diff --git a/python-Werkzeug.changes b/python-Werkzeug.changes index 58a98e3..69fc2ab 100644 --- a/python-Werkzeug.changes +++ b/python-Werkzeug.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue May 7 06:01:38 UTC 2024 - Daniel Garcia + +- Update to 3.0.3: + * Only allow ``localhost``, ``.localhost``, ``127.0.0.1``, or the + specified hostname when running the dev server, to make debugger + requests. Additional hosts can be added by using the debugger + middleware directly. The debugger UI makes requests using the + full URL rather than only the path. :ghsa:`2g68-c3qc-8985` + (CVE-2024-34069, bsc#1223979) + * Make reloader more robust when ``""`` is in ``sys.path``. + :pr:`2823` + * Better TLS cert format with ``adhoc`` dev certs. :pr:`2891` + * Inform Python < 3.12 how to handle ``itms-services`` URIs + correctly, rather than using an overly-broad workaround in + Werkzeug that caused some redirect URIs to be passed on without + encoding. :issue:`2828` + * Type annotation for ``Rule.endpoint`` and other uses of + ``endpoint`` is ``Any``. :issue:`2836` +- Update to 3.0.2: + * Ensure setting ``merge_slashes`` to ``False`` results in + ``NotFound`` for repeated-slash requests against single slash + routes. :issue:`2834` + * Fix handling of ``TypeError`` in ``TypeConversionDict.get()`` to + match ``ValueError``. :issue:`2843` + * Fix ``response_wrapper`` type check in test client. :issue:`2831` + * Make the return type of ``MultiPartParser.parse`` more precise. + :issue:`2840` + * Raise an error if converter arguments cannot be parsed. + :issue:`2822` + ------------------------------------------------------------------- Fri Oct 27 03:06:50 UTC 2023 - Steve Kowalik diff --git a/python-Werkzeug.spec b/python-Werkzeug.spec index 27e8a61..4e2b145 100644 --- a/python-Werkzeug.spec +++ b/python-Werkzeug.spec @@ -1,7 +1,7 @@ # -# spec file +# spec file for package python-Werkzeug # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,7 +27,7 @@ %{?sle15_python_module_pythons} Name: python-Werkzeug%{psuffix} -Version: 3.0.1 +Version: 3.0.3 Release: 0 Summary: The Swiss Army knife of Python web development License: BSD-3-Clause @@ -91,14 +91,31 @@ sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylik %check %if %{with test} export LANG=en_US.UTF-8 -# workaround pytest 6.2 (like https://github.com/pallets/werkzeug/commit/16718f461d016b88b6457d3ef63816b7df1f0d1f, but shorter) -%pytest -k 'not (dev_server or test_reloader_sys_path or test_chunked_encoding or test_basic or test_server or test_ssl or test_http_proxy or test_500_error or test_untrusted_host or test_double_slash_path or test_wrong_protocol or test_content_type_and_length or test_multiple_headers_concatenated or test_multiline_header_folding or test_exclude_patterns)' +# Tests that requires connection +donttest="test_basic" +donttest+=" or test_http_proxy" +donttest+=" or test_server" +donttest+=" or test_ssl_dev_cert" +donttest+=" or test_ssl_object" +donttest+=" or test_reloader_sys_path" +donttest+=" or test_chunked_request" +donttest+=" or test_streaming_close_response" +donttest+=" or test_streaming_chunked_response" +donttest+=" or test_streaming_chunked_truncation" +donttest+=" or test_untrusted_host" +donttest+=" or test_double_slash_path" +donttest+=" or test_500_error" +donttest+=" or test_wrong_protocol" +donttest+=" or test_content_type_and_length" +donttest+=" or test_multiple_headers_concatenated" +donttest+=" or test_multiline_header_folding" +%pytest -k "not ($donttest)" %endif %if ! %{with test} %files %{python_files} -%license LICENSE.rst -%doc CHANGES.rst README.rst +%license LICENSE.txt +%doc CHANGES.rst README.md %{python_sitelib}/werkzeug %{python_sitelib}/werkzeug-%{version}.dist-info %endif diff --git a/werkzeug-3.0.1.tar.gz b/werkzeug-3.0.1.tar.gz deleted file mode 100644 index 81c50a2..0000000 --- a/werkzeug-3.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:507e811ecea72b18a404947aded4b3390e1db8f826b494d76550ef45bb3b1dcc -size 801436 diff --git a/werkzeug-3.0.3.tar.gz b/werkzeug-3.0.3.tar.gz new file mode 100644 index 0000000..ef5d5e4 --- /dev/null +++ b/werkzeug-3.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:097e5bfda9f0aba8da6b8545146def481d06aa7d3266e7448e2cccf67dd8bd18 +size 803342