diff -Nru python-werkzeug-0.11.9+dfsg1/CHANGES python-werkzeug-0.11.10+dfsg1/CHANGES --- python-werkzeug-0.11.9+dfsg1/CHANGES 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/CHANGES 2016-05-24 09:19:39.000000000 +0000 @@ -1,6 +1,16 @@ Werkzeug Changelog ================== +Version 0.11.10 +--------------- + +Released on May 24th 2016. + +- Fixed a bug that occurs when running on Python 2.6 and using a broken locale. + See pull request #912. +- Fixed a crash when running the debugger on Google App Engine. See issue #925. +- Fixed an issue with multipart parsing that could cause memory exhaustion. + Version 0.11.9 -------------- diff -Nru python-werkzeug-0.11.9+dfsg1/CONTRIBUTING.rst python-werkzeug-0.11.10+dfsg1/CONTRIBUTING.rst --- python-werkzeug-0.11.9+dfsg1/CONTRIBUTING.rst 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/CONTRIBUTING.rst 2016-05-24 09:19:39.000000000 +0000 @@ -39,6 +39,10 @@ You probably want to set up a `virtualenv `_. +Werkzeug must be installed for all tests to pass:: + + pip install -e . + The minimal requirement for running the testsuite is ``py.test``. You can install it with:: diff -Nru python-werkzeug-0.11.9+dfsg1/debian/changelog python-werkzeug-0.11.10+dfsg1/debian/changelog --- python-werkzeug-0.11.9+dfsg1/debian/changelog 2016-05-04 20:53:26.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/debian/changelog 2016-05-29 21:09:51.000000000 +0000 @@ -1,3 +1,9 @@ +python-werkzeug (0.11.10+dfsg1-1) unstable; urgency=medium + + * New upstream release + + -- Ondřej Nový Wed, 25 May 2016 22:33:48 +0200 + python-werkzeug (0.11.9+dfsg1-1) unstable; urgency=medium [ Ondřej Nový ] diff -Nru python-werkzeug-0.11.9+dfsg1/debian/.git-dpm python-werkzeug-0.11.10+dfsg1/debian/.git-dpm --- python-werkzeug-0.11.9+dfsg1/debian/.git-dpm 2016-05-04 20:52:56.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/debian/.git-dpm 2016-05-29 21:09:39.000000000 +0000 @@ -1,11 +1,11 @@ # see git-dpm(1) from git-dpm package -8d81a77e2700129548d236e0d43cd399b52822d9 -8d81a77e2700129548d236e0d43cd399b52822d9 -f888071666bddf458ff403c23cb41a508d74b44d -f888071666bddf458ff403c23cb41a508d74b44d -python-werkzeug_0.11.9+dfsg1.orig.tar.gz -3d9e38a0e142b497a49ab4b13b0dd44b2b8e0e85 -1083902 +8b5661e94696030b7ff471f3a7829738908dbb04 +8b5661e94696030b7ff471f3a7829738908dbb04 +7e274781319973d4190701c37d48aca05a44d61d +7e274781319973d4190701c37d48aca05a44d61d +python-werkzeug_0.11.10+dfsg1.orig.tar.gz +9c96dfdb374e89f1d1e9d1fa0666498def69a699 +1086483 debianTag="debian/%e%v" patchedTag="patched/%e%v" upstreamTag="upstream/%e%u" diff -Nru python-werkzeug-0.11.9+dfsg1/debian/patches/drop_ubuntu_font.patch python-werkzeug-0.11.10+dfsg1/debian/patches/drop_ubuntu_font.patch --- python-werkzeug-0.11.9+dfsg1/debian/patches/drop_ubuntu_font.patch 2016-05-04 20:52:56.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/debian/patches/drop_ubuntu_font.patch 2016-05-29 21:09:39.000000000 +0000 @@ -1,4 +1,4 @@ -From 8d81a77e2700129548d236e0d43cd399b52822d9 Mon Sep 17 00:00:00 2001 +From 8b5661e94696030b7ff471f3a7829738908dbb04 Mon Sep 17 00:00:00 2001 From: SVN-Git Migration Date: Thu, 8 Oct 2015 13:25:38 -0700 Subject: drop_ubuntu_font diff -Nru python-werkzeug-0.11.9+dfsg1/tests/test_formparser.py python-werkzeug-0.11.10+dfsg1/tests/test_formparser.py --- python-werkzeug-0.11.9+dfsg1/tests/test_formparser.py 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/tests/test_formparser.py 2016-05-24 09:19:39.000000000 +0000 @@ -154,7 +154,8 @@ class StreamMPP(formparser.MultiPartParser): def parse(self, file, boundary, content_length): - i = iter(self.parse_lines(file, boundary, content_length)) + i = iter(self.parse_lines(file, boundary, content_length, + cap_at_buffer=False)) one = next(i) two = next(i) return self.cls(()), {'one': one, 'two': two} diff -Nru python-werkzeug-0.11.9+dfsg1/tests/test_wsgi.py python-werkzeug-0.11.10+dfsg1/tests/test_wsgi.py --- python-werkzeug-0.11.9+dfsg1/tests/test_wsgi.py 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/tests/test_wsgi.py 2016-05-24 09:19:39.000000000 +0000 @@ -381,6 +381,13 @@ buffer_size=4)) assert rv == [b'abcdef', b'ghijkl', b'mnopqrstuvwxyz', b'ABCDEFGHIJK'] + data = b'abcdefXghijklXmnopqrstuvwxyzXABCDEFGHIJK' + test_stream = BytesIO(data) + rv = list(wsgi.make_chunk_iter(test_stream, 'X', limit=len(data), + buffer_size=4, cap_at_buffer=True)) + assert rv == [b'abcd', b'ef', b'ghij', b'kl', b'mnop', b'qrst', b'uvwx', + b'yz', b'ABCD', b'EFGH', b'IJK'] + def test_lines_longer_buffer_size(): data = '1234567890\n1234567890\n' @@ -388,3 +395,11 @@ lines = list(wsgi.make_line_iter(NativeStringIO(data), limit=len(data), buffer_size=4)) assert lines == ['1234567890\n', '1234567890\n'] + + +def test_lines_longer_buffer_size_cap(): + data = '1234567890\n1234567890\n' + for bufsize in range(1, 15): + lines = list(wsgi.make_line_iter(NativeStringIO(data), limit=len(data), + buffer_size=4, cap_at_buffer=True)) + assert lines == ['1234', '5678', '90\n', '1234', '5678', '90\n'] diff -Nru python-werkzeug-0.11.9+dfsg1/werkzeug/debug/__init__.py python-werkzeug-0.11.10+dfsg1/werkzeug/debug/__init__.py --- python-werkzeug-0.11.9+dfsg1/werkzeug/debug/__init__.py 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/werkzeug/debug/__init__.py 2016-05-24 09:19:39.000000000 +0000 @@ -65,14 +65,17 @@ # On OS X we can use the computer's serial number assuming that # ioreg exists and can spit out that information. - from subprocess import Popen, PIPE try: + # Also catch import errors: subprocess may not be available, e.g. + # Google App Engine + # See https://github.com/pallets/werkzeug/issues/925 + from subprocess import Popen, PIPE dump = Popen(['ioreg', '-c', 'IOPlatformExpertDevice', '-d', '2'], stdout=PIPE).communicate()[0] match = re.search(b'"serial-number" = <([^>]+)', dump) if match is not None: return match.group(1) - except OSError: + except (OSError, ImportError): pass # On Windows we can use winreg to get the machine guid diff -Nru python-werkzeug-0.11.9+dfsg1/werkzeug/filesystem.py python-werkzeug-0.11.10+dfsg1/werkzeug/filesystem.py --- python-werkzeug-0.11.9+dfsg1/werkzeug/filesystem.py 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/werkzeug/filesystem.py 2016-05-24 09:19:39.000000000 +0000 @@ -59,7 +59,7 @@ if not _warned_about_filesystem_encoding: warnings.warn( 'Detected a misconfigured UNIX filesystem: Will use UTF-8 as ' - 'filesystem encoding instead of {!r}'.format(rv), + 'filesystem encoding instead of {0!r}'.format(rv), BrokenFilesystemWarning) _warned_about_filesystem_encoding = True return 'utf-8' diff -Nru python-werkzeug-0.11.9+dfsg1/werkzeug/formparser.py python-werkzeug-0.11.10+dfsg1/werkzeug/formparser.py --- python-werkzeug-0.11.9+dfsg1/werkzeug/formparser.py 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/werkzeug/formparser.py 2016-05-24 09:19:39.000000000 +0000 @@ -372,7 +372,7 @@ # the assert is skipped. self.fail('Boundary longer than buffer size') - def parse_lines(self, file, boundary, content_length): + def parse_lines(self, file, boundary, content_length, cap_at_buffer=True): """Generate parts of ``('begin_form', (headers, name))`` ``('begin_file', (headers, name, filename))`` @@ -387,7 +387,8 @@ last_part = next_part + b'--' iterator = chain(make_line_iter(file, limit=content_length, - buffer_size=self.buffer_size), + buffer_size=self.buffer_size, + cap_at_buffer=cap_at_buffer), _empty_string_iter) terminator = self._find_terminator(iterator) diff -Nru python-werkzeug-0.11.9+dfsg1/werkzeug/__init__.py python-werkzeug-0.11.10+dfsg1/werkzeug/__init__.py --- python-werkzeug-0.11.9+dfsg1/werkzeug/__init__.py 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/werkzeug/__init__.py 2016-05-24 09:19:39.000000000 +0000 @@ -20,7 +20,7 @@ from werkzeug._compat import iteritems # the version. Usually set automatically by a script. -__version__ = '0.11.9' +__version__ = '0.11.10' # This import magic raises concerns quite often which is why the implementation diff -Nru python-werkzeug-0.11.9+dfsg1/werkzeug/wsgi.py python-werkzeug-0.11.10+dfsg1/werkzeug/wsgi.py --- python-werkzeug-0.11.9+dfsg1/werkzeug/wsgi.py 2016-04-24 18:31:32.000000000 +0000 +++ python-werkzeug-0.11.10+dfsg1/werkzeug/wsgi.py 2016-05-24 09:19:39.000000000 +0000 @@ -784,7 +784,8 @@ yield item -def make_line_iter(stream, limit=None, buffer_size=10 * 1024): +def make_line_iter(stream, limit=None, buffer_size=10 * 1024, + cap_at_buffer=False): """Safely iterates line-based over an input stream. If the input stream is not a :class:`LimitedStream` the `limit` parameter is mandatory. @@ -808,6 +809,12 @@ content length. Not necessary if the `stream` is a :class:`LimitedStream`. :param buffer_size: The optional buffer size. + :param cap_at_buffer: if this is set chunks are split if they are longer + than the buffer size. Internally this is implemented + that the buffer size might be exhausted by a factor + of two however. + .. versionadded:: 0.11.10 + added support for the `cap_at_buffer` parameter. """ _iter = _make_chunk_iter(stream, limit, buffer_size) @@ -831,11 +838,19 @@ if not new_data: break new_buf = [] + buf_size = 0 for item in chain(buffer, new_data.splitlines(True)): new_buf.append(item) + buf_size += len(item) if item and item[-1:] in crlf: yield _join(new_buf) new_buf = [] + elif cap_at_buffer and buf_size >= buffer_size: + rv = _join(new_buf) + while len(rv) >= buffer_size: + yield rv[:buffer_size] + rv = rv[buffer_size:] + new_buf = [rv] buffer = new_buf if buffer: yield _join(buffer) @@ -854,7 +869,8 @@ yield previous -def make_chunk_iter(stream, separator, limit=None, buffer_size=10 * 1024): +def make_chunk_iter(stream, separator, limit=None, buffer_size=10 * 1024, + cap_at_buffer=False): """Works like :func:`make_line_iter` but accepts a separator which divides chunks. If you want newline based processing you should use :func:`make_line_iter` instead as it @@ -865,12 +881,19 @@ .. versionadded:: 0.9 added support for iterators as input stream. + .. versionadded:: 0.11.10 + added support for the `cap_at_buffer` parameter. + :param stream: the stream or iterate to iterate over. :param separator: the separator that divides chunks. :param limit: the limit in bytes for the stream. (Usually content length. Not necessary if the `stream` is otherwise already limited). :param buffer_size: The optional buffer size. + :param cap_at_buffer: if this is set chunks are split if they are longer + than the buffer size. Internally this is implemented + that the buffer size might be exhausted by a factor + of two however. """ _iter = _make_chunk_iter(stream, limit, buffer_size) @@ -895,12 +918,24 @@ break chunks = _split(new_data) new_buf = [] + buf_size = 0 for item in chain(buffer, chunks): if item == separator: yield _join(new_buf) new_buf = [] + buf_size = 0 else: + buf_size += len(item) new_buf.append(item) + + if cap_at_buffer and buf_size >= buffer_size: + rv = _join(new_buf) + while len(rv) >= buffer_size: + yield rv[:buffer_size] + rv = rv[buffer_size:] + new_buf = [rv] + buf_size = len(rv) + buffer = new_buf if buffer: yield _join(buffer)