Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-py for openSUSE:Factory checked in at 2023-09-07 21:12:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-py (Old) and /work/SRC/openSUSE:Factory/.python-py.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-py" Thu Sep 7 21:12:07 2023 rev:42 rq:1109354 version:1.11.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-py/python-py.changes 2023-07-27 16:51:00.565882383 +0200 +++ /work/SRC/openSUSE:Factory/.python-py.new.1766/python-py.changes 2023-09-07 21:12:12.844175085 +0200 @@ -19,0 +20,7 @@ +Tue Jan 17 05:13:56 UTC 2023 - Steve Kowalik <steven.kowa...@suse.com> + +- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969) +- Add patch remove-svn-remants.patch to help with that goal. +- Refresh pr_222.patch as needed for above. + +------------------------------------------------------------------- @@ -30,0 +38,6 @@ + +------------------------------------------------------------------- +Mon Mar 14 10:53:30 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaub...@suse.com> + +- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972) +- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0 New: ---- remove-svn-remants.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-py.spec ++++++ --- /var/tmp/diff_new_pack.LDMT62/_old 2023-09-07 21:12:14.052218269 +0200 +++ /var/tmp/diff_new_pack.LDMT62/_new 2023-09-07 21:12:14.056218412 +0200 @@ -36,6 +36,8 @@ Source: https://files.pythonhosted.org/packages/source/p/py/py-%{version}.tar.gz # https://github.com/pytest-dev/py/pull/222 Patch0: pr_222.patch +# CVE-2022-42969 Remove all traces of svn +Patch1: remove-svn-remants.patch BuildRequires: %{python_module apipkg} BuildRequires: %{python_module iniconfig} BuildRequires: %{python_module setuptools_scm} @@ -71,6 +73,14 @@ rm -f testing/log/test_warning.py rm -r py/_vendored_packages +# CVE-2022-42969 Remove all traces of svn +pushd py/_path +rm svnwc.py svnurl.py +popd +pushd testing/path +rm conftest.py svntestbase.py test_svnauth.py test_svnurl.py test_svnwc.py +popd + %build %python_build ++++++ pr_222.patch ++++++ --- /var/tmp/diff_new_pack.LDMT62/_old 2023-09-07 21:12:14.092219699 +0200 +++ /var/tmp/diff_new_pack.LDMT62/_new 2023-09-07 21:12:14.096219843 +0200 @@ -369,152 +369,6 @@ def test_delentry_raising(self): self.cache.getorbuild(100, lambda: 100) -Index: py-1.9.0/testing/path/test_svnauth.py -=================================================================== ---- py-1.9.0.orig/testing/path/test_svnauth.py -+++ py-1.9.0/testing/path/test_svnauth.py -@@ -2,6 +2,7 @@ import py - from py.path import SvnAuth - import time - import sys -+import pytest - - svnbin = py.path.local.sysfind('svn') - -@@ -261,7 +262,8 @@ class TestSvnURLAuth(object): - u.propget('foo') - assert '--username="foo" --password="bar"' in u.commands[0] - --def pytest_funcarg__setup(request): -+@pytest.fixture -+def setup(request): - return Setup(request) - - class Setup: -@@ -271,7 +273,7 @@ class Setup: - if not request.config.option.runslowtests: - py.test.skip('use --runslowtests to run these tests') - -- tmpdir = request.getfuncargvalue("tmpdir") -+ tmpdir = request.getfixturevalue("tmpdir") - repodir = tmpdir.join("repo") - py.process.cmdexec('svnadmin create %s' % repodir) - if sys.platform == 'win32': -Index: py-1.9.0/testing/path/test_svnurl.py -=================================================================== ---- py-1.9.0.orig/testing/path/test_svnurl.py -+++ py-1.9.0/testing/path/test_svnurl.py -@@ -2,10 +2,12 @@ import py - from py._path.svnurl import InfoSvnCommand - import datetime - import time -+import pytest - from svntestbase import CommonSvnTests - --def pytest_funcarg__path1(request): -- repo, repourl, wc = request.getfuncargvalue("repowc1") -+@pytest.fixture -+def path1(request): -+ repo, repourl, wc = request.getfixturevalue("repowc1") - return py.path.svnurl(repourl) - - class TestSvnURLCommandPath(CommonSvnTests): -@@ -20,10 +22,12 @@ class TestSvnURLCommandPath(CommonSvnTes - super(TestSvnURLCommandPath, self).test_visit_ignore(path1) - - def test_svnurl_needs_arg(self, path1): -- py.test.raises(TypeError, "py.path.svnurl()") -+ with py.test.raises(TypeError): -+ py.path.svnurl() - - def test_svnurl_does_not_accept_None_either(self, path1): -- py.test.raises(Exception, "py.path.svnurl(None)") -+ with py.test.raises(Exception): -+ py.path.svnurl(None) - - def test_svnurl_characters_simple(self, path1): - py.path.svnurl("svn+ssh://hello/world") -@@ -32,7 +36,8 @@ class TestSvnURLCommandPath(CommonSvnTes - py.path.svnurl("http://u...