commit trytond for openSUSE:Factory

Source-Sync Mon, 15 Feb 2021 14:21:41 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package trytond for openSUSE:Factory checked 
in at 2021-02-15 23:19:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trytond (Old)
 and      /work/SRC/openSUSE:Factory/.trytond.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "trytond"

Mon Feb 15 23:19:15 2021 rev:55 rq:872368 version:5.0.33

Changes:
--------
--- /work/SRC/openSUSE:Factory/trytond/trytond.changes  2021-02-09 
21:17:12.726838472 +0100
+++ /work/SRC/openSUSE:Factory/.trytond.new.28504/trytond.changes       
2021-02-15 23:21:22.851851099 +0100
@@ -1,0 +2,10 @@
+Mon Feb 15 11:44:23 UTC 2021 - Axel Braun <axel.br...@gmx.de>
+
+- fix_werkzeug.patch adjusted
+
+-------------------------------------------------------------------
+Fri Feb 12 18:10:08 UTC 2021 - Axel Braun <axel.br...@gmx.de>
+
+- Version 5.0.33 - Security fix for https://bugs.tryton.org/issue10068
+
+-------------------------------------------------------------------

Old:
----
  trytond-5.0.32.tar.gz

New:
----
  trytond-5.0.33.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ trytond.spec ++++++
--- /var/tmp/diff_new_pack.Mp0l3E/_old  2021-02-15 23:21:23.515852090 +0100
+++ /var/tmp/diff_new_pack.Mp0l3E/_new  2021-02-15 23:21:23.519852096 +0100
@@ -20,7 +20,7 @@
 %define majorver 5.0
 %define base_name tryton
 Name:           trytond
-Version:        %{majorver}.32
+Version:        %{majorver}.33
 Release:        0
 Summary:        An Enterprise Resource Planning (ERP) system
 License:        GPL-3.0-or-later

++++++ fix_werkzeug.patch ++++++
--- /var/tmp/diff_new_pack.Mp0l3E/_old  2021-02-15 23:21:23.563852162 +0100
+++ /var/tmp/diff_new_pack.Mp0l3E/_new  2021-02-15 23:21:23.563852162 +0100
@@ -1,13 +1,11 @@
-Index: trytond-5.0.18/trytond/wsgi.py
-===================================================================
---- trytond-5.0.18.orig/trytond/wsgi.py
-+++ trytond-5.0.18/trytond/wsgi.py
-@@ -9,8 +9,19 @@ import traceback
+diff -U 3 -dHrN -- a/trytond/wsgi.py b/trytond/wsgi.py
+--- a/trytond/wsgi.py  2021-02-12 10:14:41.000000000 +0100
++++ b/trytond/wsgi.py  2021-02-15 12:37:50.432511576 +0100
+@@ -10,13 +10,23 @@
  from werkzeug.wrappers import Response
  from werkzeug.routing import Map, Rule
  from werkzeug.exceptions import abort, HTTPException, InternalServerError
 -from werkzeug.contrib.fixers import ProxyFix
--from werkzeug.wsgi import SharedDataMiddleware
 +try:
 +    from werkzeug.middleware.proxy_fix import ProxyFix
 +
@@ -17,6 +15,12 @@
 +            x_port=num_proxies, x_prefix=num_proxies)
 +except ImportError:
 +    from werkzeug.contrib.fixers import ProxyFix as NumProxyFix
+ try:
+     from werkzeug.security import safe_join
+ except ImportError:
+     safe_join = posixpath.join
+-
+-from werkzeug.wsgi import SharedDataMiddleware
 +try:
 +    from werkzeug.middleware.shared_data import SharedDataMiddleware
 +except ImportError:
@@ -24,7 +28,7 @@
  
  import wrapt
  
-@@ -150,6 +161,6 @@ if config.get('web', 'root'):
+@@ -157,6 +167,6 @@
      app.wsgi_app = SharedDataMiddlewareIndex(app.wsgi_app, static_files)
  num_proxies = config.getint('web', 'num_proxies')
  if num_proxies:

