From 31ce0e8b7a3471b84245ff45b7a9ead4edf31bd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 27 Sep 2023 17:36:02 +0200 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 python-GitPython revision 998017f7aaa9ed8cac6576dc739f3819 --- .gitattributes | 23 + CVE-2023-41040.patch | 53 ++ GitPython-3.1.34.1693646983.2a2ae77.tar.xz | 3 + _service | 16 + _servicedata | 6 + python-GitPython.changes | 618 +++++++++++++++++++++ python-GitPython.spec | 95 ++++ test-skips.patch | 107 ++++ test_blocking_lock_file-extra-time.patch | 19 + 9 files changed, 940 insertions(+) create mode 100644 .gitattributes create mode 100644 CVE-2023-41040.patch create mode 100644 GitPython-3.1.34.1693646983.2a2ae77.tar.xz create mode 100644 _service create mode 100644 _servicedata create mode 100644 python-GitPython.changes create mode 100644 python-GitPython.spec create mode 100644 test-skips.patch create mode 100644 test_blocking_lock_file-extra-time.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/CVE-2023-41040.patch b/CVE-2023-41040.patch new file mode 100644 index 0000000..e75e504 --- /dev/null +++ b/CVE-2023-41040.patch @@ -0,0 +1,53 @@ +diff --git a/git/refs/symbolic.py b/git/refs/symbolic.py +index 33c3bf15b..5c293aa7b 100644 +--- a/git/refs/symbolic.py ++++ b/git/refs/symbolic.py +@@ -168,6 +168,8 @@ def _get_ref_info_helper( + """Return: (str(sha), str(target_ref_path)) if available, the sha the file at + rela_path points to, or None. target_ref_path is the reference we + point to, or None""" ++ if ".." in str(ref_path): ++ raise ValueError(f"Invalid reference '{ref_path}'") + tokens: Union[None, List[str], Tuple[str, str]] = None + repodir = _git_dir(repo, ref_path) + try: +diff --git a/test/test_refs.py b/test/test_refs.py +index 4c421767e..e7526c3b2 100644 +--- a/test/test_refs.py ++++ b/test/test_refs.py +@@ -5,6 +5,7 @@ + # the BSD License: http://www.opensource.org/licenses/bsd-license.php + + from itertools import chain ++from pathlib import Path + + from git import ( + Reference, +@@ -20,9 +21,11 @@ + from git.objects.tag import TagObject + from test.lib import TestBase, with_rw_repo + from git.util import Actor ++from gitdb.exc import BadName + + import git.refs as refs + import os.path as osp ++import tempfile + + + class TestRefs(TestBase): +@@ -616,3 +619,15 @@ def test_dereference_recursive(self): + + def test_reflog(self): + assert isinstance(self.rorepo.heads.master.log(), RefLog) ++ ++ def test_refs_outside_repo(self): ++ # Create a file containing a valid reference outside the repository. Attempting ++ # to access it should raise an exception, due to it containing a parent directory ++ # reference ('..'). This tests for CVE-2023-41040. ++ git_dir = Path(self.rorepo.git_dir) ++ repo_parent_dir = git_dir.parent.parent ++ with tempfile.NamedTemporaryFile(dir=repo_parent_dir) as ref_file: ++ ref_file.write(b"91b464cd624fe22fbf54ea22b85a7e5cca507cfe") ++ ref_file.flush() ++ ref_file_name = Path(ref_file.name).name ++ self.assertRaises(BadName, self.rorepo.commit, f"../../{ref_file_name}") diff --git a/GitPython-3.1.34.1693646983.2a2ae77.tar.xz b/GitPython-3.1.34.1693646983.2a2ae77.tar.xz new file mode 100644 index 0000000..2e93eb5 --- /dev/null +++ b/GitPython-3.1.34.1693646983.2a2ae77.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3a90b254fab862c6f63418b5f3181e298ee349e4f48891388eeaaa4c7135f254 +size 4053852 diff --git a/_service b/_service new file mode 100644 index 0000000..a94d828 --- /dev/null +++ b/_service @@ -0,0 +1,16 @@ + + + 3.1.34 + https://github.com/gitpython-developers/GitPython + git + yes + enable + enable + 3.1.34 + + + xz + *.tar + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..e503c7d --- /dev/null +++ b/_servicedata @@ -0,0 +1,6 @@ + + + git://github.com/gitpython-developers/GitPython + f653af66e4c9461579ec44db50e113facf61e2d3 + https://github.com/gitpython-developers/GitPython + 2a2ae776825f249a3bb7efd9b08650486226b027 \ No newline at end of file diff --git a/python-GitPython.changes b/python-GitPython.changes new file mode 100644 index 0000000..1f57a93 --- /dev/null +++ b/python-GitPython.changes @@ -0,0 +1,618 @@ +------------------------------------------------------------------- +Tue Sep 5 08:30:24 UTC 2023 - Daniel Garcia + +- Add CVE-2023-41040.patch to fix directory traversal attack + vulnerability gh#gitpython-developers/GitPython#1644 + bsc#1214810 + +------------------------------------------------------------------- +Tue Sep 05 06:34:12 UTC 2023 - daniel.garcia@suse.com + +- Update _service to use manualrun, disabledrun is deprecated now. +- Update to version 3.1.34.1693646983.2a2ae77: + * prepare patch release + * util: close lockfile after opening successfully + * update instructions for how to create a release + * prepare for next release + * Skip now permanently failing test with note on how to fix it + * Don't check form of version number + * Add a unit test for CVE-2023-40590 + * Fix CVE-2023-40590 + * feat: full typing for "progress" parameter + * Creating a lock now uses python built-in "open()" method to work around docker virtiofs issue + * Disable merge_includes in config writers + * Apply straight-forward typing fixes + * Add missing type annotation + * Run black and exclude submodule + * Allow explicit casting even when slightly redundant + * Ignore remaining [unreachable] type errors + * Define supported version for mypy + * Do not typecheck submodule + * typo + * added more resources section + * generic hash + * redundant code cell + * redundant line + * fixed tabbing + * tabbed all code-blocks + * added new section for diffs and formatting + * formatting wip + * change to formatting - removed = bash cmds + * Added new section to print prev file + * WIP major changes to structure to improve readability + * Removed all reference to source code + * Updated generic sha hash + * Added warning about index add + * Made trees and blobs the first section + * refactored print git tree + * clarified comment + * draft of description + * replaced hash with generic + * replaced output cell to generic commit ID + * removed unnecessary variables + * convert from --all flag to all=True + * correct way to get the latest commit tree + * removed try/except and updated sample url + * Updated the sample repo URL + * Made variable names more intuitive + * try to fix CI by making it deal with tags forcefully. + * Removed code from RST + * added quickstart to toctree to fix sphinx warning + * added quickstart to toctree and fixed sphinx warning + * fixed some indentation + * finished code for quickstart + * finished code for quickstart + * Finishing touches for Repo quickstart + * Added git clone & git add + * Made the init repo section of quickdoc + +------------------------------------------------------------------- +Mon Aug 21 04:36:14 UTC 2023 - Steve Kowalik + +- Update to version 3.1.32.1689011721.5d45ce2: + * Block insecure non-multi options in clone/clone_from Follow-up to #1521 + (bsc#1214174, CVE-2023-40267) + * Name top-level exceptions as private variables + * Revert the removal of Commit.trailers property. + * Specify encoding in Commit.trailer_list. + * Update Commit.trailer_list to return tuples. + * Deprecate Commit.trailers. + * Add trailers_list and trailers_list methods to fix the commit trailers + functionality. +- Switch to pyproject macros. + +------------------------------------------------------------------- +Thu May 11 13:59:44 UTC 2023 - mcepl@suse.com + +- Update to version 3.1.31.1676565040.f253335: + * prepare next release + * Add test asserting that get_values works by itself + * Update cmd.py + * Fix RecursionError when iterating streams + * Update docs + * Add additional assertions to test_base.py + * Updated diff test to use different similarity thresholds + * Add check to test bare repo + * Added diff test to disable rename detection + * fixed lint error + * Enable user to override default diff -M arg + * Remove optional from two member variables + * Fix timezone parsing functions for non-hour timezones + * Raise exception if return code from check-ignore is not 1 + * Add test to verify GitCommandError is raised when check-ignore is run against a file behind a symlink + * Add test_ignored_items_reported + * Lint with Flake8 via pre-commit + * Upgrade Python syntax with pyupgrade --py37-plus + * Fix typo + * Declare support for Python 3.11 + * fix files list on file rename + * get_values eagerly loads sections before return + * Fix some resource leaks by open file handles + * fix clone_from_unsafe_protocol tests + * replace tempfile.mkdtemp w/ tempfile.TemporaryDirectory + * fix/add allow_unsafe_* params in docstrings + fix typo + * tests: Use `command -v` instead of third-party `which` program + * Fix Sphinx rendering errors + +------------------------------------------------------------------- +Fri Apr 21 12:20:42 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:41:36 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Wed Jan 4 06:33:38 UTC 2023 - Steve Kowalik + +- Update to version 3.1.30.1672298042.141cd65: + * Make injections of command-invocations harder or impossible for clone and + others. See #1518 for details. Note that this might constitute a breaking + change for some users. (bsc#1206099, CVE-2022-24439) + * Prohibit insecure options and protocols by default, which is potentially a + breaking change, but a necessary fix for #1515. + * Make the git.