Bug#889836: Embedded code copy of python-magic

2018-02-21 Thread Gianfranco Costamagna 

Hello,

>-> and now he is trying to force his own TRUE version for a simple wrapper.
>Case closed


I agree with upstream here, you are trying to push something that 
upstream/magic didn't even
merge in master yet, so the upstream/sqlmap is correct, this breaks probably 
other linux distro.
>Note: It is Adam Hupp, the author of the magic bindings that *sqlmap* *uses*,
>who thankfully is implementing this change.


yes, but *before* he should release a new stable version, with the 
compatibility layer,
and then I think the sqlmap implementation will sync, and a patch will be 
trivially applicable.
>, but anyway I think you could still apply your really non-invasive patch in
>Debian. If anything *should* break, it can be removed within seconds. But you
>had tried to comply a little bit more with policy. FTR diff attached between
>current magic in sqlmap vs. current magic [1].


This would break older debian/ubuntu, where python-magic still points to the 
other implementation,
since this is an arch:all package, I don't want to break people grabbing the 
debian around the various
mirrors.

I propose to followup with sqlmap upstream folks, because I'm still not a 
python-savvy man.

In any case, a new python-magic release, with pip release, packaged by many 
distro and so on, will
make this simpler, for us, sqlmap and other folks (I can enforce a runtime 
version on the deb file, 
if we find an *upstream/magic* common version that can be used by everyone).

Hopefully doing things in a correct way will make me/sqlmap folks able to merge 
a future patch...

I hope you agree with this point.

Gianfranco

Bug#889836: Embedded code copy of python-magic

2018-02-20 Thread Mathias Behrle 
* Gianfranco Costamagna: " Re: Embedded code copy of python-magic" (Tue, 20 Feb
  2018 15:14:46 +0100):

> control: tags -1 wontfix
> control: close -1
> 
> On Wed, 7 Feb 2018 18:42:51 +0100 Mathias Behrle  wrote:
> > Package: sqlmap
> > Version: 1.2-1
> > Severity: normal
> > Usertags: embedded-code-copy
> > 
> > Dear maintainers,
> > 
> > your binary package embeds a code copy of the Python magic module. [1]
> > python-magic 2:0.4.15-1 providing a compatibility layer by Adam Hupp [2]
> > has now hit unstable. According to Debian Policy 4.13 you should now use
> > this package and remove the embedded code copy.
> >   
> 
> Hello, I reported this upstream [1], and I got a simple nack.
> Please try to cleanup and have a common implementation, convince upstream to
> use it, and then I'll import on the next release.
> I don't want to break sqlmap with your code version.
> 
> [1] https://github.com/sqlmapproject/sqlmap/pull/2933
> 
> G.
> 

Thanks for at least trying to push the change upstream.

I don't understand the meaning of

"
-> and now he is trying to force his own TRUE version for a simple wrapper.
Case closed
"

as there isn't anyone nowhere forcing to push anything.

Note: It is Adam Hupp, the author of the magic bindings that *sqlmap* *uses*,
who thankfully is implementing this change.

, but anyway I think you could still apply your really non-invasive patch in
Debian. If anything *should* break, it can be removed within seconds. But you
had tried to comply a little bit more with policy. FTR diff attached between
current magic in sqlmap vs. current magic [1].

Of course YMMV,
Mathias

[1] https://github.com/ahupp/python-magic/tree/libmagic-compat

-- 

Mathias Behrle
PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
AC29 7E5C 46B9 D0B6 1C71  7681 D6D0 9BE4 8405 BBF6
--- magic.py	2018-02-20 16:12:16.468274517 +0100
+++ __init__.py	2018-02-20 16:13:23.735786956 +0100
@@ -1,6 +1,8 @@
 """
 magic is a wrapper around the libmagic file identification library.
 
