!107 Fix #1115 and rebuid for openEuler-22.03-LTS-SP4

From: @wang--ge 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001

0001-fix-1065-gevent-1.3.0-removes-fast-wsgi-implementati.patch

@@ -0,0 +1,37 @@
+From 19a12f898b7343e16f0d08821de6aac169143752 Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Tue, 27 Nov 2018 19:27:54 +0100
+Subject: [PATCH] fix #1065 gevent-1.3.0 removes 'fast' wsgi implementation.
+
+---
+ bottle.py | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/bottle.py b/bottle.py
+index 3a51b38..cb46893 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -2904,14 +2904,16 @@ class GeventServer(ServerAdapter):
+         * See gevent.wsgi.WSGIServer() documentation for more options.
+     """
+     def run(self, handler):
+-        from gevent import wsgi, pywsgi, local
++        from gevent import pywsgi, local
+         if not isinstance(threading.local(), local.local):
+             msg = "Bottle requires gevent.monkey.patch_all() (before import)"
+             raise RuntimeError(msg)
+-        if not self.options.pop('fast', None): wsgi = pywsgi
+-        self.options['log'] = None if self.quiet else 'default'
++        if self.options.pop('fast', None):
++            depr('The "fast" option has been deprecated and removed by Gevent.')
++        if self.quiet:
++            self.options['log'] = None
+         address = (self.host, self.port)
+-        server = wsgi.WSGIServer(address, handler, **self.options)
++        server = pywsgi.WSGIServer(address, handler, **self.options)
+         if 'BOTTLE_CHILD' in os.environ:
+             import signal
+             signal.signal(signal.SIGINT, lambda s, f: server.stop())
+-- 
+2.39.0.windows.2
+

0002-Fix-930-DeprecationWarning-Flags-not-at-the-start-of.patch

@@ -0,0 +1,39 @@
+From 0c3db605e927e6a58cefaecae3a3c6ef1e34dad5 Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Sat, 1 Dec 2018 17:35:14 +0100
+Subject: [PATCH] Fix #930: DeprecationWarning: Flags not at the start of the
+ expression
+
+Backported from 0.13-dev
+---
+ bottle.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/bottle.py b/bottle.py
+index fd663f7..dae4f56 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -3420,7 +3420,7 @@ class StplParser(object):
+     _re_cache = {} #: Cache for compiled re patterns
+     # This huge pile of voodoo magic splits python code into 8 different tokens.
+     # 1: All kinds of python strings (trust me, it works)
+-    _re_tok = '((?m)[urbURB]?(?:\'\'(?!\')|""(?!")|\'{6}|"{6}' \
++    _re_tok = '([urbURB]?(?:\'\'(?!\')|""(?!")|\'{6}|"{6}' \
+                '|\'(?:[^\\\\\']|\\\\.)+?\'|"(?:[^\\\\"]|\\\\.)+?"' \
+                '|\'{3}(?:[^\\\\]|\\\\.|\\n)+?\'{3}' \
+                '|"{3}(?:[^\\\\]|\\\\.|\\n)+?"{3}))'
+@@ -3443,8 +3443,9 @@ class StplParser(object):
+     # Match the start tokens of code areas in a template
+     _re_split = '(?m)^[ \t]*(\\\\?)((%(line_start)s)|(%(block_start)s))(%%?)'
+     # Match inline statements (may contain python strings)
+-    _re_inl = '%%(inline_start)s((?:%s|[^\'"\n]*?)+)%%(inline_end)s' % _re_inl
+-
++    _re_inl = '(?m)%%(inline_start)s((?:%s|[^\'"\n]*?)+)%%(inline_end)s' % _re_inl
++    _re_tok = '(?m)' + _re_tok
++    
+     default_syntax = '<% %> % {{ }}'
+ 
+     def __init__(self, source, syntax=None, encoding='utf8'):
+-- 
+2.39.0.windows.2
+

0003-fix-1115-Some-modules-set-__file__-as-None.patch

@@ -0,0 +1,27 @@
+From 076f41759ceacb1a804517270392f0ef75adb07f Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Thu, 13 Dec 2018 08:26:27 +0100
+Subject: [PATCH] fix #1115: Some modules set __file__ as None
+
+This is not allowed (the __file__ attribute MUST be either a string, or unset),
+but seems to happen anyway and is easy to work around in bottle.
+---
+ bottle.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bottle.py b/bottle.py
+index 01b581e..f254bac 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -3156,7 +3156,7 @@ class FileCheckerThread(threading.Thread):
+         files = dict()
+ 
+         for module in list(sys.modules.values()):
+-            path = getattr(module, '__file__', '')
++            path = getattr(module, '__file__', '') or ''
+             if path[-4:] in ('.pyo', '.pyc'): path = path[:-1]
+             if path and exists(path): files[path] = mtime(path)
+ 
+-- 
+2.39.0.windows.2
+

