Upgrade package to version 0.12.25

2023-05-26 16:44:36 +08:00 · 2023-05-26 16:44:36 +08:00 · 0953fee560
commit 0953fee560
parent e98bacd864
6 changed files with 5 additions and 104 deletions
--- a/CVE-2020-28473.patch
+++ b/CVE-2020-28473.patch
@ -1,27 +0,0 @@
 From 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b Mon Sep 17 00:00:00 2001
 From: Marcel Hellkamp <marc@gsites.de>
 Date: Wed, 11 Nov 2020 19:24:29 +0100
 Subject: [PATCH] Do not split query strings on `;` anymore.
 Using `;` as a separator instead of `&` was allowed a long time ago,
 but is now obsolete and actually invalid according to the 2014 W3C
 recommendations. Even if this change is technically backwards-incompatible,
 no real-world application should depend on broken behavior. If you REALLY
 need this functionality, monkey-patch the _parse_qsl() function.
 ---
 bottle.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/bottle.py b/bottle.py
 index bcfc5e62..417b01b9 100644
 --- a/bottle.py
 +++ b/bottle.py
@@ -2585,7 +2585,7 @@ def parse_range_header(header, maxlen=0):
 def _parse_qsl(qs):
     r = []
 -    for pair in qs.replace(';','&').split('&'):
 +    for pair in qs.split('&'):
         if not pair: continue
         nv = pair.split('=', 1)
         if len(nv) != 2: nv.append('')
--- a/CVE-2022-31799.patch
+++ b/CVE-2022-31799.patch
@ -1,40 +0,0 @@
 From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001
 From: Marcel Hellkamp <marc@gsites.de>
 Date: Thu, 26 May 2022 14:49:32 +0200
 Subject: [PATCH] Gracefully handle errors during early request binding.
 ---
 bottle.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)
 diff --git a/bottle.py b/bottle.py
 index 04ccf7da..035f99ec 100644
 --- a/bottle.py
 +++ b/bottle.py
@@ -848,17 +848,19 @@ def default_error_handler(self, res):
         return tob(template(ERROR_PAGE_TEMPLATE, e=res))
     def _handle(self, environ):
 -        path = environ['bottle.raw_path'] = environ['PATH_INFO']
 -        if py3k:
 -            try:
 -                environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
 -            except UnicodeError:
 -                return HTTPError(400, 'Invalid path string. Expected UTF-8')
 -
         try:
 +
             environ['bottle.app'] = self
             request.bind(environ)
             response.bind()
 +
 +            path = environ['bottle.raw_path'] = environ['PATH_INFO']
 +            if py3k:
 +                try:
 +                    environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
 +                except UnicodeError:
 +                    return HTTPError(400, 'Invalid path string. Expected UTF-8')
 +
             try:
                 self.trigger_hook('before_request')
                 route, args = self.router.match(environ)
--- a/Fix-Python-3.7-collections.abc-DeprecationWarning.patch
+++ b/Fix-Python-3.7-collections.abc-DeprecationWarning.patch
@ -1,29 +0,0 @@
 From eff4960d941b51629f8378b1bd9498ed2aec92c7 Mon Sep 17 00:00:00 2001
 From: Adam Johnson <me@adamj.eu>
 Date: Wed, 8 May 2019 16:48:24 +0100
 Subject: [PATCH] Fix Python 3.7 collections.abc DeprecationWarning
 Should fix this
 ```
 /.../bin/bottle.py:87: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it wil
 l stop working
    from collections import MutableMapping as DictMixin
 ```
 ---
 bottle.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/bottle.py b/bottle.py
 index 3a51b38..f8398f1 100644
 --- a/bottle.py
 +++ b/bottle.py
@@ -84,7 +84,7 @@ if py3k:
     from urllib.parse import urlencode, quote as urlquote, unquote as urlunquote
     urlunquote = functools.partial(urlunquote, encoding='latin1')
     from http.cookies import SimpleCookie
 -    from collections import MutableMapping as DictMixin
 +    from collections.abc import MutableMapping as DictMixin
     import pickle
     from io import BytesIO
     from configparser import ConfigParser
--- a/bottle-0.12.13.tar.gz
+++ b/bottle-0.12.13.tar.gz
--- a/bottle-0.12.25.tar.gz
+++ b/bottle-0.12.25.tar.gz
--- a/python-bottle.spec
+++ b/python-bottle.spec
@ -1,16 +1,10 @@
 Name:           python-bottle
-Version:        0.12.13
+Version:        0.12.25
-Release:        11
+Release:        1
 Summary:        WSGI micro web-framework for Python.
 License:        MIT
 URL:            https://github.com/bottlepy/bottle
 Source0:        https://github.com/bottlepy/bottle/archive/%{version}/bottle-%{version}.tar.gz
 Patch0000:      CVE-2020-28473.patch
 #https://github.com/bottlepy/bottle/commit/eff4960d941b51629f8378b1bd9498ed2aec92c7
 Patch0001:      Fix-Python-3.7-collections.abc-DeprecationWarning.patch
 #https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
 Patch0002:      CVE-2022-31799.patch
 BuildArch:      noarch
 BuildRequires:  python3-devel python3-setuptools
@ -48,6 +42,9 @@ sed -i '/^#!/d' bottle.py
 %exclude %{_bindir}/bottle.py
 %changelog
 * Fri May 26 2023 wulei <wu_lei@hoperun.com> - 0.12.25-1
 - Upgrade package to version 0.12.25
 * Tue Jun 14 2022 yaoxin <yaoxin30@h-partners.com> - 0.12.13-11
 - Fix CVE-2022-31799