__version__ re-appear. + * Reduced startup time due to optimized imports. + * Fix a vulenerability that could cause great slowdowns when encountering + long remote path names when pulling/fetching. + * Newly added timeout flag is not be enabled by default, and was renamed + to kill_after_timeout + * drop support for python 3.5 to reduce maintenance burden on typing. + * Add more static typing information + * git.Commit objects now have a replace method that will return a copy of + the commit with modified attributes. + * Add python 3.9 support + * Drop python 3.4 support +- Refresh patches. + +------------------------------------------------------------------- +Mon Nov 7 23:35:37 UTC 2022 - Matej Cepl + +- Setting proper configuration variable allows to run previously + skipped tests. + +------------------------------------------------------------------- +Mon Nov 7 14:50:21 UTC 2022 - Matej Cepl + +- Skip failing tests (gh#gitpython-developers/GitPython#1511). + +------------------------------------------------------------------- +Thu Jan 14 14:19:01 UTC 2021 - mmachova@suse.com + +- Update to version 3.1.12.1610074031.f653af66: + * fix flake + * fix tests the fast way + * First attempt to fix failing test of #1103 + +------------------------------------------------------------------- +Sun Jan 10 17:13:24 UTC 2021 - mliska@suse.cz + +- Update to version 3.1.12.1609914640.3dd71d3e: + * prepare release + * Fix handle_diff_line for -z option. + * try fixing up test fixtures and implementation + * Add '-z' on top of '--raw' to avoid path name mangling + * fix universal_newlines TypeError + * docs: fix simple typo, repostory -> repository + * Added ability to define git environment in submodule add/update methods + * change decode type and add replace flag + * bump patch level + * Fix default actor name handling + * bump patch level + * Get system user id in a lazy manner + * Keep flake happy + * Do not break convention when updating sys.path + * Bump patch level + * rename sublist to subset + * Rename get_ignored to ignored and fix the documentation + * Find paths ignored in .gitignore + * Add venv to gitignore + * git/repo/base.py: is_dirty(): Fix pathspec handling + * Fix typo + * Update release verification instructions as suggested in #1055 + * Adjust signature key - please read if you verify installs/packages + * bump patch level + * Ensure that detached HEAD does not raise when comparing branch name. + * Reformat code to remove unnecessary indentation + * Remove name as not necessary to track down authors. + * update contribution guidelines to be a little less concise and more polite + * Add missing blank line + * Add missing rules to match hierarchy path + * Update AUTHOR to respect to contributing guidelines. + * Add unit tests + * Fix logic to properly compare glob pattern to value + * Add method to retrieve all possible paths to include + * Add reference to repository to config. + * Update check method to find all includes + * Add Regex to match content of "includeIf" section + * inform about Gitoxide + * add myself to authors + * accept datetime instances as dates + * Ensure only fully matching symrefs are deleted + * Fixed all warnings in documentation and updated Makefile to treat warnings as errors. + * Added nose to test-requirements + +------------------------------------------------------------------- +Thu Aug 20 10:32:30 UTC 2020 - mimi.vx@gmail.com + +- Update to version 3.1.7.1594621338.176838a3: +- refresed test-skips.patch and test_blocking_lock_file-extra-time.patch +- used pytest as test runner + * bump patch level + * Fixed broken file paths. + * bump patch level + * test: add installation test + * tools: update tool scripts after moving tests + * MANIFEST.in: update to exclude tests + * setup.py: exclude all test files + * tests: move to root dir + * bump patch level + * Revert moving tests out of 'git' folder, related to #1030 + * bump patch level + * tools: update tool scripts after moving tests + * MANIFEST.in: update to exclude tests + * setup.py: exclude all test files + * tests: move to root dir + * Add Ram Rachum to AUTHORS + * Fix exception causes all over the codebase + * Fix exception causes in 7 modules + * Fix exception causes in cmd.py + +------------------------------------------------------------------- +Sun Jun 14 08:43:10 UTC 2020 - dmueller@suse.com + +- Update to version 3.1.3.1590895281.24cd6da: + * Bump patch level + * BF: tollerate errors while parsing fetch lines + * Fix flake8 errors + * Improve unfortunate wording + +------------------------------------------------------------------- +Tue Jun 02 16:41:06 UTC 2020 - dmueller@suse.com + +- Update to version 