Accepting request 1093739 from home:alarrosa:branches:devel:languages:python

- Update to 2.3.6: * FileStorage.content_length does not fail if the form data did not provide a value. - Update to 2.3.5: * Python 3.12 compatibility. * Fix handling of invalid base64 values in Authorization.from_header. * The debugger escapes the exception message in the page title. * When binding routing.Map, a long IDNA server_name with a port does not fail encoding. * iri_to_uri shows a deprecation warning instead of an error when passing bytes. * When parsing numbers in HTTP request headers such as Content-Length, only ASCII digits are accepted rather than any format that Python’s int and float accept. - Update to 2.3.4: * Authorization.from_header and WWWAuthenticate.from_header detects tokens that end with base64 padding (=). * Remove usage of warnings.catch_warnings. * Remove max_form_parts restriction from standard form data parsing and only use if for multipart content. * Response will avoid converting the Location header in some cases to preserve invalid URL schemes like itms-services. - Update to 2.3.3: * Fix parsing of large multipart bodies. Remove invalid leading newline, and restore parsing speed. * The cookie Path attribute is set to / by default again, to prevent clients from falling back to RFC 6265’s default-path behavior. - Update to 2.3.2: * Parse the cookie Expires attribute correctly in the test client. * max_content_length can only be enforced on streaming requests if the OBS-URL: https://build.opensuse.org/request/show/1093739 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=81
2023-06-19 10:31:50 +00:00 · 2023-06-19 10:31:50 +00:00 · 06c84985bf
commit 06c84985bf
parent 73fe74305b
6 changed files with 172 additions and 46 deletions
--- a/Werkzeug-2.2.3.tar.gz
+++ b/Werkzeug-2.2.3.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe
 size 845884
--- a/Werkzeug-2.3.6.tar.gz
+++ b/Werkzeug-2.3.6.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330
 size 833282
--- a/moved_root.patch
+++ b/moved_root.patch
@ -1,36 +0,0 @@
 ---
 tests/test_serving.py |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
 Index: Werkzeug-2.2.3/tests/test_serving.py
 ===================================================================
 --- Werkzeug-2.2.3.orig/tests/test_serving.py
 +++ Werkzeug-2.2.3/tests/test_serving.py
@@ -10,6 +10,7 @@ from pathlib import Path
 import pytest
 +import werkzeug
 from werkzeug import run_simple
 from werkzeug._reloader import _find_stat_paths
 from werkzeug._reloader import _find_watchdog_paths
@@ -128,12 +129,15 @@ def test_windows_get_args_for_reloading(
 @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
 @pytest.mark.parametrize("find", [_find_stat_paths, _find_watchdog_paths])
 def test_exclude_patterns(find):
 -    # Imported paths under sys.prefix will be included by default.
 +    # Don’t use sys.prefix, we may have redefined PYTHONPATH and
 +    # libraries elsewhere.
 +    cur_prefix = str(Path(werkzeug.__file__).parents[1])
 +    # Imported paths under cur_prefix will be included by default.
     paths = find(set(), set())
 -    assert any(p.startswith(sys.prefix) for p in paths)
 +    assert any(p.startswith(cur_prefix) for p in paths)
     # Those paths should be excluded due to the pattern.
 -    paths = find(set(), {f"{sys.prefix}*"})
 -    assert not any(p.startswith(sys.prefix) for p in paths)
 +    paths = find(set(), {f"{str(cur_prefix)}*"})
 +    assert not any(p.startswith(cur_prefix) for p in paths)
 @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
--- a/python-Werkzeug.changes
+++ b/python-Werkzeug.changes
@ -1,3 +1,157 @@
 -------------------------------------------------------------------
 Mon Jun 19 06:24:50 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>
 - Update to 2.3.6:
  * FileStorage.content_length does not fail if the form data did not provide
    a value.
 - Update to 2.3.5:
  * Python 3.12 compatibility.
  * Fix handling of invalid base64 values in Authorization.from_header.
  * The debugger escapes the exception message in the page title.
  * When binding routing.Map, a long IDNA server_name with a port does not
    fail encoding.
  * iri_to_uri shows a deprecation warning instead of an error when passing
    bytes.
  * When parsing numbers in HTTP request headers such as Content-Length, only
    ASCII digits are accepted rather than any format that Python’s int and
    float accept.
 - Update to 2.3.4:
  * Authorization.from_header and WWWAuthenticate.from_header detects tokens
    that end with base64 padding (=).
