Sync from SUSE:ALP:Source:Standard:1.0 python-tqdm revision e033154a32e37635772e90ef6e5f4424

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

CVE-2024-34062-do-not-eval-cli-arguments.patch

@@ -0,0 +1,60 @@
+From b53348c73080b4edeb30b4823d1fa0d8d2c06721 Mon Sep 17 00:00:00 2001
+From: Casper da Costa-Luis <tqdm@cdcl.ml>
+Date: Wed, 1 May 2024 14:56:01 +0100
+Subject: [PATCH] cli: eval safety
+
+- fixes GHSA-g7vv-2v7x-gj9p
+---
+ tqdm/cli.py | 33 ++++++++++++++++++++++-----------
+ 1 file changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/tqdm/cli.py b/tqdm/cli.py
+index 1223d4977..7284f28d5 100644
+--- a/tqdm/cli.py
++++ b/tqdm/cli.py
+@@ -21,23 +21,34 @@ def cast(val, typ):
+                 return cast(val, t)
+             except TqdmTypeError:
+                 pass
+-        raise TqdmTypeError(val + ' : ' + typ)
++        raise TqdmTypeError(f"{val} : {typ}")
+ 
+     # sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
+     if typ == 'bool':
+         if (val == 'True') or (val == ''):
+             return True
+-        elif val == 'False':
++        if val == 'False':
+             return False
+-        else:
+-            raise TqdmTypeError(val + ' : ' + typ)
+-    try:
+-        return eval(typ + '("' + val + '")')
+-    except Exception:
+-        if typ == 'chr':
+-            return chr(ord(eval('"' + val + '"'))).encode()
+-        else:
+-            raise TqdmTypeError(val + ' : ' + typ)
++        raise TqdmTypeError(val + ' : ' + typ)
++    if typ == 'chr':
++        if len(val) == 1:
++            return val.encode()
++        if re.match(r"^\\\w+$", val):
++            return eval(f'"{val}"').encode()
++        raise TqdmTypeError(f"{val} : {typ}")
++    if typ == 'str':
++        return val
++    if typ == 'int':
++        try:
++            return int(val)
++        except ValueError as exc:
++            raise TqdmTypeError(f"{val} : {typ}") from exc
++    if typ == 'float':
++        try:
++            return float(val)
++        except ValueError as exc:
++            raise TqdmTypeError(f"{val} : {typ}") from exc
++    raise TqdmTypeError(f"{val} : {typ}")
+ 
+ 
+ def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,

_multibuild

@@ -0,0 +1,3 @@
+<multibuild>
+  <package>test</package>
+</multibuild>

python-tqdm.spec

@@ -0,0 +1,131 @@
+#
+# spec file
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define         allpython python
+%global flavor @BUILD_FLAVOR@%{nil}
+%if "%{flavor}" == "test"
+%define test 1
+%define pkg_suffix -test
+%bcond_without test
+%else
+%define pkg_suffix %{nil}
+%bcond_with test
+%endif
+%{?sle15_python_module_pythons}
+Name:           python-tqdm%{pkg_suffix}
+Version:        4.65.0
+Release:        0
+Summary:        An extensible progress meter
+License:        MIT AND MPL-2.0
+URL:            https://github.com/tqdm/tqdm
+Source:         https://files.pythonhosted.org/packages/source/t/tqdm/tqdm-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM gh#tqdm/tqdm#4e613f84ed2ae029559f539464df83fa91feb316
+# Do not blindly eval() command line input CVE-2024-34062 bsc#1223880
+Patch0:         CVE-2024-34062-do-not-eval-cli-arguments.patch
+BuildRequires:  %{python_module base >= 3.7}
+BuildRequires:  %{python_module setuptools_scm}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module toml}
+BuildRequires:  fdupes
+BuildRequires:  python-rpm-macros
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
+Enhances:       python-ipython
+BuildArch:      noarch
+%if %{with test}
+# SECTION test requirements
+BuildRequires:  %{python_module numpy if (python-base without python36-base)}
+BuildRequires:  %{python_module pytest-asyncio}
+BuildRequires:  %{python_module pytest-timeout}
+BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module tqdm}
+%if ! 0%{?_with_ringdisabled}
+BuildRequires:  %{python_module pandas if (python-base without python36-base)}
+%endif
+# /SECTION
+%endif
+%python_subpackages
+
+%description
+tqdm lets you output a progress meter from within loops by wrapping
+any iterable with "tqdm(iterable)".
+tqdm's overhead is one order of magnitude less than python-progressbar
+and does not require ncurses.
+
+%package -n %{allpython}-tqdm-bash-completion
+Summary:        Bash completion for python-tqdm
+Requires:       bash-completion
+Supplements:    %{python_module tqdm and bash-completion}
+
+%description -n %{allpython}-tqdm-bash-completion
+tqdm lets you output a progress meter from within loops by wrapping
+any iterable with "tqdm(iterable)".
+tqdm's overhead is one order of magnitude less than python-progressbar
+and does not require ncurses.
+
+This package provides the completion file for bash
+
+%prep
+%autosetup -p1 -n tqdm-%{version}
+# ignore new asyncio mode warning from pytest-asyncio 0.17
+sed -i 's/-W=error//' setup.cfg
+# remove bash shebang for completion script
+sed -i '1 s/^#!.*/# bash completion for tqdm       -*- shell-script -*-/' tqdm/completion.sh
+chmod a-x tqdm/completion.sh
+
+%build
+%python_build
+
+%install
+%if !%{with test}
+%python_install
+%python_clone -a %{buildroot}%{_bindir}/tqdm
+install -m 644 -D tqdm/completion.sh %{buildroot}%{_datadir}/bash-completion/completions/tqdm
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+%endif
+
+%if !%{with test}
+%post
+%python_install_alternative tqdm
+
+%postun
+%python_uninstall_alternative tqdm
+%endif
+
+%if %{with test}
+%check
+# test_perf: flaky
+# test_synchronisation: hangs
+%pytest -k "not (tests_perf or tests_synchronisation)"
+%endif
+
+%if !%{with test}
+%files %{python_files}
+%doc README.rst logo.png
+%doc examples/
+%license LICENCE
+%{python_sitelib}/tqdm/
+%{python_sitelib}/tqdm-%{version}*-info
+%python_alternative %{_bindir}/tqdm
+
+%files -n %{allpython}-tqdm-bash-completion
+%license LICENCE
+%{_datadir}/bash-completion/completions/tqdm
+%endif
+
+%changelog