Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-mistune for openSUSE:Factory
checked in at 2022-09-20 19:23:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-mistune (Old)
and /work/SRC/openSUSE:Factory/.python-mistune.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-mistune"
Tue Sep 20 19:23:12 2022 rev:14 rq:1004639 version:2.0.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-mistune/python-mistune.changes
2022-02-17 23:40:55.255700718 +0100
+++ /work/SRC/openSUSE:Factory/.python-mistune.new.2083/python-mistune.changes
2022-09-20 19:23:16.538421034 +0200
@@ -1,0 +2,9 @@
+Mon Sep 19 09:14:34 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 2.0.4 (bsc#1201862, CVE-2022-34749):
+ * Fix url plugin in <a> tag
+ * Fix * formatting
+ * Fix table plugin
+ * Security fix for CVE-2022-34749
+
+-------------------------------------------------------------------
Old:
----
mistune-2.0.2.tar.gz
New:
----
mistune-2.0.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-mistune.spec ++++++
--- /var/tmp/diff_new_pack.pI0zGS/_old 2022-09-20 19:23:17.018422411 +0200
+++ /var/tmp/diff_new_pack.pI0zGS/_new 2022-09-20 19:23:17.026422434 +0200
@@ -20,7 +20,7 @@
%define modname mistune
%define skip_python2 1
Name: python-%{modname}
-Version: 2.0.2
+Version: 2.0.4
Release: 0
Summary: Python Markdown parser with renderers and plugins
License: BSD-3-Clause
++++++ mistune-2.0.2.tar.gz -> mistune-2.0.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/docs/advanced.rst
new/mistune-2.0.4/docs/advanced.rst
--- old/mistune-2.0.2/docs/advanced.rst 2022-01-14 07:27:29.000000000 +0100
+++ new/mistune-2.0.4/docs/advanced.rst 2022-07-15 01:26:55.000000000 +0200
@@ -37,6 +37,7 @@
# block level
paragraph(self, text)
heading(self, text, level)
+ heading(self, text, level, tid) # when TOC directive is enabled
thematic_break(self)
block_text(self, text)
block_code(self, code, info=None)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/docs/changes.rst
new/mistune-2.0.4/docs/changes.rst
--- old/mistune-2.0.2/docs/changes.rst 2022-01-14 07:27:29.000000000 +0100
+++ new/mistune-2.0.4/docs/changes.rst 2022-07-15 01:26:55.000000000 +0200
@@ -3,6 +3,29 @@
Here is the full history of mistune v2.
+Version 2.0.4
+~~~~~~~~~~~~~
+
+Released on Jul 15, 2022
+
+* Fix ``url`` plugin in ``<a>`` tag
+* Fix ``*`` formatting
+
+Version 2.0.3
+~~~~~~~~~~~~~
+
+Released on Jun 27, 2022
+
+* Fix ``table`` plugin
+* Security fix for CVE-2022-34749
+
+Version 2.0.2
+~~~~~~~~~~~~~
+
+Released on Jan 14, 2022
+
+Fix ``escape_url``
+
Version 2.0.1
~~~~~~~~~~~~~
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/docs/directives.rst
new/mistune-2.0.4/docs/directives.rst
--- old/mistune-2.0.2/docs/directives.rst 2022-01-14 07:27:29.000000000
+0100
+++ new/mistune-2.0.4/docs/directives.rst 2022-07-15 01:26:55.000000000
+0200
@@ -75,6 +75,17 @@
plugins=[DirectiveToc()]
)
+If **TOC** directive is enabled, the ``heading`` method of renderer will accept
+one more paramter::
+
+ def heading(self, text, level):
+ # without TOC directive
+ return ''
+
+ def heading(self, text, level, tid):
+ # with TOC directive
+ return ''
+
Include
-------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/docs/guide.rst
new/mistune-2.0.4/docs/guide.rst
--- old/mistune-2.0.2/docs/guide.rst 2022-01-14 07:27:29.000000000 +0100
+++ new/mistune-2.0.4/docs/guide.rst 2022-07-15 01:26:55.000000000 +0200
@@ -12,7 +12,7 @@
by default:
* No escape of HTML tags
-* With **strikethough** plugin
+* With **strikethrough** plugin
* With **table** plugin
* With **footnote** plugin
@@ -46,7 +46,7 @@
# ==>
'<p>~~s~~</p>'
- markdown = mistune.create_markdown(plugins=['strikethough'])
+ markdown = mistune.create_markdown(plugins=['strikethrough'])
markdown('~~s~~')
# ==>
'<p><del>s</del></p>'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/mistune/__init__.py
new/mistune-2.0.4/mistune/__init__.py
--- old/mistune-2.0.2/mistune/__init__.py 2022-01-14 07:27:29.000000000
+0100
+++ new/mistune-2.0.4/mistune/__init__.py 2022-07-15 01:26:55.000000000
+0200
@@ -60,4 +60,4 @@
'html', 'create_markdown', 'markdown',
]
-__version__ = '2.0.2'
+__version__ = '2.0.4'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/mistune/inline_parser.py
new/mistune-2.0.4/mistune/inline_parser.py
--- old/mistune-2.0.2/mistune/inline_parser.py 2022-01-14 07:27:29.000000000
+0100
+++ new/mistune-2.0.4/mistune/inline_parser.py 2022-07-15 01:26:55.000000000
+0200
@@ -64,8 +64,8 @@
#: _emphasis_ __strong__
ASTERISK_EMPHASIS = (
r'(\*{1,2})(?=[^\s*])('
- r'(?:\\[\\*]|[^*])*'
- r'(?:' + ESCAPE_TEXT + r'|[^\s*]))\1'
+ r'(?:(?:(?<!\\)(?:\\\\)*\*)|[^*])+?'
