diff --git a/SOURCES/0002-Fix-ValueError-for-some-invalid-Range-requests.patch b/SOURCES/0002-Fix-ValueError-for-some-invalid-Range-requests.patch new file mode 100644 index 0000000..3ffd4c2 --- /dev/null +++ b/SOURCES/0002-Fix-ValueError-for-some-invalid-Range-requests.patch @@ -0,0 +1,87 @@ +From c52e1b7388c17466a551391cdf81964bf0b7aef0 Mon Sep 17 00:00:00 2001 +From: ThiefMaster +Date: Thu, 23 Nov 2017 10:32:13 +0100 +Subject: [PATCH 2/3] Fix ValueError for some invalid Range requests + +fixes #2526 +--- + CHANGES | 8 ++++++++ + flask/helpers.py | 3 ++- + tests/test_helpers.py | 21 ++++++++++++++++++++- + 3 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 3456276a..b32b98cb 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -15,6 +15,14 @@ Major release, unreleased + method returns compressed response by default, and pretty response in + debug mode. + ++Version 0.12.3 ++-------------- ++ ++Bugfix release, unreleased ++ ++- Fix a ValueError caused by invalid Range requests in some cases ++ ++ + Version 0.12.2 + -------------- + +diff --git a/flask/helpers.py b/flask/helpers.py +index 4bb1d1c9..caaad9a3 100644 +--- a/flask/helpers.py ++++ b/flask/helpers.py +@@ -591,7 +591,8 @@ def send_file(filename_or_fp, mimetype=None, as_attachment=False, + rv = rv.make_conditional(request, accept_ranges=True, + complete_length=fsize) + except RequestedRangeNotSatisfiable: +- file.close() ++ if file is not None: ++ file.close() + raise + else: + rv = rv.make_conditional(request) +diff --git a/tests/test_helpers.py b/tests/test_helpers.py +index 9320ef71..69350751 100644 +--- a/tests/test_helpers.py ++++ b/tests/test_helpers.py +@@ -468,7 +468,7 @@ class TestSendfile(object): + + @pytest.mark.skipif( + not callable(getattr(Range, 'to_content_range_header', None)), +- reason="not implement within werkzeug" ++ reason="not implemented within werkzeug" + ) + def test_send_file_range_request(self): + app = flask.Flask(__name__) +@@ -529,6 +529,25 @@ class TestSendfile(object): + assert rv.status_code == 200 + rv.close() + ++ @pytest.mark.skipif( ++ not callable(getattr(Range, 'to_content_range_header', None)), ++ reason="not implemented within werkzeug" ++ ) ++ def test_send_file_range_request_xsendfile_invalid(self): ++ # https://github.com/pallets/flask/issues/2526 ++ app = flask.Flask(__name__) ++ app.use_x_sendfile = True ++ ++ @app.route('/') ++ def index(): ++ return flask.send_file('static/index.html', conditional=True) ++ ++ c = app.test_client() ++ ++ rv = c.get('/', headers={'Range': 'bytes=1000-'}) ++ assert rv.status_code == 416 ++ rv.close() ++ + def test_attachment(self): + app = flask.Flask(__name__) + with app.test_request_context(): +-- +2.21.0 + diff --git a/SOURCES/0003-be-smarter-about-adding-.cli-to-reloader-command.patch b/SOURCES/0003-be-smarter-about-adding-.cli-to-reloader-command.patch new file mode 100644 index 0000000..4b9f293 --- /dev/null +++ b/SOURCES/0003-be-smarter-about-adding-.cli-to-reloader-command.patch @@ -0,0 +1,47 @@ +From 18c9db47940c1195809a0c82fcb85601c3f4df46 Mon Sep 17 00:00:00 2001 +From: David Lord +Date: Sun, 4 Jun 2017 12:26:21 -0700 +Subject: [PATCH 3/3] be smarter about adding ".cli" to reloader command python + -m flask.cli raises an import warning on > 2.6 it's only needed on 2.6, + "flask" works otherwise + +--- + flask/cli.py | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/flask/cli.py b/flask/cli.py +index 074ee768..ca455671 100644 +--- a/flask/cli.py ++++ b/flask/cli.py +@@ -494,19 +494,19 @@ Example usage: + + + def main(as_module=False): +- this_module = __package__ + '.cli' + args = sys.argv[1:] + + if as_module: +- if sys.version_info >= (2, 7): +- name = 'python -m ' + this_module.rsplit('.', 1)[0] +- else: +- name = 'python -m ' + this_module ++ this_module = 'flask' ++ ++ if sys.version_info < (2, 7): ++ this_module += '.cli' ++ ++ name = 'python -m ' + this_module + +- # This module is always executed as "python -m flask.run" and as such +- # we need to ensure that we restore the actual command line so that +- # the reloader can properly operate. +- sys.argv = ['-m', this_module] + sys.argv[1:] ++ # Python rewrites "python -m flask" to the path to the file in argv. ++ # Restore the original command so that the reloader works. ++ sys.argv = ['-m', this_module] + args + else: + name = None + +-- +2.21.0 + diff --git a/SPECS/python-flask.spec b/SPECS/python-flask.spec index c5f4c5a..d149dfa 100644 --- a/SPECS/python-flask.spec +++ b/SPECS/python-flask.spec @@ -10,18 +10,24 @@ Name: python-%{modname} Version: 0.12.2 -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 1 Summary: A micro-framework for Python based on Werkzeug, Jinja 2 and good intentions License: BSD URL: http://flask.pocoo.org/ -Source0: https://files.pythonhosted.org/packages/source/%(n=%{srcname}; echo ${n:0:1})/%{srcname}/%{srcname}-%{version}.tar.gz +Source0: https://github.com/pallets/flask/releases/download/%{version}/Flask-%{version}.tar.gz # rhbz#1623180 # Backported just this patch because 0.12.3+ have added other changes we cannot take. Patch0001: 0001-detect-UTF-encodings-when-loading-json.patch +# rhbz#1585318 +# Backport 0.12.4 changes, other than the theme changes which cause no end of problems since +# they depend on their own pallets_sphinx_theme module. +Patch0002: 0002-Fix-ValueError-for-some-invalid-Range-requests.patch +Patch0003: 0003-be-smarter-about-adding-.cli-to-reloader-command.patch + BuildArch: noarch %global _description \ @@ -160,6 +166,12 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} py.test-%{python3_version} -v || : %doc docs/_build/html examples %changelog +* Thu Nov 07 2019 Brian C. Lane - 0.12.2-4 +- Add upstream changes from 0.12.4 + Resolves: rhbz#1585318 +- Add TestJSON to the gating test from upstream + Related: rhbz#1585318 + * Wed Sep 05 2018 Brian C. Lane - 0.12.2-3 - detect UTF encodings when loading json (CVE-2018-1000656) Resolves: rhbz#1623180