diff --git a/python-Werkzeug.changes b/python-Werkzeug.changes index c7588da..58a98e3 100644 --- a/python-Werkzeug.changes +++ b/python-Werkzeug.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Oct 27 03:06:50 UTC 2023 - Steve Kowalik + +- Update to 3.0.1: + * Fix slow multipart parsing for large parts potentially enabling DoS + attacks. (CVE-2023-46136, bsc#1216581) + * Remove previously deprecated code. + * Deprecate the ``__version__`` attribute. Use feature detection, or + ``importlib.metadata.version("werkzeug")``, instead. + * ``generate_password_hash`` uses scrypt by default. + * Add the ``"werkzeug.profiler"`` item to the WSGI ``environ`` dictionary + passed to `ProfilerMiddleware`'s `filename_format` function. It contains + the ``elapsed`` and ``time`` values for the profiled request. + * Explicitly marked the PathConverter as non path isolating. + ------------------------------------------------------------------- Mon Sep 25 02:04:19 UTC 2023 - Steve Kowalik diff --git a/python-Werkzeug.spec b/python-Werkzeug.spec index 0d33932..27e8a61 100644 --- a/python-Werkzeug.spec +++ b/python-Werkzeug.spec @@ -27,7 +27,7 @@ %{?sle15_python_module_pythons} Name: python-Werkzeug%{psuffix} -Version: 2.3.7 +Version: 3.0.1 Release: 0 Summary: The Swiss Army knife of Python web development License: BSD-3-Clause diff --git a/werkzeug-2.3.7.tar.gz b/werkzeug-2.3.7.tar.gz deleted file mode 100644 index 07feef9..0000000 --- a/werkzeug-2.3.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2b8c0e447b4b9dbcc85dd97b6eeb4dcbaf6c8b6c3be0bd654e25553e0a2157d8 -size 819625 diff --git a/werkzeug-3.0.1.tar.gz b/werkzeug-3.0.1.tar.gz new file mode 100644 index 0000000..81c50a2 --- /dev/null +++ b/werkzeug-3.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:507e811ecea72b18a404947aded4b3390e1db8f826b494d76550ef45bb3b1dcc +size 801436