+ r')(?<!\\)\1'
)
UNDERSCORE_EMPHASIS = (
r'\b(_{1,2})(?=[^\s_])([\s\S]*?'
@@ -193,6 +193,10 @@
def parse_inline_html(self, m, state):
html = m.group(0)
+ if html.startswith('<a '):
+ state['_in_link'] = True
+ if html.startswith('</a>'):
+ state['_in_link'] = False
return 'inline_html', html
def parse_text(self, text, state):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/mistune/plugins/extra.py
new/mistune-2.0.4/mistune/plugins/extra.py
--- old/mistune-2.0.2/mistune/plugins/extra.py 2022-01-14 07:27:29.000000000
+0100
+++ new/mistune-2.0.4/mistune/plugins/extra.py 2022-07-15 01:26:55.000000000
+0200
@@ -8,7 +8,10 @@
def parse_url_link(inline, m, state):
- return 'link', escape_url(m.group(0))
+ url = m.group(0)
+ if state.get('_in_link'):
+ return 'text', url
+ return 'link', escape_url(url)
def plugin_url(md):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/mistune/plugins/table.py
new/mistune-2.0.4/mistune/plugins/table.py
--- old/mistune-2.0.2/mistune/plugins/table.py 2022-01-14 07:27:29.000000000
+0100
+++ new/mistune-2.0.4/mistune/plugins/table.py 2022-07-15 01:26:55.000000000
+0200
@@ -95,6 +95,15 @@
'text': text,
'params': (aligns[i], False)
})
+
+ if len(cells) < len(aligns):
+ for align in aligns[len(cells):]:
+ cells.append({
+ 'type': 'table_cell',
+ 'text': '',
+ 'params': (align, False),
+ })
+
return {'type': 'table_row', 'children': cells}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/setup.py new/mistune-2.0.4/setup.py
--- old/mistune-2.0.2/setup.py 1970-01-01 01:00:00.000000000 +0100
+++ new/mistune-2.0.4/setup.py 2022-07-15 01:26:55.000000000 +0200
@@ -0,0 +1,5 @@
+from setuptools import setup
+
+# Metadata goes in setup.cfg. These are here for GitHub's dependency graph.
+
+setup(name="mistune")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/tests/fixtures/non-commonmark.txt
new/mistune-2.0.4/tests/fixtures/non-commonmark.txt
--- old/mistune-2.0.2/tests/fixtures/non-commonmark.txt 2022-01-14
07:27:29.000000000 +0100
+++ new/mistune-2.0.4/tests/fixtures/non-commonmark.txt 2022-07-15
01:26:55.000000000 +0200
@@ -13,12 +13,6 @@
````````````````````````````````
```````````````````````````````` example
-[link *foo **bar** `#`*](/uri)
-.
-<p><a href="/uri">link *foo <strong>bar</strong> <code>#</code>*</a></p>
-````````````````````````````````
-
-```````````````````````````````` example
[foo [bar](/uri)](/uri)
.
<p><a href="/uri">foo [bar](/uri)</a></p>
@@ -49,14 +43,6 @@
````````````````````````````````
```````````````````````````````` example
-[link *foo **bar** `#`*][ref]
-
-[ref]: /uri
-.
-<p><a href="/uri">link *foo <strong>bar</strong> <code>#</code>*</a></p>
-````````````````````````````````
-
-```````````````````````````````` example
[foo [bar](/uri)][ref]
[ref]: /uri
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/mistune-2.0.2/tests/fixtures/table.txt
new/mistune-2.0.4/tests/fixtures/table.txt
--- old/mistune-2.0.2/tests/fixtures/table.txt 2022-01-14 07:27:29.000000000
+0100
+++ new/mistune-2.0.4/tests/fixtures/table.txt 2022-07-15 01:26:55.000000000
+0200
@@ -280,3 +280,30 @@
</tbody>
</table>
````````````````````````````````
+
+
+```````````````````````````````` example
+| Foo | Bar |
+|-----|-----|
+| boo | baz |
+| faz | |
+.
+<table>
+<thead>
+<tr>
+ <th>Foo</th>
+ <th>Bar</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+ <td>boo</td>
+ <td>baz</td>
+</tr>
+<tr>
+ <td>faz</td>
+ <td></td>
+</tr>
+</tbody>
+</table>
+````````````````````````````````
