Sync from SUSE:SLFO:Main python-Werkzeug revision 38e40c9ef765ffc0317eff17f489b0f7

2024-12-13 11:05:10 +01:00 · 2024-12-13 11:05:10 +01:00 · 6a9288aa92
commit 6a9288aa92
parent 563ca67a1f
4 changed files with 38 additions and 4 deletions
--- a/python-Werkzeug.changes
+++ b/python-Werkzeug.changes
@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Mon Oct 28 12:57:32 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.0.6 (bsc#1232449, CVE-2024-49767):
+  * Fix how max_form_memory_size is applied when parsing large
+    non-file fields. GHSA-q34m-jh98-gwm2
+  * safe_join catches certain paths on Windows that were not caught by
+    ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j
+- 3.0.5:
+  * The Watchdog reloader ignores file closed no write events. #2945
+  * Logging works with client addresses containing an IPv6 scope.
+    #2952
+  * Ignore invalid authorization parameters. #2955
+  * Improve type annotation fore SharedDataMiddleware. #2958
+  * Compatibility with Python 3.13 when generating debugger pin and
+    the current UID does not have an associated name. #2957
+
+-------------------------------------------------------------------
+Mon Aug 26 14:36:39 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 3.0.4
+  * Restore behavior where parsing `multipart/x-www-form-urlencoded` data with
+    invalid UTF-8 bytes in the body results in no form data parsed rather than a
+    413 error. :issue:`2930`
+  * Improve ``parse_options_header`` performance when parsing unterminated
+    quoted string values. :issue:`2904`
+  * Debugger pin auth is synchronized across threads/processes when tracking
+    failed entries. :issue:`2916`
+  * Dev server handles unexpected `SSLEOFError` due to issue in Python < 3.13.
+    :issue:`2926`
+  * Debugger pin auth works when the URL already contains a query string.
+    :issue:`2918`
+
 -------------------------------------------------------------------
 Tue May  7 06:01:38 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>

--- a/python-Werkzeug.spec
+++ b/python-Werkzeug.spec
@ -27,7 +27,7 @@

 %{?sle15_python_module_pythons}
 Name:           python-Werkzeug%{psuffix}
-Version:        3.0.3
+Version:        3.0.6
 Release:        0
 Summary:        The Swiss Army knife of Python web development
 License:        BSD-3-Clause
@ -109,6 +109,7 @@ donttest+=" or test_wrong_protocol"
 donttest+=" or test_content_type_and_length"
 donttest+=" or test_multiple_headers_concatenated"
 donttest+=" or test_multiline_header_folding"
+donttest+=" or test_host_with_ipv6_scope"
 %pytest -k "not ($donttest)"
 %endif

--- a/werkzeug-3.0.3.tar.gz
+++ b/werkzeug-3.0.3.tar.gz
--- a/werkzeug-3.0.6.tar.gz
+++ b/werkzeug-3.0.6.tar.gz