Sync from SUSE:ALP:Source:Standard:1.0 python-tqdm revision 0f1edee87df2f883a1d1da2efbe94e92

CVE-2024-34062-do-not-eval-cli-arguments.patch

@@ -1,60 +0,0 @@
-From b53348c73080b4edeb30b4823d1fa0d8d2c06721 Mon Sep 17 00:00:00 2001
-From: Casper da Costa-Luis <tqdm@cdcl.ml>
-Date: Wed, 1 May 2024 14:56:01 +0100
-Subject: [PATCH] cli: eval safety
-
-- fixes GHSA-g7vv-2v7x-gj9p
----
- tqdm/cli.py | 33 ++++++++++++++++++++++-----------
- 1 file changed, 22 insertions(+), 11 deletions(-)
-
-diff --git a/tqdm/cli.py b/tqdm/cli.py
-index 1223d4977..7284f28d5 100644
---- a/tqdm/cli.py
-+++ b/tqdm/cli.py
-@@ -21,23 +21,34 @@ def cast(val, typ):
-                 return cast(val, t)
-             except TqdmTypeError:
-                 pass
--        raise TqdmTypeError(val + ' : ' + typ)
-+        raise TqdmTypeError(f"{val} : {typ}")
- 
-     # sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
-     if typ == 'bool':
-         if (val == 'True') or (val == ''):
-             return True
--        elif val == 'False':
-+        if val == 'False':
-             return False
--        else:
--            raise TqdmTypeError(val + ' : ' + typ)
--    try:
--        return eval(typ + '("' + val + '")')
--    except Exception:
--        if typ == 'chr':
--            return chr(ord(eval('"' + val + '"'))).encode()
--        else:
--            raise TqdmTypeError(val + ' : ' + typ)
-+        raise TqdmTypeError(val + ' : ' + typ)
-+    if typ == 'chr':
-+        if len(val) == 1:
-+            return val.encode()
-+        if re.match(r"^\\\w+$", val):
-+            return eval(f'"{val}"').encode()
-+        raise TqdmTypeError(f"{val} : {typ}")
-+    if typ == 'str':
-+        return val
-+    if typ == 'int':
-+        try:
-+            return int(val)
-+        except ValueError as exc:
-+            raise TqdmTypeError(f"{val} : {typ}") from exc
-+    if typ == 'float':
-+        try:
-+            return float(val)
-+        except ValueError as exc:
-+            raise TqdmTypeError(f"{val} : {typ}") from exc
-+    raise TqdmTypeError(f"{val} : {typ}")
- 
- 
- def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,

python-tqdm.changes

@@ -1,8 +1,64 @@
 -------------------------------------------------------------------
-Wed Aug 14 06:07:32 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+Fri May 17 06:38:10 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 
-- Add patch CVE-2024-34062-do-not-eval-cli-arguments.patch:
+- Re-add conditionals to numpy/pandas, it is required. 
-  * Eval CLI arguments safely. (CVE-2024-34062, bsc#1223880)
+
+-------------------------------------------------------------------
+Tue May  7 01:37:49 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 4.66.4:
+  * rich: fix completion (#1395 <- #1306)
+  * cli: eval safety (CVE-2024-34062, bsc#1223880)
+  * pandas: add DataFrame.progress_map (#1549)
+  * notebook: fix HTML padding (#1506)
+  * keras: fix resuming training when verbose>=2 (#1508)
+  * fix format_num negative fractions missing leading zero (#1548)
+  * fix Python 3.12 DeprecationWarning on import (#1519)
+- Drop patch sprinkle-in-timezone.patch: Included upstream.
+
+-------------------------------------------------------------------
+Fri Nov 24 04:33:40 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add patch sprinkle-in-timezone.patch:
+  * Add a timezone to the call fromtimestamp()
+- Switch to autosetup macro.
+- Remove conditionals from some BuildRequires.
+
+-------------------------------------------------------------------
+Wed Aug 30 13:36:56 UTC 2023 - ecsos <ecsos@opensuse.org>
+
+- %{?sle15_python_module_pythons} must at beginning of spec to work.
+
+-------------------------------------------------------------------
+Thu Aug 10 21:55:13 UTC 2023 - Arun Persaud <arun@gmx.de>
+
+- specfile:
+  * switched to pyproject.toml build
+
+- update to version 4.66.1:
+  * fix utils.envwrap types (#1493 <- #1491, #1320 <- #966, #1319)
+    e.g. cloudwatch & kubernetes workaround: export TQDM_POSITION=-1
+  * drop mentions of unsupported Python versions
+
+- changes from version 4.66.0:
+  * environment variables to override defaults (TQDM_*) (#1491 <-
+    #1061, #950 <- #614, #1318, #619, #612, #370) e.g. in CI jobs,
+    export TQDM_MININTERVAL=5 to avoid log spam add tests & docs for
+    tqdm.utils.envwrap
+  * fix & update CLI completion
+  * fix & update API docs
+  * minor code tidy: replace os.path => pathlib.Path
+  * fix docs image hosting
+  * release with CI bot account again (cli/cli#6680)
+
+- changes from version 4.65.2:
+  * exclude examples from distributed wheel (#1492)
+
+- changes from version 4.65.1:
+  * add Python 3.11 and drop Python 3.6 support (#1439, #1419, #502 <-
+    #720, #620)
+  * misc code & docs tidy
+  * fix & update CI workflows & tests
 
