +This security issue was confirmed in Bleach version v3.1.1. Earlier +versions are likely affected too. + +--- Old: bleach-3.1.1.tar.gz New: bleach-3.1.3.tar.gz Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.NyFNLB/_old 2020-03-27 00:28:22.164350170 +0100 +++ /var/tmp/diff_new_pack.NyFNLB/_new 2020-03-27 00:28:22.164350170 +0100 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:3.1.1 +Version:3.1.3 Release:0 Summary:A whitelist-based HTML-sanitizing tool License:Apache-2.0 @@ -56,7 +56,7 @@ %prep %setup -q -n bleach-%{version} -%patch0 -p1 +%patch0 rm -rf bleach/_vendor %build ++ bleach-3.1.1.tar.gz -> bleach-3.1.3.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.1/CHANGES new/bleach-3.1.3/CHANGES --- old/bleach-3.1.1/CHANGES2020-02-19 18:34:36.0 +0100 +++ new/bleach-3.1.3/CHANGES2020-03-17 16:28:50.0 +0100 @@ -1,6 +1,67 @@ Bleach changes == +Version 3.1.3 (March 17th, 2020) + + +**Security fixes** + +None + +**Backwards incompatible changes** + +None + +**Features** + +* Add relative link to code of conduct. (#442) + +* Drop deprecated 'setup.py test' support. (#507) + +* Fix typo: curren -> current in tests/test_clean.py (#504) + +* Test on PyPy 7 + +* Drop test support for end of life Python 3.4 + +**Bug fixes** + +None + +Version 3.1.2 (March 11th, 2020) + + +**Security fixes** + +* ``bleach.clean`` behavior parsing embedded MathML and SVG content + with RCDATA tags did not match browser behavior and could result in + a mutation XSS. + + Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or + ``svg`` tags and one or more of the RCDATA tags ``script``, + ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or + ``xmp`` in the allowed tags whitelist were vulnerable to a mutation + XSS. + + This security issue was confirmed in Bleach version v3.1.1. Earlier + versions are likely affected too. + + Anyone using Bleach <=v3.1.1 is encouraged to upgrade. + + https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 + +**Backwards incompatible changes** + +None + +**Features** + +None + +**Bug fixes** + +None + Version 3.1.1 (February 13th, 2020) --- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.1/CONTRIBUTORS new/bleach-3.1.3/CONTRIBUTORS --- old/bleach-3.1.1/CONTRIBUTORS 2020-02-13 20:19:16.0 +0100 +++ new/bleach-3.1.3/CONTRIBUTORS 2020-03-17 16:26:03.0 +0100 @@ -1,12 +1,13 @@ Bleach was originally written and maintained by James Socol and various contributors within and without the Mozilla Corporation and Foundation. -It is currently maintained by Will Kahn-Greene an Greg Guthe. +It is currently maintained by Will Kahn-Greene, Greg Guthe, and Jon Dufresne. Maintainers: - Will Kahn-Greene - Greg Guthe +- Jon Dufresne Maintainer emeritus: @@ -32,6 +33,7 @@ - Chris Beaven - Dan Gayle - dave-shawley +- dbxnr - Erik Rose - Gaurav Dadhan
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2020-03-08 22:22:00 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.26092 (New) Package is "python-bleach" Sun Mar 8 22:22:00 2020 rev:8 rq:780475 version:3.1.1 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2019-07-30 13:02:45.638422088 +0200 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.26092/python-bleach.changes 2020-03-08 22:22:02.59130 +0100 @@ -1,0 +2,13 @@ +Fri Feb 28 16:13:43 UTC 2020 - Alexandros Toptsoglou + +- Update to V3.1.1: Security update for CVE-2020-6802 + + * CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303). + +--- +Wed Jan 8 10:35:41 CET 2020 - Matej Cepl + +- Switch off test_uri_value_allowed_protocols test to work around + gh#mozilla/bleach#503. + +--- Old: bleach-3.1.0.tar.gz New: bleach-3.1.1.tar.gz Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.tY5L92/_old 2020-03-08 22:22:03.28354 +0100 +++ /var/tmp/diff_new_pack.tY5L92/_new 2020-03-08 22:22:03.284000357 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-bleach # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # Copyright (c) 2015 LISA GmbH, Bingen, Germany. # # All modifications and additions to the file contributed by third parties @@ -19,12 +19,12 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:3.1.0 +Version:3.1.1 Release:0 Summary:A whitelist-based HTML-sanitizing tool License:Apache-2.0 Group: Development/Languages/Python -URL:http://github.com/jsocol/bleach +URL:https://github.com/jsocol/bleach Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz Patch0: de-vendor.patch BuildRequires: %{python_module html5lib >= 1.0.0} @@ -67,7 +67,8 @@ %python_expand %fdupes %{buildroot}%{$python_sitelib} %check -%pytest +# gh#mozilla/bleach#503 +%pytest -k 'not test_uri_value_allowed_protocols' %files %{python_files} %license LICENSE ++ bleach-3.1.0.tar.gz -> bleach-3.1.1.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.0/CHANGES new/bleach-3.1.1/CHANGES --- old/bleach-3.1.0/CHANGES2019-01-09 16:09:41.0 +0100 +++ new/bleach-3.1.1/CHANGES2020-02-19 18:34:36.0 +0100 @@ -1,6 +1,41 @@ Bleach changes == +Version 3.1.1 (February 13th, 2020) +--- + +**Security fixes** + +* ``bleach.clean`` behavior parsing ``noscript`` tags did not match + browser behavior. + + Calls to ``bleach.clean`` allowing ``noscript`` and one or more of + the raw text tags (``title``, ``textarea``, ``script``, ``style``, + ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable + to a mutation XSS. + + This security issue was confirmed in Bleach versions v2.1.4, v3.0.2, + and v3.1.0. Earlier versions are probably affected too. + + Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade. + + https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 + +**Backwards incompatible changes** + +None + +**Features** + +None + +**Bug fixes** + +None + +Bleach changes +== + Version 3.1.0 (January 9th, 2019) - @@ -76,7 +111,7 @@ * Fix ``list`` object has no attribute ``lower`` in ``clean``. (#398) * Fix ``abbr`` getting escaped in ``linkify``. (#400) - + Version 3.0.0 (October 3rd, 2018) - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-3.1.0/PKG-INFO new/bleach-3.1.1/PKG-INFO --- old/bleach-3.1.0/PKG-INFO 2019-01-09 16:10:47.0 +0100 +++ new/bleach-3.1.1/PKG-INFO 2020-02-19 18:39:45.758497500 +0100 @@ -1,12 +1,11 @@ Metadata-Version: 1.2 Name: bleach -Version: 3.1.0 +Version: 3.1.1 Summary: An easy safelist-based HTML-sanitizing tool. Home-page: https://github.com/mozilla/bleach -Author: Will Kahn-Greene -Author-email: wil...@mozilla.com +Maintainer: Will Kahn-Greene +Maintainer-email: wil...@mozilla.com License: Apache Software License -Description-Content-Type: UNKNOWN Description: == Bleach == @@ -129,6 +128,41 @@ Bleach changes == +Version 3.1.1 (February 13th
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2019-07-30 13:02:43 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.4126 (New) Package is "python-bleach" Tue Jul 30 13:02:43 2019 rev:7 rq:717075 version:3.1.0 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2019-03-04 09:24:01.340561604 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.4126/python-bleach.changes 2019-07-30 13:02:45.638422088 +0200 @@ -1,0 +2,5 @@ +Fri Jul 19 12:02:58 UTC 2019 - Tomáš Chvátal + +- Restrict pytest to <5.0; upstream has an issue already reported + +--- Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.TGwOsp/_old 2019-07-30 13:02:47.830421646 +0200 +++ /var/tmp/diff_new_pack.TGwOsp/_new 2019-07-30 13:02:47.886421636 +0200 @@ -28,7 +28,8 @@ Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz Patch0: de-vendor.patch BuildRequires: %{python_module html5lib >= 1.0.0} -BuildRequires: %{python_module pytest >= 3.0.0} +# https://github.com/mozilla/bleach/issues/459 +BuildRequires: %{python_module pytest < 5.0} BuildRequires: %{python_module pytest-runner >= 2.0} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module six >= 1.9} @@ -63,13 +64,10 @@ %install %python_install - %python_expand %fdupes %{buildroot}%{$python_sitelib} %check -%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib} -py.test-%{$python_bin_suffix} -} +%pytest %files %{python_files} %license LICENSE
