From 7910547ccfd1f803a11dc7b3c221974b36eb9443 Mon Sep 17 00:00:00 2001
From: Karolina Surma <ksurma@redhat.com>
Date: Jul 03 2023 12:48:26 +0000
Subject: Adjust tests to work with urllib.parse.urlsplit() new behavior


To fix CVE-2023-24329 urllib.parse.urlsplit() now strips the leading
C0 and space characters. Change the expected tests outputs to match
that (desired) behavior.

---

diff --git a/Strip-leading-whitespaces-from-expected-values.patch b/Strip-leading-whitespaces-from-expected-values.patch
new file mode 100644
index 0000000..5b85221
--- /dev/null
+++ b/Strip-leading-whitespaces-from-expected-values.patch
@@ -0,0 +1,29 @@
+From 8dad2ab00914d75f1fdf756779a0005f2da8c84e Mon Sep 17 00:00:00 2001
+From: Karolina Surma <ksurma@redhat.com>
+Date: Mon, 3 Jul 2023 14:39:59 +0200
+Subject: [PATCH] Strip leading whitespaces from expected values
+
+---
+ tests/test_parse_shim.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_parse_shim.py b/tests/test_parse_shim.py
+index f49a643..adb8a01 100644
+--- a/tests/test_parse_shim.py
++++ b/tests/test_parse_shim.py
+@@ -52,10 +52,10 @@ class ParseResult:
+         # the base url is. Since our parser is not using a baseurl, it sets the
+         # scheme to "". Further, our parser includes spaces at the beginning,
+         # but I don't see that as being problematic.
+-        ("\t   :foo.com   \n", ParseResult(path="   :foo.com   ")),
++        ("\t   :foo.com   \n", ParseResult(path=":foo.com   ")),
+         # NOTE(willkg): The wpt tests set the path to "/foo/foo.com" because
+         # the base url is at "/foo"
+-        (" foo.com  ", ParseResult(path=" foo.com  ")),
++        (" foo.com  ", ParseResult(path="foo.com  ")),
+         ("a:\t foo.com", ParseResult(scheme="a", path=" foo.com")),
+         (
+             "http://f:21/ b ? d # e ",
+-- 
+2.41.0
+
diff --git a/python-bleach.spec b/python-bleach.spec
index 8153106..57bb498 100644
--- a/python-bleach.spec
+++ b/python-bleach.spec
@@ -2,13 +2,21 @@
 
 Name:           python-%{modname}
 Version:        6.0.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        An easy whitelist-based HTML-sanitizing tool
 
 License:        ASL 2.0
 URL:            https://github.com/mozilla/bleach
 Source0:        https://files.pythonhosted.org/packages/source/b/%{modname}/%{modname}-%{version}.tar.gz
 
+# As a result of fixed CVE-2023-24329, urllib.parse.urlsplit() now strips
+# the leading C0 control and space characters.
+# This breaks tests which expect those leading whitespace characters.
+# Upstream vendors an ancient parse.py from Python 3.6.14 and doesn't
+# experience this issue.
+# Discussed upstream: https://github.com/mozilla/bleach/issues/707
+Patch:          Strip-leading-whitespaces-from-expected-values.patch
+
 BuildArch:      noarch
 
 %global _description \
@@ -74,6 +82,9 @@ fi;
 
 
 %changelog
+* Mon Jul 03 2023 Karolina Surma <ksurma@redhat.com> - 6.0.0-3
+- Adjust the tests to work with the new urllib.parse.urlsplit() behavior
+
 * Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 6.0.0-2
 - Rebuilt for Python 3.12