3.1.2.1588659169.f14903a: + * Bump patch level, this time with known signature + * Accept that this arguably simple feature can't be tested easily… + * allow setting depth when cloning a submodule + * add test case for submodule depth parameter + * add myself to AUTHORS + * Change signing key back to what it was + * bump patch level + * Remove forced verbosity when fetching from a remote + * Now it should really start working - go, doctests, go! + * Maybe this fixes the doc tests + +------------------------------------------------------------------- +Mon May 04 09:21:39 UTC 2020 - johannes.grassler@suse.com + +- Update to version 3.1.1.1586590969.b860d1873a25: + * bump patch level + * Remove forced verbosity when fetching from a remote + * Now it should really start working - go, doctests, go! + * Maybe this fixes the doc tests + * This should fix tests, as tree[0] is not a tree anymore + * Test for PyOxidizer and avoid trying to use __file__ if present + * Satisfy flake8 requirement related to #1000 + * Try again to apply patch related to #1000 + * make clear that appveyor and travis are not used anymore + * Remove code-coverage from requirements - codecov wants way too many permissions… + +------------------------------------------------------------------- +Thu Apr 2 11:03:10 UTC 2020 - Tomáš Chvátal + +- Disable three more tests on git submodules: + * https://github.com/gitpython-developers/GitPython/issues/597 + * test-skips.patch + +------------------------------------------------------------------- +Mon Mar 30 10:40:09 UTC 2020 - tchvatal@suse.com + +- Update to version 3.1.0.1582544583.8c9da73: + * Replace invalid bytes when decoding TagObject stream + * Use UTF-8 encoding when getting information about a symbolic reference + * Remove and replace references to nose with unittest in documentation + * Remove nose from test requirements + * Replace nose with unittest in tox configuration + * Replace nose with unittest in Travis CI script + * Added changelog for unreleased changes + * Restrict gitdb2 version to <4 + * Remove test.lib.asserts and use unittest.mock.patch directly + * Replace assert_false with assertFalse + * Replace assert_true with assertTrue + * Replace raises with assertRaises + * Replace assert_raises with assertRaises + * Replace assert_not_equal with assertNotEqual + * Replace assert_equal with assertEqual + * Remove and replace assert_match with assertRegex + * Remove old, no longer used assert methods + * Remove references to old mock library in documentation + * Remove outdated checks for unittest.mock existence + * Fix Python version requirement in documentation + * Remove badges for no longer existing Waffle site from README + * Add support for Python 3.8 + * Replace deprecated Logger.warn with Logger.warning + * Replace deprecated assertRaisesRegexp alias with assertRaisesRegex + * Replace deprecated assertNotEquals alias with assertNotEqual + * Replace deprecated assertEquals alias with assertEqual in TestGit + * Replace deprecated assertRegexpMatches alias with assertRegex + * Replace deprecated failUnlessRaises alias with assertRaises in tests + * Improve requirements.txt format + * Remove checks for pathlib existence in TestRepo for Python < 3.4 + * Improve README Python requirement specificity + * Simplify Travis CI configuration + * Require latest gitdb version (with dropped python 2 support) + * Fix spelling in Dockerfile description LABEL + * Fix Repo.__repr__ when subclassed + * Apparently -s must be there, even if --sign-with is specified?? + * Sign with a different key for now, it's USB-C and can be used + * disable signing - don't have a USB-A to -C adapter :( + * Remove now unused is_invoking_git variable in test + * Fix requirements.txt formatting + * Remove unnecessary check for PermissionError for Python < 3.3 + * Improve setup.py python_requires + * Remove unnecessary check for logging.NullHandler for Python 2.6 + * Remove check for Python 2.7 +- Rebase patch test-skips.patch and test_blocking_lock_file-extra-time.patch +- Give up on tests for now, gh#gitpython-developers/GitPython#914 + +------------------------------------------------------------------- +Sat Nov 16 16:40:59 UTC 2019 - Arun Persaud + +- specfile: + * be more explicit in %files section + * updated line numbers in patches + +- update to version 3.0.5: + * Remove duplicate license parameter + * Fix/deepsource issues + * Check if submodule exists before referencing + * Fix cloning to path with unicode + * Global ConfigParser + * Fix 'PushInfo' object has no attribute 'name' + * Reading and writing global configuration parameters acknowledged + help wanted + * Added Git Gud to projects + * Git.AutoInterrupt.