commit 9a43a807c98b38df54b6187d663e11882081d247 Author: CentOS Sources Date: Tue Apr 28 04:48:49 2020 -0400 import python-flask-0.12.2-4.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5fdcf88 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/Flask-0.12.2.tar.gz diff --git a/.python-flask.metadata b/.python-flask.metadata new file mode 100644 index 0000000..b910a22 --- /dev/null +++ b/.python-flask.metadata @@ -0,0 +1 @@ +8193757ded6a4f0e7c9a3ce291bf3ae3a1d402c5 SOURCES/Flask-0.12.2.tar.gz diff --git a/SOURCES/0001-detect-UTF-encodings-when-loading-json.patch b/SOURCES/0001-detect-UTF-encodings-when-loading-json.patch new file mode 100644 index 0000000..67b925a --- /dev/null +++ b/SOURCES/0001-detect-UTF-encodings-when-loading-json.patch @@ -0,0 +1,167 @@ +From 50062c4d8c4108d17b7f12d9518ce883956d3921 Mon Sep 17 00:00:00 2001 +From: David Lord +Date: Tue, 10 Apr 2018 09:29:48 -0700 +Subject: [PATCH] detect UTF encodings when loading json + +(cherry picked from commit 0e1e9a04aaf29ab78f721cfc79ac2a691f6e3929) +--- + flask/json.py | 49 ++++++++++++++++++++++++++++++++++++++++++- + flask/wrappers.py | 13 +++--------- + tests/test_helpers.py | 28 ++++++++++++++----------- + 3 files changed, 67 insertions(+), 23 deletions(-) + +diff --git a/flask/json.py b/flask/json.py +index 16e0c29..114873e 100644 +--- a/flask/json.py ++++ b/flask/json.py +@@ -8,6 +8,7 @@ + :copyright: (c) 2015 by Armin Ronacher. + :license: BSD, see LICENSE for more details. + """ ++import codecs + import io + import uuid + from datetime import date +@@ -108,6 +109,49 @@ def _load_arg_defaults(kwargs): + kwargs.setdefault('cls', JSONDecoder) + + ++def detect_encoding(data): ++ """Detect which UTF codec was used to encode the given bytes. ++ ++ The latest JSON standard (:rfc:`8259`) suggests that only UTF-8 is ++ accepted. Older documents allowed 8, 16, or 32. 16 and 32 can be big ++ or little endian. Some editors or libraries may prepend a BOM. ++ ++ :param data: Bytes in unknown UTF encoding. ++ :return: UTF encoding name ++ """ ++ head = data[:4] ++ ++ if head[:3] == codecs.BOM_UTF8: ++ return 'utf-8-sig' ++ ++ if b'\x00' not in head: ++ return 'utf-8' ++ ++ if head in (codecs.BOM_UTF32_BE, codecs.BOM_UTF32_LE): ++ return 'utf-32' ++ ++ if head[:2] in (codecs.BOM_UTF16_BE, codecs.BOM_UTF16_LE): ++ return 'utf-16' ++ ++ if len(head) == 4: ++ if head[:3] == b'\x00\x00\x00': ++ return 'utf-32-be' ++ ++ if head[::2] == b'\x00\x00': ++ return 'utf-16-be' ++ ++ if head[1:] == b'\x00\x00\x00': ++ return 'utf-32-le' ++ ++ if head[1::2] == b'\x00\x00': ++ return 'utf-16-le' ++ ++ if len(head) == 2: ++ return 'utf-16-be' if head.startswith(b'\x00') else 'utf-16-le' ++ ++ return 'utf-8' ++ ++ + def dumps(obj, **kwargs): + """Serialize ``obj`` to a JSON formatted ``str`` by using the application's + configured encoder (:attr:`~flask.Flask.json_encoder`) if there is an +@@ -142,7 +186,10 @@ def loads(s, **kwargs): + """ + _load_arg_defaults(kwargs) + if isinstance(s, bytes): +- s = s.decode(kwargs.pop('encoding', None) or 'utf-8') ++ encoding = kwargs.pop('encoding', None) ++ if encoding is None: ++ encoding = detect_encoding(s) ++ s = s.decode(encoding) + return _json.loads(s, **kwargs) + + +diff --git a/flask/wrappers.py b/flask/wrappers.py +index 04bdcb5..3e600fc 100644 +--- a/flask/wrappers.py ++++ b/flask/wrappers.py +@@ -144,17 +144,10 @@ class Request(RequestBase): + if not (force or self.is_json): + return None + +- # We accept a request charset against the specification as +- # certain clients have been using this in the past. This +- # fits our general approach of being nice in what we accept +- # and strict in what we send