diff --git a/CVE-2020-28473.patch b/CVE-2020-28473.patch deleted file mode 100644 index 2921ac9a0fb107545dfc2ade6171fc3437a8c443..0000000000000000000000000000000000000000 --- a/CVE-2020-28473.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b Mon Sep 17 00:00:00 2001 -From: Marcel Hellkamp -Date: Wed, 11 Nov 2020 19:24:29 +0100 -Subject: [PATCH] Do not split query strings on `;` anymore. - -Using `;` as a separator instead of `&` was allowed a long time ago, -but is now obsolete and actually invalid according to the 2014 W3C -recommendations. Even if this change is technically backwards-incompatible, -no real-world application should depend on broken behavior. If you REALLY -need this functionality, monkey-patch the _parse_qsl() function. ---- - bottle.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bottle.py b/bottle.py -index bcfc5e62..417b01b9 100644 ---- a/bottle.py -+++ b/bottle.py -@@ -2585,7 +2585,7 @@ def parse_range_header(header, maxlen=0): - - def _parse_qsl(qs): - r = [] -- for pair in qs.replace(';','&').split('&'): -+ for pair in qs.split('&'): - if not pair: continue - nv = pair.split('=', 1) - if len(nv) != 2: nv.append('') diff --git a/CVE-2022-31799.patch b/CVE-2022-31799.patch deleted file mode 100644 index a508f4e4d7f9ffc7308141c86f083c2105f09378..0000000000000000000000000000000000000000 --- a/CVE-2022-31799.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001 -From: Marcel Hellkamp -Date: Thu, 26 May 2022 14:49:32 +0200 -Subject: [PATCH] Gracefully handle errors during early request binding. - ---- - bottle.py | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/bottle.py b/bottle.py -index 04ccf7da..035f99ec 100644 ---- a/bottle.py -+++ b/bottle.py -@@ -848,17 +848,19 @@ def default_error_handler(self, res): - return tob(template(ERROR_PAGE_TEMPLATE, e=res)) - - def _handle(self, environ): -- path = environ['bottle.raw_path'] = environ['PATH_INFO'] -- if py3k: -- try: -- environ['PATH_INFO'] = path.encode('latin1').decode('utf8') -- except UnicodeError: -- return HTTPError(400, 'Invalid path string. Expected UTF-8') -- - try: -+ - environ['bottle.app'] = self - request.bind(environ) - response.bind() -+ -+ path = environ['bottle.raw_path'] = environ['PATH_INFO'] -+ if py3k: -+ try: -+ environ['PATH_INFO'] = path.encode('latin1').decode('utf8') -+ except UnicodeError: -+ return HTTPError(400, 'Invalid path string. Expected UTF-8') -+ - try: - self.trigger_hook('before_request') - route, args = self.router.match(environ) diff --git a/Fix-Python-3.7-collections.abc-DeprecationWarning.patch b/Fix-Python-3.7-collections.abc-DeprecationWarning.patch deleted file mode 100644 index a93b9039f124d5fed1fb54528a8dbc70c20320a9..0000000000000000000000000000000000000000 --- a/Fix-Python-3.7-collections.abc-DeprecationWarning.patch +++ /dev/null @@ -1,29 +0,0 @@ -From eff4960d941b51629f8378b1bd9498ed2aec92c7 Mon Sep 17 00:00:00 2001 -From: Adam Johnson -Date: Wed, 8 May 2019 16:48:24 +0100 -Subject: [PATCH] Fix Python 3.7 collections.abc DeprecationWarning - -Should fix this - -``` -/.../bin/bottle.py:87: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it wil -l stop working - from collections import MutableMapping as DictMixin -``` ---- - bottle.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bottle.py b/bottle.py -index 3a51b38..f8398f1 100644 ---- a/bottle.py -+++ b/bottle.py -@@ -84,7 +84,7 @@ if py3k: - from urllib.parse import urlencode, quote as urlquote, unquote as urlunquote - urlunquote = functools.partial(urlunquote, encoding='latin1') - from http.cookies import SimpleCookie -- from collections import MutableMapping as DictMixin -+ from collections.abc import MutableMapping as DictMixin - import pickle - from io import BytesIO - from configparser import ConfigParser diff --git a/bottle-0.12.13.tar.gz b/bottle-0.12.13.tar.gz deleted file mode 100644 index 66c0063d573fc0f08f71da079a8b1ddc10d2773d..0000000000000000000000000000000000000000 Binary files a/bottle-0.12.13.tar.gz and /dev/null differ diff --git a/bottle-0.12.23.tar.gz b/bottle-0.12.23.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1a774956dafe38d3767e4f10537a6fbaa85c227b Binary files /dev/null and b/bottle-0.12.23.tar.gz differ diff --git a/python-bottle.spec b/python-bottle.spec index c1808822809a6f607e922679cb4762ab6a86f29c..e492703d0c28fb9cd33a0db5d008653c32fb1ecd 100644 --- a/python-bottle.spec +++ b/python-bottle.spec @@ -1,53 +1,85 @@ -Name: python-bottle -Version: 0.12.13 -Release: 11 -Summary: WSGI micro web-framework for Python. -License: MIT -URL: https://github.com/bottlepy/bottle -Source0: https://github.com/bottlepy/bottle/archive/%{version}/bottle-%{version}.tar.gz -Patch0000: CVE-2020-28473.patch -#https://github.com/bottlepy/bottle/commit/eff4960d941b51629f8378b1bd9498ed2aec92c7 -Patch0001: Fix-Python-3.7-collections.abc-DeprecationWarning.patch -#https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 -Patch0002: CVE-2022-31799.patch - -BuildArch: noarch -BuildRequires: python3-devel python3-setuptools +%global _empty_manifest_terminate_build 0 +Name: python-bottle +Version: 0.12.23 +Release: 1 +Summary: WSGI micro web-framework for Python. +License: MIT +URL: https://github.com/bottlepy/bottle +Source0: https://files.pythonhosted.org/packages/7c/58/75f3765b0a3f86ef0b6e0b23d0503920936752ca6e0fc27efce7403b01bd/bottle-0.12.23.tar.gz +BuildArch: noarch + %description Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. -%package -n python3-bottle -Summary: WSGI micro web-framework for Python. -%{?python_provide:%python_provide python%{python3_pkgversion}-bottle} +%package -n python3-bottle +Summary: WSGI micro web-framework for Python. +Provides: python-bottle = %{version}-%{release} +BuildRequires: python3-devel python3-setuptools + +%description -n python3-bottle +Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. +It is distributed as a single file module and has no dependencies other than +the Python Standard Library. + +%package help +Summary: Development documents and examples for bottle +Provides: python3-bottle-doc -%description -n python3-bottle +%description help Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. %prep -%autosetup -n bottle-%{version} -p1 -sed -i '/^#!/d' bottle.py +%autosetup -n bottle-%{version} %build %py3_build %install %py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . %check %__python3 test/testall.py verbose || : -%files -n python3-bottle -%license LICENSE -%doc AUTHORS README.rst -%{python3_sitelib}/* -%exclude %{_bindir}/bottle.py +%files -n python3-bottle -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* %changelog +* Fri Nov 18 2022 liqiuyu - 0.12.23-1 +- Update package to version 0.12.23 + * Tue Jun 14 2022 yaoxin - 0.12.13-11 - Fix CVE-2022-31799