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2019-03-04 09:23:44 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.28833 (New) Package is "python-bleach" Mon Mar 4 09:23:44 2019 rev:6 rq:681085 version:3.1.0 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2018-12-13 19:47:16.276792118 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.28833/python-bleach.changes 2019-03-04 09:24:01.340561604 +0100 @@ -1,0 +2,51 @@ +Sun Mar 3 09:14:50 UTC 2019 - John Vandenberg + +- Add de-vendor.patch to avoid new vendoring of html5lib in v3.1.0 +- Remove direct dependency on webencodings, a dependency of html5lib +- Update to v3.1.0 + * Add ``recognized_tags`` argument to the linkify ``Linker`` class. This +fixes issues when linkifying on its own and having some tags get escaped. +It defaults to a list of HTML5 tags + * Add ``six>=1.9`` to requirements + * Fix cases where attribute names could have invalid characters in them. + * Fix problems with ``LinkifyFilter`` not being able to match links +across ``&``. + * Fix ``InputStreamWithMemory`` when the ``BleachHTMLParser`` is +parsing ``meta`` tags + * Fix doctests. +- from v3.0.2 + * Merge ``Characters`` tokens after sanitizing them. This fixes issues +in the ``LinkifyFilter`` where it was only linkifying parts of urls +- from v3.0.1 + * Support Python 3.7. It supported Python 3.7 just fine, but 3.7 was +added to the list of Python environments being test + * Fix ``list`` object has no attribute ``lower`` in ``clean`` + * Fix ``abbr`` getting escaped in ``linkify`` +- from v3.0.0 + * [breaking] A bunch of functions were moved from one module to another. +These were moved from ``bleach.sanitizer`` to ``bleach.html5lib_shim``: ++ convert_entity ++ convert_entities ++ match_entity ++ next_possible_entity ++ BleachHTMLSerializer ++ BleachHTMLTokenizer ++ BleachHTMLParser +These functions and classes weren't documented and aren't part of the +public API, but people read code and might be using them so we're +considering it an incompatible API change. +If you're using them, you'll need to update your code. + * Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into +Bleach. You can remove it from your requirements file if none of your other +requirements require html5lib. +This means Bleach will now work fine with other libraries that depend on +html5lib regardless of what version of html5lib they require. + * Fixed tags getting added when using clean or linkify. This was a +long-standing regression from the Bleach 2.0 rewrite + * Fixed getting replaced with a string. Now it gets escaped or +stripped depending on whether it's in the allowed tags or not +- from v2.1.4 + * Dropped support for Python 3.3 + * Handle ambiguous ampersands in correctly + +--- Old: bleach-2.1.3.tar.gz New: bleach-3.1.0.tar.gz de-vendor.patch Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.I4RIPU/_old 2019-03-04 09:24:02.148561459 +0100 +++ /var/tmp/diff_new_pack.I4RIPU/_new 2019-03-04 09:24:02.172561454 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-bleach # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2015 LISA GmbH, Bingen, Germany. # # All modifications and additions to the file contributed by third parties @@ -19,24 +19,23 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:2.1.3 +Version:3.1.0 Release:0 Summary:A whitelist-based HTML-sanitizing tool License:Apache-2.0 Group: Development/Languages/Python URL:http://github.com/jsocol/bleach Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz -BuildRequires: %{python_module html5lib >= 0.} -BuildRequires: %{python_module pytest-runner} -BuildRequires: %{python_module pytest} +Patch0: de-vendor.patch +BuildRequires: %{python_module html5lib >= 1.0.0} +BuildRequires: %{python_module pytest >= 3.0.0} +BuildRequires: %{python_module pytest-runner >= 2.0} BuildRequires: %{python_module setuptools} -BuildRequires: %{python_module six} -BuildRequires: %{python_module webencodings} +BuildRequires: %{python_module six >= 1.9} BuildRequires: fdupes BuildRequires: python-rpm-macros -Requires:
