From 2605210ed4aab71af8b42b50bef5bd3f159bf2c44855208d184f368a3427c252 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Thu, 29 Sep 2022 07:00:27 +0000 Subject: [PATCH] - Update to 5.0.1: * Add missing comma to tinycss2 require. Thank you, @shadchin! * Add url parse tests based on wpt url tests. (#688) * Support scheme-less urls if "https" is in allow list. (#662) * Handle escaping ``<`` in edge cases where it doesn't start a tag. (#544) * Correctly urlencode email address parts. Thank you, @larseggert! (#659) * ``clean`` and ``linkify`` now preserve the order of HTML attributes. * Drop support for Python 3.6. Thank you, @hugovk! (#629) * CSS sanitization in style tags is completely different now. * Python 3.9 support * Drop support for unsupported Python versions <3.6. (#520) * add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq - Refresh de-vendor.patch, and convert to patch level 1 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=43 --- bleach-3.3.0.tar.gz | 3 --- bleach-5.0.1.tar.gz | 3 +++ de-vendor.patch | 39 ++++++++++++++++++++------------------- python-bleach.changes | 17 +++++++++++++++++ python-bleach.spec | 7 +++---- 5 files changed, 43 insertions(+), 26 deletions(-) delete mode 100644 bleach-3.3.0.tar.gz create mode 100644 bleach-5.0.1.tar.gz diff --git a/bleach-3.3.0.tar.gz b/bleach-3.3.0.tar.gz deleted file mode 100644 index ac24d56..0000000 --- a/bleach-3.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:98b3170739e5e83dd9dc19633f074727ad848cbedb6026708c8ac2d3b697a433 -size 181274 diff --git a/bleach-5.0.1.tar.gz b/bleach-5.0.1.tar.gz new file mode 100644 index 0000000..264c251 --- /dev/null +++ b/bleach-5.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0d03255c47eb9bd2f26aa9bb7f2107732e7e8fe195ca2f64709fcf3b0a4a085c +size 199642 diff --git a/de-vendor.patch b/de-vendor.patch index ba3ee23..9ed6028 100644 --- a/de-vendor.patch +++ b/de-vendor.patch @@ -1,8 +1,6 @@ -Index: bleach/html5lib_shim.py -=================================================================== ---- bleach/html5lib_shim.py.orig -+++ bleach/html5lib_shim.py -@@ -18,44 +18,44 @@ warnings.filterwarnings( +--- a/bleach/html5lib_shim.py.orig ++++ b/bleach/html5lib_shim.py +@@ -14,46 +14,46 @@ warnings.filterwarnings( "ignore", message="html5lib's sanitizer is deprecated", category=DeprecationWarning, @@ -35,6 +33,8 @@ Index: bleach/html5lib_shim.py -from bleach._vendor.html5lib.filters.sanitizer import ( +from html5lib.filters.sanitizer import ( allowed_protocols, + allowed_css_properties, + allowed_svg_properties, ) # noqa: E402 module level import not at top of file -from bleach._vendor.html5lib.filters.sanitizer import ( +from html5lib.filters.sanitizer import ( @@ -59,29 +59,30 @@ Index: bleach/html5lib_shim.py Trie, ) # noqa: E402 module level import not at top of file -Index: tests/test_clean.py -=================================================================== ---- tests/test_clean.py.orig -+++ tests/test_clean.py -@@ -7,7 +7,7 @@ import pytest +--- a/tests/test_clean.py.orig ++++ b/tests/test_clean.py +@@ -5,7 +5,7 @@ import pytest from bleach import clean from bleach.html5lib_shim import Filter - from bleach.sanitizer import Cleaner + from bleach.sanitizer import ALLOWED_PROTOCOLS, Cleaner -from bleach._vendor.html5lib.constants import rcdataElements +from html5lib.constants import rcdataElements - def test_clean_idempotent(): -Index: bleach/sanitizer.py -=================================================================== ---- bleach/sanitizer.py.orig -+++ bleach/sanitizer.py -@@ -283,7 +283,7 @@ class BleachSanitizerFilter(html5lib_shi + @pytest.mark.parametrize( +--- a/bleach/sanitizer.py.orig ++++ b/bleach/sanitizer.py +@@ -277,7 +277,7 @@ class BleachSanitizerFilter(html5lib_shi "ignore", message="html5lib's sanitizer is deprecated", category=DeprecationWarning, - module="bleach._vendor.html5lib", + module="html5lib", ) - return super(BleachSanitizerFilter, self).__init__(source, **kwargs) - + return super().__init__( + source, +--- a/bleach/parse_shim.py.orig ++++ b/bleach/parse_shim.py +@@ -1 +1 @@ +-from bleach._vendor.parse import urlparse # noqa ++from urllib.parse import urlparse # noqa diff --git a/python-bleach.changes b/python-bleach.changes index 097670f..88fd3b6 100644 --- a/python-bleach.changes +++ b/python-bleach.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Thu Sep 29 06:58:58 UTC 2022 - Steve Kowalik + +- Update to 5.0.1: + * Add missing comma to tinycss2 require. Thank you, @shadchin! + * Add url parse tests based on wpt url tests. (#688) + * Support scheme-less urls if "https" is in allow list. (#662) + * Handle escaping ``<`` in edge cases where it doesn't start a tag. (#544) + * Correctly urlencode email address parts. Thank you, @larseggert! (#659) + * ``clean`` and ``linkify`` now preserve the order of HTML attributes. + * Drop support for Python 3.6. Thank you, @hugovk! (#629) + * CSS sanitization in style tags is completely different now. + * Python 3.9 support + * Drop support for unsupported Python versions <3.6. (#520) + * add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq +- Refresh de-vendor.patch, and convert to patch level 1 + ------------------------------------------------------------------- Tue Apr 13 09:20:21 UTC 2021 - Andreas Stieger diff --git a/python-bleach.spec b/python-bleach.spec index 332a198..823618a 100644 --- a/python-bleach.spec +++ b/python-bleach.spec @@ -1,7 +1,7 @@ # # spec file for package python-bleach # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # Copyright (c) 2015 LISA GmbH, Bingen, Germany. # # All modifications and additions to the file contributed by third parties @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version: 3.3.0 +Version: 5.0.1 Release: 0 Summary: A whitelist-based HTML-sanitizing tool License: Apache-2.0 @@ -54,8 +54,7 @@ unbalanced or mis-nested tags. Documentation is at http://bleach.readthedocs.org/ . %prep -%setup -q -n bleach-%{version} -%patch0 +%autosetup -p1 -n bleach-%{version} rm -rf bleach/_vendor %build