From 06c84985bfd3fc8e37bcb2940759073e95d033b24d3d4e45ea332efc7340df68 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 19 Jun 2023 10:31:50 +0000 Subject: [PATCH] Accepting request 1093739 from home:alarrosa:branches:devel:languages:python MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to 2.3.6: * FileStorage.content_length does not fail if the form data did not provide a value. - Update to 2.3.5: * Python 3.12 compatibility. * Fix handling of invalid base64 values in Authorization.from_header. * The debugger escapes the exception message in the page title. * When binding routing.Map, a long IDNA server_name with a port does not fail encoding. * iri_to_uri shows a deprecation warning instead of an error when passing bytes. * When parsing numbers in HTTP request headers such as Content-Length, only ASCII digits are accepted rather than any format that Python’s int and float accept. - Update to 2.3.4: * Authorization.from_header and WWWAuthenticate.from_header detects tokens that end with base64 padding (=). * Remove usage of warnings.catch_warnings. * Remove max_form_parts restriction from standard form data parsing and only use if for multipart content. * Response will avoid converting the Location header in some cases to preserve invalid URL schemes like itms-services. - Update to 2.3.3: * Fix parsing of large multipart bodies. Remove invalid leading newline, and restore parsing speed. * The cookie Path attribute is set to / by default again, to prevent clients from falling back to RFC 6265’s default-path behavior. - Update to 2.3.2: * Parse the cookie Expires attribute correctly in the test client. * max_content_length can only be enforced on streaming requests if the OBS-URL: https://build.opensuse.org/request/show/1093739 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=81 --- Werkzeug-2.2.3.tar.gz | 3 - Werkzeug-2.3.6.tar.gz | 3 + moved_root.patch | 36 ---------- python-Werkzeug.changes | 154 ++++++++++++++++++++++++++++++++++++++++ python-Werkzeug.spec | 14 ++-- setup.py | 8 +++ 6 files changed, 172 insertions(+), 46 deletions(-) delete mode 100644 Werkzeug-2.2.3.tar.gz create mode 100644 Werkzeug-2.3.6.tar.gz delete mode 100644 moved_root.patch create mode 100644 setup.py diff --git a/Werkzeug-2.2.3.tar.gz b/Werkzeug-2.2.3.tar.gz deleted file mode 100644 index 168cb60..0000000 --- a/Werkzeug-2.2.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe -size 845884 diff --git a/Werkzeug-2.3.6.tar.gz b/Werkzeug-2.3.6.tar.gz new file mode 100644 index 0000000..9c43e33 --- /dev/null +++ b/Werkzeug-2.3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330 +size 833282 diff --git a/moved_root.patch b/moved_root.patch deleted file mode 100644 index 45194e7..0000000 --- a/moved_root.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- - tests/test_serving.py | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -Index: Werkzeug-2.2.3/tests/test_serving.py -=================================================================== ---- Werkzeug-2.2.3.orig/tests/test_serving.py -+++ Werkzeug-2.2.3/tests/test_serving.py -@@ -10,6 +10,7 @@ from pathlib import Path - - import pytest - -+import werkzeug - from werkzeug import run_simple - from werkzeug._reloader import _find_stat_paths - from werkzeug._reloader import _find_watchdog_paths -@@ -128,12 +129,15 @@ def test_windows_get_args_for_reloading( - @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning") - @pytest.mark.parametrize("find", [_find_stat_paths, _find_watchdog_paths]) - def test_exclude_patterns(find): -- # Imported paths under sys.prefix will be included by default. -+ # Don’t use sys.prefix, we may have redefined PYTHONPATH and -+ # libraries elsewhere. -+ cur_prefix = str(Path(werkzeug.__file__).parents[1]) -+ # Imported paths under cur_prefix will be included by default. - paths = find(set(), set()) -- assert any(p.startswith(sys.prefix) for p in paths) -+ assert any(p.startswith(cur_prefix) for p in paths) - # Those paths should be excluded due to the pattern. -- paths = find(set(), {f"{sys.prefix}*"}) -- assert not any(p.startswith(sys.prefix) for p in paths) -+ paths = find(set(), {f"{str(cur_prefix)}*"}) -+ assert not any(p.startswith(cur_prefix) for p in paths) - - - @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning") diff --git a/python-Werkzeug.changes b/python-Werkzeug.changes index 4d9a02b..72a769a 100644 --- a/python-Werkzeug.changes +++ b/python-Werkzeug.changes @@ -1,3 +1,157 @@ +------------------------------------------------------------------- +Mon Jun 19 06:24:50 UTC 2023 - Antonio Larrosa + +- Update to 2.3.6: + * FileStorage.content_length does not fail if the form data did not provide + a value. +- Update to 2.3.5: + * Python 3.12 compatibility. + * Fix handling of invalid base64 values in Authorization.from_header. + * The debugger escapes the exception message in the page title. + * When binding routing.Map, a long IDNA server_name with a port does not + fail encoding. + * iri_to_uri shows a deprecation warning instead of an