out. +- request_charset = self.mimetype_params.get('charset') ++ data = _get_data(self, cache) ++ + try: +- data = _get_data(self, cache) +- if request_charset is not None: +- rv = json.loads(data, encoding=request_charset) +- else: +- rv = json.loads(data) ++ rv = json.loads(data) + except ValueError as e: + if silent: + rv = None +diff --git a/tests/test_helpers.py b/tests/test_helpers.py +index 9320ef7..9990782 100644 +--- a/tests/test_helpers.py ++++ b/tests/test_helpers.py +@@ -21,6 +21,8 @@ from werkzeug.datastructures import Range + from werkzeug.exceptions import BadRequest, NotFound + from werkzeug.http import parse_cache_control_header, parse_options_header + from werkzeug.http import http_date ++ ++from flask import json + from flask._compat import StringIO, text_type + + +@@ -34,6 +36,20 @@ def has_encoding(name): + + + class TestJSON(object): ++ @pytest.mark.parametrize('value', ( ++ 1, 't', True, False, None, ++ [], [1, 2, 3], ++ {}, {'foo': u'🐍'}, ++ )) ++ @pytest.mark.parametrize('encoding', ( ++ 'utf-8', 'utf-8-sig', ++ 'utf-16-le', 'utf-16-be', 'utf-16', ++ 'utf-32-le', 'utf-32-be', 'utf-32', ++ )) ++ def test_detect_encoding(self, value, encoding): ++ data = json.dumps(value).encode(encoding) ++ assert json.detect_encoding(data) == encoding ++ assert json.loads(data) == value + + def test_ignore_cached_json(self): + app = flask.Flask(__name__) +@@ -85,18 +101,6 @@ class TestJSON(object): + rv = c.post('/json', data='"foo"', content_type='application/x+json') + assert rv.data == b'foo' + +- def test_json_body_encoding(self): +- app = flask.Flask(__name__) +- app.testing = True +- @app.route('/') +- def index(): +- return flask.request.get_json() +- +- c = app.test_client() +- resp = c.get('/', data=u'"Hällo Wörld"'.encode('iso-8859-15'), +- content_type='application/json; charset=iso-8859-15') +- assert resp.data == u'Hällo Wörld'.encode('utf-8') +- + def test_json_as_unicode(self): + app = flask.Flask(__name__) + +-- +2.17.1 + diff --git a/SOURCES/0002-Fix-ValueError-for-some-invalid-Range-requests.patch b/SOURCES/0002-Fix-ValueError-for-some-invalid-Range-requests.patch new file mode 100644 index 0000000..3ffd4c2 --- /dev/null +++ b/SOURCES/0002-Fix-ValueError-for-some-invalid-Range-requests.patch @@ -0,0 +1,87 @@ +From c52e1b7388c17466a551391cdf81964bf0b7aef0 Mon Sep 17 00:00:00 2001 +From: ThiefMaster +Date: Thu, 23 Nov 2017 10:32:13 +0100 +Subject: [PATCH 2/3] Fix ValueError for some invalid Range requests + +fixes #2526 +--- + CHANGES | 8 ++++++++ + flask/helpers.py | 3 ++- + tests/test_helpers.py | 21 ++++++++++++++++++++- + 3 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 3456276a..b32b98cb 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -15,6 +15,14 @@ Major release, unreleased + method returns compressed response by default, and pretty response in + debug mode. + ++Version 0.12.3 ++-------------- ++ ++Bugfix release, unreleased ++ ++- Fix a ValueError caused by invalid Range requests in some cases ++ ++ + Version 0.12.2 + -------------- + +diff --git a/flask/helpers.py b/flask/helpers.py +index 4bb1d1c9..caaad9a3 100644 +--- a/flask/helpers.py ++++ b/flask/helpers.py +@@ -591,7 +591,8 @@ def send_file(filename_or_fp, mimetype=None, as_attachment=False, + rv = rv.make_conditional(request, accept_ranges=True, + complete_length=fsize) + except RequestedRangeNotSatisfiable: +- file.close() ++ if file is not None: ++ file.close() + raise + else: + rv = rv.make_conditional(request) +diff --git a/tests/test_helpers.py b/tests/test_helpers.py +index 9320ef71..69350751 100644 +--- a/tests/test_helpers.py ++++ b/tests/test_helpers.py +@@ -468,7 +468,7 @@ class