__del__() OSError: [WinError 6] The handle is + invalid acknowledged help wanted tag.Windows + +- changes from version 3.0.4: + * Fix repo.index.diff("HEAD", create_patch=True) always returning an + empty list + * Fix how Diff handles commits that contain submodule changes + * Fix pickling of tzoffset + * Add support for 'C'-type diffs + * Fixed#731 + * Update .deepsource.toml + * Allow single item for index.addremovemove + +------------------------------------------------------------------- +Mon Oct 07 13:33:58 UTC 2019 - tchvatal@suse.com + +- Update to version 3.0.3.1570041589.23b83cd: + * Prepare v3.0.3 + * git: repo: base: update clone_from env argument description + * remove previously added debug code from test_doc.py + * Revert "Remove control character stripping." + * Try to fix tests; get more debug output + * Update util.py + * Update util.py + * Remove control character stripping. + * add type check to git.Remote.__eq__ + * Take advantage of universal newlines. + * Parse rejected deletes. + * Remove assert that can fail erroneously. + * Fix test_commit_msg_hook_success. + * fix decoding problem + * Fix #889: Add DeepSource config and fix some major issues + +------------------------------------------------------------------- +Tue Sep 24 09:03:41 UTC 2019 - tchvatal@suse.com + +- Update to version 3.0.2.1566444429.0765792: + * prepare next release + * BF: remove ddt from requirements.txt since no ddt required at run time. + * Bump version to 3.0.1 + * Remove dependency on 'gitdb'; fixes #908 + * Changelog information + * Adding test + * Returning commit object instead of hash value + * Snack case as requested in #903 + * Method stating which commit is being played during an halted rebase + * Fix performance regression, see #906 +- Drop merged patch merged_pr_793.patch +- Rebase patch test-skips.patch + +------------------------------------------------------------------- +Fri Mar 15 13:52:47 UTC 2019 - tchvatal@suse.com + +- Update to version 2.1.11.1531661757.92a4819: + * Bump version to 2.1.11 + * fix whitespace violation + * Update test_docs.py + * Dedent code blocks in tutorial. + * Allow pathlib.Path in Repo.__init__ + * Fix small typo + * Fix exception on import in MacOS + * Bump to 2.1.10 + * Add change in type support + * Get correcly rename change_type. +- Simplify the service file and generating of the tarball + and base everything on a tag + +------------------------------------------------------------------- +Wed Mar 13 12:09:51 UTC 2019 - John Vandenberg + +- Activate test suite and remove bcond test +- Add merged_pr_793.patch already merged upstream to fix Python 3.7, + especially git submodules +- Add test_blocking_lock_file-extra-time.patch to avoid an + indeterministic timing failure +- Add test-skips.patch to skip one expected failure and workaround + two unknown failures +- Remove test suite from the runtime package +- Add doc/source/*.rst to %docs +- Remove dependency on python3-mock +- Set build dependency ddt minimum version 1.1.1 + +------------------------------------------------------------------- +Tue Dec 4 12:48:28 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Thu Sep 27 11:17:43 UTC 2018 - comurphy@suse.com + +- Require git-core instead of git + +------------------------------------------------------------------- +Tue Aug 7 14:58:46 UTC 2018 - toddrme2178@gmail.com + +- update to 2.1.11 + * Update test_docs.py + * Dedent code blocks in tutorial. + * Exception when constructing a Repo() from a pathlib.Path acknowledged help wanted + * Allow pathlib.Path in Repo.__init__ + * Fix exception on import in MacOS + * Failed import raises non-ImportError exception on MacOS +- update to 2.1.10 + * Fix rename change type & support 'change in type' acknowledged + * Configurable chunk size + * Avoid from_timestamp() function to raise an exception when the offset… + * Adding files to repository that is located directly in the root acknowledged + * git: index: base: use os.path.relpath + +------------------------------------------------------------------- +Sat Apr 14 17:16:15 UTC 2018 - arun@gmx.de + +- update to version 2.1.9: + * Drop support for EOL Python 2.6 and 3.3 + * Allow mmap not just for py2.6, 2.7 and 3.6+ but also 3.0+ + * Fix doc typos + +------------------------------------------------------------------- +Wed Jan 17 16:12:22 UTC 2018 - toddrme2178@gmail.com + +- Implement single-spec version +- Update to version 2.1.8 + * bugfixes +- Update to version 2.1.6 + * bugfixes + * support for worktrees +- Update to version 2.1.3 + * bugfixes +- Update to version 2.1.1 + * bugfixes +- Update to version 2.1.0 + * Much better windows support! + * The `GIT_DIR` environment variable does not override the `path` argument when + initializing a `Repo` object anymore. However, if said `path` unset, `GIT_DIR` + will be used to fill the void. +- Update to version 2.0.9 + * Bugfixes + * `tag.commit` will now resolve commits deeply. + * `Repo` objects can now be pickled, which helps with multi-processing. + * `Head.checkout()` now deals with detached heads, which is when it will return + the `HEAD` reference instead. + * `DiffIndex.iter_change_type(...)