ALP-pool/python-PyMySQL
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 python-PyMySQL revision 31b30d614ef9d0a834002db6263584db

Browse Source
This commit is contained in:
Adrian Schröter 2024-11-15 10:48:45 +01:00
commit dc9c819ed8
5 changed files with 473 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

40
CVE-2024-36039.patch Normal file
View File

@ -0,0 +1,40 @@
Index: PyMySQL-1.0.3/pymysql/converters.py
===================================================================
--- PyMySQL-1.0.3.orig/pymysql/converters.py
+++ PyMySQL-1.0.3/pymysql/converters.py
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=No
def escape_dict(val, charset, mapping=None):
- n = {}
- for k, v in val.items():
- quoted = escape_item(v, charset, mapping)
- n[k] = quoted
- return n
+ raise TypeError("dict can not be used as parameter")
def escape_sequence(val, charset, mapping=None):
Index: PyMySQL-1.0.3/pymysql/tests/test_connection.py
===================================================================
--- PyMySQL-1.0.3.orig/pymysql/tests/test_connection.py
+++ PyMySQL-1.0.3/pymysql/tests/test_connection.py
@@ -790,13 +790,16 @@ class TestEscape(base.PyMySQLTestCase):
self.assertRaises(TypeError, con.escape, 42, {})
- def test_escape_dict_value(self):
+ def test_escape_dict_raise_typeerror(self):
+ """con.escape(dict) should raise TypeError"""
con = self.connect()
cur = con.cursor()
mapping = con.encoders.copy()
mapping[Foo] = escape_foo
- self.assertEqual(con.escape({"foo": Foo()}, mapping), {"foo": "bar"})
+ # self.assertEqual(con.escape({"foo": Foo()}, mapping), {"foo": "bar"})
+ with self.assertRaises(TypeError):
+ con.escape({"foo": Foo()})
def test_escape_list_item(self):
con = self.connect()

