Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-GitPython for openSUSE:Factory checked in at 2023-01-05 14:59:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-GitPython (Old) and /work/SRC/openSUSE:Factory/.python-GitPython.new.1563 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-GitPython" Thu Jan 5 14:59:49 2023 rev:25 rq:1046682 version:3.1.30.1672298042.141cd65 Changes: -------- --- /work/SRC/openSUSE:Factory/python-GitPython/python-GitPython.changes 2022-11-08 10:54:00.589619961 +0100 +++ /work/SRC/openSUSE:Factory/.python-GitPython.new.1563/python-GitPython.changes 2023-01-05 14:59:51.976774558 +0100 @@ -1,0 +2,23 @@ +Wed Jan 4 06:33:38 UTC 2023 - Steve Kowalik <steven.kowa...@suse.com> + +- Update to version 3.1.30.1672298042.141cd65: + * Make injections of command-invocations harder or impossible for clone and + others. See #1518 for details. Note that this might constitute a breaking + change for some users. (bsc#1206099, CVE-2022-24439) + * Prohibit insecure options and protocols by default, which is potentially a + breaking change, but a necessary fix for #1515. + * Make the git.__version__ re-appear. + * Reduced startup time due to optimized imports. + * Fix a vulenerability that could cause great slowdowns when encountering + long remote path names when pulling/fetching. + * Newly added timeout flag is not be enabled by default, and was renamed + to kill_after_timeout + * drop support for python 3.5 to reduce maintenance burden on typing. + * Add more static typing information + * git.Commit objects now have a replace method that will return a copy of + the commit with modified attributes. + * Add python 3.9 support + * Drop python 3.4 support +- Refresh patches. + +------------------------------------------------------------------- Old: ---- GitPython-3.1.12.1610074031.f653af66.tar.xz New: ---- GitPython-3.1.30.1672298042.141cd65.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-GitPython.spec ++++++ --- /var/tmp/diff_new_pack.aFCsQk/_old 2023-01-05 14:59:52.604774053 +0100 +++ /var/tmp/diff_new_pack.aFCsQk/_new 2023-01-05 14:59:52.612774046 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-GitPython # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define skip_python2 1 Name: python-GitPython -Version: 3.1.12.1610074031.f653af66 +Version: 3.1.30.1672298042.141cd65 Release: 0 Summary: Python Git Library License: BSD-3-Clause @@ -51,11 +51,10 @@ are 'cgit' and pure python, which is the default. %prep -%setup -q -n GitPython-%{version} -echo y | ./init-tests-after-clone.sh -%autopatch -p1 +%autosetup -p1 -n GitPython-%{version} # do not pull in extra deps sed -i -e '/tox/d' -e '/flake8/d' -e '/coverage/d' test-requirements.txt +sed -i -e '/addopts/d' pyproject.toml %build %python_build @@ -78,7 +77,7 @@ git config --global user.email "y...@example.com" git config --global user.name "Your Name" -%pytest -k 'not test_installation' test +%pytest -k 'not (test_installation or test_rev_parse)' %files %{python_files} %license LICENSE ++++++ GitPython-3.1.12.1610074031.f653af66.tar.xz -> GitPython-3.1.30.1672298042.141cd65.tar.xz ++++++ /work/SRC/openSUSE:Factory/python-GitPython/GitPython-3.1.12.1610074031.f653af66.tar.xz /work/SRC/openSUSE:Factory/.python-GitPython.new.1563/GitPython-3.1.30.1672298042.141cd65.tar.xz differ: char 13, line 1 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.aFCsQk/_old 2023-01-05 14:59:52.676773995 +0100 +++ /var/tmp/diff_new_pack.aFCsQk/_new 2023-01-05 14:59:52.680773992 +0100 @@ -1,12 +1,12 @@ <services> <service name="tar_scm" mode="disabled"> - <param name="versionprefix">3.1.12</param> - <param name="url">git://github.com/gitpython-developers/GitPython</param> + <param name="versionprefix">3.1.30</param> + <param name="url">https://github.com/gitpython-developers/GitPython</param> <param name="scm">git</param> <param