From e381406beccbdb520d67687abb89407e3ed12f413819ec4174c5cd1741d05551 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 13 Dec 2024 12:28:31 +0100
Subject: [PATCH] Sync from SUSE:SLFO:Main python-starlette revision
 9890ba29562e346532ae7415cd83df56

---
 ...47874-multipart-form-data-part-limit.patch | 106 ------------------
 python-starlette.changes                      |  20 +++-
 python-starlette.spec                         |  10 +-
 starlette-0.38.5.tar.gz                       |   3 -
 starlette-0.41.0.tar.gz                       |   3 +
 5 files changed, 24 insertions(+), 118 deletions(-)
 delete mode 100644 CVE-2024-47874-multipart-form-data-part-limit.patch
 delete mode 100644 starlette-0.38.5.tar.gz
 create mode 100644 starlette-0.41.0.tar.gz

diff --git a/CVE-2024-47874-multipart-form-data-part-limit.patch b/CVE-2024-47874-multipart-form-data-part-limit.patch
deleted file mode 100644
index d164893..0000000
--- a/CVE-2024-47874-multipart-form-data-part-limit.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From fd038f3070c302bff17ef7d173dbb0b007617733 Mon Sep 17 00:00:00 2001
-From: Marcelo Trylesinski <marcelotryle@gmail.com>
-Date: Tue, 15 Oct 2024 08:40:51 +0200
-Subject: [PATCH] Merge commit from fork
-
----
- starlette/formparsers.py  | 11 +++++++----
- tests/test_formparsers.py | 41 ++++++++++++++++++++++++++++++++++++---
- 2 files changed, 45 insertions(+), 7 deletions(-)
-
-Index: starlette-0.38.5/starlette/formparsers.py
-===================================================================
---- starlette-0.38.5.orig/starlette/formparsers.py
-+++ starlette-0.38.5/starlette/formparsers.py
-@@ -28,12 +28,12 @@ class FormMessage(Enum):
- class MultipartPart:
-     content_disposition: bytes | None = None
-     field_name: str = ""
--    data: bytes = b""
-+    data: bytearray = field(default_factory=bytearray)
-     file: UploadFile | None = None
-     item_headers: list[tuple[bytes, bytes]] = field(default_factory=list)
- 
- 
--def _user_safe_decode(src: bytes, codec: str) -> str:
-+def _user_safe_decode(src: bytes | bytearray, codec: str) -> str:
-     try:
-         return src.decode(codec)
-     except (UnicodeDecodeError, LookupError):
-@@ -114,7 +114,8 @@ class FormParser:
- 
- 
- class MultiPartParser:
--    max_file_size = 1024 * 1024
-+    max_file_size = 1024 * 1024  # 1MB
-+    max_part_size = 1024 * 1024  # 1MB
- 
-     def __init__(
-         self,
-@@ -146,7 +147,9 @@ class MultiPartParser:
-     def on_part_data(self, data: bytes, start: int, end: int) -> None:
-         message_bytes = data[start:end]
-         if self._current_part.file is None:
--            self._current_part.data += message_bytes
-+            if len(self._current_part.data) + len(message_bytes) > self.max_part_size:
-+                raise MultiPartException(f"Part exceeded maximum size of {int(self.max_part_size / 1024)}KB.")
-+            self._current_part.data.extend(message_bytes)
-         else:
-             self._file_parts_to_write.append((self._current_part, message_bytes))
- 
-Index: starlette-0.38.5/tests/test_formparsers.py
-===================================================================
---- starlette-0.38.5.orig/tests/test_formparsers.py
-+++ starlette-0.38.5/tests/test_formparsers.py
-@@ -640,9 +640,7 @@ def test_max_files_is_customizable_low_r
-         assert res.text == "Too many files. Maximum number of files is 1."
- 
- 
--def test_max_fields_is_customizable_high(
--    test_client_factory: TestClientFactory,
--) -> None:
-+def test_max_fields_is_customizable_high(test_client_factory: TestClientFactory) -> None:
-     client = test_client_factory(make_app_max_parts(max_fields=2000, max_files=2000))
-     fields = []
-     for i in range(2000):
-@@ -664,3 +662,40 @@ def test_max_fields_is_customizable_high
-         "content": "",
-         "content_type": None,
-     }
-+
-+
-+@pytest.mark.parametrize(
-+    "app,expectation",
-+    [
-+        (app, pytest.raises(MultiPartException)),
-+        (Starlette(routes=[Mount("/", app=app)]), does_not_raise()),
-+    ],
-+)
-+def test_max_part_size_exceeds_limit(
-+    app: ASGIApp,
-+    expectation: typing.ContextManager[Exception],
-+    test_client_factory: TestClientFactory,
-+) -> None:
-+    client = test_client_factory(app)
-+    boundary = "------------------------4K1ON9fZkj9uCUmqLHRbbR"
-+
-+    multipart_data = (
-+        f"--{boundary}\r\n"
-+        f'Content-Disposition: form-data; name="small"\r\n\r\n'
-+        "small content\r\n"
-+        f"--{boundary}\r\n"
-+        f'Content-Disposition: form-data; name="large"\r\n\r\n'
-+        + ("x" * 1024 * 1024 + "x")  # 1MB + 1 byte of data
-+        + "\r\n"
-+        f"--{boundary}--\r\n"
-+    ).encode("utf-8")
-+
-+    headers = {
-+        "Content-Type": f"multipart/form-data; boundary={boundary}",
-+        "Transfer-Encoding": "chunked",
-+    }
-+
-+    with expectation:
-+        response = client.post("/", data=multipart_data, headers=headers)  # type: ignore
-+        assert response.status_code == 400
-+        assert response.text == "Part exceeded maximum size of 1024KB."
diff --git a/python-starlette.changes b/python-starlette.changes
index 71475ad..9616720 100644
--- a/python-starlette.changes
+++ b/python-starlette.changes
@@ -1,9 +1,23 @@
 -------------------------------------------------------------------
-Thu Oct 17 02:47:49 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+Thu Nov  7 09:20:47 UTC 2024 - Nico Krapp <nico.krapp@suse.com>
 