BIN
PyMySQL-1.0.3.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

291
python-PyMySQL.changes Normal file
View File

@ -0,0 +1,291 @@
-------------------------------------------------------------------
Mon Jun 17 11:36:25 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2024-36039.patch, forbid dict parameter
(bsc#1225070, gh#PyMySQL/PyMySQL@521e40050cb3)
-------------------------------------------------------------------
Wed May 3 08:35:39 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.0.3:
* Dropped support of end of life MySQL version 5.6
* Dropped support of end of life MariaDB versions below 10.3
* Dropped support of end of life Python version 3.6
-------------------------------------------------------------------
Thu Oct 13 06:38:41 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
- Skip a test that is failing due to character set fun and games.
-------------------------------------------------------------------
Wed Jul 28 13:51:39 UTC 2021 - Matej Cepl <mcepl@suse.com>
- Fix databases.json used for tests.
-------------------------------------------------------------------
Thu Apr 22 20:03:03 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.0.2:
* Fix `user`, `password`, `host`, `database` are still positional arguments.
All arguments of `connect()` are now keyword-only. (#941)
* Stop emitting DeprecationWarning for use of ``db`` and ``passwd``.
Note that they are still deprecated. (#939)
* Add ``python_requires=">=3.6"`` to setup.py. (#936)
* Python 2.7 and 3.5 are not supported.
* ``connect()`` uses keyword-only arguments. User must use keyword argument.
* ``connect()`` kwargs ``db`` and ``passwd`` are now deprecated; Use ``database`` and ``password`` instead.
* old_password authentication method (used by MySQL older than 4.1) is not supported.
* MySQL 5.5 and MariaDB 5.5 are not officially supported, although it may still works.
* Removed ``escape_dict``, ``escape_sequence``, and ``escape_string`` from ``pymysql``
module. They are still in ``pymysql.converters``.
* Connection supports context manager API. ``__exit__`` closes the connection. (#886)
* Add MySQL Connector/Python compatible TLS options (#903)
* Major code cleanup; PyMySQL now uses black and flake8.
-------------------------------------------------------------------
Thu Nov 26 09:10:16 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- udpate to 0.10.1:
* Fix missing import of ProgrammingError. (#878)
* Fix auth switch request handling. (#890)
-------------------------------------------------------------------
Wed Sep 23 13:18:38 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>
- disable testing for Leaps
mariadb-rpm-macros not available or not sufficient
-------------------------------------------------------------------
Wed Sep 16 11:01:32 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 0.10.0:
* MariaDB ed25519 auth is supported.
* Python 3.4 support is dropped.
* Context manager interface is removed from `Connection`. It will be added
with different meaning.
* MySQL warnings are not shown by default because many user report issue to
PyMySQL issue tracker when they see warning. You need to call "SHOW WARNINGS"
explicitly when you want to see warnings.
* Formatting of float object is changed from "3.14" to "3.14e0".
* Use cp1252 codec for latin1 charset.
* Fix decimal literal.
* TRUNCATED_WRONG_VALUE_FOR_FIELD, and ILLEGAL_VALUE_FOR_TYPE are now
DataError instead of InternalError.
- remove python-PyMySQL-no-unittest2.patch (upstream)
-------------------------------------------------------------------
Thu Jun 4 09:21:14 UTC 2020 - pgajdos@suse.com
- test package with mariadb
- added patches
https://github.com/PyMySQL/PyMySQL/commit/a500fcd64d4500417540a2a2ff7b16a88d1872ad
+ python-PyMySQL-no-unittest2.patch
-------------------------------------------------------------------
Wed Mar 6 09:11:17 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 0.9.3:
* cryptography dependency is optional now.
* Fix old_password (used before MySQL 4.1) support.
* Deprecate old_password.
* Stop sending ``sys.argv[0]`` for connection attribute "program_name".
* Close connection when unknown error is happened.
* Deprecate context manager API of Connection object.
* Disalbled unintentinally enabled debug log
* Removed unintentionally installed tests
* Fixed caching_sha2_password and sha256_password raise TypeError on PY2
(#700, #702)
* Change default charset from latin1 to utf8mb4. (because MySQL 8 changed) (#692)
* Support sha256_password and caching_sha2_password auth method (#682)
* Add cryptography dependency, because it's needed for new auth methods.
* Remove deprecated `no_delay` option (#694)
* Support connection attributes (#679)
* Map LOCK_DEADLOCK to OperationalError (#693)
-------------------------------------------------------------------
Thu May 24 11:14:30 UTC 2018 - tchvatal@suse.com
- Drop not really needed python-devel dependency
-------------------------------------------------------------------
Thu May 24 09:48:52 CEST 2018 - kukuk@suse.de
- use %license instead of %doc [bsc#1082318]
- update to latest version to solve MySQLdb interface problems with
salt-2018
- update to 0.8.1
* Reduce `cursor.callproc()` roundtrip time. (#636)
* Fixed `cursor.query()` is hunged after multi statement failed. (#647)
* WRONG_DB_NAME and WRONG_COLUMN_NAME is ProgrammingError for now. (#629)
* Many test suite improvements, especially adding MySQL 8.0 and using Docker.
* Droppped support for old Python and MySQL whih is not tested long time.
- update to 0.8
* **BACKWARD INCOMPATIBLE** ``binary_prefix`` option is added and off
by default because of compatibility with mysqlclient.
When you need PyMySQL 0.7 behavior, you have to pass ``binary_prefix=True``.
(#549)
* **BACKWARD INCOMPATIBLE** ``MULTI_STATEMENTS`` client flag is no longer
set by default, while it was on PyMySQL 0.7. You need to pass
``client_flag=CLIENT.MULTI_STATEMENTS`` when you connect to explicitly
enable multi-statement mode. (#590)
* Fixed AuthSwitch packet handling.
* Raise OperationalError for MariaDB's constraint error. (#607)
* executemany() accepts query without space between ``VALUES`` and ``(``. (#597)
