rpms/python-bottle
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import sources

Browse Source
This commit is contained in:
Adam Samalik 2023-05-08 10:57:12 +02:00
commit 3615869ee0
5 changed files with 264 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/bottle-0.12.13.tar.gz

33
0001-bottle-0.12.13-CVE-2020-28473.patch Normal file
View File

@ -0,0 +1,33 @@
From 6406338d47034d3d2e6678bdbdafafa6a6e35b2c Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <marc@gsites.de>
Date: Wed, 11 Nov 2020 19:24:29 +0100
Subject: [PATCH] Do not split query strings on `;` anymore.
Using `;` as a separator instead of `&` was allowed a long time ago,
but is now obsolete and actually invalid according to the 2014 W3C
recommendations. Even if this change is technically backwards-incompatible,
no real-world application should depend on broken behavior. If you REALLY
need this functionality, monkey-patch the _parse_qsl() function.
Upstream-commit: 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
bottle.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bottle.py b/bottle.py
index 250a925..94fe8a6 100644
--- a/bottle.py
+++ b/bottle.py
@@ -2576,7 +2576,7 @@ def parse_range_header(header, maxlen=0):
def _parse_qsl(qs):
r = []
- for pair in qs.replace(';','&').split('&'):
+ for pair in qs.split('&'):
if not pair: continue
nv = pair.split('=', 1)
if len(nv) != 2: nv.append('')
--
2.26.3

45
0002-bottle-0.12.13-CVE-2022-31799.patch Normal file
View File

@ -0,0 +1,45 @@
From db0c0e711b0eb95df592d22890a043e2c0dd741e Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <marc@gsites.de>
Date: Thu, 26 May 2022 14:49:32 +0200
Subject: [PATCH] Gracefully handle errors during early request binding.
Upstream-commit: e140e1b54da721a660f2eb9d58a106b7b3ff2f00
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
bottle.py | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/bottle.py b/bottle.py
index 94fe8a6..74cb169 100644
--- a/bottle.py
+++ b/bottle.py
@@ -841,17 +841,19 @@ class Bottle(object):
return tob(template(ERROR_PAGE_TEMPLATE, e=res))
def _handle(self, environ):
- path = environ['bottle.raw_path'] = environ['PATH_INFO']
- if py3k:
- try:
- environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
- except UnicodeError:
- return HTTPError(400, 'Invalid path string. Expected UTF-8')
-
try:
+
environ['bottle.app'] = self
request.bind(environ)
response.bind()
+
+ path = environ['bottle.raw_path'] = environ['PATH_INFO']
+ if py3k:
+ try:
+ environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+ except UnicodeError:
+ return HTTPError(400, 'Invalid path string. Expected UTF-8')
+
try:
self.trigger_hook('before_request')
route, args = self.router.match(environ)
--
2.37.1

