import sources

.gitignore

@@ -0,0 +1 @@
+/bottle-0.12.13.tar.gz

0001-bottle-0.12.13-CVE-2020-28473.patch

@@ -0,0 +1,33 @@
+From 6406338d47034d3d2e6678bdbdafafa6a6e35b2c Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Wed, 11 Nov 2020 19:24:29 +0100
+Subject: [PATCH] Do not split query strings on `;` anymore.
+
+Using `;` as a separator instead of `&` was allowed a long time ago,
+but is now obsolete and actually invalid according to the 2014 W3C
+recommendations. Even if this change is technically backwards-incompatible,
+no real-world application should depend on broken behavior. If you REALLY
+need this functionality, monkey-patch the _parse_qsl() function.
+
+Upstream-commit: 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ bottle.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bottle.py b/bottle.py
+index 250a925..94fe8a6 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -2576,7 +2576,7 @@ def parse_range_header(header, maxlen=0):
+ 
+ def _parse_qsl(qs):
+     r = []
+-    for pair in qs.replace(';','&').split('&'):
++    for pair in qs.split('&'):
+         if not pair: continue
+         nv = pair.split('=', 1)
+         if len(nv) != 2: nv.append('')
+-- 
+2.26.3
+

0002-bottle-0.12.13-CVE-2022-31799.patch

@@ -0,0 +1,45 @@
+From db0c0e711b0eb95df592d22890a043e2c0dd741e Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Thu, 26 May 2022 14:49:32 +0200
+Subject: [PATCH] Gracefully handle errors during early request binding.
+
+Upstream-commit: e140e1b54da721a660f2eb9d58a106b7b3ff2f00
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ bottle.py | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/bottle.py b/bottle.py
+index 94fe8a6..74cb169 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -841,17 +841,19 @@ class Bottle(object):
+         return tob(template(ERROR_PAGE_TEMPLATE, e=res))
+ 
+     def _handle(self, environ):
+-        path = environ['bottle.raw_path'] = environ['PATH_INFO']
+-        if py3k:
+-            try:
+-                environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+-            except UnicodeError:
+-                return HTTPError(400, 'Invalid path string. Expected UTF-8')
+-
+         try:
++
+             environ['bottle.app'] = self
+             request.bind(environ)
+             response.bind()
++
++            path = environ['bottle.raw_path'] = environ['PATH_INFO']
++            if py3k:
++                try:
++                    environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
++                except UnicodeError:
++                    return HTTPError(400, 'Invalid path string. Expected UTF-8')
++
+             try:
+                 self.trigger_hook('before_request')
+                 route, args = self.router.match(environ)
+-- 
+2.37.1
+