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2018-12-13 19:47:15 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new.28833 (New) Package is "python-bleach" Thu Dec 13 19:47:15 2018 rev:5 rq:655395 version:2.1.3 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2018-03-20 22:01:35.371026086 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new.28833/python-bleach.changes 2018-12-13 19:47:16.276792118 +0100 @@ -1,0 +2,10 @@ +Wed Dec 5 01:56:44 UTC 2018 - Jan Engelhardt + +- Trim rhetorics and bias from descriptions. + +--- +Tue Dec 4 12:46:11 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +--- Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.4Vdwcc/_old 2018-12-13 19:47:16.828791402 +0100 +++ /var/tmp/diff_new_pack.4Vdwcc/_new 2018-12-13 19:47:16.832791397 +0100 @@ -13,7 +13,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,12 +21,11 @@ Name: python-bleach Version:2.1.3 Release:0 -Summary:An easy whitelist-based HTML-sanitizing tool +Summary:A whitelist-based HTML-sanitizing tool License:Apache-2.0 Group: Development/Languages/Python -Url:http://github.com/jsocol/bleach +URL:http://github.com/jsocol/bleach Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz -BuildRequires: %{python_module devel} BuildRequires: %{python_module html5lib >= 0.} BuildRequires: %{python_module pytest-runner} BuildRequires: %{python_module pytest} @@ -38,30 +37,22 @@ Requires: python-html5lib >= 0. Requires: python-six Requires: python-webencodings -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch - %python_subpackages %description -Bleach is an HTML sanitizing library that escapes or strips markup and +Bleach is an HTML sanitation library that escapes or strips markup and attributes based on a white list. Bleach can also linkify text safely, applying filters that Django's ``urlize`` filter cannot, and optionally setting ``rel`` attributes, even on links already in the text. -Bleach is intended for sanitizing text from *untrusted* sources. If you find -yourself jumping through hoops to allow your site administrators to do lots of -things, you're probably outside the use cases. Either trust those users, or -don't. +Bleach is intended for sanitizing text from *untrusted* sources. Because it relies on html5lib, Bleach is as good as modern browsers at dealing -with weird, quirky HTML fragments. And *any* of Bleach's methods will fix +with weird, quirky HTML fragments. Bleach's methods will fix unbalanced or mis-nested tags. -The version on GitHub_ is the most up-to-date and contains the latest bug -fixes. You can find full documentation on `ReadTheDocs`. - -http://bleach.readthedocs.org/ +Documentation is at http://bleach.readthedocs.org/ . %prep %setup -q -n bleach-%{version} @@ -80,8 +71,8 @@ } %files %{python_files} -%defattr(-,root,root,-) -%doc CHANGES LICENSE README.rst +%license LICENSE +%doc CHANGES README.rst %{python_sitelib}/* %changelog