++++++ trytond-5.0.32.tar.gz -> trytond-5.0.33.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/trytond-5.0.32/.hgtags new/trytond-5.0.33/.hgtags
--- old/trytond-5.0.32/.hgtags  2021-02-01 22:50:57.000000000 +0100
+++ new/trytond-5.0.33/.hgtags  2021-02-12 10:14:44.000000000 +0100
@@ -51,3 +51,4 @@
 0b23f3ed8c1c099bdf64733bafd29e873b801a5a 5.0.30
 bc3e5508144ab909a7980010ce21f9cc17be29f7 5.0.31
 c485f522f9aa8c544e0857795c540c1b95c0407e 5.0.32
+268cdae7d36eb3730bc9b722518fa26bd778cdf3 5.0.33
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/trytond-5.0.32/CHANGELOG new/trytond-5.0.33/CHANGELOG
--- old/trytond-5.0.32/CHANGELOG        2021-02-01 22:50:56.000000000 +0100
+++ new/trytond-5.0.33/CHANGELOG        2021-02-12 10:14:44.000000000 +0100
@@ -1,3 +1,7 @@
+Version 5.0.33 - 2021-02-12
+* Bug fixes (see mercurial logs for details)
+* Use safe_join in SharedDataMiddlewareIndex (issue10068)
+
 Version 5.0.32 - 2021-02-01
 * Bug fixes (see mercurial logs for details)
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/trytond-5.0.32/PKG-INFO new/trytond-5.0.33/PKG-INFO
--- old/trytond-5.0.32/PKG-INFO 2021-02-01 22:50:59.296959200 +0100
+++ new/trytond-5.0.33/PKG-INFO 2021-02-12 10:14:46.511693200 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: trytond
-Version: 5.0.32
+Version: 5.0.33
 Summary: Tryton server
 Home-page: http://www.tryton.org/
 Author: Tryton
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/trytond-5.0.32/trytond/__init__.py 
new/trytond-5.0.33/trytond/__init__.py
--- old/trytond-5.0.32/trytond/__init__.py      2021-01-01 16:10:47.000000000 
+0100
+++ new/trytond-5.0.33/trytond/__init__.py      2021-02-01 22:51:13.000000000 
+0100
@@ -5,7 +5,7 @@
 import warnings
 from email import charset
 
-__version__ = "5.0.32"
+__version__ = "5.0.33"
 
 os.environ['TZ'] = 'UTC'
 if hasattr(time, 'tzset'):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/trytond-5.0.32/trytond/wsgi.py 
new/trytond-5.0.33/trytond/wsgi.py
--- old/trytond-5.0.32/trytond/wsgi.py  2019-08-11 19:34:43.000000000 +0200
+++ new/trytond-5.0.33/trytond/wsgi.py  2021-02-12 10:14:41.000000000 +0100
@@ -3,6 +3,7 @@
 import http.client
 import logging
 import os
+import posixpath
 import sys
 import traceback
 
@@ -10,6 +11,11 @@
 from werkzeug.routing import Map, Rule
 from werkzeug.exceptions import abort, HTTPException, InternalServerError
 from werkzeug.contrib.fixers import ProxyFix
+try:
+    from werkzeug.security import safe_join
+except ImportError:
+    safe_join = posixpath.join
+
 from werkzeug.wsgi import SharedDataMiddleware
 
 import wrapt
@@ -131,13 +137,14 @@
     def get_directory_loader(self, directory):
         def loader(path):
             if path is not None:
-                path = os.path.join(directory, path)
+                path = safe_join(directory, path)
             else:
                 path = directory
-            if os.path.isdir(path):
-                path = os.path.join(path, 'index.html')
-            if os.path.isfile(path):
-                return os.path.basename(path), self._opener(path)
+            if path is not None:
+                if os.path.isdir(path):
+                    path = posixpath.join(path, 'index.html')
+                if os.path.isfile(path):
+                    return os.path.basename(path), self._opener(path)
             return None, None
         return loader
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/trytond-5.0.32/trytond.egg-info/PKG-INFO 
new/trytond-5.0.33/trytond.egg-info/PKG-INFO
--- old/trytond-5.0.32/trytond.egg-info/PKG-INFO        2021-02-01 
22:50:58.000000000 +0100
+++ new/trytond-5.0.33/trytond.egg-info/PKG-INFO        2021-02-12 
10:14:45.000000000 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: trytond
-Version: 5.0.32
+Version: 5.0.33
 Summary: Tryton server
 Home-page: http://www.tryton.org/
 Author: Tryton

commit trytond for openSUSE:Factory

Reply via email to