Sync from SUSE:SLFO:Main python-GitPython revision 998017f7aaa9ed8cac6576dc739f3819

This commit is contained in:
Adrian Schröter 2024-05-03 19:48:07 +02:00
commit dfc6f5fc78
9 changed files with 940 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

53
CVE-2023-41040.patch Normal file
View File

@ -0,0 +1,53 @@
diff --git a/git/refs/symbolic.py b/git/refs/symbolic.py
index 33c3bf15b..5c293aa7b 100644
--- a/git/refs/symbolic.py
+++ b/git/refs/symbolic.py
@@ -168,6 +168,8 @@ def _get_ref_info_helper(
"""Return: (str(sha), str(target_ref_path)) if available, the sha the file at
rela_path points to, or None. target_ref_path is the reference we
point to, or None"""
+ if ".." in str(ref_path):
+ raise ValueError(f"Invalid reference '{ref_path}'")
tokens: Union[None, List[str], Tuple[str, str]] = None
repodir = _git_dir(repo, ref_path)
try:
diff --git a/test/test_refs.py b/test/test_refs.py
index 4c421767e..e7526c3b2 100644
--- a/test/test_refs.py
+++ b/test/test_refs.py
@@ -5,6 +5,7 @@
# the BSD License: http://www.opensource.org/licenses/bsd-license.php
from itertools import chain
+from pathlib import Path
from git import (
Reference,
@@ -20,9 +21,11 @@
from git.objects.tag import TagObject
from test.lib import TestBase, with_rw_repo
from git.util import Actor
+from gitdb.exc import BadName
import git.refs as refs
import os.path as osp
+import tempfile
class TestRefs(TestBase):
@@ -616,3 +619,15 @@ def test_dereference_recursive(self):
def test_reflog(self):
assert isinstance(self.rorepo.heads.master.log(), RefLog)
+
+ def test_refs_outside_repo(self):
+ # Create a file containing a valid reference outside the repository. Attempting
+ # to access it should raise an exception, due to it containing a parent directory
+ # reference ('..'). This tests for CVE-2023-41040.
+ git_dir = Path(self.rorepo.git_dir)
+ repo_parent_dir = git_dir.parent.parent
+ with tempfile.NamedTemporaryFile(dir=repo_parent_dir) as ref_file:
+ ref_file.write(b"91b464cd624fe22fbf54ea22b85a7e5cca507cfe")
+ ref_file.flush()
+ ref_file_name = Path(ref_file.name).name
+ self.assertRaises(BadName, self.rorepo.commit, f"../../{ref_file_name}")

BIN
GitPython-3.1.34.1693646983.2a2ae77.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

16
_service Normal file
View File

@ -0,0 +1,16 @@
<services>
<service name="tar_scm" mode="manual">
<param name="versionprefix">3.1.34</param>
<param name="url">https://github.com/gitpython-developers/GitPython</param>
<param name="scm">git</param>
<param name="package-meta">yes</param>
<param name="changesgenerate">enable</param>
<param name="submodules">enable</param>
<param name="revision">3.1.34</param>
</service>
<service name="recompress" mode="manual">
<param name="compression">xz</param>
<param name="file">*.tar</param>
</service>
<service name="set_version" mode="manual"/>
</services>

6
_servicedata Normal file
View File

@ -0,0 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">git://github.com/gitpython-developers/GitPython</param>
<param name="changesrevision">f653af66e4c9461579ec44db50e113facf61e2d3</param></service><service name="tar_scm">
<param name="url">https://github.com/gitpython-developers/GitPython</param>
<param name="changesrevision">2a2ae776825f249a3bb7efd9b08650486226b027</param></service></servicedata>

