diff --git a/Werkzeug-2.2.2.tar.gz b/Werkzeug-2.2.2.tar.gz deleted file mode 100644 index 140a20f..0000000 --- a/Werkzeug-2.2.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f -size 844378 diff --git a/Werkzeug-2.2.3.tar.gz b/Werkzeug-2.2.3.tar.gz new file mode 100644 index 0000000..168cb60 --- /dev/null +++ b/Werkzeug-2.2.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe +size 845884 diff --git a/moved_root.patch b/moved_root.patch index 602820b..45194e7 100644 --- a/moved_root.patch +++ b/moved_root.patch @@ -2,8 +2,10 @@ tests/test_serving.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) ---- a/tests/test_serving.py -+++ b/tests/test_serving.py +Index: Werkzeug-2.2.3/tests/test_serving.py +=================================================================== +--- Werkzeug-2.2.3.orig/tests/test_serving.py ++++ Werkzeug-2.2.3/tests/test_serving.py @@ -10,6 +10,7 @@ from pathlib import Path import pytest @@ -12,8 +14,8 @@ from werkzeug import run_simple from werkzeug._reloader import _find_stat_paths from werkzeug._reloader import _find_watchdog_paths -@@ -127,12 +128,15 @@ def test_windows_get_args_for_reloading( - +@@ -128,12 +129,15 @@ def test_windows_get_args_for_reloading( + @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning") @pytest.mark.parametrize("find", [_find_stat_paths, _find_watchdog_paths]) def test_exclude_patterns(find): - # Imported paths under sys.prefix will be included by default. diff --git a/python-Werkzeug.changes b/python-Werkzeug.changes index 231dec1..4ced30d 100644 --- a/python-Werkzeug.changes +++ b/python-Werkzeug.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Mon Mar 13 18:48:22 UTC 2023 - Dirk Müller + +- update to 2.2.3 (bsc#1208283, CVE-2023-25577): + * Ensure that URL rules using path converters will redirect + with strict slashes when the trailing slash is missing. + * Type signature for ``get_json`` specifies that return type + is not optional when ``silent=False``. + * ``parse_content_range_header`` returns ``None`` for a value + like ``bytes */-1`` where the length is invalid, instead of + raising an ``AssertionError``. + * Address remaining ``ResourceWarning`` related to the socket + used by ``run_simple``. + * Remove ``prepare_socket``, which now happens when + creating the server. + * Update pre-existing headers for ``multipart/form-data`` + requests with the test client. + * Fix handling of header extended parameters such that they + are no longer quoted. + * ``LimitedStream.read`` works correctly when wrapping a + stream that may not return the requested size in one + ``read`` call. + * A cookie header that starts with ``=`` is treated as an + empty key and discarded, rather than stripping the leading ``==``. + * Specify a maximum number of multipart parts, default 1000, + after which a ``RequestEntityTooLarge`` exception is + raised on parsing. This mitigates a DoS attack where a + larger number of form/file parts would result in disproportionate + resource use. + ------------------------------------------------------------------- Tue Sep 13 17:13:05 UTC 2022 - Ben Greiner diff --git a/python-Werkzeug.spec b/python-Werkzeug.spec index 82e1502..ad3e956 100644 --- a/python-Werkzeug.spec +++ b/python-Werkzeug.spec @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %endif Name: python-Werkzeug%{psuffix} -Version: 2.2.2 +Version: 2.2.3 Release: 0 Summary: The Swiss Army knife of Python web development License: BSD-3-Clause