Package Release Info

python-WebOb-1.7.4-150000.3.3.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3116
Available in Package Hub : 15 SP6 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

python2-WebOb

Change Logs

* Mon Aug 19 2024 steven.kowalik@suse.com
- Add patch CVE-2024-42353-url-redirection.patch:
  * The use of WebOb's Response object to redirect a request to a new location
    can lead to an open redirect if the Location header is not a full URI.
    (bsc#1229221, CVE-2024-42353)
* Fri Feb 23 2018 tbechtold@suse.com
- Drop not needed python-pytest-cov BuildRequires
* Fri Feb 23 2018 tbechtold@suse.com
- update to 1.7.4:
- Add support for `wsgi.input_terminated` in the wsgi environ to allow for
  Chunked Encoding to be used with WebOb
* Thu Jul 06 2017 tbechtold@suse.com
- update to 1.7.3:
  - Request.host_url, Request.host_port and Request.domain now all understand and
    know how to parse IPv6 Host headers sent by browsers. See
    https://github.com/Pylons/webob/pull/332
* Fri May 05 2017 toddrme2178@gmail.com
- Fix Provides/Obsoletes.
* Tue Apr 04 2017 tbechtold@suse.com
- update to 1.7.2:
  - Allow unnamed fields in form data to be properly transcoded when calling
    request.decode with an alternate encoding. See
    https://github.com/Pylons/webob/pull/309
- Switch to singlespec approach
* Fri Feb 10 2017 tbechtold@suse.com
- update to 1.7.1:
  - ``Response.__init__`` would discard ``app_iter`` when a ``Response`` had no
    body, this would cause issues when ``app_iter`` was an object that was tied
    to the life-cycle of a web application and had to be properly closed.
    ``app_iter`` is more advanced API for ``Response`` and thus even if it
    contains a body and is thus against the HTTP RFC's, we should let the users
    shoot themselves by returning a body. See
    https://github.com/Pylons/webob/issues/305
  - WebOb is no longer supported on Python 2.6 and PyPy3 (due to pip no longer
    supporting Python 3.2 even on PyPy)
  - ``Response.content_type`` removes all existing Content-Type parameters, and
    if the new Content-Type is "texty" it adds a new charset (unless already
    provided) using the ``default_charset``. See
    https://github.com/Pylons/webob/pull/301
  - ``Response.set_cookie`` no longer accepts a key argument. This was deprecated
    in WebOb 1.5 and as mentioned in the deprecation, is being removed in 1.7
  - ``Response.__init__`` will no longer set the default Content-Type, nor
    Content-Length on Responses that don't have a body. This allows WebOb to
    return proper responses for things like `Response(status='204 No Content')`.
  - ``Response.text`` will no longer raise if the Content-Type does not have a
    charset, it will fall back to using the new ``default_body_encoding`. To get
    the old behaviour back please sub-class ``Response`` and set
    ``default_body_encoding`` to ``None``. See
    https://github.com/Pylons/webob/pull/287
  - WebOb no longer supports Chunked Encoding, this means that if you are using
    WebOb and need Chunked Encoding you will be required to have a proxy that
    unchunks the request for you. Please read
    https://github.com/Pylons/webob/issues/279 for more background.
  - ``Response`` has a new ``default_body_encoding`` which may be used to allow
    getting/setting ``Response.text`` when a Content-Type has no charset. See
    https://github.com/Pylons/webob/pull/287
  - ``webob.Request`` with any HTTP method is now allowed to have a body. This
    allows DELETE to have a request body for passing extra information. See
    https://github.com/Pylons/webob/pull/283 and
    https://github.com/Pylons/webob/pull/274
  - Add ``tell()`` to ``ResponseBodyFile`` so that it may be used for example for
    zipfile support. See https://github.com/Pylons/webob/pull/117
  - Allow the return from ``wsgify.middleware`` to be used as a decorator. See
    https://github.com/Pylons/webob/pull/228
  - Fixup ``cgi.FieldStorage`` on Python 3.x to work-around issue reported in
    Python bug report 27777 and 24764. This is currently applied for Python
    versions less than 3.7. See https://github.com/Pylons/webob/pull/294 and
    https://github.com/Pylons/webob/pull/300
  - ``Response.set_cookie`` now accepts ``datetime`` objects for the ``expires``
    kwarg and will correctly convert them to UTC with no tzinfo for use in
    calculating the ``max_age``. See https://github.com/Pylons/webob/issues/254
    and https://github.com/Pylons/webob/pull/292
  - Fixes ``request.PATH_SAFE`` to contain all of the path safe characters
    according to RFC3986. See https://github.com/Pylons/webob/pull/291
  - WebOb's exceptions will lazily read underlying variables when inserted into
    templates to avoid expensive computations/crashes when inserting into the
    template. This had a bad performance regression on Py27 because of the way
    the lazified class was created and returned. See
    https://github.com/Pylons/webob/pull/284
  - ``wsgify.__call__`` raised a ``TypeError`` with an unhelpful message, it will
    now return the ``repr`` for the wrapped function:
    https://github.com/Pylons/webob/issues/119
  - ``Response.json``'s ``json.dumps``/``json.loads`` are now always UTF-8. It no
    longer tries to use the charset.
