python-werkzeug: Update to 3.0.3 to fix CVE-2024-34069 (#9260)

2024-05-31 12:15:52 -07:00 · 2024-05-31 12:15:52 -07:00 · cf6ee9c6ce
--- a/SPECS/python-tensorboard/python-tensorboard.spec
+++ b/SPECS/python-tensorboard/python-tensorboard.spec
@ -7,14 +7,13 @@ TensorBoard is a suite of web applications for inspecting and understanding your
 Summary:        TensorBoard is a suite of web applications for inspecting and understanding your TensorFlow runs and graphs
 Name:           python-%{pypi_name}
 Version:        2.16.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/tensorflow/tensorboard
 # This source also contains the dependencies required for building tensorboard
 Source0:        %{_distro_sources_url}/%{name}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
-
 Patch0:         0000-Use-system-package.patch
 BuildRequires:  bazel
 BuildRequires:  build-essential
@ -94,6 +93,9 @@ mv %{pypi_name}-*.whl pyproject-wheeldir/
 %{python3_sitelib}/tensorboard_data_server*

 %changelog
+* Thu May 30 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 2.16.2-2
+- Bump release to build with new python-werkzeug to fix CVE-2024-34069
+
 * Thu Apr 25 2024 Riken Maharjan <rmaharjan@microsoft.com> - 2.16.2-1
 - Upgrade tensorboard to 2.16.2.

--- a/SPECS/python-werkzeug/python-werkzeug.signatures.json
+++ b/SPECS/python-werkzeug/python-werkzeug.signatures.json
@ -1,5 +1,5 @@
 {
-  "Signatures": {
-    "werkzeug-3.0.1.tar.gz": "d5aed0e7fe61a83cf385c94f7cf7f6c43a7affa7f81ef7b07bd632834756f4dc"
-  }
+ "Signatures": {
+  "werkzeug-3.0.3.tar.gz": "756fad67d0b2ada0cc26ee3d87717922769be8fd7085eb6687710e60164531be"
+ }
 }
--- a/SPECS/python-werkzeug/python-werkzeug.spec
+++ b/SPECS/python-werkzeug/python-werkzeug.spec
@ -3,7 +3,7 @@

 Summary:        The Swiss Army knife of Python web development
 Name:           python-werkzeug
-Version:        3.0.1
+Version:        3.0.3
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
@ -40,7 +40,7 @@ Werkzeug started as simple collection of various utilities for WSGI applications
 %package -n python3-werkzeug-doc
 Summary:        Documentation for python3-werkzeug
 Requires:       python3-werkzeug = %{version}-%{release}
- 
+
 %description -n python3-werkzeug-doc
 Documentation and examples for python3-werkzeug.

@ -73,11 +73,14 @@ pip3 install markupsafe
 %endif

 %files -n python3-%{modname} -f %{pyproject_files}
-%license LICENSE.rst
-%doc CHANGES.rst README.rst
+%license LICENSE.txt
+%doc CHANGES.rst README.md
 %files -n python3-werkzeug-doc

 %changelog
+* Thu May 30 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 3.0.3-1
+- Update to version 3.0.3 to fix CVE-2024-34069.
+
 * Thu Apr 04 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0.1-1
 - Auto-upgrade to 3.0.1 - 3.0 package upgrade
 - Import build, install and check section from Fedora 40 (license: MIT).
--- a/SPECS/tensorflow/tensorflow.spec
+++ b/SPECS/tensorflow/tensorflow.spec
@ -1,7 +1,7 @@
 Summary:        TensorFlow is an open source machine learning framework for everyone.
 Name:           tensorflow
 Version:        2.16.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@ -92,6 +92,9 @@ bazel --batch build  //tensorflow/tools/pip_package:build_pip_package
 %{_bindir}/toco_from_protos

 %changelog
+* Thu May 30 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 2.16.1-4
+- Bump release to build with new python-werkzeug to fix CVE-2024-34069
+
 * Mon Apr 29 2024 Riken Maharjan <rmaharjan@microsoft> - 2.16.1-3
 - Add tensorboard as runtime requirement

@ -108,10 +111,10 @@ bazel --batch build  //tensorflow/tools/pip_package:build_pip_package
 - Remove .bazelversion file.

 * Thu Jan 03 2022 Riken Maharjan <rmaharjan@microsoft> - 2.11.0-3
- Add tf-nightly subpackage. 
+- Add tf-nightly subpackage.

 * Thu Dec 08 2022 Riken Maharjan <rmaharjan@microsoft> - 2.11.0-2
- Correct markupsafe package name. 
+- Correct markupsafe package name.

 * Sun Dec 04 2022 Riken Maharjan <rmaharjan@microsoft> - 2.11.0-1
 - Update to 2.11.0
--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -24564,7 +24564,7 @@
        "other": {
          "name": "python-tensorboard",
          "version": "2.16.2",
-          "downloadUrl": "https://cblmarinerstorage.blob.core.windows.net/sources/core/python-tensorboard-2.16.2.tar.gz"
+          "downloadUrl": "https://azurelinuxsrcstorage.blob.core.windows.net/sources/core/python-tensorboard-2.16.2.tar.gz"
        }
      }
    },
@ -24923,8 +24923,8 @@
        "type": "other",
        "other": {
          "name": "python-werkzeug",
-          "version": "3.0.1",
-          "downloadUrl": "https://github.com/pallets/werkzeug/archive/3.0.1.tar.gz"
+          "version": "3.0.3",
+          "downloadUrl": "https://github.com/pallets/werkzeug/archive/3.0.3.tar.gz"
        }
      }
    },