+See README for more information.
+
 Usage:
 
 >>> import magic
@@ -12,195 +14,283 @@
 'PDF document, version 1.2'
 >>>
 
+
 """
 
 import sys
+import glob
 import os.path
+import ctypes
+import ctypes.util
+import threading
+import logging
+
+from ctypes import c_char_p, c_int, c_size_t, c_void_p
+
+# avoid shadowing the real open with the version from compat.py
+_real_open = open
 
 class MagicException(Exception):
-pass
+def __init__(self, message):
+super(MagicException, self).__init__(message)
+self.message = message
+
 
 class Magic:
 """
 Magic is a wrapper around the libmagic C library.
+
 """
 
-def __init__(self, mime=False, magic_file=None, mime_encoding=False):
+def __init__(self, mime=False, magic_file=None, mime_encoding=False,
+ keep_going=False, uncompress=False):
 """
 Create a new libmagic wrapper.
 
 mime - if True, mimetypes are returned instead of textual descriptions
 mime_encoding - if True, codec is returned
 magic_file - use a mime database other than the system default
+keep_going - don't stop at the first match, keep going
+uncompress - Try to look inside compressed files.
 """
-
-flags = MAGIC_NONE
+self.flags = MAGIC_NONE
 if mime:
-flags |= MAGIC_MIME
-elif mime_encoding:
-flags |= MAGIC_MIME_ENCODING
+self.flags |= MAGIC_MIME
+if mime_encoding:
+self.flags |= MAGIC_MIME_ENCODING
+if keep_going:
+self.flags |= MAGIC_CONTINUE
 
-self.cookie = magic_open(flags)
+if uncompress:
+self.flags |= MAGIC_COMPRESS
 
-magic_load(self.cookie, magic_file)
+self.cookie = magic_open(self.flags)
+self.lock = threading.Lock()
 
+magic_load(self.cookie, magic_file)
 
 def from_buffer(self, buf):
 """
 Identify the contents of `buf`
 """
+with self.lock:
+try:
+# if we're on python3, convert buf to bytes
+# otherwise this string is passed as wchar*
+# which is not what libmagic expects
+if type(buf) == str and str != bytes:
+   buf = buf.encode('utf-8', errors='replace')
+return maybe_decode(magic_buffer(self.cookie, buf))
+except MagicException as e:
+return self._handle509Bug(e)
 
-return magic_buffer(self.cookie, buf)
+def from_open_file(self, open_file):
+with self.lock:
+try:
+return maybe_decode(magic_descriptor(self.cookie, open_file.fileno()))
+except MagicException as e:
+return self._handle509Bug(e)
 
 def from_file(self, filename):
-"""
-Identify the contents of file `filename`
-raises IOError if the file does not exist
-"""
-
-

Bug#889836: Embedded code copy of python-magic

2018-02-20 Thread Gianfranco Costamagna 
control: tags -1 wontfix
control: close -1

On Wed, 7 Feb 2018 18:42:51 +0100 Mathias Behrle  wrote:
> Package: sqlmap
> Version: 1.2-1
> Severity: normal
> Usertags: embedded-code-copy
> 
> Dear maintainers,
> 
> your binary package embeds a code copy of the Python magic module. [1]
> python-magic 2:0.4.15-1 providing a compatibility layer by Adam Hupp [2] has 
> now
> hit unstable. According to Debian Policy 4.13 you should now use this package
> and remove the embedded code copy.
> 

Hello, I reported this upstream [1], and I got a simple nack.
Please try to cleanup and have a common implementation, convince upstream to 
use it, and then I'll
import on the next release.
I don't want to break sqlmap with your code version.

[1] https://github.com/sqlmapproject/sqlmap/pull/2933

G.



signature.asc
Description: OpenPGP digital signature

Bug#889836: Embedded code copy of python-magic

2018-02-07 Thread Mathias Behrle 
Package: sqlmap
Version: 1.2-1
Severity: normal
Usertags: embedded-code-copy

Dear maintainers,

your binary package embeds a code copy of the Python magic module. [1]
python-magic 2:0.4.15-1 providing a compatibility layer by Adam Hupp [2] has now
hit unstable. According to Debian Policy 4.13 you should now use this package
and remove the embedded code copy.

Regards,
Mathias

[1]
https://codesearch.debian.net/show?file=sqlmap_1.2-1%2Fthirdparty%2Fmagic%2Fmagic.py&line=2
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877849

-- 

Mathias Behrle
PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
AC29 7E5C 46B9 D0B6 1C71  7681 D6D0 9BE4 8405 BBF6