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2018-03-20 22:01:11 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new (New) Package is "python-bleach" Tue Mar 20 22:01:11 2018 rev:4 rq:589030 version:2.1.3 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2017-12-11 18:56:36.934239885 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes 2018-03-20 22:01:35.371026086 +0100 @@ -1,0 +2,10 @@ +Tue Mar 20 08:38:36 UTC 2018 - kbabi...@suse.com + +- Update to version 2.1.3: + * Attributes that have URI values weren't properly sanitized if the +values contained character entities. Using character entities, it +was possible to construct a URI value with a scheme that was not +allowed that would slide through unsanitized. +(CVE-2018-7753 bnc#1085969) + +--- Old: bleach-2.1.2.tar.gz New: bleach-2.1.3.tar.gz Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.g376Il/_old 2018-03-20 22:01:36.390989363 +0100 +++ /var/tmp/diff_new_pack.g376Il/_new 2018-03-20 22:01:36.394989219 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-bleach # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2015 LISA GmbH, Bingen, Germany. # # All modifications and additions to the file contributed by third parties @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:2.1.2 +Version:2.1.3 Release:0 Summary:An easy whitelist-based HTML-sanitizing tool License:Apache-2.0 ++ bleach-2.1.2.tar.gz -> bleach-2.1.3.tar.gz ++ 1828 lines of diff (skipped)
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2017-12-11 18:56:32 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new (New) Package is "python-bleach" Mon Dec 11 18:56:32 2017 rev:3 rq:34 version:2.1.2 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2017-11-15 16:57:52.779858595 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes 2017-12-11 18:56:36.934239885 +0100 @@ -1,0 +2,12 @@ +Thu Dec 7 16:50:14 UTC 2017 - a...@gmx.de + +- specfile: + * update copyright year + +- update to version 2.1.2: + * Bug fixes ++ Support html5lib-python 1.0.1. (#337) ++ Add deprecation warning for supporting html5lib-python < 1.0. ++ Switch to semver. + +--- Old: bleach-2.1.1.tar.gz New: bleach-2.1.2.tar.gz Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.eEOkmD/_old 2017-12-11 18:56:37.478213975 +0100 +++ /var/tmp/diff_new_pack.eEOkmD/_new 2017-12-11 18:56:37.482213784 +0100 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:2.1.1 +Version:2.1.2 Release:0 Summary:An easy whitelist-based HTML-sanitizing tool License:Apache-2.0 @@ -28,6 +28,7 @@ Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz BuildRequires: %{python_module devel} BuildRequires: %{python_module html5lib >= 0.} +BuildRequires: %{python_module pytest-runner} BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module six} ++ bleach-2.1.1.tar.gz -> bleach-2.1.2.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-2.1.1/CHANGES new/bleach-2.1.2/CHANGES --- old/bleach-2.1.1/CHANGES2017-10-02 20:45:41.0 +0200 +++ new/bleach-2.1.2/CHANGES2017-12-07 17:01:22.0 +0100 @@ -1,6 +1,30 @@ Bleach Changes == +Version 2.1.2 (December 7th, 2017) +-- + +**Security fixes** + +None + +**Backwards incompatible changes** + +None + +**Features** + +None + +**Bug fixes** + +* Support html5lib-python 1.0.1. (#337) + +* Add deprecation warning for supporting html5lib-python < 1.0. + +* Switch to semver. + + Version 2.1.1 (October 2nd, 2017) - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-2.1.1/PKG-INFO new/bleach-2.1.2/PKG-INFO --- old/bleach-2.1.1/PKG-INFO 2017-10-02 20:46:17.0 +0200 +++ new/bleach-2.1.2/PKG-INFO 2017-12-07 17:02:05.0 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: bleach -Version: 2.1.1 +Version: 2.1.2 Summary: An easy safelist-based HTML-sanitizing tool. Home-page: http://github.com/mozilla/bleach Author: Will Kahn-Greene @@ -17,7 +17,7 @@ .. image:: https://badge.fury.io/py/bleach.svg :target: http://badge.fury.io/py/bleach -Bleach is a allowed-list-based HTML sanitizing library that escapes or strips +Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes. Bleach can also linkify text safely, applying filters that Django's ``urlize`` @@ -133,6 +133,30 @@ Bleach Changes == +Version 2.1.2 (December 7th, 2017) +-- + +**Security fixes** + +None + +**Backwards