  * Remove usage of warnings.catch_warnings.
  * Remove max_form_parts restriction from standard form data parsing and only
    use if for multipart content.
  * Response will avoid converting the Location header in some cases to
    preserve invalid URL schemes like itms-services.
 - Update to 2.3.3:
  * Fix parsing of large multipart bodies. Remove invalid leading newline, and
    restore parsing speed.
  * The cookie Path attribute is set to / by default again, to prevent clients
    from falling back to RFC 6265’s default-path behavior.
 - Update to 2.3.2:
  * Parse the cookie Expires attribute correctly in the test client.
  * max_content_length can only be enforced on streaming requests if the
    server sets wsgi.input_terminated.
 - Update to 2.3.1:
  * Percent-encode plus (+) when building URLs and in test requests.
  * Cookie values don’t quote characters defined in RFC 6265.
  * Include pyi files for datastructures type annotations.
  * Authorization and WWWAuthenticate objects can be compared for equality.
 - Update to 2.3.0:
  * Drop support for Python 3.7.
  * Remove previously deprecated code.
  * Passing bytes where strings are expected is deprecated, as well as the
    charset and errors parameters in many places. Anywhere that was annotated,
    documented, or tested to accept bytes shows a warning. Removing this
    artifact of the transition from Python 2 to 3 removes a significant amount
    of overhead in instance checks and encoding cycles. In general, always
    work with UTF-8, the modern HTML, URL, and HTTP standards all strongly
    recommend this.
  * Deprecate the werkzeug.urls module, except for the uri_to_iri and
    iri_to_uri functions. Use the urllib.parse library instead.
  * Update which characters are considered safe when using percent encoding
    in URLs, based on the WhatWG URL Standard.
  * Update which characters are considered safe when using percent encoding
    for Unicode filenames in downloads.
  * Deprecate the safe_conversion parameter of iri_to_uri. The Location header
    is converted to IRI using the same process as everywhere else.
  * Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter.
  * Use modern packaging metadata with pyproject.toml instead of setup.cfg.
  * Request.get_json() will raise a 415 Unsupported Media Type error if the
    Content-Type header is not application/json, instead of a generic 400.
  * A URL converter’s part_isolating defaults to False if its regex contains
    a /.
  * A custom converter’s regex can have capturing groups without breaking
    the router.
  * The reloader can pick up arguments to python like -X dev, and does not
    require heuristics to determine how to reload the command. Only available
    on Python >= 3.10.
  * The Watchdog reloader ignores file opened events. Bump the minimum version
    of Watchdog to 2.3.0.
  * When using a Unix socket for the development server, the path can start
    with a dot.
  * Increase default work factor for PBKDF2 to 600,000 iterations.
  * parse_options_header is 2-3 times faster. It conforms to RFC 9110, some
    invalid parts that were previously accepted are now ignored.
  * The is_filename parameter to unquote_header_value is deprecated.
  * Deprecate the extra_chars parameter and passing bytes to
    quote_header_value, the allow_token parameter to dump_header, and the cls
    parameter and passing bytes to parse_dict_header.
  * Improve parse_accept_header implementation. Parse according to RFC 9110.
    Discard items with invalid q values.
  * quote_header_value quotes the empty string.
  * dump_options_header skips None values rather than using a bare key.
  * dump_header and dump_options_header will not quote a value if the key ends
    with an asterisk *.
  * parse_dict_header will decode values with charsets.
  * Refactor the Authorization and WWWAuthenticate header data structures.
    + Both classes have type, parameters, and token attributes. The token
      attribute supports auth schemes that use a single opaque token rather
      than key=value parameters, such as Bearer.
    + Neither class is a dict anymore, although they still implement getting,
      setting, and deleting auth[key] and auth.key syntax, as well as
      auth.get(key) and key in auth.
    + Both classes have a from_header class method. parse_authorization_header
      and parse_www_authenticate_header are deprecated.
    + The methods WWWAuthenticate.set_basic and set_digest are deprecated.
      Instead, an instance should be created and assigned to
      response.www_authenticate.
    + A list of instances can be assigned to response.www_authenticate to set
      multiple header values. However, accessing the property only returns the
      first instance.
  * Refactor parse_cookie and dump_cookie.
    + parse_cookie is up to 40% faster, dump_cookie is up to 60% faster.
    + Passing bytes to parse_cookie and dump_cookie is deprecated. The
      dump_cookie charset parameter is deprecated.
    + dump_cookie allows domain values that do not include a dot ., and strips
      off a leading dot.
