diff --git a/CVE-2020-28473.patch b/CVE-2020-28473.patch deleted file mode 100644 index 2921ac9a0fb107545dfc2ade6171fc3437a8c443..0000000000000000000000000000000000000000 --- a/CVE-2020-28473.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b Mon Sep 17 00:00:00 2001 -From: Marcel Hellkamp -Date: Wed, 11 Nov 2020 19:24:29 +0100 -Subject: [PATCH] Do not split query strings on `;` anymore. - -Using `;` as a separator instead of `&` was allowed a long time ago, -but is now obsolete and actually invalid according to the 2014 W3C -recommendations. Even if this change is technically backwards-incompatible, -no real-world application should depend on broken behavior. If you REALLY -need this functionality, monkey-patch the _parse_qsl() function. ---- - bottle.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bottle.py b/bottle.py -index bcfc5e62..417b01b9 100644 ---- a/bottle.py -+++ b/bottle.py -@@ -2585,7 +2585,7 @@ def parse_range_header(header, maxlen=0): - - def _parse_qsl(qs): - r = [] -- for pair in qs.replace(';','&').split('&'): -+ for pair in qs.split('&'): - if not pair: continue - nv = pair.split('=', 1) - if len(nv) != 2: nv.append('') diff --git a/CVE-2022-31799.patch b/CVE-2022-31799.patch deleted file mode 100644 index a508f4e4d7f9ffc7308141c86f083c2105f09378..0000000000000000000000000000000000000000 --- a/CVE-2022-31799.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001 -From: Marcel Hellkamp -Date: Thu, 26 May 2022 14:49:32 +0200 -Subject: [PATCH] Gracefully handle errors during early request binding. - ---- - bottle.py | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/bottle.py b/bottle.py -index 04ccf7da..035f99ec 100644 ---- a/bottle.py -+++ b/bottle.py -@@ -848,17 +848,19 @@ def default_error_handler(self, res): - return tob(template(ERROR_PAGE_TEMPLATE, e=res)) - - def _handle(self, environ): -- path = environ['bottle.raw_path'] = environ['PATH_INFO'] -- if py3k: -- try: -- environ['PATH_INFO'] = path.encode('latin1').decode('utf8') -- except UnicodeError: -- return HTTPError(400, 'Invalid path string. Expected UTF-8') -- - try: -+ - environ['bottle.app'] = self - request.bind(environ) - response.bind() -+ -+ path = environ['bottle.raw_path'] = environ['PATH_INFO'] -+ if py3k: -+ try: -+ environ['PATH_INFO'] = path.encode('latin1').decode('utf8') -+ except UnicodeError: -+ return HTTPError(400, 'Invalid path string. Expected UTF-8') -+ - try: - self.trigger_hook('before_request') - route, args = self.router.match(environ) diff --git a/Fix-Python-3.7-collections.abc-DeprecationWarning.patch b/Fix-Python-3.7-collections.abc-DeprecationWarning.patch deleted file mode 100644 index a93b9039f124d5fed1fb54528a8dbc70c20320a9..0000000000000000000000000000000000000000 --- a/Fix-Python-3.7-collections.abc-DeprecationWarning.patch +++ /dev/null @@ -1,29 +0,0 @@ -From eff4960d941b51629f8378b1bd9498ed2aec92c7 Mon Sep 17 00:00:00 2001 -From: Adam Johnson -Date: Wed, 8 May 2019 16:48:24 +0100 -Subject: [PATCH] Fix Python 3.7 collections.abc DeprecationWarning - -Should fix this - -``` -/.../bin/bottle.py:87: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it wil -l stop working - from collections import MutableMapping as DictMixin -``` ---- - bottle.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bottle.py b/bottle.py -index 3a51b38..f8398f1 100644 ---- a/bottle.py -+++ b/bottle.py -@@ -84,7 +84,7 @@ if py3k: - from urllib.parse import urlencode, quote as urlquote, unquote as urlunquote - urlunquote = functools.partial(urlunquote, encoding='latin1') - from http.cookies import SimpleCookie -- from collections import MutableMapping as DictMixin -+ from collections.abc import MutableMapping as DictMixin - import pickle - from io import BytesIO - from configparser import ConfigParser diff --git a/bottle-0.12.13.tar.gz b/bottle-0.12.13.tar.gz deleted file mode 100644 index 66c0063d573fc0f08f71da079a8b1ddc10d2773d..0000000000000000000000000000000000000000 Binary files a/bottle-0.12.13.tar.gz and /dev/null differ diff --git a/bottle-0.12.25.tar.gz b/bottle-0.12.25.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..39832ce5e45585396b9daaa95ecb54c4664c469e Binary files /dev/null and b/bottle-0.12.25.tar.gz differ diff --git a/python-bottle.spec b/python-bottle.spec index c1808822809a6f607e922679cb4762ab6a86f29c..aa8ee6aac17f4a709eb6bc74b05ef03f0e1a6cc9 100644 --- a/python-bottle.spec +++ b/python-bottle.spec @@ -1,16 +1,10 @@ Name: python-bottle -Version: 0.12.13 -Release: 11 +Version: 0.12.25 +Release: 1 Summary: WSGI micro web-framework for Python. License: MIT URL: https://github.com/bottlepy/bottle Source0: https://github.com/bottlepy/bottle/archive/%{version}/bottle-%{version}.tar.gz -Patch0000: CVE-2020-28473.patch -#https://github.com/bottlepy/bottle/commit/eff4960d941b51629f8378b1bd9498ed2aec92c7 -Patch0001: Fix-Python-3.7-collections.abc-DeprecationWarning.patch -#https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 -Patch0002: CVE-2022-31799.patch - BuildArch: noarch BuildRequires: python3-devel python3-setuptools @@ -48,6 +42,9 @@ sed -i '/^#!/d' bottle.py %exclude %{_bindir}/bottle.py %changelog +* Fri May 26 2023 wulei - 0.12.25-1 +- Upgrade package to version 0.12.25 + * Tue Jun 14 2022 yaoxin - 0.12.13-11 - Fix CVE-2022-31799