Hello community, here is the log from the commit of package python3-Werkzeug for openSUSE:Factory checked in at 2016-09-27 13:44:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python3-Werkzeug (Old) and /work/SRC/openSUSE:Factory/.python3-Werkzeug.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-Werkzeug" Changes: -------- --- /work/SRC/openSUSE:Factory/python3-Werkzeug/python3-Werkzeug-doc.changes 2016-07-24 19:52:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python3-Werkzeug.new/python3-Werkzeug-doc.changes 2016-09-27 13:44:17.000000000 +0200 @@ -1,0 +2,15 @@ +Sun Sep 11 15:46:07 UTC 2016 - a...@gmx.de + +- update to version 0.11.11: + * Fix JSONRequestMixin for Python3. See #731 + * Fix broken string handling in test client when passing + integers. See #852 + * Fix a bug in "parse_options_header" where an invalid content type + starting with comma or semi-colon would result in an invalid + return value, see issue "#995". + * Fix a bug in multidicts when passing empty lists as values, see + issue "#979". + * Fix a security issue that allows XSS on the Werkzeug debugger. See + "#1001". + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/python3-Werkzeug/python3-Werkzeug.changes 2016-07-24 19:52:21.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python3-Werkzeug.new/python3-Werkzeug.changes 2016-09-27 13:44:17.000000000 +0200 @@ -1,0 +2,20 @@ +Thu Sep 15 23:48:00 UTC 2016 - toddrme2...@gmail.com + +- Implement unit tests + +------------------------------------------------------------------- +Sun Sep 11 15:46:07 UTC 2016 - a...@gmx.de + +- update to version 0.11.11: + * Fix JSONRequestMixin for Python3. See #731 + * Fix broken string handling in test client when passing + integers. See #852 + * Fix a bug in "parse_options_header" where an invalid content type + starting with comma or semi-colon would result in an invalid + return value, see issue "#995". + * Fix a bug in multidicts when passing empty lists as values, see + issue "#979". + * Fix a security issue that allows XSS on the Werkzeug debugger. See + "#1001". + +------------------------------------------------------------------- Old: ---- Werkzeug-0.11.10.tar.gz New: ---- Werkzeug-0.11.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-Werkzeug-doc.spec ++++++ --- /var/tmp/diff_new_pack.sm9Vuc/_old 2016-09-27 13:44:18.000000000 +0200 +++ /var/tmp/diff_new_pack.sm9Vuc/_new 2016-09-27 13:44:18.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package python3-Werkzeug-doc # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: python3-Werkzeug-doc -Version: 0.11.10 +Version: 0.11.11 Release: 0 Url: http://werkzeug.pocoo.org/ Summary: Documentation for python3-Werkzeug @@ -25,8 +25,8 @@ Group: Documentation/Other Source: https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: python3-Werkzeug = %{version} BuildRequires: python3-Sphinx +BuildRequires: python3-Werkzeug = %{version} BuildRequires: python3-setuptools BuildArch: noarch Requires: python3-Werkzeug = %{version} ++++++ python3-Werkzeug.spec ++++++ --- /var/tmp/diff_new_pack.sm9Vuc/_old 2016-09-27 13:44:18.000000000 +0200 +++ /var/tmp/diff_new_pack.sm9Vuc/_new 2016-09-27 13:44:19.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package python3-Werkzeug # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: python3-Werkzeug -Version: 0.11.10 +Version: 0.11.11 Release: 0 Url: http://werkzeug.pocoo.org/ Summary: The Swiss Army knife of Python web development @@ -26,8 +26,8 @@ Source: https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: python3-devel +BuildRequires: python3-pytest BuildRequires: python3-setuptools -BuildRequires: python3-nose BuildArch: noarch %description @@ -56,6 +56,9 @@ %install python3 setup.py install --prefix=%{_prefix} --root=%{buildroot} +%check +python3 setup.py test + %files %defattr(-,root,root,-) %doc AUTHORS LICENSE CHANGES ++++++ Werkzeug-0.11.10.tar.gz -> Werkzeug-0.11.11.