commit heroic-gogdl for openSUSE:Factory

Source-Sync Sat, 25 Apr 2026 12:37:23 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package heroic-gogdl for openSUSE:Factory 
checked in at 2026-04-25 21:35:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/heroic-gogdl (Old)
 and      /work/SRC/openSUSE:Factory/.heroic-gogdl.new.11940 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "heroic-gogdl"

Sat Apr 25 21:35:30 2026 rev:7 rq:1349041 version:1.2.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/heroic-gogdl/heroic-gogdl.changes        
2026-04-16 17:26:08.029367133 +0200
+++ /work/SRC/openSUSE:Factory/.heroic-gogdl.new.11940/heroic-gogdl.changes     
2026-04-25 21:35:45.969854566 +0200
@@ -2 +2,30 @@
-Thu Apr 16 00:56:23 UTC 2026 - Jonatas Gonçalves <[email protected]>
+Fri Apr 24 03:23:31 UTC 2026 - Jonatas Gonçalves <[email protected]>
+
+- Update use-system-xdelta3.patch:
+  * Remove experimental debug prints and temporary build logs.
+  * Properly implement xdelta3 call via subprocess.run with safety checks.
+  * Fix argument injection risk by using list-based command arguments.
+  * Fixes (boo#1262128). 
+
+-------------------------------------------------------------------
+Thu Apr 23 12:52:00 UTC 2026 - Jonatas Gonçalves <[email protected]>
+
+- Update use-system-xdelta3.patch to fix (boo#1262128)
+  * Patch replaced upstream functionality and introduced behavioral
+    and security issues (argument injection risk)
+  * Restore upstream xdelta3 implementation for correctness and
+    maintainability 
+
+-------------------------------------------------------------------
+Thu Apr 16 23:47:51 UTC 2026 - Jonatas Gonçalves <[email protected]>
+
+- Update patch use-system-xdelta3.patch to fix (boo#1262128):
+  * Properly invoke xdelta3 binary using subprocess.run.
+  * Add shutil.which to locate xdelta3 in the system PATH.
+  * Fixes issues where the patch was only constructing the command line
+    but not executing the patch process.
+  * Fixes build/runtime failure with Python 3.13 due to broken 
+    upstream xdelta3 module. 
+
+-------------------------------------------------------------------
+Tue Apr 16 00:56:23 UTC 2026 - Jonatas Gonçalves <[email protected]>

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.oPQDnN/_old  2026-04-25 21:35:46.477875238 +0200
+++ /var/tmp/diff_new_pack.oPQDnN/_new  2026-04-25 21:35:46.477875238 +0200
@@ -1,5 +1,5 @@
-mtime: 1776301051
-commit: 215019476ab6e77f5ca93fdb5ff91214c008590aceae324f4686071fb6b2e545
+mtime: 1777001046
+commit: 6a51091ee35f937f7a1e694ee3fa36c44a555766c7acb2ceb579f8d2a526bb0d
 url: https://src.opensuse.org/MaxxedSUSE/heroic-gogdl
 revision: master
 

++++++ use-system-xdelta3.patch ++++++
--- /var/tmp/diff_new_pack.oPQDnN/_old  2026-04-25 21:35:46.497876051 +0200
+++ /var/tmp/diff_new_pack.oPQDnN/_new  2026-04-25 21:35:46.501876215 +0200
@@ -1,38 +1,46 @@
-diff '--color=auto' -rub 
heroic-gogdl-1.2.0.orig/gogdl/dl/workers/task_executor.py 
heroic-gogdl-1.2.0/gogdl/dl/workers/task_executor.py
---- heroic-gogdl-1.2.0.orig/gogdl/dl/workers/task_executor.py  2026-01-21 
07:20:18.000000000 -0300
-+++ heroic-gogdl-1.2.0/gogdl/dl/workers/task_executor.py       2026-01-29 
21:23:51.634296751 -0300
-@@ -1,6 +1,7 @@
- from multiprocessing.shared_memory import SharedMemory
- import os
- from queue import Empty
-+import subprocess
- import shutil
- import sys
- import stat
-@@ -17,7 +18,6 @@
+diff '--color=auto' -rubN 
heroic-gogdl-1.2.1.orig/gogdl/dl/workers/task_executor.py 
heroic-gogdl-1.2.1/gogdl/dl/workers/task_executor.py
+--- heroic-gogdl-1.2.1.orig/gogdl/dl/workers/task_executor.py  2026-02-06 
11:17:40.000000000 -0300
++++ heroic-gogdl-1.2.1/gogdl/dl/workers/task_executor.py       2026-04-24 
00:16:47.527280540 -0300
+@@ -17,7 +17,8 @@
  from enum import Enum, auto
  from multiprocessing import Process, Queue
  from gogdl.dl.objects.generic import MemorySegment, TaskFlag, TerminateWorker
 -import gogdl.xdelta3
++import subprocess
++import shutil
  
  
  class FailReason(Enum):
-@@ -357,7 +357,17 @@
+@@ -357,7 +358,31 @@
                      patch = os.path.join(task.destination, task.patch_file)
                      patch = dl_utils.get_case_insensitive_name(patch)
                      target = task_path
 -                    gogdl.xdelta3.patch(source, patch, target, 
self.speed_queue)
++
 +                    xdelta = shutil.which("xdelta3")
 +                    if not xdelta:
 +                        raise RuntimeError("xdelta3 binary not found")
 +
 +                    cmd = [
 +                        xdelta,
-+                        "-d",        # decode
++                        "-d",
 +                        "-s", source,
++                        "--",
 +                        patch,
 +                        target
 +                    ]
++
++                    result = subprocess.run(
++                        cmd,
++                        stdout=subprocess.PIPE,
++                        stderr=subprocess.PIPE,
++                        check=False
++                    )
++
++                    if result.returncode != 0:
++                        raise RuntimeError(
++                            f"xdelta3 failed: 
{result.stderr.decode(errors='ignore')}"
++                        )
  
                  except Exception as e:
                      print("Patch failed", e)

commit heroic-gogdl for openSUSE:Factory

Reply via email to