TestSendfile(object): + + @pytest.mark.skipif( + not callable(getattr(Range, 'to_content_range_header', None)), +- reason="not implement within werkzeug" ++ reason="not implemented within werkzeug" + ) + def test_send_file_range_request(self): + app = flask.Flask(__name__) +@@ -529,6 +529,25 @@ class TestSendfile(object): + assert rv.status_code == 200 + rv.close() + ++ @pytest.mark.skipif( ++ not callable(getattr(Range, 'to_content_range_header', None)), ++ reason="not implemented within werkzeug" ++ ) ++ def test_send_file_range_request_xsendfile_invalid(self): ++ # https://github.com/pallets/flask/issues/2526 ++ app = flask.Flask(__name__) ++ app.use_x_sendfile = True ++ ++ @app.route('/') ++ def index(): ++ return flask.send_file('static/index.html', conditional=True) ++ ++ c = app.test_client() ++ ++ rv = c.get('/', headers={'Range': 'bytes=1000-'}) ++ assert rv.status_code == 416 ++ rv.close() ++ + def test_attachment(self): + app = flask.Flask(__name__) + with app.test_request_context(): +-- +2.21.0 + diff --git a/SOURCES/0003-be-smarter-about-adding-.cli-to-reloader-command.patch b/SOURCES/0003-be-smarter-about-adding-.cli-to-reloader-command.patch new file mode 100644 index 0000000..4b9f293 --- /dev/null +++ b/SOURCES/0003-be-smarter-about-adding-.cli-to-reloader-command.patch @@ -0,0 +1,47 @@ +From 18c9db47940c1195809a0c82fcb85601c3f4df46 Mon Sep 17 00:00:00 2001 +From: David Lord +Date: Sun, 4 Jun 2017 12:26:21 -0700 +Subject: [PATCH 3/3] be smarter about adding ".cli" to reloader command python + -m flask.cli raises an import warning on > 2.6 it's only needed on 2.6, + "flask" works otherwise + +--- + flask/cli.py | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/flask/cli.py b/flask/cli.py +index 074ee768..ca455671 100644 +--- a/flask/cli.py ++++ b/flask/cli.py +@@ -494,19 +494,19 @@ Example usage: + + + def main(as_module=False): +- this_module = __package__ + '.cli' + args = sys.argv[1:] + + if as_module: +- if sys.version_info >= (2, 7): +- name = 'python -m ' + this_module.rsplit('.', 1)[0] +- else: +- name = 'python -m ' + this_module ++ this_module = 'flask' ++ ++ if sys.version_info < (2, 7): ++ this_module += '.cli' ++ ++ name = 'python -m ' + this_module + +- # This module is always executed as "python -m flask.run" and as such +- # we need to ensure that we restore the actual command line so that +- # the reloader can properly operate. +- sys.argv = ['-m', this_module] + sys.argv[1:] ++ # Python rewrites "python -m flask" to the path to the file in argv. ++ # Restore the original command so that the reloader works. ++ sys.argv = ['-m', this_module] + args + else: + name = None + +-- +2.21.0 + diff --git a/SPECS/python-flask.spec b/SPECS/python-flask.spec new file mode 100644 index 0000000..d149dfa --- /dev/null +++ b/SPECS/python-flask.spec @@ -0,0 +1,280 @@ +%if 0%{?rhel} > 7 +# Disable python2 build by default +%bcond_with python2 +%else +%bcond_without python2 +%endif + +%global modname flask +%global srcname Flask + +Name: python-%{modname} +Version: 0.12.2 +Release: 4%{?dist} +Epoch: 1 +Summary: A micro-framework for Python based on Werkzeug, Jinja 2 and good intentions + +License: BSD +URL: http://flask.pocoo.org/ +Source0: https://github.com/pallets/flask/releases/download/%{version}/Flask-%{version}.tar.gz + +# rhbz#1623180 +# Backported just this patch because 0.12.3+ have added other changes we cannot take. +Patch0001: 0001-detect-UTF-encodings-when-loading-json.patch + +# rhbz#1585318 +# Backport 0.12.4 changes, other than the theme changes which cause no end of problems since +# they depend on their own pallets_sphinx_theme module. +Patch0002: 