-- Add patch CVE-2024-47874-multipart-form-data-part-limit.patch:
+- disable PendingDeprecationWarning
+
+-------------------------------------------------------------------
+Wed Oct 16 04:18:23 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 0.41.0:
+  * Allow to raise HTTPException before websocket.accept().
   * Add max_part_size to MultiPartParser to limit the size of parts in
-    multipart/form-data requests. (bsc#1231689, CVE-2024-47874) 
+    multipart/form-data requests. (bsc#1231689, CVE-2024-47874)
+  * Allow use of request.url_for when only "app" scope is available.
+  * Avoid regex re-compilation in responses.py and schemas.py.
+  * Improve performance of get_route_path by removing regular expression
+    usage.
+  * Consider FileResponse.chunk_size when handling multiple ranges.
+  * Use token_hex for generating multipart boundary strings.
+  * Add support for HTTP Range to FileResponse.
+  * Close unclosed MemoryObjectReceiveStream in TestClient.
 
 -------------------------------------------------------------------
 Sun Sep  8 15:05:40 UTC 2024 - Dirk Müller <dmueller@suse.com>
diff --git a/python-starlette.spec b/python-starlette.spec
index 5c25d9e..6c33bb0 100644
--- a/python-starlette.spec
+++ b/python-starlette.spec
@@ -27,14 +27,12 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-starlette%{psuffix}
-Version:        0.38.5
+Version:        0.41.0
 Release:        0
 Summary:        Lightweight ASGI framework/toolkit
 License:        BSD-3-Clause
 URL:            https://github.com/encode/starlette
 Source:         https://github.com/encode/starlette/archive/refs/tags/%{version}.tar.gz#/starlette-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM gh#encode/starlette#fd038f3070c302bff17ef7d173dbb0b007617733
-Patch0:         CVE-2024-47874-multipart-form-data-part-limit.patch
 BuildRequires:  %{python_module base >= 3.8}
 BuildRequires:  %{python_module hatchling}
 BuildRequires:  %{python_module pip}
@@ -71,7 +69,7 @@ Starlette is a lightweight ASGI framework/toolkit, which is ideal for
 building high performance asyncio services.
 
 %prep
-%autosetup -p1 -n starlette-%{version}
+%autosetup -n starlette-%{version}
 
 %build
 %pyproject_wheel
@@ -92,7 +90,7 @@ ignored_tests="test_set_cookie"
 ignored_tests="$ignored_tests or test_expires_on_set_cookie"
 # fails to raise a deprecation warning as of 2024/04/25
 ignored_tests="$ignored_tests or test_lifespan_with_on_events"
-%pytest --asyncio-mode=strict -k "not ($ignored_tests)"
+%pytest -W ignore::PendingDeprecationWarning --asyncio-mode=strict -k "not ($ignored_tests)"
 
 %endif
 
@@ -101,7 +99,7 @@ ignored_tests="$ignored_tests or test_lifespan_with_on_events"
 %doc README.md
 %license LICENSE.md
 %{python_sitelib}/starlette
-%{python_sitelib}/starlette-%{version}*-info
+%{python_sitelib}/starlette-%{version}.dist-info
 %endif
 
 %changelog
diff --git a/starlette-0.38.5.tar.gz b/starlette-0.38.5.tar.gz
deleted file mode 100644
index 481c335..0000000
--- a/starlette-0.38.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2ff52aa20a63821de16dd72f698df8b106789e427ceece9b526204fcfc9b6fe5
-size 2569392
diff --git a/starlette-0.41.0.tar.gz b/starlette-0.41.0.tar.gz
new file mode 100644
index 0000000..83d60ac
--- /dev/null
+++ b/starlette-0.41.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b0583161b9cf3de9dc7af7ebd3ae7c6a95e78a7a741558611cd5d8e640c06232
+size 2573744