* Support config file containing option without value. (#588)
* Fixed Connection.ping() returned unintended value.
-------------------------------------------------------------------
Wed Aug 16 01:36:37 UTC 2017 - toddrme2178@gmail.com
- Implement single-spec version
- update to 0.7.11
* Fixed Connection.close() failed when failed to send COM_CLOSE packet.
* Cursor.executemany() accepts query ends with semicolon.
* ssl parameters can be read from my.cnf.
- update to 0.7.10
* **SECURITY FIX**: Raise RuntimeError when received LOAD_LOCAL packet while
``loacal_infile=False``. (Thanks to Bryan Helmig)
* Raise SERVER_LOST error for MariaDB's shutdown packet (#540)
* Change default connect_timeout to 10.
* Add bind_address option (#529)
- update to 0.7.9
* Fix PyMySQL stop reading rows when first column is empty string (#513)
Reverts DEPRECATE_EOF introduced in 0.7.7.
- update to 0.7.8
* Revert error message change in 0.7.7.
(SQLAlchemy parses error message, #507)
- update to 0.7.7
* Add new unicode collation (#498)
* Fix conv option is not used for encoding objects.
* Experimental support for DEPRECATE_EOF protocol.
-------------------------------------------------------------------
Tue Nov 15 10:30:55 UTC 2016 - dmueller@suse.com
- update to 0.7.6:
* Fix SELECT JSON type cause UnicodeError
* Avoid float convertion while parsing microseconds
* Warning has number
* SSCursor supports warnings
* Fix exception raised while importing when getpwuid() fails (#472)
* SSCursor supports LOAD DATA LOCAL INFILE (#473)
* Fix encoding error happen for JSON type (#477)
* Fix test fail on Python 2.7 and MySQL 5.7 (#478)
-------------------------------------------------------------------
Fri Jun 3 16:35:20 UTC 2016 - tbechtold@suse.com
- update to 0.7.4:
* Fix AttributeError may happen while Connection.__del__ (#463)
* Fix SyntaxError in test_cursor. (#464)
* frozenset support for query value. (#461)
* Start using readthedocs.io
* Add read_timeout and write_timeout option.
* Support serialization customization by `conv` option.
* Unknown type is converted by `str()`, for MySQLdb compatibility.
* Support '%%' in `Cursor.executemany()`
* Support REPLACE statement in `Cursor.executemany()`
* Fix handling incomplete row caused by 'SHOW SLAVE HOSTS'.
* Fix decode error when use_unicode=False on PY3
* Fix port option in my.cnf file is ignored.
-------------------------------------------------------------------
Thu Mar 24 19:17:05 UTC 2016 - toddrme2178@gmail.com
- Add license and docs
-------------------------------------------------------------------
Thu Mar 24 19:12:11 UTC 2016 - toddrme2178@gmail.com
- Update to 0.7.2
* Fix misuse of `max_allowed_packet` parameter. (#426, #407 and #397)
* Add %(name)s plceholder support to `Cursor.executemany()`. (#427, thanks to
@WorldException)
- Update to 0.7.1
* Fix auth fail with MySQL 5.1
* Fix escaping unicode fails on Python 2
- Update to 0.7
* Faster binary escaping
* Add `"_binary" prefix` to string literal for binary types.
binary types are: `bytearray` on Python 2, `bytes` and `bytearray` on Python 3.
This is because recent MySQL show warnings when string literal is invalid for
connection encoding.
* `pymysql.Binary()` returns `bytearray` on Python 2. This is required to distinguish
binary and string.
* Auth plugin support.
* no_delay option is ignored. It will be removed in PyMySQL 0.8.
- Update to 0.6.7
* Allow self signed certificate
* Add max_allowed_packet option
* Fix error when bytes in executemany
* Support geometry type
* Add coveralls badge to README
* Fix some bugs relating to warnings
* Add Cursor.mogrify() method
* no_delay option is deprecated and True by default
* Fix options from my.cnf overrides options from arguments
* Allow socket like object. (It's not feature for end users)
* Strip quotes while reading options from my.cnf file
* Fix encoding issue in executemany()
-------------------------------------------------------------------
Mon May 11 16:53:18 UTC 2015 - benoit.monin@gmx.fr
- update to version 0.6.6:
Add context manager to cursor
* Fix can't encode blob that is not utf-8 on PY3. (regression of
0.6.4, Thanks to @wiggzz)
- additional changes from version 0.6.4
* Support "LOAD LOCAL INFILE". Thanks @wraziens
* Show MySQL warnings after execute query.
* Fix MySQLError may be wrapped with OperationalError while
connectiong. (#274)
* SSCursor no longer attempts to expire un-collected rows within
__del__, delaying termination of an interrupted program;
cleanup of uncollected rows is left to the Connection on next
execute, which emits a warning at that time. (#287)
* Support datetime and time with microsecond. (#303)
* Use surrogateescape to format bytes on Python 3.
* OperationalError raised from connect() have information about
original exception. (#304)
* `init_command` now support multi statement.
* `Connection.escape()` method now accepts second argument
compatible to MySQL-Python.
- additional changes from version 0.6.3
* Fixed multiple result sets with SSCursor.
* Fixed connection timeout.
* Fixed literal set syntax to work on Py2.6.
* Allow for mysql negative values with 0 hour timedelta.
* Added Connection.begin().
- additional changes from version 0.6.2
* Fixed old password on Python 3.
* Added support for bulk insert in Cursor.executemany().
* Added support for microseconds in datetimes and dates before
1900.
* Several other bug fixes.
- additional changes from version 0.6.1
* Added cursor._last_executed for MySQLdb compatibility
* Cursor.fetchall() and .fetchmany now return list, not tuple
* Allow "length of auth-plugin-data" = 0
* Cursor.connection references connection object without weakref
- remove unwanted shebang of python files in test_MySQLdb
-------------------------------------------------------------------
Wed Oct 9 12:32:51 UTC 2013 - dmueller@suse.com
- update to 0.6:
-Improved Py3k support
-Improved PyPy support
-Added IPv6 support
-Added Thing2Literal for Django/MySQLdb compatibility
-Removed errorhandler
-Fixed GC errors
-Improved test suite
-Many bug fixes
-Many performance improvements
-------------------------------------------------------------------
Mon Jul 22 08:11:38 UTC 2013 - speilicke@suse.com
- Initial version

