python/python-Scrapy
SHA256
14
0
Fork 0
forked from pool/python-Scrapy
Code Pull Requests Activity

Accepting request 924057 from devel:languages:python

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/924057
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Scrapy?expand=0&rev=11
This commit is contained in:
Dominique Leuenberger
2021-10-07 22:06:30 +00:00
committed by Git OBS Bridge
parent bacd15a4d3 0e50613c60
commit e3d3aaef29
4 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Scrapy-2.5.0.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0a68ed41f7173679f160c4cef2db05288548c21e7164170552adae8b13cefaab
size 1071824

3
Scrapy-2.5.1.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:13af6032476ab4256158220e530411290b3b934dd602bb6dacacbf6d16141f49
size 1072669

31
python-Scrapy.changes
View File

@@ -1,3 +1,34 @@
-------------------------------------------------------------------
Thu Oct 7 14:35:57 UTC 2021 - Ben Greiner <code@bnavigator.de>
- Update to 2.5.1, Security bug fix
* boo#1191446, CVE-2021-41125
* If you use HttpAuthMiddleware (i.e. the http_user and
http_pass spider attributes) for HTTP authentication,
any request exposes your credentials to the request
target.
* To prevent unintended exposure of authentication
credentials to unintended domains, you must now
additionally set a new, additional spider attribute,
http_auth_domain, and point it to the specific domain to
which the authentication credentials must be sent.
* If the http_auth_domain spider attribute is not set, the
domain of the first request will be considered the HTTP
authentication target, and authentication credentials
will only be sent in requests targeting that domain.
* If you need to send the same HTTP authentication
credentials to multiple domains, you can use
w3lib.http.basic_auth_header instead to set the value of
the Authorization header of your requests.
* If you really want your spider to send the same HTTP
authentication credentials to any domain, set the
http_auth_domain spider attribute to None.
* Finally, if you are a user of scrapy-splash, know that
this version of Scrapy breaks compatibility with
scrapy-splash 0.7.2 and earlier. You will need to upgrade
scrapy-splash to a greater version for it to continue to
work.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 1 04:25:44 UTC 2021 - Fusion Future <qydwhotmail@gmail.com> Wed Sep 1 04:25:44 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>

2
python-Scrapy.spec
View File

@@ -21,7 +21,7 @@
# python-uvloop does not support python3.6 # python-uvloop does not support python3.6
%define skip_python36 1 %define skip_python36 1
Name: python-Scrapy Name: python-Scrapy
Version: 2.5.0 Version: 2.5.1
Release: 0 Release: 0
Summary: A high-level Python Screen Scraping framework Summary: A high-level Python Screen Scraping framework
License: BSD-3-Clause License: BSD-3-Clause