6 changed files with 25 additions and 94 deletions
--- a/Adapt_py310.patch
+++ b/Adapt_py310.patch
@ -1,25 +0,0 @@
-From ad952b384b2066d4424af8304444e23e95a2f646 Mon Sep 17 00:00:00 2001
-From: root <root@localhost.localdomain>
-Date: Wed, 2 Mar 2022 18:29:39 +0800
-Subject: [PATCH] to_adapt_py310
-
---
- tests/conftest.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/conftest.py b/tests/conftest.py
-index ec47c86..174aebf 100644
--- a/tests/conftest.py
-+++ b/tests/conftest.py
-@@ -60,7 +60,7 @@ def serve():
-             log.debug("shutting server down")
-             server.shutdown()
-             worker.join(1)
-            if worker.isAlive():
-+            if worker.is_alive():
-                 log.warning('worker is hanged')
-             else:
-                 log.debug("server stopped")
-- 
-2.27.0
-
--- a/WebOb-1.8.2.tar.gz
+++ b/WebOb-1.8.2.tar.gz
--- a/WebOb-1.8.7.tar.gz
+++ b/WebOb-1.8.7.tar.gz
--- a/backport-CVE-2024-42353.patch
+++ b/backport-CVE-2024-42353.patch
@ -1,48 +0,0 @@
-From f689bcf4f0a1f64f1735b1d5069aef5be6974b5b Mon Sep 17 00:00:00 2001
-From: Delta Regeer <xistence@0x58.com>
-Date: Wed, 7 Aug 2024 11:15:35 -0600
-Subject: [PATCH] Add fix for open redirect
-
---
- src/webob/response.py  |  5 +++++
- tests/test_response.py | 11 +++++++++++
- 2 files changed, 16 insertions(+)
-
-diff --git a/src/webob/response.py b/src/webob/response.py
-index 2aad591c..efc38ecf 100644
--- a/src/webob/response.py
-+++ b/src/webob/response.py
-@@ -1284,6 +1284,11 @@ def _make_location_absolute(environ, value):
-         if SCHEME_RE.search(value):
-             return value
- 
-+        # This is to fix an open redirect issue due to the way that
-+        # urlparse.urljoin works. See CVE-2024-42353 and
-+        # https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3
-+        if value.startswith("//"):
-+            value = "/%2f{}".format(value[2:])
-         new_location = urlparse.urljoin(_request_uri(environ), value)
-         return new_location
- 
-diff --git a/tests/test_response.py b/tests/test_response.py
-index 9d9f9d37..8a6ac06d 100644
--- a/tests/test_response.py
-+++ b/tests/test_response.py
-@@ -1031,6 +1031,17 @@ def test_location():
-     assert req.get_response(res).location == 'http://localhost/test2.html'
- 
- 
-+def test_location_no_open_redirect():
-+    # This is a test for a fix for CVE-2024-42353 and
-+    # https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3
-+    res = Response()
-+    res.status = "301"
-+    res.location = "//www.example.com/test"
-+    assert res.location == "//www.example.com/test"
-+    req = Request.blank("/")
-+    assert req.get_response(res).location == "http://localhost/%2fwww.example.com/test"
-+
-+
- @pytest.mark.xfail(sys.version_info < (3,0),
-                    reason="Python 2.x unicode != str, WSGI requires str. Test "
-                    "added due to https://github.com/Pylons/webob/issues/247. "
--- a/python-webob.spec
+++ b/python-webob.spec
@ -1,16 +1,14 @@
 Name:           python-webob
-Version:        1.8.7
+Version:        1.8.2
 Release:        3
 Summary:        WSGI request and response object
 License:        MIT
 URL:            http://pythonpaste.org/webob/
 Source0:        https://files.pythonhosted.org/packages/source/W/WebOb/WebOb-%{version}.tar.gz
-Patch0001:      Adapt_py310.patch
-# https://github.com/Pylons/webob/commit/f689bcf4f0a1f64f1735b1d5069aef5be6974b5b
-Patch3000:      backport-CVE-2024-42353.patch
 BuildArch:      noarch

-BuildRequires:  python3-devel, python3-pytest
+BuildRequires:  python2-devel, python2-setuptools, python2-nose, python2-pytest
+BuildRequires:  python3-devel, python3-setuptools, python3-nose, python3-pytest

 %description
 WebOb provides wrappers around the WSGI request environment,
@ -18,6 +16,19 @@ and an object to help create WSGI responses. The objects map
 much of the specified behavior of HTTP, including header parsing
 and accessors for other standard parts of the environment.

+%package -n python2-webob
+%{?python_provide:%python_provide python2-webob}
+Summary:        WSGI request and response object
+Requires:       python2
+Provides:       python-webob1.2 = %{version}-%{release}
+Obsoletes:      python-webob1.2 < 1.2.3-7
+
+%description -n python2-webob
+WebOb provides wrappers around the WSGI request environment,
+and an object to help create WSGI responses. The objects map
+much of the specified behavior of HTTP, including header parsing
+and accessors for other standard parts of the environment.
+
 %package -n python3-webob
 %{?python_provide:%python_provide python3-webob}
 Summary:        WSGI request and response object
@ -38,32 +49,29 @@ rm -rf docs/_static/.empty
 mv docs/license.txt license.txt

 %build
+%py2_build
 %py3_build

 %install
 %py3_install
+%py2_install

 %check
+export PYTHONPATH=$RPM_BUILD_ROOT%{python2_sitelib}
+py.test tests
 export PYTHONPATH=$RPM_BUILD_ROOT%{python3_sitelib}
 py.test-3 tests

+%files -n python2-webob
+%license license.txt
+%doc docs/*
+%{python2_sitelib}/*
+
 %files -n python3-webob
 %license license.txt
 %doc docs/*
 %{python3_sitelib}/*

 %changelog
-* Thu Aug 15 2024 yaoxin <yao_xin001@hoperun.com> - 1.8.7-3
- Fix CVE-2024-42353
-
-* Wed Mar 02 2022 zhaoshuang <zhaoshuang@uniontech.com> - 1.8.7-2
- remove some unnecessary buildrequirements
-
-* Thu Aug 05 2021 liusheng <liusheng2048@gmail.com> - 1.8.7-1
- Upgrade to version 1.8.7
-
-* Thu Oct 29 2020 xinghe <xinghe1@huawei.com> - 1.8.2-4
- remove python2 dependency
-
 * Fri Feb 14 2020 Ruijun Ge <geruijun@huawei.com> - 1.8.2-3
 - init package
--- a/python-webob.yaml
+++ b/python-webob.yaml
@ -1,4 +0,0 @@
-version_control: pypi
-src_repo: webob
-tag_pattern: ^v
-seperator: .