incompatible changes** + +None + +**Features** + +None + +**Bug fixes** + +* Support html5lib-python 1.0.1. (#337) + +* Add deprecation warning for supporting html5lib-python < 1.0. + +* Switch to semver. + + Version 2.1.1 (October 2nd, 2017) - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bleach-2.1.1/README.rst new/bleach-2.1.2/README.rst --- old/bleach-2.1.1/README.rst 2017-10-02 20:45:41.0 +0200 +++ new/bleach-2.1.2/README.rst 2017-12-07 17:01:22.0 +0100 @@ -8,7 +8,7 @@ .. image:: https://badge.fury.io/py/bleach.svg :target: http://badge.fury.io/py/bleach -Bleach is a allowed-list-based HTML sanitizing library that escapes or strips +Bleach is an all
commit python-bleach for openSUSE:Factory
Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2017-11-15 16:57:49 Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new (New) Package is "python-bleach" Wed Nov 15 16:57:49 2017 rev:2 rq:541217 version:2.1.1 Changes: --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2017-05-09 18:04:02.741297971 +0200 +++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes 2017-11-15 16:57:52.779858595 +0100 @@ -1,0 +2,41 @@ +Sat Nov 11 17:17:50 UTC 2017 - a...@gmx.de + +- specfile: + * update copyright year + +- update to version 2.1.1: + * Bug fixes ++ Fix setup.py opening files when LANG=. (#324) + +- changes from version 2.1: + * Security fixes ++ Convert control characters (backspace particularly) to “?” + preventing malicious copy-and-paste situations. (#298) + See https://github.com/mozilla/bleach/issues/298 for more details. + This affects all previous versions of Bleach. Check the comments + on that issue for ways to alleviate the issue if you can’t + upgrade to Bleach 2.1. + * Backwards incompatible changes ++ Redid versioning. bleach.VERSION is no longer available. Use the + string version at bleach.__version__ and parse it with + pkg_resources.parse_version. (#307) ++ clean, linkify: linkify and clean should only accept text types; + thank you, Janusz! (#292) ++ clean, linkify: accept only unicode or utf-8-encoded str (#176) + * Bug fixes ++ bleach.clean() no longer unescapes entities including ones that + are missing a ; at the end which can happen in urls and other + places. (#143) ++ linkify: fix http links inside of mailto links; thank you, + sedrubal! (#300) ++ clarify security policy in docs (#303) ++ fix dependency specification for html5lib 1.0b8, 1.0b9, and + 1.0b10; thank you, Zoltán! (#268) ++ add Bleach vs. html5lib comparison to README; thank you, Stu + Cox! (#278) ++ fix KeyError exceptions on tags without href attr; thank you, + Alex Defsen! (#273) ++ add test website and scripts to test bleach.clean() output in + browser; thank you, Greg Guthe! + +--- Old: bleach-2.0.0.tar.gz New: bleach-2.1.1.tar.gz Other differences: -- ++ python-bleach.spec ++ --- /var/tmp/diff_new_pack.JKLCVd/_old 2017-11-15 16:57:54.011813458 +0100 +++ /var/tmp/diff_new_pack.JKLCVd/_new 2017-11-15 16:57:54.015813312 +0100 @@ -19,21 +19,21 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version:2.0.0 +Version:2.1.1 Release:0 Summary:An easy whitelist-based HTML-sanitizing tool License:Apache-2.0 Group: Development/Languages/Python Url:http://github.com/jsocol/bleach Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz -BuildRequires: fdupes -BuildRequires: python-rpm-macros BuildRequires: %{python_module devel} -BuildRequires: %{python_module setuptools} BuildRequires: %{python_module html5lib >= 0.} BuildRequires: %{python_module pytest} +BuildRequires: %{python_module setuptools} BuildRequires: %{python_module six} BuildRequires: %{python_module webencodings} +BuildRequires: fdupes +BuildRequires: python-rpm-macros Requires: python-html5lib >= 0. Requires: python-six Requires: python-webencodings ++ bleach-2.0.0.tar.gz -> bleach-2.1.1.tar.gz ++ 5089 lines of diff (skipped)