Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-py for openSUSE:Factory
checked in at 2023-09-07 21:12:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-py (Old)
and /work/SRC/openSUSE:Factory/.python-py.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-py"
Thu Sep 7 21:12:07 2023 rev:42 rq:1109354 version:1.11.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-py/python-py.changes 2023-07-27
16:51:00.565882383 +0200
+++ /work/SRC/openSUSE:Factory/.python-py.new.1766/python-py.changes
2023-09-07 21:12:12.844175085 +0200
@@ -19,0 +20,7 @@
+Tue Jan 17 05:13:56 UTC 2023 - Steve Kowalik <steven.kowa...@suse.com>
+
+- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
+- Add patch remove-svn-remants.patch to help with that goal.
+- Refresh pr_222.patch as needed for above.
+
+-------------------------------------------------------------------
@@ -30,0 +38,6 @@
+
+-------------------------------------------------------------------
+Mon Mar 14 10:53:30 UTC 2022 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
+- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
New:
----
remove-svn-remants.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-py.spec ++++++
--- /var/tmp/diff_new_pack.LDMT62/_old 2023-09-07 21:12:14.052218269 +0200
+++ /var/tmp/diff_new_pack.LDMT62/_new 2023-09-07 21:12:14.056218412 +0200
@@ -36,6 +36,8 @@
Source:
https://files.pythonhosted.org/packages/source/p/py/py-%{version}.tar.gz
# https://github.com/pytest-dev/py/pull/222
Patch0: pr_222.patch
+# CVE-2022-42969 Remove all traces of svn
+Patch1: remove-svn-remants.patch
BuildRequires: %{python_module apipkg}
BuildRequires: %{python_module iniconfig}
BuildRequires: %{python_module setuptools_scm}
@@ -71,6 +73,14 @@
rm -f testing/log/test_warning.py
rm -r py/_vendored_packages
+# CVE-2022-42969 Remove all traces of svn
+pushd py/_path
+rm svnwc.py svnurl.py
+popd
+pushd testing/path
+rm conftest.py svntestbase.py test_svnauth.py test_svnurl.py test_svnwc.py
+popd
+
%build
%python_build
++++++ pr_222.patch ++++++
--- /var/tmp/diff_new_pack.LDMT62/_old 2023-09-07 21:12:14.092219699 +0200
+++ /var/tmp/diff_new_pack.LDMT62/_new 2023-09-07 21:12:14.096219843 +0200
@@ -369,152 +369,6 @@
def test_delentry_raising(self):
self.cache.getorbuild(100, lambda: 100)
-Index: py-1.9.0/testing/path/test_svnauth.py
-===================================================================
---- py-1.9.0.orig/testing/path/test_svnauth.py
-+++ py-1.9.0/testing/path/test_svnauth.py
-@@ -2,6 +2,7 @@ import py
- from py.path import SvnAuth
- import time
- import sys
-+import pytest
-
- svnbin = py.path.local.sysfind('svn')
-
-@@ -261,7 +262,8 @@ class TestSvnURLAuth(object):
- u.propget('foo')
- assert '--username="foo" --password="bar"' in u.commands[0]
-
--def pytest_funcarg__setup(request):
-+@pytest.fixture
-+def setup(request):
- return Setup(request)
-
- class Setup:
-@@ -271,7 +273,7 @@ class Setup:
- if not request.config.option.runslowtests:
- py.test.skip('use --runslowtests to run these tests')
-
-- tmpdir = request.getfuncargvalue("tmpdir")
-+ tmpdir = request.getfixturevalue("tmpdir")
- repodir = tmpdir.join("repo")
- py.process.cmdexec('svnadmin create %s' % repodir)
- if sys.platform == 'win32':
-Index: py-1.9.0/testing/path/test_svnurl.py
-===================================================================
---- py-1.9.0.orig/testing/path/test_svnurl.py
-+++ py-1.9.0/testing/path/test_svnurl.py
-@@ -2,10 +2,12 @@ import py
- from py._path.svnurl import InfoSvnCommand
- import datetime
- import time
-+import pytest
- from svntestbase import CommonSvnTests
-
--def pytest_funcarg__path1(request):
-- repo, repourl, wc = request.getfuncargvalue("repowc1")
-+@pytest.fixture
-+def path1(request):
-+ repo, repourl, wc = request.getfixturevalue("repowc1")
- return py.path.svnurl(repourl)
-
- class TestSvnURLCommandPath(CommonSvnTests):
-@@ -20,10 +22,12 @@ class TestSvnURLCommandPath(CommonSvnTes
- super(TestSvnURLCommandPath, self).test_visit_ignore(path1)
-
- def test_svnurl_needs_arg(self, path1):
-- py.test.raises(TypeError, "py.path.svnurl()")
-+ with py.test.raises(TypeError):
-+ py.path.svnurl()
-
- def test_svnurl_does_not_accept_None_either(self, path1):
-- py.test.raises(Exception, "py.path.svnurl(None)")
-+ with py.test.raises(Exception):
-+ py.path.svnurl(None)
-