  - The ``Response.__init__`` will by default no longer set the Content-Type to
    the default if a ``headerlist`` is provided. This fixes issues whereby
    ``Request.get_response()`` would return a Response that didn't match the
    actual response. See https://github.com/Pylons/webob/pull/261 and
    https://github.com/Pylons/webob/issues/205
  - Cleans up the remainder of the issues with the updated WebOb exceptions that
    were taught to return JSON in version 1.6. See
    https://github.com/Pylons/webob/issues/237 and
    https://github.com/Pylons/webob/issues/236
  - ``Response.from_file`` now parses the status line correctly when the status
    line contains an HTTP with version, as well as a status text that contains
    multiple white spaces (e.g HTTP/1.1 404 Not Found). See
    https://github.com/Pylons/webob/issues/250
  - ``Response`` now has a new property named ``has_body`` that may be used to
    interrogate the ``Response`` to find out if ``Response.body`` is or isn't
    set.
    This is used in the exception handling code so that if you use a WebOb HTTP
    Exception and pass a generator to ``app_iter`` WebOb won't attempt to read
    the whole thing and instead allows it to be returned to the WSGI server. See
    https://github.com/Pylons/webob/pull/259
* Sat Oct 15 2016 dmueller@suse.com
- update to 1.6.2:
  * WebOb's exceptions will lazily read underlying variables when inserted into
  templates to avoid expensive computations/crashes when inserting into the
  template. This had a bad performance regression on Py27 because of the way
  the lazified class was created and returned. See
  https://github.com/Pylons/webob/pull/284
* Mon Jun 06 2016 dmueller@suse.com
- fix download url
* Fri Jun 03 2016 tbechtold@suse.com
- update to 1.6.1:
  - Response.from_file now parses the status line correctly when the status line
    contains an HTTP with version, as well as a status text that contains
    multiple white spaces (e.g 404 Not Found). See
    https://github.com/Pylons/webob/issues/250
  - Python 3.2 is no longer supported by WebOb
  - Request.decode attempted to read from the an already consumed stream, it has
    now been redirected to another stream to read from. See
    https://github.com/Pylons/webob/pull/183
  - The application/json media type does not allow for a charset as discovery of
    the encoding is done at the JSON layer. Upon initialization of a Response
    WebOb will no longer add a charset if the content-type is set to JSON. See
    https://github.com/Pylons/webob/pull/197 and
    https://github.com/Pylons/pyramid/issues/1611
  - Lazily HTML escapes environment keys in HTTP Exceptions so that those keys in
    the environ that are not used in the output of the page don't raise an
    exception due to inability to be properly escaped. See
    https://github.com/Pylons/webob/pull/139
  - MIMEAccept now accepts comparisons against wildcards, this allows one to
    match on just the media type or sub-type, without having to explicitly match
    on both the media type and sub-type at the same time. See
    https://github.com/Pylons/webob/pull/185
  - Add the ability to return a JSON body from an exception. Using the Accept
    information in the request, the exceptions will now automatically return a
    JSON version of the exception instead of just HTML or text. See
    https://github.com/Pylons/webob/pull/230 and
    https://github.com/Pylons/webob/issues/209
  - exc._HTTPMove and any subclasses will now raise a ValueError if the location
    field contains a line feed or carriage return. These values may lead to
    possible HTTP Response Splitting. The header_getter descriptor has also been
    modified to no longer accept headers with a line feed or carriage return.
    See: https://github.com/Pylons/webob/pull/229 and
    https://github.com/Pylons/webob/issues/217
* Mon Dec 14 2015 aplanas@suse.com
- updateto version 1.5.1:
  * (Bug Fixes) The exceptions HTTPNotAcceptable,
    HTTPUnsupportedMediaType and HTTPNotImplemented will now correctly
    use the sub-classed template rather than the default error
    template. See https://github.com/Pylons/webob/issues/221
  * (Bug Fixes) Response’s from_file now correctly deals with a status
    line that contains an HTTP version identifier. HTTP/1.1 200 OK is
    now correctly parsed, whereas before this would raise an error
    upon setting the Response.status in from_file. See
    https://github.com/Pylons/webob/issues/121
- 1.5.0
  * (Bug Fixes) The cookie API functions will now make sure that
    max_age is an integer or an string that can convert to an
    integer. Previously passing in max_age=’test’ would have silently
    done the wrong thing.