error when passing + bytes. + * When parsing numbers in HTTP request headers such as Content-Length, only + ASCII digits are accepted rather than any format that Python’s int and + float accept. +- Update to 2.3.4: + * Authorization.from_header and WWWAuthenticate.from_header detects tokens + that end with base64 padding (=). + * Remove usage of warnings.catch_warnings. + * Remove max_form_parts restriction from standard form data parsing and only + use if for multipart content. + * Response will avoid converting the Location header in some cases to + preserve invalid URL schemes like itms-services. +- Update to 2.3.3: + * Fix parsing of large multipart bodies. Remove invalid leading newline, and + restore parsing speed. + * The cookie Path attribute is set to / by default again, to prevent clients + from falling back to RFC 6265’s default-path behavior. +- Update to 2.3.2: + * Parse the cookie Expires attribute correctly in the test client. + * max_content_length can only be enforced on streaming requests if the + server sets wsgi.input_terminated. +- Update to 2.3.1: + * Percent-encode plus (+) when building URLs and in test requests. + * Cookie values don’t quote characters defined in RFC 6265. + * Include pyi files for datastructures type annotations. + * Authorization and WWWAuthenticate objects can be compared for equality. +- Update to 2.3.0: + * Drop support for Python 3.7. + * Remove previously deprecated code. + * Passing bytes where strings are expected is deprecated, as well as the + charset and errors parameters in many places. Anywhere that was annotated, + documented, or tested to accept bytes shows a warning. Removing this + artifact of the transition from Python 2 to 3 removes a significant amount + of overhead in instance checks and encoding cycles. In general, always + work with UTF-8, the modern HTML, URL, and HTTP standards all strongly + recommend this. + * Deprecate the werkzeug.urls module, except for the uri_to_iri and + iri_to_uri functions. Use the urllib.parse library instead. + * Update which characters are considered safe when using percent encoding + in URLs, based on the WhatWG URL Standard. + * Update which characters are considered safe when using percent encoding + for Unicode filenames in downloads. + * Deprecate the safe_conversion parameter of iri_to_uri. The Location header + is converted to IRI using the same process as everywhere else. + * Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter. + * Use modern packaging metadata with pyproject.toml instead of setup.cfg. + * Request.get_json() will raise a 415 Unsupported Media Type error if the + Content-Type header is not application/json, instead of a generic 400. + * A URL converter’s part_isolating defaults to False if its regex contains + a /. + * A custom converter’s regex can have capturing groups without breaking + the router. + * The reloader can pick up arguments to python like -X dev, and does not + require heuristics to determine how to reload the command. Only available + on Python >= 3.10. + * The Watchdog reloader ignores file opened events. Bump the minimum version + of Watchdog to 2.3.0. + * When using a Unix socket for the development server, the path can start + with a dot. + * Increase default work factor for PBKDF2 to 600,000 iterations. + * parse_options_header is 2-3 times faster. It conforms to RFC 9110, some + invalid parts that were previously accepted are now ignored. + * The is_filename parameter to unquote_header_value is deprecated. + * Deprecate the extra_chars parameter and passing bytes to + quote_header_value, the allow_token parameter to dump_header, and the cls + parameter and passing bytes to parse_dict_header. + * Improve parse_accept_header implementation. Parse according to RFC 9110. + Discard items with invalid q values. + * quote_header_value quotes the empty string. + * dump_options_header skips None values rather than using a bare key. + * dump_header and dump_options_header will not quote a value if the key ends + with an asterisk *. + * parse_dict_header will decode values with charsets. + * Refactor the Authorization and WWWAuthenticate header data structures. + + Both classes have type, parameters, and token attributes. The token + attribute supports auth schemes that use a single opaque token rather + than key=value parameters, such as Bearer. + + Neither class is a dict anymore, although they still implement getting, + setting, and deleting auth[key] and auth.key syntax, as well as + auth.get(key) and key in auth. + + Both classes have a from_header class method. parse_authorization_header + and parse_www_authenticate_header are deprecated. + + The methods WWWAuthenticate.set_basic and set_digest are deprecated. + Instead, an instance should be created and assigned to + response.www_authenticate. + + A list of instances can be assigned to response.www_authenticate to set + multiple header values. However, accessing the property only returns the + first instance. + * Refactor parse_cookie and