184
python-bottle.spec Normal file
View File

@ -0,0 +1,184 @@
%global srcname bottle
%if 0%{?rhel} > 7
# Disable python2 build by default
%bcond_with python2
%else
%bcond_without python2
%endif
Name: python-%{srcname}
Version: 0.12.13
Release: 7%{?dist}
Summary: Fast and simple WSGI-framework for small web-applications
Group: Development/Languages
License: MIT
URL: http://bottlepy.org
Source0: https://github.com/bottlepy/%{srcname}/archive/%{version}.tar.gz#/%{srcname}-%{version}.tar.gz
# Do not split query strings on `;` anymore (CVE-2020-28473)
Patch1: 0001-bottle-0.12.13-CVE-2020-28473.patch
# Gracefully handle errors during early request binding (CVE-2022-31799)
Patch2: 0002-bottle-0.12.13-CVE-2022-31799.patch
BuildArch: noarch
%if %{with python2}
BuildRequires: python2-devel
BuildRequires: python2-setuptools
%endif # with python2
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
%description
Bottle is a fast and simple micro-framework for small web-applications.
It offers request dispatching (Routes) with URL parameter support, Templates,
a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and
template engines. All in a single file and with no dependencies other than the
Python Standard Library.
%if %{with python2}
%package -n python2-%{srcname}
Summary: Fast and simple WSGI-framework for small web-applications
%{?python_provide:%python_provide python2-%{srcname}}
%description -n python2-%{srcname}
Bottle is a fast and simple micro-framework for small web-applications.
It offers request dispatching (Routes) with URL parameter support, Templates,
a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and
template engines. All in a single file and with no dependencies other than the
Python Standard Library.
%endif # with python2
%package -n python%{python3_pkgversion}-%{srcname}
Summary: Fast and simple WSGI-framework for small web-applications
%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}}
%description -n python%{python3_pkgversion}-%{srcname}
Bottle is a fast and simple micro-framework for small web-applications.
It offers request dispatching (Routes) with URL parameter support, Templates,
a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and
template engines. All in a single file and with no dependencies other than the
Python Standard Library.
%prep
%setup -q -n %{srcname}-%{version}
sed -i '/^#!/d' bottle.py
%patch1 -p1
%patch2 -p1
%build
%if %{with python2}
%py2_build
%endif # with python2
%py3_build
%install
%if %{with python2}
%py2_install
%endif # with python2
%py3_install
rm %{buildroot}%{_bindir}/bottle.py
%check
%if %{with python2}
%__python2 test/testall.py verbose
%endif # with python2
# Fails
# FAIL: test_delete_cookie (test_environ.TestResponse)
%__python3 test/testall.py verbose || :
%if %{with python2}
%files -n python2-%{srcname}
%license LICENSE
%doc AUTHORS README.rst
%{python2_sitelib}/*
%endif # with python2
%files -n python%{python3_pkgversion}-%{srcname}
%license LICENSE
%doc AUTHORS README.rst
%{python3_sitelib}/__pycache__/*
%{python3_sitelib}/*.egg-info
%{python3_sitelib}/*.py
%changelog
* Tue Aug 23 2022 Kamil Dudka <kdudka@redhat.com> - 0.12.13-7
- Gracefully handle errors during early request binding (CVE-2022-31799)
* Fri Mar 26 2021 Kamil Dudka <kdudka@redhat.com> - 0.12.13-6
- Do not split query strings on `;` anymore (CVE-2020-28473)
* Fri Jun 08 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.12.13-3
- Conditionalize the python2 subpackage
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 09 2018 Stratakis Charalampos <cstratak@redhat.com> - 0.12.13-1
- Update to 0.12.13
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.9-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Dec 12 2016 Stratakis Charalampos <cstratak@redhat.com> - 0.12.9-4
- Rebuild for Python 3.6
* Wed Nov 16 2016 Orion Poplawski <orion@cora.nwra.com> - 0.12.9-3
- Do not own __pycache__ dir
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.9-2
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Tue Jul 12 2016 Orion Poplawski <orion@cora.nwra.com> - 0.12.9-1
- Update to 0.12.9
- Run tests but ignore python3 failure for now
* Tue Jul 12 2016 Orion Poplawski <orion@cora.nwra.com> - 0.12.6-5
- Use modern python packaging guidelines
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.6-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Jul 12 2014 Rahul Sundaram <sundaram@fedoraproject.org> - 0.12.6-1
- resolves rhbz#1093257 - JSON content type not restrictive enough
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 19 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 0.11.6-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 23 2013 Rahul Sundaram <sundaram@fedoraproject.org> - 0.11.6-1
- upstream release 0.11.6
- add python3 subpackage. resolves rhbz#949240
- spec file patch from Haïkel Guémar <hguemar@fedoraproject.org>
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Feb 01 2012 Ian Weller <iweller@redhat.com> - 0.10.7-1
- Update to 0.10.7 (required by python-mwlib)
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Jul 18 2011 Rahul Sundaram <sundaram@fedoraproject.org> - 0.9.5-1
- Initial spec

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (bottle-0.12.13.tar.gz) = 8487e1e339d84964f1448503ee894d2f4f313218417175341911f0b8a48c383d7d4334fb27bd477ea6267e8c1a2e41e2d91c86e56f0f95aa57248a7ea36a2b8e