- 1.5.0b0
  * (Bug Fixes) Unbreak req.POST when the request method is
    PATCH. Instead of returning something cmpletely unrelated we
    return NoVar. See: https://github.com/Pylons/webob/pull/215
  * (Features) HTTP Status Code 308 is now supported as a Permanent
    Redirect. See https://github.com/Pylons/webob/pull/207
- 1.5.0a1
  * (Backwards Incompatibilities) Response.set_cookie renamed the only
    required parameter from “key” to “name”. The code will now still
    accept “key” as a keyword argument, and will issue a
    DeprecationWarning until WebOb 1.7.
  * (Backwards Incompatibilities) The status attribute of a Response
    object no longer takes a string like None None and allows that to
    be set as the status. It now has to at least match the pattern of
    <integer status code> <explenation of status code>. Invalid status
    strings will now raise a ValueError.
- 1.5.0a0
  * (Backwards Incompatibilities) Morsel will no longer accept a
    cookie value that does not meet RFC6265’s cookie-octet
    specification. Upon calling Morsel.serialize a warning will be
    issued, in the future this will raise a ValueError, please update
    your cookie handling code. See
    https://github.com/Pylons/webob/pull/172
  * (Backwards Incompatibilities) Response.set_cookie now uses the
    internal make_cookie API, which will issue warnings if cookies are
    set with invalid bytes. See
    https://github.com/Pylons/webob/pull/172
  * (Features) Add support for some new caching headers,
    stale-while-revalidate and stale-if-error that can be used by
    reverse proxies to cache stale responses temporarily if the
    backend disappears. From RFC5861. See
    https://github.com/Pylons/webob/pull/189
  * (Bug Fixes) Response.status now uses duck-typing for integers, and
    has also learned to raise a ValueError if the status isn’t an
    integer followed by a space, and then the reason. See
    https://github.com/Pylons/webob/pull/191
  * (Bug Fixes) Fixed a bug in webob.multidict.GetDict which resulted
    in the QUERY_STRING not being updated when changes were made to
    query params using Request.GET.extend().
  * (Bug Fixes) Read the body of a request if we think it might have a
    body. This fixes PATCH to support bodies. See
    https://github.com/Pylons/webob/pull/184
  * (Bug Fixes) Response.from_file returns HTTP headers as latin1
    rather than UTF-8, this fixes the usage on Google AppEngine. See
    https://github.com/Pylons/webob/issues/99 and
    https://github.com/Pylons/webob/pull/150
  * (Bug Fixes) Fix a bug in parsing the auth parameters that
    contained bad white space. This makes the parsing fall in line
    with what’s required in RFC7235. See
    https://github.com/Pylons/webob/issues/158
  * (Bug Fixes) Use ‘rn’ line endings in Response.__str__. See:
    https://github.com/Pylons/webob/pull/146
  * (Documentation Changes) response.set_cookie now has proper
    documentation for max_age and expires. The code has also been
    refactored to use cookies.make_cookie instead of duplicating the
    code. This fixes https://github.com/Pylons/webob/issues/166 and
    https://github.com/Pylons/webob/issues/171
  * (Documentation Changes) Documentation didn’t match the actual code
    for the wsgify function signature. See
    https://github.com/Pylons/webob/pull/167
  * (Documentation Changes) Remove the WebDAV only from certain HTTP
    Exceptions, these exceptions may also be used by REST services for
    example.
* Mon Sep 15 2014 tbechtold@suse.com
- update to version 1.4:
  * Remove ``webob.__version__``, the version number had not been kept in sync
    with the official pkg version.  To obtain the WebOb version number, use
    ``pkg_resources.get_distribution('webob').version`` instead.
  * Fix a bug in ``EmptyResponse`` that prevents it from setting self.close as
    appropriate due to testing truthiness of object rather than if it is
    something other than ``None``.
  * Fix a bug in ``SignedSerializer`` preventing secrets from containing
    higher-order characters. See https://github.com/Pylons/webob/issues/136
  * Use the ``hmac.compare_digest`` method when available for constant-time
    comparisons.