116
python-PyMySQL.spec Normal file
View File

@ -0,0 +1,116 @@
#
# spec file for package python-PyMySQL
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# mariadb-rpm-macros is either not available or not sufficient for Leaps
%if 0%{?suse_version} > 1500
%bcond_without tests
%else
%bcond_with tests
%endif
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%global skip_python2 1
Name: python-PyMySQL
Version: 1.0.3
Release: 0
Summary: Pure Python MySQL Driver
License: MIT
Group: Development/Languages/Python
URL: https://github.com/PyMySQL/PyMySQL/
Source: https://github.com/PyMySQL/PyMySQL/archive/v%{version}.tar.gz#/PyMySQL-%{version}.tar.gz
# PATCH-FIX-UPSTREAM CVE-2024-36039.patch gh#PyMySQL/PyMySQL@521e40050cb3
Patch1: CVE-2024-36039.patch
BuildRequires: %{python_module base >= 3.7}
BuildRequires: %{python_module cryptography}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module wheel}
%if %{with tests}
BuildRequires: mariadb-rpm-macros
%endif
# will be removed with next release
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: python-cryptography
BuildArch: noarch
%python_subpackages
%description
This package contains a pure-Python MySQL client library. Documentation on the
MySQL client/server protocol can be found here:
http://forge.mysql.com/wiki/MySQL_Internals_ClientServer_Protocol
The goal of pymysql is to be a drop-in replacement for MySQLdb and work on
CPython 2.3+, Jython, IronPython, PyPy and Python 3. We test for compatibility
by simply changing the import statements in the Django MySQL backend and running
its unit tests as well as running it against the MySQLdb and myconnpy unit tests.
%prep
%setup -q -n PyMySQL-%{version}
%patch -P 1 -p 1
# remove unwanted shebang
sed -i '1 { /^#!/ d }' pymysql/tests/thirdparty/test_MySQLdb/*.py
%build
%pyproject_wheel
%install
%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%if %{with tests}
%check
exit_code=0
dbuser='db_user'
dbuserpw='db_user_secret'
dbname1='test1'
dbname2='test2'
# Needs mysql server
#%%python_expand PYTHONPATH=%{buildroot}%{$python_sitelib} py.test-%{$python_bin_suffix} -v
cconf=abuild-myclient.cnf
#
# start the mariadb server
#
%mysql_testserver_start -u $dbuser -p $dbuserpw -d $dbname1:$dbname2 -t 3306
#
# creating client config, see base.py
#
cat << EOF > pymysql/tests/databases.json
[{"host":"localhost","user":"$dbuser","passwd":"$dbuserpw",
"database":"$dbname1", "use_unicode": true, "local_infile": true},
{"host":"localhost","user":"$dbuser","passwd":"$dbuserpw","database":"$dbname2"}]
EOF
#
# running the test
#
export USER="$dbuser"
export PASSWORD="$dbuserpw"
%pytest pymysql/tests -k 'not test_stored_procedures' || exit_code=1
#
# stopping mariadb
#
%mysql_testserver_stop
exit $exit_code
%endif
%files %{python_files}
%license LICENSE
%doc CHANGELOG.md README.md
%{python_sitelib}/*
%changelog