From 5e4292f9bb982878e51e89c7b52d22a27a3422c436392c1db2529db1e1a11541 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Wed, 1 Apr 2020 11:21:16 +0000
Subject: [PATCH] - update to 3.1.4 (bsc#1168280, CVE-2020-6817):   *
 ``bleach.clean`` behavior parsing style attributes could result in a    
 regular expression denial of service (ReDoS).     Calls to ``bleach.clean``
 with an allowed tag with an allowed     ``style`` attribute were vulnerable
 to ReDoS. For example,     ``bleach.clean(..., attributes={'a':
 ['style']})``.   * Style attributes with dashes, or single or double quoted
 values are     cleaned instead of passed through.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=35
---
 bleach-3.1.3.tar.gz   |  3 ---
 bleach-3.1.4.tar.gz   |  3 +++
 python-bleach.changes | 12 ++++++++++++
 python-bleach.spec    |  2 +-
 4 files changed, 16 insertions(+), 4 deletions(-)
 delete mode 100644 bleach-3.1.3.tar.gz
 create mode 100644 bleach-3.1.4.tar.gz

diff --git a/bleach-3.1.3.tar.gz b/bleach-3.1.3.tar.gz
deleted file mode 100644
index 3632e38..0000000
--- a/bleach-3.1.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f8dfd8a7e26443e986c4e44df31870da8e906ea61096af06ba5d5cc2d519842a
-size 176601
diff --git a/bleach-3.1.4.tar.gz b/bleach-3.1.4.tar.gz
new file mode 100644
index 0000000..ecfd2e1
--- /dev/null
+++ b/bleach-3.1.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e78e426105ac07026ba098f04de8abe9b6e3e98b5befbf89b51a5ef0a4292b03
+size 177813
diff --git a/python-bleach.changes b/python-bleach.changes
index 1b7059c..7406544 100644
--- a/python-bleach.changes
+++ b/python-bleach.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Wed Apr  1 11:18:24 UTC 2020 - Dirk Mueller <dmueller@suse.com>
+
+- update to 3.1.4 (bsc#1168280, CVE-2020-6817):
+  * ``bleach.clean`` behavior parsing style attributes could result in a
+    regular expression denial of service (ReDoS).
+    Calls to ``bleach.clean`` with an allowed tag with an allowed
+    ``style`` attribute were vulnerable to ReDoS. For example,
+    ``bleach.clean(..., attributes={'a': ['style']})``.
+  * Style attributes with dashes, or single or double quoted values are
+    cleaned instead of passed through.
+
 -------------------------------------------------------------------
 Mon Mar 23 10:09:15 UTC 2020 - Dirk Mueller <dmueller@suse.com>
 
diff --git a/python-bleach.spec b/python-bleach.spec
index 9e58fa1..bc80249 100644
--- a/python-bleach.spec
+++ b/python-bleach.spec
@@ -19,7 +19,7 @@
 
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-bleach
-Version:        3.1.3
+Version:        3.1.4
 Release:        0
 Summary:        A whitelist-based HTML-sanitizing tool
 License:        Apache-2.0