@host.com/some/dir") - - def test_svnurl_characters_at_path(self, path1): -- py.test.raises(ValueError, 'py.path.svnurl("http://host.com/foo@bar")') -+ with py.test.raises(ValueError): -+ py.path.svnurl("http://host.com/foo@bar") - - def test_svnurl_characters_colon_port(self, path1): - py.path.svnurl("http://host.com:8080/some/dir") -@@ -45,7 +50,8 @@ class TestSvnURLCommandPath(CommonSvnTes - # colons are allowed on win32, because they're part of the drive - # part of an absolute path... however, they shouldn't be allowed in - # other parts, I think -- py.test.raises(ValueError, 'py.path.svnurl("http://host.com/foo:bar")') -+ with py.test.raises(ValueError): -+ py.path.svnurl("http://host.com/foo:bar") - - def test_export(self, path1, tmpdir): - tmpdir = tmpdir.join("empty") -@@ -92,4 +98,5 @@ class TestSvnInfoCommand: - assert info.kind == 'dir' - - def test_badchars(): -- py.test.raises(ValueError, "py.path.svnurl('http://host/tmp/@@@:')") -+ with py.test.raises(ValueError): -+ py.path.svnurl('http://host/tmp/@@@:') -Index: py-1.9.0/testing/path/test_svnwc.py -=================================================================== ---- py-1.9.0.orig/testing/path/test_svnwc.py -+++ py-1.9.0/testing/path/test_svnwc.py -@@ -30,8 +30,9 @@ def test_make_repo(path1, tmpdir): - rev = wc.commit() - assert rev is None - --def pytest_funcarg__path1(request): -- repo, repourl, wc = request.getfuncargvalue("repowc1") -+@pytest.fixture -+def path1(request): -+ repo, repourl, wc = request.getfixturevalue("repowc1") - return wc - - class TestWCSvnCommandPath(CommonSvnTests): -@@ -346,7 +347,8 @@ class TestWCSvnCommandPath(CommonSvnTest - somefile = root.join('somefile') - somefile.ensure(file=True) - # not yet added to repo -- py.test.raises(Exception, 'somefile.lock()') -+ with py.test.raises(Exception): -+ somefile.lock() - somefile.write('foo') - somefile.commit('test') - assert somefile.check(versioned=True) -@@ -357,13 +359,15 @@ class TestWCSvnCommandPath(CommonSvnTest - assert locked[0].basename == somefile.basename - assert locked[0].dirpath().basename == somefile.dirpath().basename - #assert somefile.locked() -- py.test.raises(Exception, 'somefile.lock()') -+ with py.test.raises(Exception): -+ somefile.lock() - finally: - somefile.unlock() - #assert not somefile.locked() - locked = root.status().locked - assert locked == [] -- py.test.raises(Exception, 'somefile,unlock()') -+ with py.test.raises(Exception): -+ somefile,unlock() - somefile.remove() - - def test_commit_nonrecursive(self, path1): -@@ -481,7 +485,8 @@ class TestInfoSvnWCCommand: - - - def test_characters_at(): -- py.test.raises(ValueError, "py.path.svnwc('/tmp/@@@:')") -+ with py.test.raises(ValueError): -+ py.path.svnwc('/tmp/@@@:') - - def test_characters_tilde(): - py.path.svnwc('/tmp/test~') Index: py-1.9.0/testing/root/test_builtin.py =================================================================== --- py-1.9.0.orig/testing/root/test_builtin.py ++++++ remove-svn-remants.patch ++++++ Index: py-1.10.0/testing/path/test_local.py =================================================================== --- py-1.10.0.orig/testing/path/test_local.py +++ py-1.10.0/testing/path/test_local.py @@ -338,11 +338,11 @@ class TestLocalPath(common.CommonFSTests l2 = local(l) assert l2 == l - wc = py.path.svnwc('.') - l3 = local(wc) - assert l3 is not wc - assert l3.strpath == wc.strpath - assert not hasattr(l3, 'commit') + #wc = py.path.svnwc('.') + #l3 = local(wc) + #assert l3 is not wc + #assert l3.strpath == wc.strpath + #assert not hasattr(l3, 'commit') @py.test.mark.xfail(run=False, reason="unreliable est for long filenames") def test_long_filenames(self, tmpdir): Index: py-1.10.0/py/__init__.py =================================================================== --- py-1.10.0.orig/py/__init__.py +++ py-1.10.0/py/__init__.py @@ -57,10 +57,7 @@ apipkg.initpkg(__name__, attr={'_apipkg' 'path' : { '__doc__' : '._path:__doc__', - 'svnwc' : '._path.svnwc:SvnWCCommandPath', - 'svnurl' : '._path.svnurl:SvnCommandPath', 'local' : '._path.local:LocalPath', - 'SvnAuth' : '._path.svnwc:SvnAuth', }, # python inspection/code-generation API