From e60ba9dab86d763f43f40d0f12fa35142d92d02192503e2314accca5175ca1a2 Mon Sep 17 00:00:00 2001 From: Nico Krapp Date: Tue, 3 Jun 2025 10:14:16 +0000 Subject: [PATCH] - Update vendor tarball to fix CVE-2024-12224 (bsc#1243866) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-nh3?expand=0&rev=9 --- .gitattributes | 23 +++++++++++++++++ .gitignore | 1 + _service | 9 +++++++ nh3-0.2.17.tar.gz | 3 +++ python-nh3.changes | 30 +++++++++++++++++++++++ python-nh3.spec | 61 ++++++++++++++++++++++++++++++++++++++++++++++ vendor.tar.zst | 3 +++ 7 files changed, 130 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 nh3-0.2.17.tar.gz create mode 100644 python-nh3.changes create mode 100644 python-nh3.spec create mode 100644 vendor.tar.zst diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..dfaf5bb --- /dev/null +++ b/_service @@ -0,0 +1,9 @@ + + + + nh3-0.2.17 + zst + + + + diff --git a/nh3-0.2.17.tar.gz b/nh3-0.2.17.tar.gz new file mode 100644 index 0000000..e83a179 --- /dev/null +++ b/nh3-0.2.17.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:40d0741a19c3d645e54efba71cb0d8c475b59135c1e3c580f879ad5514cbf028 +size 14981 diff --git a/python-nh3.changes b/python-nh3.changes new file mode 100644 index 0000000..5df521e --- /dev/null +++ b/python-nh3.changes @@ -0,0 +1,30 @@ +------------------------------------------------------------------- +Mon Jun 2 13:40:20 UTC 2025 - Felix Stegmeier + +- Update vendor tarball to fix CVE-2024-12224 (bsc#1243866) + +------------------------------------------------------------------- +Tue May 7 21:07:45 UTC 2024 - Dirk Müller + +- update to 0.2.17: + * Fix type for ALLOWED_ATTRIBUTES + * Improve documentation + * Bump ammonia from 3.3.0 to 4.0.0 + +------------------------------------------------------------------- +Fri Dec 29 11:27:50 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Wed Dec 27 16:44:28 UTC 2023 - Dirk Müller + +- update to 0.2.15: + * Bump pyo3 from 0.19.2 to 0.20.0 + * Improve README + * Improve documentation + +------------------------------------------------------------------- +Mon Jun 12 09:52:49 UTC 2023 - Markéta Machová + +- Initial packaging of v0.2.13, needed by Weblate diff --git a/python-nh3.spec b/python-nh3.spec new file mode 100644 index 0000000..9178927 --- /dev/null +++ b/python-nh3.spec @@ -0,0 +1,61 @@ +# +# spec file for package python-nh3 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-nh3 +Version: 0.2.17 +Release: 0 +Summary: Ammonia HTML sanitizer Python binding +License: MIT +URL: https://github.com/messense/nh3 +Source: https://files.pythonhosted.org/packages/source/n/nh3/nh3-%{version}.tar.gz +Source1: vendor.tar.zst +BuildRequires: %{python_module maturin >= 1.0} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pytest} +BuildRequires: cargo +BuildRequires: fdupes +BuildRequires: python-rpm-macros +BuildRequires: zstd +%python_subpackages + +%description +Ammonia HTML sanitizer Python binding + +%prep +%autosetup -a1 -p1 -n nh3-%{version} +rm -v Cargo.lock + +%build +export CFLAGS="%{optflags} -fno-strict-aliasing" +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitearch} + +%check +%pytest_arch + +%files %{python_files} +%doc README.md +%license LICENSE +%{python_sitearch}/nh3 +%{python_sitearch}/nh3-%{version}.dist-info + +%changelog diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..baab546 --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3f89158b591b997e90699afc9545648926df064c239a97760c346f3dab57cebd +size 6290987