From 0e50613c6092c540adf497b64df4fe8a703589973bdf25e8e20a4b73cbbb6fab Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Thu, 7 Oct 2021 16:57:39 +0000
Subject: [PATCH] Accepting request 923811 from
 home:bnavigator:branches:devel:languages:python

- Update to 2.5.1, Security bug fix
  * boo#1191446, CVE-2021-41125
  * If you use HttpAuthMiddleware (i.e. the http_user and
    http_pass spider attributes) for HTTP authentication,
    any request exposes your credentials to the request
    target.
  * To prevent unintended exposure of authentication
    credentials to unintended domains, you must now
    additionally set a new, additional spider attribute,
    http_auth_domain, and point it to the specific domain to
    which the authentication credentials must be sent.
  * If the http_auth_domain spider attribute is not set, the
    domain of the first request will be considered the HTTP
    authentication target, and authentication credentials
    will only be sent in requests targeting that domain.
  * If you need to send the same HTTP authentication
    credentials to multiple domains, you can use
    w3lib.http.basic_auth_header instead to set the value of
    the Authorization header of your requests.
  * If you really want your spider to send the same HTTP
    authentication credentials to any domain, set the
    http_auth_domain spider attribute to None.
  * Finally, if you are a user of scrapy-splash, know that
    this version of Scrapy breaks compatibility with
    scrapy-splash 0.7.2 and earlier. You will need to upgrade
    scrapy-splash to a greater version for it to continue to
    work.

OBS-URL: https://build.opensuse.org/request/show/923811
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Scrapy?expand=0&rev=21
---
 Scrapy-2.5.0.tar.gz   |  3 ---
 Scrapy-2.5.1.tar.gz   |  3 +++
 python-Scrapy.changes | 31 +++++++++++++++++++++++++++++++
 python-Scrapy.spec    |  2 +-
 4 files changed, 35 insertions(+), 4 deletions(-)
 delete mode 100644 Scrapy-2.5.0.tar.gz
 create mode 100644 Scrapy-2.5.1.tar.gz

diff --git a/Scrapy-2.5.0.tar.gz b/Scrapy-2.5.0.tar.gz
deleted file mode 100644
index 9731ba6..0000000
--- a/Scrapy-2.5.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a68ed41f7173679f160c4cef2db05288548c21e7164170552adae8b13cefaab
-size 1071824
diff --git a/Scrapy-2.5.1.tar.gz b/Scrapy-2.5.1.tar.gz
new file mode 100644
index 0000000..f3b296d
--- /dev/null
+++ b/Scrapy-2.5.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:13af6032476ab4256158220e530411290b3b934dd602bb6dacacbf6d16141f49
+size 1072669
diff --git a/python-Scrapy.changes b/python-Scrapy.changes
index 056078a..a131980 100644
--- a/python-Scrapy.changes
+++ b/python-Scrapy.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Thu Oct  7 14:35:57 UTC 2021 - Ben Greiner <code@bnavigator.de>
+
+- Update to 2.5.1, Security bug fix
+  * boo#1191446, CVE-2021-41125
+  * If you use HttpAuthMiddleware (i.e. the http_user and
+    http_pass spider attributes) for HTTP authentication,
+    any request exposes your credentials to the request
+    target.
+  * To prevent unintended exposure of authentication
+    credentials to unintended domains, you must now
+    additionally set a new, additional spider attribute,
+    http_auth_domain, and point it to the specific domain to
+    which the authentication credentials must be sent.
+  * If the http_auth_domain spider attribute is not set, the
+    domain of the first request will be considered the HTTP
+    authentication target, and authentication credentials
+    will only be sent in requests targeting that domain.
+  * If you need to send the same HTTP authentication
+    credentials to multiple domains, you can use
+    w3lib.http.basic_auth_header instead to set the value of
+    the Authorization header of your requests.
+  * If you really want your spider to send the same HTTP
+    authentication credentials to any domain, set the
+    http_auth_domain spider attribute to None.
+  * Finally, if you are a user of scrapy-splash, know that
+    this version of Scrapy breaks compatibility with
+    scrapy-splash 0.7.2 and earlier. You will need to upgrade
+    scrapy-splash to a greater version for it to continue to
+    work.
+
 -------------------------------------------------------------------
 Wed Sep  1 04:25:44 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 
diff --git a/python-Scrapy.spec b/python-Scrapy.spec
index 5ceb1b1..c729b65 100644
--- a/python-Scrapy.spec
+++ b/python-Scrapy.spec
@@ -21,7 +21,7 @@
 # python-uvloop does not support python3.6
 %define skip_python36 1
 Name:           python-Scrapy
-Version:        2.5.0
+Version:        2.5.1
 Release:        0
 Summary:        A high-level Python Screen Scraping framework
 License:        BSD-3-Clause