From 3133c42b0f43f4ab4e3cb3d1185c10b12cf465ab77ed2e708748367ed62aa125 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Fri, 8 Feb 2019 11:13:50 +0000 Subject: [PATCH] Accepting request 672555 from home:frispete:python MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to 1.7.0 (2019-02-01) + The URL validator regex has been updated to no longer be vulnerable to a catastrophic backtracking that would have led to an infinite loop. See https://github.com/Pylons/colander/pull/323 and https://github.com/Pylons/colander/issues/290. With thanks to Przemek (https://github.com/p-m-k). + This does change the behaviour of the URL validator and it no longer supports file:// URI scheme (https://tools.ietf.org/html/rfc8089). Users that wish to validate file:// URI’s should change their validator to use colander.file_uri instead. + It has also dropped support for alternate schemes outside of http/ftp (and their secure equivelants). Please let us know if we need to relax this requirement. + CVE-ID: CVE-2017-18361 + The Email validator has been updated to use the same regular expression that is used by the WhatWG HTML specification, thereby increasing the email addresses that will validate correctly from web forms submitted. See https://github.com/Pylons/colander/pull/324 and https://github.com/Pylons/colander/issues/283 + Number once again will allow you to serialize None to colander.null, this reverts an accidental revert. See https://github.com/Pylons/colander/issues/204#issuecomment-459556100 + Integer SchemaType now supports an optional strict mode that will validate that the number is an integer, rather than silently accepting floats and truncating. See https://github.com/Pylons/colander/pull/322 and https://github.com/Pylons/colander/issues/292 OBS-URL: https://build.opensuse.org/request/show/672555 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-colander?expand=0&rev=8 --- colander-1.4.tar.gz | 3 -- colander-1.7.0.tar.gz | 3 ++ python-colander.changes | 67 +++++++++++++++++++++++++++++++++++++++-- python-colander.spec | 6 ++-- 4 files changed, 70 insertions(+), 9 deletions(-) delete mode 100644 colander-1.4.tar.gz create mode 100644 colander-1.7.0.tar.gz diff --git a/colander-1.4.tar.gz b/colander-1.4.tar.gz deleted file mode 100644 index 51e524e..0000000 --- a/colander-1.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e20e9acf190e5711cf96aa65a5405dac04b6e841028fc361d953a9923dbc4e72 -size 122253 diff --git a/colander-1.7.0.tar.gz b/colander-1.7.0.tar.gz new file mode 100644 index 0000000..004ad5e --- /dev/null +++ b/colander-1.7.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d758163a22d22c39b9eaae049749a5cd503f341231a02ed95af480b1145e81f2 +size 131320 diff --git a/python-colander.changes b/python-colander.changes index c57e169..38cbe40 100644 --- a/python-colander.changes +++ b/python-colander.changes @@ -1,3 +1,64 @@ +------------------------------------------------------------------- +Thu Feb 7 12:18:38 UTC 2019 - Hans-Peter Jansen + +- Update to 1.7.0 (2019-02-01) + + The URL validator regex has been updated to no longer be + vulnerable to a catastrophic backtracking that would have led to + an infinite loop. + See https://github.com/Pylons/colander/pull/323 + and https://github.com/Pylons/colander/issues/290. + With thanks to Przemek (https://github.com/p-m-k). + + This does change the behaviour of the URL validator and it no + longer supports file:// URI scheme + (https://tools.ietf.org/html/rfc8089). Users that wish to validate + file:// URI’s should change their validator to use + colander.file_uri instead. + + It has also dropped support for alternate schemes outside of + http/ftp (and their secure equivelants). Please let us know if we + need to relax this requirement. + + CVE-ID: CVE-2017-18361 + + The Email validator has been updated to use the same regular + expression that is used by the WhatWG HTML specification, thereby + increasing the email addresses that will validate correctly from + web forms submitted. + See https://github.com/Pylons/colander/pull/324 + and https://github.com/Pylons/colander/issues/283 + + Number once again will allow you to serialize None to colander.null, + this reverts an accidental revert. + See https://github.com/Pylons/colander/issues/204#issuecomment-459556100 + + Integer SchemaType now supports an optional strict mode that will + validate that the number is an integer, rather than silently accepting + floats and truncating. + See https://github.com/Pylons/colander/pull/322 + and https://github.com/Pylons/colander/issues/292 + +- Update to 1.6.0 (2019-01-31) + + Support custom format strings on DateTime and Date fields. + See https://github.com/Pylons/colander/pull/318 + + Support sub-second precision on Time fields if provided. + See https://github.com/Pylons/colander/pull/319 + + Format Python code of colander to conform to the PEP 8 style guide. + Add some linters (flake8, black and other) into tox.ini. + See https://github.com/Pylons/colander/pull/320 + +- Update to 1.5.1 (2018-09-10) + + Support deserializing colander.drop and colander.required. + See https://github.com/Pylons/colander/pull/304 + +- Update to 1.5.0 (2018-09-07) + + Drop Python 3.3 support. Add PyPy3 and Python 3.7 as allowed failures. + See https://github.com/Pylons/colander/pull/309 + + Fix email validation to not allow all ASCII characters between + and /. + This prevents email addresses like ‘foo1,foo2@bar.baz’ from being + validated, which would be handled as multiple email addresses by + subsequent tools. + See https://github.com/Pylons/colander/pull/315 + + Add support for enum.Enum objects. + See https://github.com/Pylons/colander/pull/305 + + Recompiled language translations and updated de and el locales. + See https://github.com/Pylons/colander/pull/284 + and https://github.com/Pylons/colander/pull/314 + ------------------------------------------------------------------- Wed Dec 5 01:20:39 UTC 2018 - Jan Engelhardt @@ -22,17 +83,17 @@ Tue Sep 19 14:55:27 UTC 2017 - bruno@ioda-net.ch ------------------------------------------------------------------- Thu Feb 9 22:32:43 UTC 2017 - hpj@urpla.net -- version 1.3.2: initial build for python3 +- Update to version 1.3.2: initial build for python3 ------------------------------------------------------------------- Fri Feb 6 11:21:47 UTC 2015 - hpj@urpla.net -- update to version 1.0 +- Update to version 1.0 to many changes to list here, check: https://pypi.python.org/pypi/colander/1.0 ------------------------------------------------------------------- Mon Aug 5 16:32:46 UTC 2013 - hpj@urpla.net -- version 1.0a5: initial build +- Version 1.0a5: initial build diff --git a/python-colander.spec b/python-colander.spec index 5ba35b3..072d84e 100644 --- a/python-colander.spec +++ b/python-colander.spec @@ -1,8 +1,8 @@ # # spec file for package python-colander # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2018 LISA GmbH, Bingen, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2013-2019 LISA GmbH, Bingen, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-colander -Version: 1.4 +Version: 1.7.0 Release: 0 Summary: A schema-based serialization and deserialization library License: BSD-4-Clause AND ZPL-2.1 AND MIT