From 8a7204c8c5c08ed1f7dd0fb278953a537e024592 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 02 2019 00:44:16 +0000 Subject: import python-flask-0.12.2-3.el8 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5fdcf88 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/Flask-0.12.2.tar.gz diff --git a/.python-flask.metadata b/.python-flask.metadata new file mode 100644 index 0000000..b910a22 --- /dev/null +++ b/.python-flask.metadata @@ -0,0 +1 @@ +8193757ded6a4f0e7c9a3ce291bf3ae3a1d402c5 SOURCES/Flask-0.12.2.tar.gz diff --git a/SOURCES/0001-detect-UTF-encodings-when-loading-json.patch b/SOURCES/0001-detect-UTF-encodings-when-loading-json.patch new file mode 100644 index 0000000..67b925a --- /dev/null +++ b/SOURCES/0001-detect-UTF-encodings-when-loading-json.patch @@ -0,0 +1,167 @@ +From 50062c4d8c4108d17b7f12d9518ce883956d3921 Mon Sep 17 00:00:00 2001 +From: David Lord +Date: Tue, 10 Apr 2018 09:29:48 -0700 +Subject: [PATCH] detect UTF encodings when loading json + +(cherry picked from commit 0e1e9a04aaf29ab78f721cfc79ac2a691f6e3929) +--- + flask/json.py | 49 ++++++++++++++++++++++++++++++++++++++++++- + flask/wrappers.py | 13 +++--------- + tests/test_helpers.py | 28 ++++++++++++++----------- + 3 files changed, 67 insertions(+), 23 deletions(-) + +diff --git a/flask/json.py b/flask/json.py +index 16e0c29..114873e 100644 +--- a/flask/json.py ++++ b/flask/json.py +@@ -8,6 +8,7 @@ + :copyright: (c) 2015 by Armin Ronacher. + :license: BSD, see LICENSE for more details. + """ ++import codecs + import io + import uuid + from datetime import date +@@ -108,6 +109,49 @@ def _load_arg_defaults(kwargs): + kwargs.setdefault('cls', JSONDecoder) + + ++def detect_encoding(data): ++ """Detect which UTF codec was used to encode the given bytes. ++ ++ The latest JSON standard (:rfc:`8259`) suggests that only UTF-8 is ++ accepted. Older documents allowed 8, 16, or 32. 16 and 32 can be big ++ or little endian. Some editors or libraries may prepend a BOM. ++ ++ :param data: Bytes in unknown UTF encoding. ++ :return: UTF encoding name ++ """ ++ head = data[:4] ++ ++ if head[:3] == codecs.BOM_UTF8: ++ return 'utf-8-sig' ++ ++ if b'\x00' not in head: ++ return 'utf-8' ++ ++ if head in (codecs.BOM_UTF32_BE, codecs.BOM_UTF32_LE): ++ return 'utf-32' ++ ++ if head[:2] in (codecs.BOM_UTF16_BE, codecs.BOM_UTF16_LE): ++ return 'utf-16' ++ ++ if len(head) == 4: ++ if head[:3] == b'\x00\x00\x00': ++ return 'utf-32-be' ++ ++ if head[::2] == b'\x00\x00': ++ return 'utf-16-be' ++ ++ if head[1:] == b'\x00\x00\x00': ++ return 'utf-32-le' ++ ++ if head[1::2] == b'\x00\x00': ++ return 'utf-16-le' ++ ++ if len(head) == 2: ++ return 'utf-16-be' if head.startswith(b'\x00') else 'utf-16-le' ++ ++ return 'utf-8' ++ ++ + def dumps(obj, **kwargs): + """Serialize ``obj`` to a JSON formatted ``str`` by using the application's + configured encoder (:attr:`~flask.Flask.json_encoder`) if there is an +@@ -142,7 +186,10 @@ def loads(s, **kwargs): + """ + _load_arg_defaults(kwargs) + if isinstance(s, bytes): +- s = s.decode(kwargs.pop('encoding', None) or 'utf-8') ++ encoding = kwargs.pop('encoding', None) ++ if encoding is None: ++ encoding = detect_encoding(s) ++ s = s.decode(encoding) + return _json.loads(s, **kwargs) + + +diff --git a/flask/wrappers.py b/flask/wrappers.py +index 04bdcb5..3e600fc 100644 +--- a/flask/wrappers.py ++++ b/flask/wrappers.py +@@ -144,17 +144,10 @@ class Request(RequestBase): + if not (force or self.is_json): + return None + +- # We accept a request charset against the specification as +- # certain clients have been using this in the past. This +- # fits our general approach of being nice in what we accept +- # and strict in what we send out. +- request_charset = self.mimetype_params.get('charset') ++ data = _get_data(self, cache) ++ + try: +- data = _get_data(self, cache) +- if request_charset is not None: +- rv = json.loads(data, encoding=request_charset) +- else: +- rv = json.loads(data) ++ rv = json.loads(data) + except ValueError as e: + if silent: + rv = None +diff --git a/tests/test_helpers.py b/tests/test_helpers.py +index 9320ef7..9990782 100644 +--- a/tests/test_helpers.py ++++ b/tests/test_helpers.py +@@ -21,6 +21,8 @@ from werkzeug.datastructures import Range + from werkzeug.exceptions import BadRequest, NotFound + from werkzeug.http import parse_cache_control_header, parse_options_header + from werkzeug.http import http_date ++ ++from flask import json + from flask._compat import StringIO, text_type + + +@@ -34,6 +36,20 @@ def has_encoding(name): + + + class TestJSON(object): ++ @pytest.mark.parametrize('value', ( ++ 1, 't', True, False, None, ++ [], [1, 2, 3], ++ {}, {'foo': u'🐍'}, ++ )) ++ @pytest.mark.parametrize('encoding', ( ++ 'utf-8', 'utf-8-sig', ++ 'utf-16-le', 'utf-16-be', 'utf-16', ++ 'utf-32-le', 'utf-32-be', 'utf-32', ++ )) ++ def test_detect_encoding(self, value, encoding): ++ data = json.dumps(value).encode(encoding) ++ assert json.detect_encoding(data) == encoding ++ assert json.loads(data) == value + + def test_ignore_cached_json(self): + app = flask.Flask(__name__) +@@ -85,18 +101,6 @@ class TestJSON(object): + rv = c.post('/json', data='"foo"', content_type='application/x+json') + assert rv.data == b'foo' + +- def test_json_body_encoding(self): +- app = flask.Flask(__name__) +- app.testing = True +- @app.route('/') +- def index(): +- return flask.request.get_json() +- +- c = app.test_client() +- resp = c.get('/', data=u'"Hällo Wörld"'.encode('iso-8859-15'), +- content_type='application/json; charset=iso-8859-15') +- assert resp.data == u'Hällo Wörld'.encode('utf-8') +- + def test_json_as_unicode(self): + app = flask.Flask(__name__) + +-- +2.17.1 + diff --git a/SPECS/python-flask.spec b/SPECS/python-flask.spec new file mode 100644 index 0000000..c5f4c5a --- /dev/null +++ b/SPECS/python-flask.spec @@ -0,0 +1,268 @@ +%if 0%{?rhel} > 7 +# Disable python2 build by default +%bcond_with python2 +%else +%bcond_without python2 +%endif + +%global modname flask +%global srcname Flask + +Name: python-%{modname} +Version: 0.12.2 +Release: 3%{?dist} +Epoch: 1 +Summary: A micro-framework for Python based on Werkzeug, Jinja 2 and good intentions + +License: BSD +URL: http://flask.pocoo.org/ +Source0: https://files.pythonhosted.org/packages/source/%(n=%{srcname}; echo ${n:0:1})/%{srcname}/%{srcname}-%{version}.tar.gz + +# rhbz#1623180 +# Backported just this patch because 0.12.3+ have added other changes we cannot take. +Patch0001: 0001-detect-UTF-encodings-when-loading-json.patch + +BuildArch: noarch + +%global _description \ +Flask is called a “micro-framework” because the idea to keep the core\ +simple but extensible. There is no database abstraction layer, no form\ +validation or anything else where different libraries already exist\ +that can handle that. However Flask knows the concept of extensions\ +that can add this functionality into your application as if it was\ +implemented in Flask itself. There are currently extensions for object\ +relational mappers, form validation, upload handling, various open\ +authentication technologies and more. + +%description %{_description} + +%if %{with python2} +%package -n python2-%{modname} +Summary: %{summary} +%{?python_provide:%python_provide python2-%{modname}} +BuildRequires: python2-devel +BuildRequires: python2-setuptools +BuildRequires: python2-pytest +%if 0%{?fedora} >= 26 +BuildRequires: python2-werkzeug +Requires: python2-werkzeug +BuildRequires: python2-jinja2 +Requires: python2-jinja2 +BuildRequires: python2-click +Requires: python2-click +BuildRequires: python2-itsdangerous +Requires: python2-itsdangerous +%else +BuildRequires: python-werkzeug +Requires: python-werkzeug +BuildRequires: python-jinja2 +Requires: python-jinja2 +BuildRequires: python-click +Requires: python-click +BuildRequires: python-itsdangerous +Requires: python-itsdangerous +%endif +%description -n python2-%{modname} %{_description} + +Python 2 version. +%endif # with python2 + +%package -n python%{python3_pkgversion}-%{modname} +Summary: %{summary} +%{?python_provide:%python_provide python%{python3_pkgversion}-%{modname}} +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-pytest +BuildRequires: python%{python3_pkgversion}-jinja2 +BuildRequires: python%{python3_pkgversion}-werkzeug +BuildRequires: python%{python3_pkgversion}-itsdangerous +BuildRequires: python%{python3_pkgversion}-click +Requires: python%{python3_pkgversion}-jinja2 +Requires: python%{python3_pkgversion}-werkzeug +Requires: python%{python3_pkgversion}-itsdangerous +Requires: python%{python3_pkgversion}-click + +%description -n python%{python3_pkgversion}-%{modname} %{_description} + +Python 3 version. + +%package doc +Summary: Documentation for %{name} +Obsoletes: python%{python3_pkgversion}-%{modname}-doc < 1:0.11.1-3 +BuildRequires: python3-sphinx + +%description doc +Documentation and examples for %{name}. + +%prep +%autosetup -p1 -n %{srcname}-%{version} +rm -rf examples/flaskr/ +rm -rf examples/minitwit/ + +%build +%if %{with python2} +%py2_build +%endif # with python2 +%py3_build +PYTHONPATH=`pwd` sphinx-build-3 -b html docs/ docs/_build/html/ +rm -rf docs/_build/html/{.buildinfo,.doctrees} + +%install +%if %{with python2} +%py2_install +mv %{buildroot}%{_bindir}/%{modname}{,-%{python2_version}} +ln -s %{modname}-%{python2_version} %{buildroot}%{_bindir}/%{modname}-2 +%endif # with python2 + +%py3_install +mv %{buildroot}%{_bindir}/%{modname}{,-%{python3_version}} +ln -s %{modname}-%{python3_version} %{buildroot}%{_bindir}/%{modname}-3 + +%if %{with python2} +ln -sf %{modname}-2 %{buildroot}%{_bindir}/%{modname} +%else +ln -sf %{modname}-3 %{buildroot}%{_bindir}/%{modname} +%endif # with python2 + +%check +export LC_ALL=C.UTF-8 +%if %{with python2} +PYTHONPATH=%{buildroot}%{python2_sitelib} py.test-%{python2_version} -v +%endif # with python2 +PYTHONPATH=%{buildroot}%{python3_sitelib} py.test-%{python3_version} -v || : + +%if %{with python2} +%files -n python2-%{modname} +%license LICENSE +%doc CHANGES README +%{_bindir}/%{modname}-2 +%{_bindir}/%{modname}-%{python2_version} +%{python2_sitelib}/%{srcname}-*.egg-info/ +%{python2_sitelib}/%{modname}/ + +%{_bindir}/%{modname} +%endif # with python2 + +%files -n python%{python3_pkgversion}-%{modname} +%license LICENSE +%doc CHANGES README +%{_bindir}/%{modname}-3 +%{_bindir}/%{modname}-%{python3_version} +%{python3_sitelib}/%{srcname}-*.egg-info/ +%{python3_sitelib}/%{modname}/ + +%if %{without python2} +%{_bindir}/%{modname} +%endif # without python2 + +%files doc +%license LICENSE +%doc docs/_build/html examples + +%changelog +* Wed Sep 05 2018 Brian C. Lane - 0.12.2-3 +- detect UTF encodings when loading json (CVE-2018-1000656) + Resolves: rhbz#1623180 + +* Wed Jun 20 2018 Charalampos Stratakis - 1:0.12.2-2 +- Conditionalize the python2 subpackage + +* Thu Feb 15 2018 itamar - 1:0.12.2-1 +- new version + +* Fri Feb 09 2018 Fedora Release Engineering - 1:0.11.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jan 18 2018 Iryna Shcherbina - 1:0.11.1-7 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Thu Jul 27 2017 Fedora Release Engineering - 1:0.11.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 1:0.11.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Dec 13 2016 Stratakis Charalampos - 1:0.11.1-4 +- Rebuild for Python 3.6 +- Have rpmbuild to not fail on python3 test failures + +* Mon Aug 22 2016 Igor Gnatenko - 1:0.11.1-3 +- Fix FTBFS +- Ton of fixes in spec + +* Tue Aug 16 2016 Ricky Elrod - 1:0.11.1-2 +- Attempt a completely fresh build with new NVR. + +* Tue Aug 16 2016 Ricky Elrod - 1:0.11.1-1 +- Latest upstream release. + +* Tue Jul 19 2016 Fedora Release Engineering - 1:0.10.1-9 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Feb 04 2016 Fedora Release Engineering - 1:0.10.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Oct 14 2015 Robert Kuska - 1:0.10.1-7 +- Rebuilt for Python3.5 rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 1:0.10.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1:0.10.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 13 2014 Bohuslav Kabrda - 1:0.10.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 +- Minor fix to rhel macro logic + +* Mon Jul 29 2013 Haïkel Guémar - 1:0.10.1-3 +- fix wrong requires on sphinx (RHBZ #989361) + +* Sat Jul 20 2013 Ricky Elrod - 1:0.10.1-2 +- Nuke a Python3 specific file owned by python3-setuptools. + +* Sat Jun 15 2013 Haïkel Guémar - 1:0.10.1-1 +- upstream 0.10.1 + +* Thu Feb 14 2013 Fedora Release Engineering - 1:0.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Aug 17 2012 Ricky Elrod - 0.9-5 +- Add epoch to subpackage Requires. + +* Wed Aug 8 2012 Ricky Elrod - 0.9-4 +- Fix changelog messup. + +* Wed Aug 8 2012 Ricky Elrod - 0.9-3 +- Unified spec for EL6 and Fedora + +* Sat Jul 21 2012 Fedora Release Engineering - 0.9.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 2 2012 Haïkel Guémar - 0.9.0-1 +- upstream 0.9 +- spec cleanups + +* Sun Jul 1 2012 Haïkel Guémar - 0.8.1-1 +- upstream 0.8.1 (minor bugfixes) + +* Wed Jan 25 2012 Haïkel Guémar - 0.8.0-1 +- upstream 0.8 + +* Sat Jan 14 2012 Fedora Release Engineering - 0.7.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Nov 16 2011 Dan Young - 0.7.2-2 +- don't own easy-install.pth + +* Fri Jul 22 2011 Steve Milner - 0.7.2-1 +- update for upstream release + +* Thu Feb 24 2011 Dan Young - 0.6.1-2 +- fix rpmlint spelling warning +- BR python2-devel rather than python-devel +- run test suite in check + +* Tue Feb 22 2011 Dan Young - 0.6.1-1 +- Initial package