0002-Fix-ValueError-for-some-invalid-Range-requests.patch +Patch0003: 0003-be-smarter-about-adding-.cli-to-reloader-command.patch + +BuildArch: noarch + +%global _description \ +Flask is called a “micro-framework” because the idea to keep the core\ +simple but extensible. There is no database abstraction layer, no form\ +validation or anything else where different libraries already exist\ +that can handle that. However Flask knows the concept of extensions\ +that can add this functionality into your application as if it was\ +implemented in Flask itself. There are currently extensions for object\ +relational mappers, form validation, upload handling, various open\ +authentication technologies and more. + +%description %{_description} + +%if %{with python2} +%package -n python2-%{modname} +Summary: %{summary} +%{?python_provide:%python_provide python2-%{modname}} +BuildRequires: python2-devel +BuildRequires: python2-setuptools +BuildRequires: python2-pytest +%if 0%{?fedora} >= 26 +BuildRequires: python2-werkzeug +Requires: python2-werkzeug +BuildRequires: python2-jinja2 +Requires: python2-jinja2 +BuildRequires: python2-click +Requires: python2-click +BuildRequires: python2-itsdangerous +Requires: python2-itsdangerous +%else +BuildRequires: python-werkzeug +Requires: python-werkzeug +BuildRequires: python-jinja2 +Requires: python-jinja2 +BuildRequires: python-click +Requires: python-click +BuildRequires: python-itsdangerous +Requires: python-itsdangerous +%endif +%description -n python2-%{modname} %{_description} + +Python 2 version. +%endif # with python2 + +%package -n python%{python3_pkgversion}-%{modname} +Summary: %{summary} +%{?python_provide:%python_provide python%{python3_pkgversion}-%{modname}} +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-pytest +BuildRequires: python%{python3_pkgversion}-jinja2 +BuildRequires: python%{python3_pkgversion}-werkzeug +BuildRequires: python%{python3_pkgversion}-itsdangerous +BuildRequires: python%{python3_pkgversion}-click +Requires: python%{python3_pkgversion}-jinja2 +Requires: python%{python3_pkgversion}-werkzeug +Requires: python%{python3_pkgversion}-itsdangerous +Requires: python%{python3_pkgversion}-click + +%description -n python%{python3_pkgversion}-%{modname} %{_description} + +Python 3 version. + +%package doc +Summary: Documentation for %{name} +Obsoletes: python%{python3_pkgversion}-%{modname}-doc < 1:0.11.1-3 +BuildRequires: python3-sphinx + +%description doc +Documentation and examples for %{name}. + +%prep +%autosetup -p1 -n %{srcname}-%{version} +rm -rf examples/flaskr/ +rm -rf examples/minitwit/ + +%build +%if %{with python2} +%py2_build +%endif # with python2 +%py3_build +PYTHONPATH=`pwd` sphinx-build-3 -b html docs/ docs/_build/html/ +rm -rf docs/_build/html/{.buildinfo,.doctrees} + +%install +%if %{with python2} +%py2_install +mv %{buildroot}%{_bindir}/%{modname}{,-%{python2_version}} +ln -s %{modname}-%{python2_version} %{buildroot}%{_bindir}/%{modname}-2 +%endif # with python2 + +%py3_install +mv %{buildroot}%{_bindir}/%{modname}{,-%{python3_version}} +ln -s %{modname}-%{python3_version} %{buildroot}%{_bindir}/%{modname}-3 + +%if %{with python2} +ln -sf %{modname}-2 %{buildroot}%{_bindir}/%{modname} +%else +ln -sf %{modname}-3 %{buildroot}%{_bindir}/%{modname} +%endif # with python2 + +%check +export LC_ALL=C.UTF-8 +%if %{with python2} +PYTHONPATH=%{buildroot}%{python2_sitelib} py.test-%{python2_version} -v +%endif # with python2 +PYTHONPATH=%{buildroot}%{python3_sitelib} py.test-%{python3_version} -v || : + +%if %{with python2} +%files -n python2-%{modname} +%license LICENSE +%doc CHANGES README +%{_bindir}/%{modname}-2 +%{_bindir}/%{modname}-%{python2_version} +%{python2_sitelib}/%{srcname}-*.egg-info/ +%{python2_sitelib}/%{modname}/ + +%{_bindir}/%{modname} +%endif # with python2 + +%files -n python%{python3_pkgversion}-%{modname} +%license LICENSE +%doc CHANGES README +%{_bindir}/%{modname}-3 +%{_bindir}/%{modname}-%{python3_version} +%{python3_sitelib}/%{srcname}-*.egg-info/ +%{python3_sitelib}/%{modname}/ + +%if %{without python2} +%{_bindir}/%{modname} +%endif # without python2 + +%files doc +%license LICENSE +%doc docs/_build/html examples + +%changelog +* Thu Nov 07 2019 Brian C. Lane - 0.12.2-4 +- Add upstream changes from 0.12.4 + Resolves: rhbz#1585318 +- Add TestJSON to the gating test from upstream + Related: rhbz#1585318 + +* Wed Sep 05 2018 Brian C. Lane - 0.12.2-3 +- detect UTF encodings when loading json (CVE-2018-1000656) + Resolves: rhbz#1623180 + +* Wed Jun 20 2018 Charalampos Stratakis - 1:0.12.2-2 +- Conditionalize the python2 subpackage + +* Thu Feb 15 2018 itamar - 1:0.12.2-1 +- new version + +* Fri Feb 09 2018 Fedora Release Engineering - 1:0.11.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jan 18 2018 Iryna Shcherbina - 1:0.11.1-7 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Thu Jul 27 2017 Fedora Release Engineering - 1:0.11.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 1:0.11.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Dec 13 2016 Stratakis Charalampos - 1:0.11.1-4 +- Rebuild for Python 3.6 +- Have rpmbuild to not fail on python3 test failures + +* Mon Aug 22 2016 Igor Gnatenko - 1:0.11.1-3 +- Fix FTBFS +- Ton of fixes in spec + +* Tue Aug 16 2016 Ricky Elrod - 1:0.11.1-2 +- Attempt a completely fresh build with new NVR. + +* Tue Aug 16 2016 Ricky Elrod - 1:0.11.1-1 +- Latest upstream release. + +* Tue Jul 19 2016 Fedora Release Engineering - 1:0.10.1-9 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Feb 04 2016 Fedora Release Engineering - 1:0.10.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Oct 14 2015 Robert Kuska - 1:0.10.1-7 +- Rebuilt for Python3.5 rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 1:0.10.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1:0.10.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 13 2014 Bohuslav Kabrda - 1:0.10.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 +- Minor fix to rhel macro logic + +* Mon Jul 29 2013 Haïkel Guémar - 1:0.10.1-3 +- fix wrong requires on sphinx (RHBZ #989361) + +* Sat Jul 20 2013 Ricky Elrod - 1:0.10.1-2 +- Nuke a Python3 specific file owned by python3-setuptools. + +* Sat Jun 15 2013 Haïkel Guémar - 1:0.10.1-1 +- upstream 0.10.1 + +* Thu Feb 14 2013 Fedora Release Engineering - 1:0.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Aug 17 2012 Ricky Elrod - 0.9-5 +- Add epoch to subpackage Requires. + +* Wed Aug 8 2012 Ricky Elrod - 0.9-4 +- Fix changelog messup. + +* Wed Aug 8 2012 Ricky Elrod - 0.9-3 +- Unified spec for EL6 and Fedora + +* Sat Jul 21 2012 Fedora Release Engineering - 0.9.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 2 2012 Haïkel Guémar - 0.9.0-1 +- upstream 0.9 +- spec cleanups + +* Sun Jul 1 2012 Haïkel Guémar - 0.8.1-1 +- upstream 0.8.1 (minor bugfixes) + +* Wed Jan 25 2012 Haïkel Guémar - 0.8.0-1 +- upstream 0.8 + +* Sat Jan 14 2012 Fedora Release Engineering - 0.7.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Nov 16 2011 Dan Young - 0.7.2-2 +- don't own easy-install.pth + +* Fri Jul 22 2011 Steve Milner - 0.7.2-1 +- update for upstream release + +* Thu Feb 24 2011 Dan Young - 0.6.1-2 +- fix rpmlint spelling warning +- BR python2-devel rather than python-devel +- run test suite in check + +* Tue Feb 22 2011 Dan Young - 0.6.1-1 +- Initial package