name="package-meta">yes</param> <param name="changesgenerate">enable</param> <param name="submodules">enable</param> - <param name="revision">f653af66e4c9461579ec44db50e113facf61e2d3</param> + <param name="revision">141cd651e459bff8919798b3ccf03dfa167757f6</param> </service> <service name="recompress" mode="disabled"> <param name="compression">xz</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.aFCsQk/_old 2023-01-05 14:59:52.700773976 +0100 +++ /var/tmp/diff_new_pack.aFCsQk/_new 2023-01-05 14:59:52.704773972 +0100 @@ -1,6 +1,8 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/gitpython-developers/GitPython</param> - <param name="changesrevision">f653af66e4c9461579ec44db50e113facf61e2d3</param></service></servicedata> + <param name="changesrevision">f653af66e4c9461579ec44db50e113facf61e2d3</param></service><service name="tar_scm"> + <param name="url">https://github.com/gitpython-developers/GitPython</param> + <param name="changesrevision">141cd651e459bff8919798b3ccf03dfa167757f6</param></service></servicedata> (No newline at EOF) ++++++ test-skips.patch ++++++ --- /var/tmp/diff_new_pack.aFCsQk/_old 2023-01-05 14:59:52.716773963 +0100 +++ /var/tmp/diff_new_pack.aFCsQk/_new 2023-01-05 14:59:52.720773960 +0100 @@ -1,20 +1,21 @@ -Index: GitPython-3.1.7.1594621338.176838a3/test/test_base.py +Index: GitPython-3.1.30.1672298042.141cd65/test/test_base.py =================================================================== ---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_base.py -+++ GitPython-3.1.7.1594621338.176838a3/test/test_base.py -@@ -111,7 +111,7 @@ class TestBase(TestBase): +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_base.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_base.py +@@ -104,7 +104,8 @@ class TestBase(_TestBase): assert not rw_repo.config_reader("repository").getboolean("core", "bare") - assert osp.isdir(osp.join(rw_repo.working_tree_dir, 'lib')) + assert osp.isdir(osp.join(rw_repo.working_tree_dir, "lib")) -- #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") +- @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") ++ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') - @with_rw_and_rw_remote_repo('0.1.6') + @with_rw_and_rw_remote_repo("0.1.6") def test_with_rw_remote_and_rw_repo(self, rw_repo, rw_remote_repo): assert not rw_repo.config_reader("repository").getboolean("core", "bare") -Index: GitPython-3.1.7.1594621338.176838a3/test/test_remote.py +Index: GitPython-3.1.30.1672298042.141cd65/test/test_remote.py =================================================================== ---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_remote.py -+++ GitPython-3.1.7.1594621338.176838a3/test/test_remote.py +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_remote.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_remote.py @@ -4,6 +4,7 @@ # This module is part of GitPython and is released under # the BSD License: http://www.opensource.org/licenses/bsd-license.php @@ -22,61 +23,79 @@ +import os import random import tempfile - from unittest import skipIf -@@ -408,7 +409,7 @@ class TestRemote(TestBase): + import pytest +@@ -430,7 +431,8 @@ class TestRemote(TestBase): TagReference.delete(rw_repo, new_tag, other_tag) - remote.push(":%s" % other_tag.path) + remote.push(":%s" % other_tag.path, kill_after_timeout=10.0) - @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!") ++ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!") + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') - @with_rw_and_rw_remote_repo('0.1.6') + @with_rw_and_rw_remote_repo("0.1.6") def test_base(self, rw_repo, remote_repo): num_remotes = 0 -@@ -641,6 +642,7 @@ class TestRemote(TestBase): +@@ -681,6 +683,7 @@ class TestRemote(TestBase): # will raise fatal: Will not delete all non-push URLs self.assertRaises(GitCommandError, remote.delete_url, test3) + @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'GitHub