    + dump_cookie does not set path="/" unnecessarily by default.
  * Refactor the test client cookie implementation.
    + The cookie_jar attribute is deprecated. http.cookiejar is no longer used
      for storage.
    + Domain and path matching is used when sending cookies in requests. The
      domain and path parameters default to localhost and /.
    + Added a get_cookie method to inspect cookies.
    + Cookies have decoded_key and decoded_value attributes to match what the
      app sees rather than the encoded values a client would see.
    + The first positional server_name parameter to set_cookie and
      delete_cookie is deprecated. Use the domain parameter instead.
    + Other parameters to delete_cookie besides domain, path, and value are
      deprecated.
  * If request.max_content_length is set, it is checked immediately when
    accessing the stream, and while reading from the stream in general, rather
    than only during form parsing.
  * The development server, which must not be used in production, will exhaust
    the request stream up to 10GB or 1000 reads. This allows clients to see a
    413 error if max_content_length is exceeded, instead of a “connection
    reset” failure.
  * The development server discards header keys that contain underscores _, as
    they are ambiguous with dashes - in WSGI.
  * secure_filename looks for more Windows reserved file names.
  * Update type annotation for best_match to make default parameter clearer.
  * Multipart parser handles empty fields correctly.
  * The Map charset parameter and Request.url_charset property are deprecated.
    Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes
    are left percent encoded rather than replaced.
  * The Request.charset, Request.encoding_errors, Response.charset, and
    Client.charset attributes are deprecated. Request and response data must
    always use UTF-8.
  * Header values that have charset information only allow ASCII, UTF-8, and
    ISO-8859-1.
  * Update type annotation for ProfilerMiddleware stream parameter.
  * Use postponed evaluation of annotations.
  * The development server escapes ASCII control characters in decoded URLs
    before logging the request to the terminal.
  * The FormDataParser parse_functions attribute and get_parse_func method,
    and the invalid application/x-url-encoded content type, are deprecated.
  * generate_password_hash supports scrypt. Plain hash methods are deprecated,
    only scrypt and pbkdf2 are supported.
 - Remove patch which was already included by upstream:
  * moved_root.patch
 - Add source file from version 2.2.3 so we can keep using the standard
  python build macros:
  * setup.py
 -------------------------------------------------------------------
 Fri Apr 21 12:21:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
--- a/python-Werkzeug.spec
+++ b/python-Werkzeug.spec
@ -27,17 +27,15 @@
 %{?sle15_python_module_pythons}
 Name:           python-Werkzeug%{psuffix}
-Version:        2.2.3
+Version:        2.3.6
 Release:        0
 Summary:        The Swiss Army knife of Python web development
 License:        BSD-3-Clause
 Group:          Development/Languages/Python
 URL:            https://werkzeug.palletsprojects.com
 Source:         https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM moved_root.patch bsc#[0-9]+ mcepl@suse.com
+Source1:        setup.py
-# this patch makes things totally awesome
+BuildRequires:  %{python_module base >= 3.8}
 Patch1:         moved_root.patch
 BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module setuptools_scm}
 BuildRequires:  %{python_module setuptools}
 %if %{with test}
@ -50,12 +48,13 @@ BuildRequires:  %{python_module pytest-timeout}
 BuildRequires:  %{python_module pytest-xprocess}
 BuildRequires:  %{python_module requests}
 BuildRequires:  %{python_module sortedcontainers}
 BuildRequires:  %{python_module watchdog >= 3.0.0}
 %endif
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-MarkupSafe >= 2.1.1
+Requires:       python-MarkupSafe >= 2.1.2
 Recommends:     python-termcolor
-Recommends:     python-watchdog
+Recommends:     python-watchdog >= 3.0.0
 Obsoletes:      python-Werkzeug-doc < %{version}
 Provides:       python-Werkzeug-doc = %{version}
 BuildArch:      noarch
@ -80,6 +79,7 @@ bulletin boards, etc.).
 %autosetup -p1 -n Werkzeug-%{version}
 sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylike,plnt,coolmagic}.py # Fix non-executable scripts
 cp %{S:1} .
 %build
 %python_build
--- a/setup.py
+++ b/setup.py
@ -0,0 +1,8 @@
 from setuptools import setup
 # Metadata goes in setup.cfg. These are here for GitHub's dependency graph.
 setup(
    name="Werkzeug",
    install_requires=["MarkupSafe>=2.1.1"],
    extras_require={"watchdog": ["watchdog"]},
 )