Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-mistune for openSUSE:Factory checked in at 2022-01-08 23:23:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-mistune (Old) and /work/SRC/openSUSE:Factory/.python-mistune.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-mistune" Sat Jan 8 23:23:05 2022 rev:12 rq:944542 version:2.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-mistune/python-mistune.changes 2022-01-03 10:48:54.775568809 +0100 +++ /work/SRC/openSUSE:Factory/.python-mistune.new.1892/python-mistune.changes 2022-01-08 23:23:09.586209140 +0100 @@ -1,0 +2,7 @@ +Thu Jan 6 19:50:25 UTC 2022 - Matej Cepl <mc...@suse.com> + +- Add 295-overagreesive-escape_url.patch make + mistune.util.escape_url less aggressive + (gh#lepture/mistune#295). + +------------------------------------------------------------------- New: ---- 295-overagreesive-escape_url.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-mistune.spec ++++++ --- /var/tmp/diff_new_pack.yH6lvk/_old 2022-01-08 23:23:11.710210874 +0100 +++ /var/tmp/diff_new_pack.yH6lvk/_new 2022-01-08 23:23:11.714210878 +0100 @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,9 @@ Group: Development/Languages/Python URL: https://github.com/lepture/mistune Source: https://github.com/lepture/%{modname}/archive/refs/tags/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz +# PATCH-FIX-UPSTREAM 295-overagreesive-escape_url.patch gh#lepture/mistune#295 mc...@suse.com +# Make mistune.util.escape_url less aggressive +Patch0: 295-overagreesive-escape_url.patch BuildRequires: %{python_module pip} BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} ++++++ 295-overagreesive-escape_url.patch ++++++ >From fc2cd53d7698e432ab5b250ffac53458263a49e2 Mon Sep 17 00:00:00 2001 From: Jeff Dairiki <dair...@dairiki.org> Date: Thu, 6 Jan 2022 09:30:32 -0800 Subject: [PATCH] Make mistune.util.escape_url less aggressive MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds ';', '!', and '$' to the set of characters which will be passed unmolested by escape_url. These are all in RFC 3986 reserved character list ??? that is to say: escaping these may change the meaning of a URL. --- mistune/util.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mistune/util.py b/mistune/util.py index 192f6ef..f99fe37 100644 --- a/mistune/util.py +++ b/mistune/util.py @@ -20,7 +20,12 @@ def escape(s, quote=True): def escape_url(link): - safe = '/#:()*?=%@+,&' + safe = ( + ':/?#@' # gen-delims - '[]' (rfc3986) + '!$&()*+,;=' # sub-delims - "'" (rfc3986) + '%' # leave already-encoded octets alone + ) + if html is None: return quote(link.encode('utf-8'), safe=safe) return html.escape(quote(html.unescape(link), safe=safe))