dump_cookie. + + parse_cookie is up to 40% faster, dump_cookie is up to 60% faster. + + Passing bytes to parse_cookie and dump_cookie is deprecated. The + dump_cookie charset parameter is deprecated. + + dump_cookie allows domain values that do not include a dot ., and strips + off a leading dot. + + dump_cookie does not set path="/" unnecessarily by default. + * Refactor the test client cookie implementation. + + The cookie_jar attribute is deprecated. http.cookiejar is no longer used + for storage. + + Domain and path matching is used when sending cookies in requests. The + domain and path parameters default to localhost and /. + + Added a get_cookie method to inspect cookies. + + Cookies have decoded_key and decoded_value attributes to match what the + app sees rather than the encoded values a client would see. + + The first positional server_name parameter to set_cookie and + delete_cookie is deprecated. Use the domain parameter instead. + + Other parameters to delete_cookie besides domain, path, and value are + deprecated. + * If request.max_content_length is set, it is checked immediately when + accessing the stream, and while reading from the stream in general, rather + than only during form parsing. + * The development server, which must not be used in production, will exhaust + the request stream up to 10GB or 1000 reads. This allows clients to see a + 413 error if max_content_length is exceeded, instead of a “connection + reset” failure. + * The development server discards header keys that contain underscores _, as + they are ambiguous with dashes - in WSGI. + * secure_filename looks for more Windows reserved file names. + * Update type annotation for best_match to make default parameter clearer. + * Multipart parser handles empty fields correctly. + * The Map charset parameter and Request.url_charset property are deprecated. + Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes + are left percent encoded rather than replaced. + * The Request.charset, Request.encoding_errors, Response.charset, and + Client.charset attributes are deprecated. Request and response data must + always use UTF-8. + * Header values that have charset information only allow ASCII, UTF-8, and + ISO-8859-1. + * Update type annotation for ProfilerMiddleware stream parameter. + * Use postponed evaluation of annotations. + * The development server escapes ASCII control characters in decoded URLs + before logging the request to the terminal. + * The FormDataParser parse_functions attribute and get_parse_func method, + and the invalid application/x-url-encoded content type, are deprecated. + * generate_password_hash supports scrypt. Plain hash methods are deprecated, + only scrypt and pbkdf2 are supported. +- Remove patch which was already included by upstream: + * moved_root.patch +- Add source file from version 2.2.3 so we can keep using the standard + python build macros: + * setup.py + ------------------------------------------------------------------- Fri Apr 21 12:21:32 UTC 2023 - Dirk Müller diff --git a/python-Werkzeug.spec b/python-Werkzeug.spec index 46b1099..5ed3699 100644 --- a/python-Werkzeug.spec +++ b/python-Werkzeug.spec @@ -27,17 +27,15 @@ %{?sle15_python_module_pythons} Name: python-Werkzeug%{psuffix} -Version: 2.2.3 +Version: 2.3.6 Release: 0 Summary: The Swiss Army knife of Python web development License: BSD-3-Clause Group: Development/Languages/Python URL: https://werkzeug.palletsprojects.com Source: https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz -# PATCH-FIX-UPSTREAM moved_root.patch bsc#[0-9]+ mcepl@suse.com -# this patch makes things totally awesome -Patch1: moved_root.patch -BuildRequires: %{python_module base >= 3.7} +Source1: setup.py +BuildRequires: %{python_module base >= 3.8} BuildRequires: %{python_module setuptools_scm} BuildRequires: %{python_module setuptools} %if %{with test} @@ -50,12 +48,13 @@ BuildRequires: %{python_module pytest-timeout} BuildRequires: %{python_module pytest-xprocess} BuildRequires: %{python_module requests} BuildRequires: %{python_module sortedcontainers} +BuildRequires: %{python_module watchdog >= 3.0.0} %endif BuildRequires: fdupes BuildRequires: python-rpm-macros -Requires: python-MarkupSafe >= 2.1.1 +Requires: python-MarkupSafe >= 2.1.2 Recommends: python-termcolor -Recommends: python-watchdog +Recommends: python-watchdog >= 3.0.0 Obsoletes: python-Werkzeug-doc < %{version} Provides: python-Werkzeug-doc = %{version} BuildArch: noarch @@ -80,6 +79,7 @@ bulletin boards, etc.). %autosetup -p1 -n Werkzeug-%{version} sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylike,plnt,coolmagic}.py # Fix non-executable scripts +cp %{S:1} . %build %python_build diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..74820a8 --- /dev/null +++ b/setup.py @@ -0,0 +1,8 @@ +from setuptools import setup + +# Metadata goes in setup.cfg. These are here for GitHub's dependency graph. +setup( + name="Werkzeug", + install_requires=["MarkupSafe>=2.1.1"], + extras_require={"watchdog": ["watchdog"]}, +)