 -------------------------------------------------------------------
 Fri May  5 09:18:51 UTC 2023 - Dirk Müller <dmueller@suse.com>

python-tqdm.spec

@@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package python-tqdm
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,33 +28,34 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-tqdm%{pkg_suffix}
-Version:        4.65.0
+Version:        4.66.4
 Release:        0
 Summary:        An extensible progress meter
 License:        MIT AND MPL-2.0
 URL:            https://github.com/tqdm/tqdm
 Source:         https://files.pythonhosted.org/packages/source/t/tqdm/tqdm-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM gh#tqdm/tqdm#4e613f84ed2ae029559f539464df83fa91feb316
-# Do not blindly eval() command line input CVE-2024-34062 bsc#1223880
-Patch0:         CVE-2024-34062-do-not-eval-cli-arguments.patch
 BuildRequires:  %{python_module base >= 3.7}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools_scm}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module toml}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires(post): update-alternatives
-Requires(postun):update-alternatives
+Requires(postun): update-alternatives
 Enhances:       python-ipython
 BuildArch:      noarch
 %if %{with test}
 # SECTION test requirements
-BuildRequires:  %{python_module numpy if (python-base without python36-base)}
 BuildRequires:  %{python_module pytest-asyncio}
+# Conditional required for SLE-15-SP4+
+BuildRequires:  %{python_module numpy if (python-base without python36-base)}
 BuildRequires:  %{python_module pytest-timeout}
 BuildRequires:  %{python_module pytest}
-BuildRequires:  %{python_module tqdm}
+BuildRequires:  %{python_module tqdm = %{version}}
 %if ! 0%{?_with_ringdisabled}
+# Conditional required for SLE-15-SP4+
 BuildRequires:  %{python_module pandas if (python-base without python36-base)}
 %endif
 # /SECTION
@@ -83,17 +84,17 @@ This package provides the completion file for bash
 %prep
 %autosetup -p1 -n tqdm-%{version}
 # ignore new asyncio mode warning from pytest-asyncio 0.17
-sed -i 's/-W=error//' setup.cfg
+sed -i 's/-W=error//' pyproject.toml
 # remove bash shebang for completion script
 sed -i '1 s/^#!.*/# bash completion for tqdm       -*- shell-script -*-/' tqdm/completion.sh
 chmod a-x tqdm/completion.sh
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
 %if !%{with test}
-%python_install
+%pyproject_install
 %python_clone -a %{buildroot}%{_bindir}/tqdm
 install -m 644 -D tqdm/completion.sh %{buildroot}%{_datadir}/bash-completion/completions/tqdm
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
@@ -120,7 +121,7 @@ install -m 644 -D tqdm/completion.sh %{buildroot}%{_datadir}/bash-completion/com
 %doc examples/
 %license LICENCE
 %{python_sitelib}/tqdm/
-%{python_sitelib}/tqdm-%{version}*-info
+%{python_sitelib}/tqdm-%{version}.dist-info
 %python_alternative %{_bindir}/tqdm
 
 %files -n %{allpython}-tqdm-bash-completion