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/AUTHORS new/Werkzeug-0.11.11/AUTHORS --- old/Werkzeug-0.11.10/AUTHORS 2016-05-24 10:19:16.000000000 +0200 +++ new/Werkzeug-0.11.11/AUTHORS 2016-08-31 15:12:07.000000000 +0200 @@ -28,6 +28,8 @@ - Daniel Neuhäuser - Markus Unterwaditzer - Joe Esposito <j...@joeyespo.com> +- Cédric Krier +- Lars Holm Nielsen Contributors of code for werkzeug/examples are: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/CHANGES new/Werkzeug-0.11.11/CHANGES --- old/Werkzeug-0.11.10/CHANGES 2016-05-24 11:19:30.000000000 +0200 +++ new/Werkzeug-0.11.11/CHANGES 2016-08-31 15:12:53.000000000 +0200 @@ -1,6 +1,20 @@ Werkzeug Changelog ================== +Version 0.11.11 +--------------- + +Released on August 31st 2016. + +- Fix JSONRequestMixin for Python3. See #731 +- Fix broken string handling in test client when passing integers. See #852 +- Fix a bug in ``parse_options_header`` where an invalid content type + starting with comma or semi-colon would result in an invalid return value, + see issue ``#995``. +- Fix a bug in multidicts when passing empty lists as values, see issue + ``#979``. +- Fix a security issue that allows XSS on the Werkzeug debugger. See ``#1001``. + Version 0.11.10 --------------- @@ -277,7 +291,7 @@ object (pull request ``#583``). - The ``qop`` parameter for ``WWW-Authenticate`` headers is now always quoted, as required by RFC 2617 (issue ``#633``). -- Fix bug in ``werkzeug.contrib.cache.SimpleCache`` with Python 3 where add/set +- Fix bug in ``werkzeug.contrib.cache.SimpleCache`` with Python 3 where add/set may throw an exception when pruning old entries from the cache (pull request ``#651``). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/PKG-INFO new/Werkzeug-0.11.11/PKG-INFO --- old/Werkzeug-0.11.10/PKG-INFO 2016-05-24 11:19:40.000000000 +0200 +++ new/Werkzeug-0.11.11/PKG-INFO 2016-08-31 15:13:05.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: Werkzeug -Version: 0.11.10 +Version: 0.11.11 Summary: The Swiss Army knife of Python web development Home-page: http://werkzeug.pocoo.org/ Author: Armin Ronacher diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/Werkzeug.egg-info/PKG-INFO new/Werkzeug-0.11.11/Werkzeug.egg-info/PKG-INFO --- old/Werkzeug-0.11.10/Werkzeug.egg-info/PKG-INFO 2016-05-24 11:19:40.000000000 +0200 +++ new/Werkzeug-0.11.11/Werkzeug.egg-info/PKG-INFO 2016-08-31 15:13:04.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: Werkzeug -Version: 0.11.10 +Version: 0.11.11 Summary: The Swiss Army knife of Python web development Home-page: http://werkzeug.pocoo.org/ Author: Armin Ronacher diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/Werkzeug.egg-info/SOURCES.txt new/Werkzeug-0.11.11/Werkzeug.egg-info/SOURCES.txt --- old/Werkzeug-0.11.10/Werkzeug.egg-info/SOURCES.txt 2016-05-24 11:19:40.000000000 +0200 +++ new/Werkzeug-0.11.11/Werkzeug.egg-info/SOURCES.txt 2016-08-31 15:13:04.000000000 +0200 @@ -11,10 +11,8 @@ Werkzeug.egg-info/dependency_links.txt Werkzeug.egg-info/not-zip-safe Werkzeug.egg-info/top_level.txt -artwork/.DS_Store artwork/logo.png artwork/logo.svg -docs/.DS_Store docs/Makefile docs/changes.rst docs/conf.py Files old/Werkzeug-0.11.10/artwork/.DS_Store and new/Werkzeug-0.11.11/artwork/.DS_Store differ Files old/Werkzeug-0.11.10/docs/.DS_Store and new/Werkzeug-0.11.11/docs/.DS_Store differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/tests/contrib/test_wrappers.py new/Werkzeug-0.11.11/tests/contrib/test_wrappers.py --- old/Werkzeug-0.11.10/tests/contrib/test_wrappers.py 2015-09-20 20:59:05.000000000 +0200 +++ new/Werkzeug-0.11.11/tests/contrib/test_wrappers.py 2016-08-28 23:58:14.000000000 +0200 @@ -16,6 +16,16 @@ from werkzeug.wrappers import Request, Response +def test_json_request_mixin(): + class MyRequest(wrappers.JSONRequestMixin, Request): + pass + req = MyRequest.from_values( + data=u'{"foä": "bar"}'.encode('utf-8'), + content_type='text/json' + ) + assert req.json == {u'foä': 'bar'} + + def test_reverse_slash_behavior(): class MyRequest(wrappers.ReverseSlashBehaviorRequestMixin, Request): pass diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_datastructures.py new/Werkzeug-0.11.11/tests/test_datastructures.py --- old/Werkzeug-0.11.10/tests/test_datastructures.py 2016-05-24 10:19:16.000000000 +0200 +++ new/Werkzeug-0.11.11/tests/test_datastructures.py 2016-08-31 15:12:07.000000000 +0200 @@ -377,6 +377,15 @@ assert list(zip(iterkeys(md), iterlistvalues(md))) == \ list(iterlists(md)) + def test_getitem_raise_badrequestkeyerror_for_empty_list_value(self): + mapping = [('a', 'b'), ('a', 'c')] + md = self.storage_class(mapping) + + md.setlistdefault('empty', []) + + with pytest.raises(KeyError): + md['empty'] + class TestOrderedMultiDict(_MutableMultiDictTests): storage_class = datastructures.OrderedMultiDict diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_http.py new/Werkzeug-0.11.11/tests/test_http.py --- old/Werkzeug-0.11.10/tests/test_http.py 2016-02-14 18:55:15.000000000 +0100 +++ new/Werkzeug-0.11.11/tests/test_http.py 2016-08-31 15:12:07.000000000 +0200 @@ -266,6 +266,15 @@ 'text/x-dvi; q=0.8, text/x-c') == \ ('text/plain', {'q': '0.5'}) + def test_parse_options_header_broken_values(self): + # Issue #995 + assert http.parse_options_header(' ') == ('', {}) + assert http.parse_options_header(' , ') == ('', {}) + assert http.parse_options_header(' ; ') == ('', {}) + assert http.parse_options_header(' ,; ') == ('', {}) + assert http.parse_options_header(' , a ') == ('', {}) + assert http.parse_options_header(' ; a ') == ('', {}) + def test_dump_options_header(self): assert http.dump_options_header('foo', {'bar': 42}) == \ 'foo; bar=42' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_test.py new/Werkzeug-0.11.11/tests/test_test.py --- old/Werkzeug-0.11.10/tests/test_test.py 2015-09-20 20:59:05.000000000 +0200 +++ new/Werkzeug-0.11.11/tests/test_test.py 2016-08-31 15:12:07.000000000 +0200 @@ -143,6 +143,7 @@ assert b.content_type == 'application/x-www-form-urlencoded' b.files.add_file('test', BytesIO(b'test contents'), 'test.txt') assert b.files['test'].content_type == 'text/plain' + b.form['test_int'] = 1 assert b.content_type == 'multipart/form-data' req = b.get_request() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/tests/test_wrappers.py new/Werkzeug-0.11.11/tests/test_wrappers.py --- old/Werkzeug-0.11.10/tests/test_wrappers.py 2016-05-24 10:19:16.000000000 +0200 +++ new/Werkzeug-0.11.11/tests/test_wrappers.py 2016-08-31 15:12:07.000000000 +0200 @@ -639,17 +639,25 @@ def test_form_parsing_failed(): - data = ( - b'--blah\r\n' - ) - data = wrappers.Request.from_values( + data = b'--blah\r\n' + request = wrappers.Request.from_values( input_stream=BytesIO(data), content_length=len(data), content_type='multipart/form-data; boundary=foo', method='POST' ) - assert not data.files - assert not data.form + assert not request.files + assert not request.form + + # Bad Content-Type + data = b'test' + request = wrappers.Request.from_values( + input_stream=BytesIO(data), + content_length=len(data), + content_type=', ', + method='POST' + ) + assert not request.form def test_file_closing(): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/__init__.py new/Werkzeug-0.11.11/werkzeug/__init__.py --- old/Werkzeug-0.11.10/werkzeug/__init__.py 2016-05-24 11:19:39.000000000 +0200 +++ new/Werkzeug-0.11.11/werkzeug/__init__.py 2016-08-31 15:13:02.000000000 +0200 @@ -20,7 +20,7 @@ from werkzeug._compat import iteritems # the version. Usually set automatically by a script. -__version__ = '0.11.10' +__version__ = '0.11.11' # This import magic raises concerns quite often which is why the implementation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/contrib/wrappers.py new/Werkzeug-0.11.11/werkzeug/contrib/wrappers.py --- old/Werkzeug-0.11.10/werkzeug/contrib/wrappers.py 2015-09-20 20:59:05.000000000 +0200 +++ new/Werkzeug-0.11.11/werkzeug/contrib/wrappers.py 2016-08-31 15:12:07.000000000 +0200 @@ -56,7 +56,7 @@ if 'json' not in self.environ.get('CONTENT_TYPE', ''): raise BadRequest('Not a JSON request') try: - return loads(self.data) + return loads(self.data.decode(self.charset, self.encoding_errors)) except Exception: raise BadRequest('Unable to read JSON request') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/datastructures.py new/Werkzeug-0.11.11/werkzeug/datastructures.py --- old/Werkzeug-0.11.10/werkzeug/datastructures.py 2016-05-24 10:19:16.000000000 +0200 +++ new/Werkzeug-0.11.11/werkzeug/datastructures.py 2016-08-31 15:12:07.000000000 +0200 @@ -372,6 +372,8 @@ tmp = {} for key, value in iteritems(mapping): if isinstance(value, (tuple, list)): + if len(value) == 0: + continue value = list(value) else: value = [value] @@ -398,7 +400,9 @@ :raise KeyError: if the key does not exist. """ if key in self: - return dict.__getitem__(self, key)[0] + lst = dict.__getitem__(self, key) + if len(lst) > 0: + return lst[0] raise exceptions.BadRequestKeyError(key) def __setitem__(self, key, value): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/debug/tbtools.py new/Werkzeug-0.11.11/werkzeug/debug/tbtools.py --- old/Werkzeug-0.11.10/werkzeug/debug/tbtools.py 2015-10-24 22:22:59.000000000 +0200 +++ new/Werkzeug-0.11.11/werkzeug/debug/tbtools.py 2016-08-31 15:12:01.000000000 +0200 @@ -358,7 +358,7 @@ 'exception': exc, 'exception_type': escape(self.exception_type), 'summary': self.render_summary(include_title=False), - 'plaintext': self.plaintext, + 'plaintext': escape(self.plaintext), 'plaintext_cs': re.sub('-{2,}', '-', self.plaintext), 'traceback_id': self.id, 'secret': secret diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/http.py new/Werkzeug-0.11.11/werkzeug/http.py --- old/Werkzeug-0.11.10/werkzeug/http.py 2016-05-24 10:19:16.000000000 +0200 +++ new/Werkzeug-0.11.11/werkzeug/http.py 2016-08-31 15:12:07.000000000 +0200 @@ -336,7 +336,6 @@ :return: (mimetype, options) or (mimetype, options, mimetype, options, …) if multiple=True """ - if not value: return '', {} @@ -368,7 +367,7 @@ return tuple(result) value = rest - return tuple(result) + return tuple(result) if result else ('', {}) def parse_accept_header(value, cls=None): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Werkzeug-0.11.10/werkzeug/test.py new/Werkzeug-0.11.11/werkzeug/test.py --- old/Werkzeug-0.11.10/werkzeug/test.py 2015-09-20 20:59:05.000000000 +0200 +++ new/Werkzeug-0.11.11/werkzeug/test.py 2016-08-31 15:12:07.000000000 +0200 @@ -99,8 +99,8 @@ else: if not isinstance(value, string_types): value = str(value) - else: - value = to_bytes(value, charset) + + value = to_bytes(value, charset) write('\r\n\r\n') write_binary(value) write('\r\n')