reopen 991650
found 991650 4.0.2-3
fixed 991650 4.0.2-4
thanks
Hi. I attach a proposal to fix this in bullseye. I merely applied the
patch to the stable version and added a changelog entry (and tested that
it works as expected).
Thanks.
diff -Nru python-django-imagekit-4.0.2/debian/changelog
python-django-imagekit-4.0.2/debian/changelog
--- python-django-imagekit-4.0.2/debian/changelog 2020-02-23
16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/changelog 2022-12-09
13:44:00.000000000 +0100
@@ -1,3 +1,10 @@
+python-django-imagekit (4.0.2-3+deb11u1) bullseye; urgency=medium
+
+ * Add patch to avoid triggering path traversal detection in tests
+ (Closes: #991650).
+
+ -- Michael Fladischer <fl...@debian.org> Fri, 09 Dec 2022 13:44:00 +0100
+
python-django-imagekit (4.0.2-3) unstable; urgency=medium
[ Ondřej Nový ]
diff -Nru
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
---
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
1970-01-01 01:00:00.000000000 +0100
+++
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
2022-12-09 13:42:06.000000000 +0100
@@ -0,0 +1,29 @@
+From: Michael Fladischer <fladischermich...@fladi.at>
+Date: Sun, 31 Oct 2021 20:48:19 +0000
+Subject: Set filename in tests to avoid path traversal detection (Closes:
+ #991650).
+
+---
+ tests/test_sourcegroups.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_sourcegroups.py b/tests/test_sourcegroups.py
+index c69b11f..416b964 100644
+--- a/tests/test_sourcegroups.py
++++ b/tests/test_sourcegroups.py
+@@ -23,7 +23,7 @@ def test_source_saved_signal():
+ source_group = ImageFieldSourceGroup(ImageModel, 'image')
+ receiver = make_counting_receiver(source_group)
+ source_saved.connect(receiver)
+- ImageModel.objects.create(image=File(get_image_file()))
++ ImageModel.objects.create(image=File(get_image_file(),
name='reference.png'))
+ eq_(receiver.count, 1)
+
+
+@@ -51,5 +51,5 @@ def test_abstract_model_signals():
+ source_group = ImageFieldSourceGroup(AbstractImageModel, 'original_image')
+ receiver = make_counting_receiver(source_group)
+ source_saved.connect(receiver)
+- ConcreteImageModel.objects.create(original_image=File(get_image_file()))
++ ConcreteImageModel.objects.create(original_image=File(get_image_file(),
name='reference.png'))
+ eq_(receiver.count, 1)
diff -Nru python-django-imagekit-4.0.2/debian/patches/series
python-django-imagekit-4.0.2/debian/patches/series
--- python-django-imagekit-4.0.2/debian/patches/series 2020-02-23
16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/patches/series 2022-12-09
13:42:06.000000000 +0100
@@ -2,3 +2,4 @@
0002-Disable-usage-of-nose-progressive-as-it-has-not-been.patch
0003-Disable-build-status-image-to-prevent-privacy-breach.patch
0004-Do-not-check-for-existence-if-name-is-None-Closes-95.patch
+0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