  * Fix a bug in ``SignedCookieProfile`` whereby we didn't keep the original
    serializer around, this would cause us to have ``SignedSerializer`` be added
    on top of a ``SignedSerializer`` which would cause it to be run twice when
    attempting to verify a cookie.  See https://github.com/Pylons/webob/pull/127
  * Backwards Incompatible change: When ``CookieProfile.get_value`` and
    ``SignedCookieProfile.get_value`` fails to deserialize a badly encoded
    value, we now return ``None`` as if the cookie was never set in the first
    place instead of allowing a ``ValueError`` to be raised to the calling code.
    See https://github.com/Pylons/webob/pull/126
  * Added a read-only ``domain`` property to ``BaseRequest``.  This property
    returns the domain portion of the host value.  For example, if the
    environment contains an ``HTTP_HOST`` value of ``foo.example.com:8000``,
    ``request.domain`` will return ``foo.example.com``.
  * Added five new APIs: ``webob.cookies.CookieProfile``,
    ``webob.cookies.SignedCookieProfile``, ``webob.cookies.JSONSerializer`` and
    ``webob.cookies.SignedSerializer``, and ``webob.cookies.make_cookie``. These
    APIs are convenience APIs for generating and parsing cookie headers as well
    as dealing with signing cookies.
  * Cookies generated via webob.cookies quoted characters in cookie values that
    did not need to be quoted per RFC 6265.  The following characters are no
    longer quoted in cookie values: ``~/=<>()[]{}?@`` .  The full set of
    non-letter-or-digit unquoted cookie value characters is now
    ``!#$%&'*+-.^_`|~/: =<>()[]{}?@``.  See
    http://tools.ietf.org/html/rfc6265#section-4.1.1 for more information.
  * Cookie names are now restricted to the set of characters expected by RFC
    6265.  Previously they could contain unsupported characters such as ``/``.
  * Older versions of Webob escaped the doublequote to ``\"`` and the backslash
    to ``\\`` when quoting cookie values.  Now, instead, cookie serialization
    generates ``\042`` for the doublequote and ``\134`` for the backslash. This
    is what is expected as per RFC 6265.  Note that old cookie values that do
    have the older style quoting in them will still be unquoted correctly,
    however.
  * Added support for draft status code 451 ("Unavailable for Legal Reasons").
    See http://tools.ietf.org/html/draft-tbray-http-legally-restricted-status-00
  * Added status codes 428, 429, 431 and 511 to ``util.status_reasons`` (they
    were already present in a previous release as ``webob.exc`` exceptions).
  * MIMEAccept happily parsed malformed wildcard strings like "image/pn*" at
    parse time, but then threw an AssertionError during matching.  See
    https://github.com/Pylons/webob/pull/83 .
  * Preserve document ordering of GET and POST request data when POST data
    passed to Request.blank is a MultiDict.
    See https://github.com/Pylons/webob/pull/96
  * Allow query strings attached to PATCH requests to populate request.params.
    See https://github.com/Pylons/webob/pull/106
  * Added Python 3.3 trove classifier.
* Tue Feb 18 2014 ro@suse.de
- added license.txt as doc file
* Thu Oct 24 2013 speilicke@suse.com
- Require python-setuptools instead of distribute (upstreams merged)
* Wed Mar 27 2013 speilicke@suse.com
- BuildRequire python (for ssl module) and drop pyOpenSSL
* Mon Jan 14 2013 saschpe@suse.de
- (Build)Require python-pyOpenSSL instead of M2Crypto (to get the
  ssl Python base module)
* Fri Nov 23 2012 saschpe@suse.de
- Add dependency on python-M2Crypto, otherwise you won't get HTTPS
* Thu Nov 22 2012 saschpe@suse.de
- Update to version 1.2.3:
  + Fix parsing of form submissions where fields have transfer-content-encoding headers.
- Build HTML documentation
- Run testsuite
- Split of doc package
* Sat Sep 22 2012 os-dev@jacraig.com
- Update to 1.2.2:
  * Fix multiple calls to ``cache_expires()`` not fully overriding the
    previously set headers.
  * Fix parsing of form submissions where fields have different encodings.
- Many changes between versions 1.1.1 and 1.2.1.  Please see docs/news.txt
  for full details.  Major changes include support for only Python 3.2, 2.7,
  2.6.
- Removed dependency on python-Tempita and python-wsgiproxy: these are only
  used in example code in the documentation and not actual runtime reqs.
- Removed dependency on python-nose: it is only needed to run tests.
- Removed dependency on python-WebTest: it was removed as a testing
  requirement in 1.2a1.
* Mon Nov 28 2011 prusnak@opensuse.org
- spec cleanup