From 4f7a26705c015ed88349cf24ed2e8d5025715d0db750fd6a93315e33048fe460 Mon Sep 17 00:00:00 2001
From: Daniel Garcia <daniel.garcia@suse.com>
Date: Tue, 7 May 2024 06:16:42 +0000
Subject: [PATCH] - Update to 3.0.3:   * Only allow ``localhost``,
 ``.localhost``, ``127.0.0.1``, or the     specified hostname when running the
 dev server, to make debugger     requests. Additional hosts can be added by
 using the debugger     middleware directly. The debugger UI makes requests
 using the     full URL rather than only the path.  :ghsa:`2g68-c3qc-8985`    
 (CVE-2024-34069, bsc#1223979)   * Make reloader more robust when ``""`` is in
 ``sys.path``.     :pr:`2823`   * Better TLS cert format with ``adhoc`` dev
 certs. :pr:`2891`   * Inform Python < 3.12 how to handle ``itms-services``
 URIs     correctly, rather than using an overly-broad workaround in    
 Werkzeug that caused some redirect URIs to be passed on without     encoding.
 :issue:`2828`   * Type annotation for ``Rule.endpoint`` and other uses of    
 ``endpoint`` is ``Any``. :issue:`2836` - Update to 3.0.2:   * Ensure setting
 ``merge_slashes`` to ``False`` results in     ``NotFound`` for repeated-slash
 requests against single slash     routes. :issue:`2834`   * Fix handling of
 ``TypeError`` in ``TypeConversionDict.get()`` to     match ``ValueError``.
 :issue:`2843`   * Fix ``response_wrapper`` type check in test client.
 :issue:`2831`   * Make the return type of ``MultiPartParser.parse`` more
 precise.     :issue:`2840`   * Raise an error if converter arguments cannot
 be parsed.     :issue:`2822`

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=92
---
 python-Werkzeug.changes | 31 +++++++++++++++++++++++++++++++
 python-Werkzeug.spec    | 31 ++++++++++++++++++++++++-------
 werkzeug-3.0.1.tar.gz   |  3 ---
 werkzeug-3.0.3.tar.gz   |  3 +++
 4 files changed, 58 insertions(+), 10 deletions(-)
 delete mode 100644 werkzeug-3.0.1.tar.gz
 create mode 100644 werkzeug-3.0.3.tar.gz

diff --git a/python-Werkzeug.changes b/python-Werkzeug.changes
index 58a98e3..69fc2ab 100644
--- a/python-Werkzeug.changes
+++ b/python-Werkzeug.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Tue May  7 06:01:38 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.0.3:
+  * Only allow ``localhost``, ``.localhost``, ``127.0.0.1``, or the
+    specified hostname when running the dev server, to make debugger
+    requests. Additional hosts can be added by using the debugger
+    middleware directly. The debugger UI makes requests using the
+    full URL rather than only the path.  :ghsa:`2g68-c3qc-8985`
+    (CVE-2024-34069, bsc#1223979)
+  * Make reloader more robust when ``""`` is in ``sys.path``.
+    :pr:`2823`
+  * Better TLS cert format with ``adhoc`` dev certs. :pr:`2891`
+  * Inform Python < 3.12 how to handle ``itms-services`` URIs
+    correctly, rather than using an overly-broad workaround in
+    Werkzeug that caused some redirect URIs to be passed on without
+    encoding. :issue:`2828`
+  * Type annotation for ``Rule.endpoint`` and other uses of
+    ``endpoint`` is ``Any``. :issue:`2836`
+- Update to 3.0.2:
+  * Ensure setting ``merge_slashes`` to ``False`` results in
+    ``NotFound`` for repeated-slash requests against single slash
+    routes. :issue:`2834`
+  * Fix handling of ``TypeError`` in ``TypeConversionDict.get()`` to
+    match ``ValueError``. :issue:`2843`
+  * Fix ``response_wrapper`` type check in test client. :issue:`2831`
+  * Make the return type of ``MultiPartParser.parse`` more precise.
+    :issue:`2840`
+  * Raise an error if converter arguments cannot be parsed.
+    :issue:`2822`
+
 -------------------------------------------------------------------
 Fri Oct 27 03:06:50 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
 
diff --git a/python-Werkzeug.spec b/python-Werkzeug.spec
index 27e8a61..4e2b145 100644
--- a/python-Werkzeug.spec
+++ b/python-Werkzeug.spec
@@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package python-Werkzeug
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-Werkzeug%{psuffix}
-Version:        3.0.1
+Version:        3.0.3
 Release:        0
 Summary:        The Swiss Army knife of Python web development
 License:        BSD-3-Clause
@@ -91,14 +91,31 @@ sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylik
 %check
 %if %{with test}
 export LANG=en_US.UTF-8
-# workaround pytest 6.2 (like https://github.com/pallets/werkzeug/commit/16718f461d016b88b6457d3ef63816b7df1f0d1f, but shorter)
-%pytest -k 'not (dev_server or test_reloader_sys_path or test_chunked_encoding or test_basic or test_server or test_ssl or test_http_proxy or test_500_error or test_untrusted_host or test_double_slash_path or test_wrong_protocol or test_content_type_and_length or test_multiple_headers_concatenated or test_multiline_header_folding or test_exclude_patterns)'
+# Tests that requires connection
+donttest="test_basic"
+donttest+=" or test_http_proxy"
+donttest+=" or test_server"
+donttest+=" or test_ssl_dev_cert"
+donttest+=" or test_ssl_object"
+donttest+=" or test_reloader_sys_path"
+donttest+=" or test_chunked_request"
+donttest+=" or test_streaming_close_response"
+donttest+=" or test_streaming_chunked_response"
+donttest+=" or test_streaming_chunked_truncation"
+donttest+=" or test_untrusted_host"
+donttest+=" or test_double_slash_path"
+donttest+=" or test_500_error"
+donttest+=" or test_wrong_protocol"
+donttest+=" or test_content_type_and_length"
+donttest+=" or test_multiple_headers_concatenated"
+donttest+=" or test_multiline_header_folding"
+%pytest -k "not ($donttest)"
 %endif
 
 %if ! %{with test}
 %files %{python_files}
-%license LICENSE.rst
-%doc CHANGES.rst README.rst
+%license LICENSE.txt
+%doc CHANGES.rst README.md
 %{python_sitelib}/werkzeug
 %{python_sitelib}/werkzeug-%{version}.dist-info
 %endif
diff --git a/werkzeug-3.0.1.tar.gz b/werkzeug-3.0.1.tar.gz
deleted file mode 100644
index 81c50a2..0000000
--- a/werkzeug-3.0.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:507e811ecea72b18a404947aded4b3390e1db8f826b494d76550ef45bb3b1dcc
-size 801436
diff --git a/werkzeug-3.0.3.tar.gz b/werkzeug-3.0.3.tar.gz
new file mode 100644
index 0000000..ef5d5e4
--- /dev/null
+++ b/werkzeug-3.0.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:097e5bfda9f0aba8da6b8545146def481d06aa7d3266e7448e2cccf67dd8bd18
+size 803342