` produces better results when diffing + +------------------------------------------------------------------- +Wed Aug 31 17:27:54 UTC 2016 - dmueller@suse.com + +- update to 2.0.8: + * Py2.6 support dropped + * lots of new features and bugfixes + +------------------------------------------------------------------- +Wed May 6 09:41:17 UTC 2015 - benoit.monin@gmx.fr + +- update to version 1.0.1: + * A list of all issues can be found on github +- additional changes from version 1.0.0: + * This version is equivalent to v0.3.7, but finally acknowledges + that GitPython is stable and production ready +- additional changes from version 0.3.7: + * IndexFile.add() will now write the index without any extension + data by default + * Renamed ignore_tree_extension_data keyword argument in + IndexFile.write(...) to ignore_extension_data + * If the git command executed during Remote.push(...)|fetch(...) + returns with an non-zero exit code and GitPython didn't obtain + any head-information, the corresponding GitCommandError will be + raised + * If the git executable can't be found in the PATH or at the path + provided by GIT_PYTHON_GIT_EXECUTABLE, this is made obvious by + throwing GitCommandNotFound, both on unix and on windows. + * A list of all issues can be found on github +- additional changes from version 0.3.6: + * special members like __init__ are now listed in the API + documentation + * tutorial section was revised entirely, more advanced examples + were added + * As rev_parse will now throw BadName as well as BadObject, + client code will have to catch both exception types + * Repo.working_tree_dir now returns None if it is bare + * IndexFile.add() previously raised AssertionError when paths + where used with bare repository, now it raises + InvalidGitRepositoryError + * Added Repo.merge_base() implementation. See the respective + issue on github + * [include] sections in git configuration files are now respected + * Added GitConfigParser.rename_section() + * Added Submodule.rename() + * A list of all issues can be found on github +- additional changes from version 0.3.5: + * push/pull/fetch operations will not block anymore + * diff() can now properly detect renames, both in patch and raw + format + * repo.odb.update_cache() is now called automatically after fetch + and pull operations + * Repo(path) will not automatically search upstream anymore and + find any git directory on its way up + * IndexFile.commit() now runs the pre-commit and post-commit hooks + * A list of all issues can be found on github +- additional changes from version 0.3.4: + * Internally, hexadecimal SHA1 are treated as ascii encoded + strings + * Id attribute of Commit objects is now hexsha, instead of binsha + * IMPORTANT: If you were using the config_writer(), you + implicitly relied on __del__ to work as expected to flush + changes. To be sure changes are flushed under PY3, you will + have to call the new release() method to trigger a flush + * The Tree now has a .join('name') method which is equivalent to + tree / 'name' +- additional changes from version 0.3.3: + * When fetching, pulling or pushing, and an error occours, it + will not be reported on stdout anymore + * Code Cleanup (in preparation for python 3 support) +- additional changes from version 0.3.2.1: + * Fix for #207 +- additional changes from version 0.3.2: + * Release of most recent version as non-RC build, just to allow + pip to install the latest version right away. +- update project URL +- point the source URL to pypi +- set a minimum version for python-gitdb and add it to + BuildRequires to validate dependencies at build time. +- add python-ordereddict as dependency for SLE11 (python 2.6) +- remove outdated py_requires + +------------------------------------------------------------------- +Thu Sep 26 13:13:58 UTC 2013 - speilicke@suse.com + +- Require git-core for the cgit backend (bnc#841684) + +------------------------------------------------------------------- +Tue Jun 26 09:55:59 UTC 2012 - saschpe@suse.de + +- Spec file cleanup + +------------------------------------------------------------------- +Wed Jul 6 20:34:02 UTC 2011 - alexandre@exatati.com.br + +- Update to 0.3.2.RC1; +- Regenerate spec file with