CVE-2020-28473.patch

@@ -0,0 +1,27 @@
+From 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Wed, 11 Nov 2020 19:24:29 +0100
+Subject: [PATCH] Do not split query strings on `;` anymore.
+
+Using `;` as a separator instead of `&` was allowed a long time ago,
+but is now obsolete and actually invalid according to the 2014 W3C
+recommendations. Even if this change is technically backwards-incompatible,
+no real-world application should depend on broken behavior. If you REALLY
+need this functionality, monkey-patch the _parse_qsl() function.
+---
+ bottle.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bottle.py b/bottle.py
+index bcfc5e62..417b01b9 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -2585,7 +2585,7 @@ def parse_range_header(header, maxlen=0):
+ 
+ def _parse_qsl(qs):
+     r = []
+-    for pair in qs.replace(';','&').split('&'):
++    for pair in qs.split('&'):
+         if not pair: continue
+         nv = pair.split('=', 1)
+         if len(nv) != 2: nv.append('')

CVE-2022-31799.patch

@@ -0,0 +1,40 @@
+From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Thu, 26 May 2022 14:49:32 +0200
+Subject: [PATCH] Gracefully handle errors during early request binding.
+
+---
+ bottle.py | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/bottle.py b/bottle.py
+index 04ccf7da..035f99ec 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -848,17 +848,19 @@ def default_error_handler(self, res):
+         return tob(template(ERROR_PAGE_TEMPLATE, e=res))
+ 
+     def _handle(self, environ):
+-        path = environ['bottle.raw_path'] = environ['PATH_INFO']
+-        if py3k:
+-            try:
+-                environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+-            except UnicodeError:
+-                return HTTPError(400, 'Invalid path string. Expected UTF-8')
+-
+         try:
++
+             environ['bottle.app'] = self
+             request.bind(environ)
+             response.bind()
++
++            path = environ['bottle.raw_path'] = environ['PATH_INFO']
++            if py3k:
++                try:
++                    environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
++                except UnicodeError:
++                    return HTTPError(400, 'Invalid path string. Expected UTF-8')
++
+             try:
+                 self.trigger_hook('before_request')
+                 route, args = self.router.match(environ)

python-bottle.spec

@@ -1,10 +1,16 @@
 Name:           python-bottle
 Version:        0.12.13
-Release:        8
+Release:        14
 Summary:        WSGI micro web-framework for Python.
 License:        MIT
 URL:            https://github.com/bottlepy/bottle
 Source0:        https://github.com/bottlepy/bottle/archive/%{version}/bottle-%{version}.tar.gz
+Patch0000:      CVE-2020-28473.patch
+#https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
+Patch0001:      CVE-2022-31799.patch
+Patch0002:      0001-fix-1065-gevent-1.3.0-removes-fast-wsgi-implementati.patch
+Patch0003:      0002-Fix-930-DeprecationWarning-Flags-not-at-the-start-of.patch
+Patch0004:      0003-fix-1115-Some-modules-set-__file__-as-None.patch
 BuildArch:      noarch
 BuildRequires:  python3-devel python3-setuptools
 
@@ -23,7 +29,7 @@ It is distributed as a single file module and has no dependencies other than
 the Python Standard Library.
 
 %prep
-%autosetup -n bottle-%{version}
+%autosetup -n bottle-%{version} -p1
 sed -i '/^#!/d' bottle.py
 
 %build
@@ -42,6 +48,24 @@ sed -i '/^#!/d' bottle.py
 %exclude %{_bindir}/bottle.py
 
 %changelog
+* Tue May 28 2024 Ge Wang <wang__ge@126.com> - 0.12.13-14
+- rebuild for openEuler-22.03-LTS-SP4
+
+* Tue May 28 2024 Ge Wang <wang__ge@126.com> - 0.12.13-13
+- Fix #1115: Some modules set __file__ as None
+
+* Wed Nov 22 2023 zhangliangpengkun<zhangliangpengkun@xfusion.com> - 0.12.13-12
+- Fix #930: DeprecationWarning: Flags not at the start of the expression
+
+* Thu Nov 09 2023 zhangliangpengkun<zhangliangpengkun@xfusion.com> - 0.12.13-11
+- fix #1065 gevent-1.3.0 removes 'fast' wsgi implementation.
+
+* Tue Jun 14 2022 yaoxin <yaoxin30@h-partners.com> - 0.12.13-10
+- Fix CVE-2022-31799
+
+* Fri Feb 19 2021 zhanghua <zhanghua40@huawei.com> - 0.12.13-9
+- fix CVE-2020-28473
+
 * Wed Oct 21 2020 chengzihan <chengzihan2@huawei.com> - 0.12.13-8
 - Modify url and remove subpackage python2-bottle