- def test_svnurl_characters_simple(self, path1):
- py.path.svnurl("svn+ssh://hello/world")
-@@ -32,7 +36,8 @@ class TestSvnURLCommandPath(CommonSvnTes
- py.path.svnurl("http://u...@host.com/some/dir";)
-
- def test_svnurl_characters_at_path(self, path1):
-- py.test.raises(ValueError,
'py.path.svnurl("http://host.com/foo@bar";)')
-+ with py.test.raises(ValueError):
-+ py.path.svnurl("http://host.com/foo@bar";)
-
- def test_svnurl_characters_colon_port(self, path1):
- py.path.svnurl("http://host.com:8080/some/dir";)
-@@ -45,7 +50,8 @@ class TestSvnURLCommandPath(CommonSvnTes
- # colons are allowed on win32, because they're part of the drive
- # part of an absolute path... however, they shouldn't be allowed in
- # other parts, I think
-- py.test.raises(ValueError,
'py.path.svnurl("http://host.com/foo:bar";)')
-+ with py.test.raises(ValueError):
-+ py.path.svnurl("http://host.com/foo:bar";)
-
- def test_export(self, path1, tmpdir):
- tmpdir = tmpdir.join("empty")
-@@ -92,4 +98,5 @@ class TestSvnInfoCommand:
- assert info.kind == 'dir'
-
- def test_badchars():
-- py.test.raises(ValueError, "py.path.svnurl('http://host/tmp/@@@:')")
-+ with py.test.raises(ValueError):
-+ py.path.svnurl('http://host/tmp/@@@:')
-Index: py-1.9.0/testing/path/test_svnwc.py
-===================================================================
---- py-1.9.0.orig/testing/path/test_svnwc.py
-+++ py-1.9.0/testing/path/test_svnwc.py
-@@ -30,8 +30,9 @@ def test_make_repo(path1, tmpdir):
- rev = wc.commit()
- assert rev is None
-
--def pytest_funcarg__path1(request):
-- repo, repourl, wc = request.getfuncargvalue("repowc1")
-+@pytest.fixture
-+def path1(request):
-+ repo, repourl, wc = request.getfixturevalue("repowc1")
- return wc
-
- class TestWCSvnCommandPath(CommonSvnTests):
-@@ -346,7 +347,8 @@ class TestWCSvnCommandPath(CommonSvnTest
- somefile = root.join('somefile')
- somefile.ensure(file=True)
- # not yet added to repo
-- py.test.raises(Exception, 'somefile.lock()')
-+ with py.test.raises(Exception):
-+ somefile.lock()
- somefile.write('foo')
- somefile.commit('test')
- assert somefile.check(versioned=True)
-@@ -357,13 +359,15 @@ class TestWCSvnCommandPath(CommonSvnTest
- assert locked[0].basename == somefile.basename
- assert locked[0].dirpath().basename == somefile.dirpath().basename
- #assert somefile.locked()
-- py.test.raises(Exception, 'somefile.lock()')
-+ with py.test.raises(Exception):
-+ somefile.lock()
- finally:
- somefile.unlock()
- #assert not somefile.locked()
- locked = root.status().locked
- assert locked == []
-- py.test.raises(Exception, 'somefile,unlock()')
-+ with py.test.raises(Exception):
-+ somefile,unlock()
- somefile.remove()
-
- def test_commit_nonrecursive(self, path1):
-@@ -481,7 +485,8 @@ class TestInfoSvnWCCommand:
-
-
- def test_characters_at():
-- py.test.raises(ValueError, "py.path.svnwc('/tmp/@@@:')")
-+ with py.test.raises(ValueError):
-+ py.path.svnwc('/tmp/@@@:')
-
- def test_characters_tilde():
- py.path.svnwc('/tmp/test~')
Index: py-1.9.0/testing/root/test_builtin.py
===================================================================
--- py-1.9.0.orig/testing/root/test_builtin.py
++++++ remove-svn-remants.patch ++++++
Index: py-1.10.0/testing/path/test_local.py
===================================================================
--- py-1.10.0.orig/testing/path/test_local.py
+++ py-1.10.0/testing/path/test_local.py
@@ -338,11 +338,11 @@ class TestLocalPath(common.CommonFSTests
l2 = local(l)
assert l2 == l
- wc = py.path.svnwc('.')
- l3 = local(wc)
- assert l3 is not wc
- assert l3.strpath == wc.strpath
- assert not hasattr(l3, 'commit')
+ #wc = py.path.svnwc('.')
+ #l3 = local(wc)
+ #assert l3 is not wc
+ #assert l3.strpath == wc.strpath
+ #assert not hasattr(l3, 'commit')
@py.test.mark.xfail(run=False, reason="unreliable est for long filenames")
def test_long_filenames(self, tmpdir):
Index: py-1.10.0/py/__init__.py
===================================================================
--- py-1.10.0.orig/py/__init__.py
+++ py-1.10.0/py/__init__.py
@@ -57,10 +57,7 @@ apipkg.initpkg(__name__, attr={'_apipkg'
'path' : {
'__doc__' : '._path:__doc__',
- 'svnwc' : '._path.svnwc:SvnWCCommandPath',
- 'svnurl' : '._path.svnurl:SvnCommandPath',
'local' : '._path.local:LocalPath',
- 'SvnAuth' : '._path.svnwc:SvnAuth',
},
# python inspection/code-generation API