python-bottle.spec

@@ -0,0 +1,184 @@
+%global srcname bottle
+
+%if 0%{?rhel} > 7
+# Disable python2 build by default
+%bcond_with python2
+%else
+%bcond_without python2
+%endif
+
+Name:           python-%{srcname}
+Version:        0.12.13
+Release:        7%{?dist}
+Summary:        Fast and simple WSGI-framework for small web-applications
+
+Group:          Development/Languages
+License:        MIT
+URL:            http://bottlepy.org
+Source0:        https://github.com/bottlepy/%{srcname}/archive/%{version}.tar.gz#/%{srcname}-%{version}.tar.gz
+
+# Do not split query strings on `;` anymore (CVE-2020-28473)
+Patch1:         0001-bottle-0.12.13-CVE-2020-28473.patch
+
+# Gracefully handle errors during early request binding (CVE-2022-31799)
+Patch2:         0002-bottle-0.12.13-CVE-2022-31799.patch
+
+BuildArch:      noarch
+%if %{with python2}
+BuildRequires:  python2-devel
+BuildRequires:  python2-setuptools
+%endif # with python2
+
+BuildRequires:  python%{python3_pkgversion}-devel
+BuildRequires:  python%{python3_pkgversion}-setuptools
+
+%description
+Bottle is a fast and simple micro-framework for small web-applications. 
+It offers request dispatching (Routes) with URL parameter support, Templates, 
+a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and 
+template engines. All in a single file and with no dependencies other than the 
+Python Standard Library.
+
+%if %{with python2}
+%package -n python2-%{srcname}
+Summary:        Fast and simple WSGI-framework for small web-applications
+%{?python_provide:%python_provide python2-%{srcname}}
+
+%description -n python2-%{srcname}
+Bottle is a fast and simple micro-framework for small web-applications. 
+It offers request dispatching (Routes) with URL parameter support, Templates, 
+a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and 
+template engines. All in a single file and with no dependencies other than the 
+Python Standard Library.
+%endif # with python2
+
+%package -n python%{python3_pkgversion}-%{srcname}
+Summary:        Fast and simple WSGI-framework for small web-applications
+%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}}
+
+%description -n python%{python3_pkgversion}-%{srcname}
+Bottle is a fast and simple micro-framework for small web-applications. 
+It offers request dispatching (Routes) with URL parameter support, Templates, 
+a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and 
+template engines. All in a single file and with no dependencies other than the 
+Python Standard Library.
+
+%prep
+%setup -q -n %{srcname}-%{version}
+sed -i '/^#!/d' bottle.py
+%patch1 -p1
+%patch2 -p1
+
+%build
+%if %{with python2}
+%py2_build
+%endif # with python2
+%py3_build
+
+%install
+%if %{with python2}
+%py2_install
+%endif # with python2
+%py3_install
+rm %{buildroot}%{_bindir}/bottle.py
+
+%check
+%if %{with python2}
+%__python2 test/testall.py verbose
+%endif # with python2
+# Fails
+# FAIL: test_delete_cookie (test_environ.TestResponse)
+%__python3 test/testall.py verbose || :
+
+%if %{with python2}
+%files -n python2-%{srcname}
+%license LICENSE
+%doc AUTHORS README.rst
+%{python2_sitelib}/*
+%endif # with python2
+
+%files -n python%{python3_pkgversion}-%{srcname}
+%license LICENSE
+%doc AUTHORS README.rst
+%{python3_sitelib}/__pycache__/*
+%{python3_sitelib}/*.egg-info
+%{python3_sitelib}/*.py
+
+%changelog
+* Tue Aug 23 2022 Kamil Dudka <kdudka@redhat.com> - 0.12.13-7
+- Gracefully handle errors during early request binding (CVE-2022-31799)
+
+* Fri Mar 26 2021 Kamil Dudka <kdudka@redhat.com> - 0.12.13-6
+- Do not split query strings on `;` anymore (CVE-2020-28473)
+
+* Fri Jun 08 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.12.13-3
+- Conditionalize the python2 subpackage
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Tue Jan 09 2018 Stratakis Charalampos <cstratak@redhat.com> - 0.12.13-1
+- Update to 0.12.13
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.9-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Mon Dec 12 2016 Stratakis Charalampos <cstratak@redhat.com> - 0.12.9-4
+- Rebuild for Python 3.6
+
+* Wed Nov 16 2016 Orion Poplawski <orion@cora.nwra.com> - 0.12.9-3
+- Do not own __pycache__ dir
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.9-2
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Tue Jul 12 2016 Orion Poplawski <orion@cora.nwra.com> - 0.12.9-1
+- Update to 0.12.9
+- Run tests but ignore python3 failure for now
+
+* Tue Jul 12 2016 Orion Poplawski <orion@cora.nwra.com> - 0.12.6-5
+- Use modern python packaging guidelines
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat Jul 12 2014 Rahul Sundaram <sundaram@fedoraproject.org> - 0.12.6-1
+- resolves rhbz#1093257 - JSON content type not restrictive enough
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon May 19 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 0.11.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Apr 23 2013 Rahul Sundaram <sundaram@fedoraproject.org> - 0.11.6-1
+- upstream release 0.11.6
+- add python3 subpackage. resolves rhbz#949240
+- spec file patch from Haïkel Guémar <hguemar@fedoraproject.org>
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Feb 01 2012 Ian Weller <iweller@redhat.com> - 0.10.7-1
+- Update to 0.10.7 (required by python-mwlib)
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Jul 18 2011 Rahul Sundaram <sundaram@fedoraproject.org> - 0.9.5-1
+- Initial spec

sources

@@ -0,0 +1 @@
+SHA512 (bottle-0.12.13.tar.gz) = 8487e1e339d84964f1448503ee894d2f4f313218417175341911f0b8a48c383d7d4334fb27bd477ea6267e8c1a2e41e2d91c86e56f0f95aa57248a7ea36a2b8e