connection error') def test_fetch_error(self): - rem = self.rorepo.remote('origin') + rem = self.rorepo.remote("origin") with self.assertRaisesRegex(GitCommandError, "[Cc]ouldn't find remote ref __BAD_REF__"): -Index: GitPython-3.1.7.1594621338.176838a3/test/test_submodule.py +Index: GitPython-3.1.30.1672298042.141cd65/test/test_submodule.py =================================================================== ---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_submodule.py -+++ GitPython-3.1.7.1594621338.176838a3/test/test_submodule.py -@@ -420,12 +420,13 @@ class TestSubmodule(TestBase): - def test_base_bare(self, rwrepo): - self._do_base_tests(rwrepo) - -- @skipIf(HIDE_WINDOWS_KNOWN_ERRORS and sys.version_info[:2] == (3, 5), """ +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_submodule.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_submodule.py +@@ -453,14 +453,15 @@ class TestSubmodule(TestBase): + reason="Cygwin GitPython can't find submodule SHA", + raises=ValueError + ) +- @skipIf( +- HIDE_WINDOWS_KNOWN_ERRORS, +- """ - File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute - raise GitCommandNotFound(command, err) - git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid') -- cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""") # noqa E501 -+ #@skipIf(HIDE_WINDOWS_KNOWN_ERRORS and sys.version_info[:2] == (3, 5), """ +- cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""", +- ) # noqa E501 ++ #@skipIf( ++ # HIDE_WINDOWS_KNOWN_ERRORS, ++ # """ + # File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute + # raise GitCommandNotFound(command, err) + # git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid') -+ # cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""") # noqa E501 - @with_rw_repo(k_subm_current, bare=False) ++ # cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""", ++ #) # noqa E501 + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') + @with_rw_repo(k_subm_current, bare=False) def test_root_module(self, rwrepo): # Can query everything without problems - rm = RootModule(self.rorepo) -@@ -750,6 +751,7 @@ class TestSubmodule(TestBase): +@@ -802,6 +803,7 @@ class TestSubmodule(TestBase): # "FIXME: helper.wrapper fails with: PermissionError: [WinError 5] Access is denied: " # "'C:\\Users\\appveyor\\AppData\\Local\\Temp\\1\\test_work_tree_unsupportedryfa60di\\master_repo\\.git\\objects\\pack\\pack-bc9e0787aef9f69e1591ef38ea0a6f566ec66fe3.idx") # noqa E501 @with_rw_directory + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') def test_git_submodule_compatibility(self, rwdir): - parent = git.Repo.init(osp.join(rwdir, 'parent')) - sm_path = join_path_native('submodules', 'intermediate', 'one') -@@ -825,6 +827,7 @@ class TestSubmodule(TestBase): + parent = git.Repo.init(osp.join(rwdir, "parent")) + sm_path = join_path_native("submodules", "intermediate", "one") +@@ -887,6 +889,7 @@ class TestSubmodule(TestBase): # end for each dry-run mode @with_rw_directory + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') def test_remove_norefs(self, rwdir): - parent = git.Repo.init(osp.join(rwdir, 'parent')) - sm_name = 'mymodules/myname' + parent = git.Repo.init(osp.join(rwdir, "parent")) + sm_name = "mymodules/myname" +Index: GitPython-3.1.30.1672298042.141cd65/test/test_repo.py +=================================================================== +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_repo.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_repo.py +@@ -250,6 +250,7 @@ class TestRepo(TestBase): + except UnicodeEncodeError: + self.fail("Raised UnicodeEncodeError") + ++ @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'Gitlab connection error') + @with_rw_directory + def test_leaking_password_in_clone_logs(self, rw_dir): + password = "fakepassword1234"