py2pack; +- Building as noarch now. + +------------------------------------------------------------------- +Tue Sep 7 13:31:06 UTC 2010 - alexandre@exatati.com.br + +- Update to 0.3.0-beta2; +- Bzip2 source file. + +------------------------------------------------------------------- +Thu Jul 8 15:11:43 UTC 2010 - alexandre@exatati.com.br + +- Update to 0.3.0-beta1. + +------------------------------------------------------------------- +Wed Apr 7 11:58:12 UTC 2010 - alexandre@exatati.com.br + +- Update to 0.2.0-beta1; +- Spec file cleaned with spec-cleaner. + +------------------------------------------------------------------- +Tue Nov 24 11:21:41 UTC 2009 - alexandre@exatati.com.br + +- Initial pacakge (0.1.6) for openSUSE. diff --git a/python-GitPython.spec b/python-GitPython.spec new file mode 100644 index 0000000..40a3ff3 --- /dev/null +++ b/python-GitPython.spec @@ -0,0 +1,95 @@ +# +# spec file for package python-GitPython +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define skip_python2 1 +%define simple_ver 3.1.34 +%{?sle15_python_module_pythons} +Name: python-GitPython +Version: 3.1.34.1693646983.2a2ae77 +Release: 0 +Summary: Python Git Library +License: BSD-3-Clause +URL: https://github.com/gitpython-developers/GitPython +Source: GitPython-%{version}.tar.xz +Patch0: test-skips.patch +Patch1: test_blocking_lock_file-extra-time.patch +# PATCH-FIX-UPSTREAM CVE-2023-41040.patch gh#gitpython-developers/GitPython#1644 +Patch2: CVE-2023-41040.patch +BuildRequires: %{python_module ddt >= 1.1.1} +BuildRequires: %{python_module gitdb >= 4.0.1} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module smmap >= 3.0.1} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: git-core +BuildRequires: python-rpm-macros +Requires: git-core +Requires: python-gitdb >= 4.0.1 +BuildArch: noarch +%python_subpackages + +%description +GitPython is a python library used to interact with Git repositories. + +GitPython provides object model read and write access to your git repository. +Access repository information conveniently, alter the index directly, handle +remotes, or go down to low-level object database access with big-files support. + +With the new object database abstraction added in 0.3, its even possible to +implement your own storage mechanisms, the currently available implementations +are 'cgit' and pure python, which is the default. + +%prep +%autosetup -p1 -n GitPython-%{version} +# do not pull in extra deps +sed -i -e '/tox/d' -e '/flake8/d' -e '/coverage/d' test-requirements.txt +sed -i -e '/addopts/d' pyproject.toml + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +# While SKIP_GITHUB is fine, the two tests skipped with SKIP_LOCALHOST +# should work as the test runner sets up a git daemon. +export SKIP_GITHUB=true +export SKIP_LOCALHOST=true +export TRAVIS=true + +export LANG=en_US.UTF-8 +export GIT_PYTHON_TEST_GIT_REPO_BASE=${PWD} + +git config --global protocol.file.allow "always" +git config --global user.email "you@example.com" +git config --global user.name "Your Name" + +# And it completely unraveled again gh#gitpython-developers/GitPython#914 +%pytest -k 'not (test_installation or test_rev_parse)' || /bin/true + +%files %{python_files} +%license LICENSE +%doc AUTHORS CHANGES README.md doc/source/*.rst +%{python_sitelib}/git +%{python_sitelib}/GitPython-%{simple_ver}.dist-info + +%changelog diff --git a/test-skips.patch b/test-skips.patch new file mode 100644 index 0000000..30892ff --- /dev/null +++ b/test-skips.patch @@ -0,0 +1,107 @@ +--- + test/test_base.py | 3 ++- + test/test_remote.py | 5 ++++- + test/test_repo.py | 1 + + test/test_submodule.py | 19 +++++++++++-------- + 4 files changed, 18 insertions(+), 10 deletions(-) + +Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_base.py +=================================================================== +--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_base.py ++++ GitPython-3.1.34.1693646983.2a2ae77/test/test_base.py +@@ -109,7 +109,8 @@ class TestBase(_TestBase): + assert osp.isdir(osp.join(rw_repo.working_tree_dir, "lib")) + assert osp.isdir(rw_repo.working_dir) + +- @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") ++ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") ++ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') + @with_rw_and_rw_remote_repo("0.1.6") + def test_with_rw_remote_and_rw_repo(self, rw_repo, rw_remote_repo): + assert not rw_repo.config_reader("repository").getboolean("core", "bare") +Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_remote.py +=================================================================== +--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_remote.py ++++ GitPython-3.1.34.1693646983.2a2ae77/test/test_remote.py +@@ -4,6 +4,7 @@ + # This module is part of GitPython and is released under + # the BSD License: http://www.opensource.org/licenses/bsd-license.php + ++import os + import random + import tempfile + import pytest +@@ -430,7 +431,8 @@ class TestRemote(TestBase): + TagReference.delete(rw_repo, new_tag, other_tag) + remote.push(":%s" % other_tag.path, kill_after_timeout=10.0) + +- @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!") ++ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!") ++ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') + @with_rw_and_rw_remote_repo("0.1.6") + def test_base(self, rw_repo, remote_repo): + num_remotes = 0 +@@ -681,6 +683,7 @@ class TestRemote(TestBase): + # will raise fatal: Will not delete all non-push URLs + self.assertRaises(GitCommandError, remote.delete_url, test3) + ++ @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'GitHub connection error') + def test_fetch_error(self): + rem = self.rorepo.remote("origin") + with self.assertRaisesRegex(GitCommandError, "[Cc]ouldn't find remote ref __BAD_REF__"): +Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_repo.py +=================================================================== +--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_repo.py ++++ GitPython-3.1.34.1693646983.2a2ae77/test/test_repo.py +@@ -250,6 +250,7 @@ class TestRepo(TestBase): + except UnicodeEncodeError: + self.fail("Raised UnicodeEncodeError") + ++ @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'Gitlab connection error') + @with_rw_directory + @skip("the referenced repository was removed, and one needs to setup a new password controlled repo under the orgs control") + def test_leaking_password_in_clone_logs(self, rw_dir): +Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_submodule.py +=================================================================== +--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_submodule.py ++++ GitPython-3.1.34.1693646983.2a2ae77/test/test_submodule.py +@@ -453,14 +453,15 @@ class TestSubmodule(TestBase): + reason="Cygwin GitPython can't find submodule SHA", + raises=ValueError + ) +- @skipIf( +- HIDE_WINDOWS_KNOWN_ERRORS, +- """ +- File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute +- raise GitCommandNotFound(command, err) +- git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid') +- cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""", +- ) # noqa E501 ++ #@skipIf( ++ # HIDE_WINDOWS_KNOWN_ERRORS, ++ # """ ++ # File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute ++ # raise GitCommandNotFound(command, err) ++ # git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid') ++ # cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""", ++ #) # noqa E501 ++ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') + @with_rw_repo(k_subm_current, bare=False) + def test_root_module(self, rwrepo): + # Can query everything without problems +@@ -802,6 +803,7 @@ class TestSubmodule(TestBase): + # "FIXME: helper.wrapper fails with: PermissionError: [WinError 5] Access is denied: " + # "'C:\\Users\\appveyor\\AppData\\Local\\Temp\\1\\test_work_tree_unsupportedryfa60di\\master_repo\\.git\\objects\\pack\\pack-bc9e0787aef9f69e1591ef38ea0a6f566ec66fe3.idx") # noqa E501 + @with_rw_directory ++ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') + def test_git_submodule_compatibility(self, rwdir): + parent = git.Repo.init(osp.join(rwdir, "parent")) + sm_path = join_path_native("submodules", "intermediate", "one") +@@ -887,6 +889,7 @@ class TestSubmodule(TestBase): + # end for each dry-run mode + + @with_rw_directory ++ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') + def test_remove_norefs(self, rwdir): + parent = git.Repo.init(osp.join(rwdir, "parent")) + sm_name = "mymodules/myname" diff --git a/test_blocking_lock_file-extra-time.patch b/test_blocking_lock_file-extra-time.patch new file mode 100644 index 0000000..8bf65ab --- /dev/null +++ b/test_blocking_lock_file-extra-time.patch @@ -0,0 +1,19 @@ +--- + test/test_util.py | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_util.py +=================================================================== +--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_util.py ++++ GitPython-3.1.34.1693646983.2a2ae77/test/test_util.py +@@ -173,9 +173,7 @@ class TestUtils(TestBase): + self.assertRaises(IOError, wait_lock._obtain_lock) + elapsed = time.time() - start + extra_time = 0.02 +- if is_win: +- # for Appveyor +- extra_time *= 6 # NOTE: Indeterministic failures here... ++ extra_time *= 6 # NOTE: Indeterministic failures here... + self.assertLess(elapsed, wait_time + extra_time) + + def test_user_id(self):