618
python-GitPython.changes Normal file
View File

@ -0,0 +1,618 @@
-------------------------------------------------------------------
Tue Sep 5 08:30:24 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2023-41040.patch to fix directory traversal attack
vulnerability gh#gitpython-developers/GitPython#1644
bsc#1214810
-------------------------------------------------------------------
Tue Sep 05 06:34:12 UTC 2023 - daniel.garcia@suse.com
- Update _service to use manualrun, disabledrun is deprecated now.
- Update to version 3.1.34.1693646983.2a2ae77:
* prepare patch release
* util: close lockfile after opening successfully
* update instructions for how to create a release
* prepare for next release
* Skip now permanently failing test with note on how to fix it
* Don't check form of version number
* Add a unit test for CVE-2023-40590
* Fix CVE-2023-40590
* feat: full typing for "progress" parameter
* Creating a lock now uses python built-in "open()" method to work around docker virtiofs issue
* Disable merge_includes in config writers
* Apply straight-forward typing fixes
* Add missing type annotation
* Run black and exclude submodule
* Allow explicit casting even when slightly redundant
* Ignore remaining [unreachable] type errors
* Define supported version for mypy
* Do not typecheck submodule
* typo
* added more resources section
* generic hash
* redundant code cell
* redundant line
* fixed tabbing
* tabbed all code-blocks
* added new section for diffs and formatting
* formatting wip
* change to formatting - removed = bash cmds
* Added new section to print prev file
* WIP major changes to structure to improve readability
* Removed all reference to source code
* Updated generic sha hash
* Added warning about index add
* Made trees and blobs the first section
* refactored print git tree
* clarified comment
* draft of description
* replaced hash with generic
* replaced output cell to generic commit ID
* removed unnecessary variables
* convert from --all flag to all=True
* correct way to get the latest commit tree
* removed try/except and updated sample url
* Updated the sample repo URL
* Made variable names more intuitive
* try to fix CI by making it deal with tags forcefully.
* Removed code from RST
* added quickstart to toctree to fix sphinx warning
* added quickstart to toctree and fixed sphinx warning
* fixed some indentation
* finished code for quickstart
* finished code for quickstart
* Finishing touches for Repo quickstart
* Added git clone & git add
* Made the init repo section of quickdoc
-------------------------------------------------------------------
Mon Aug 21 04:36:14 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
- Update to version 3.1.32.1689011721.5d45ce2:
* Block insecure non-multi options in clone/clone_from Follow-up to #1521
(bsc#1214174, CVE-2023-40267)
* Name top-level exceptions as private variables
* Revert the removal of Commit.trailers property.
* Specify encoding in Commit.trailer_list.
* Update Commit.trailer_list to return tuples.
* Deprecate Commit.trailers.
* Add trailers_list and trailers_list methods to fix the commit trailers
functionality.
- Switch to pyproject macros.
-------------------------------------------------------------------
Thu May 11 13:59:44 UTC 2023 - mcepl@suse.com
- Update to version 3.1.31.1676565040.f253335:
* prepare next release
* Add test asserting that get_values works by itself
* Update cmd.py
* Fix RecursionError when iterating streams
* Update docs
* Add additional assertions to test_base.py
* Updated diff test to use different similarity thresholds
* Add check to test bare repo
* Added diff test to disable rename detection
* fixed lint error
* Enable user to override default diff -M arg
* Remove optional from two member variables
* Fix timezone parsing functions for non-hour timezones
* Raise exception if return code from check-ignore is not 1
* Add test to verify GitCommandError is raised when check-ignore is run against a file behind a symlink
* Add test_ignored_items_reported
* Lint with Flake8 via pre-commit
* Upgrade Python syntax with pyupgrade --py37-plus
* Fix typo
* Declare support for Python 3.11
* fix files list on file rename
* get_values eagerly loads sections before return
* Fix some resource leaks by open file handles
* fix clone_from_unsafe_protocol tests
* replace tempfile.mkdtemp w/ tempfile.TemporaryDirectory
* fix/add allow_unsafe_* params in docstrings + fix typo
* tests: Use `command -v` instead of third-party `which` program
* Fix Sphinx rendering errors
-------------------------------------------------------------------
Fri Apr 21 12:20:42 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add sle15_python_module_pythons (jsc#PED-68)
-------------------------------------------------------------------
Thu Apr 13 22:41:36 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Make calling of %{sle15modernpython} optional.
-------------------------------------------------------------------
Wed Jan 4 06:33:38 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
- Update to version 3.1.30.1672298042.141cd65:
* Make injections of command-invocations harder or impossible for clone and
others. See #1518 for details. Note that this might constitute a breaking
change for some users. (bsc#1206099, CVE-2022-24439)
* Prohibit insecure options and protocols by default, which is potentially a
breaking change, but a necessary fix for #1515.
* Make the git.__version__ re-appear.
* Reduced startup time due to optimized imports.
* Fix a vulenerability that could cause great slowdowns when encountering
long remote path names when pulling/fetching.
* Newly added timeout flag is not be enabled by default, and was renamed
to kill_after_timeout
* drop support for python 3.5 to reduce maintenance burden on typing.
* Add more static typing information
* git.Commit objects now have a replace method that will return a copy of
the commit with modified attributes.
* Add python 3.9 support
* Drop python 3.4 support
- Refresh patches.
-------------------------------------------------------------------
Mon Nov 7 23:35:37 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Setting proper configuration variable allows to run previously
skipped tests.
-------------------------------------------------------------------
Mon Nov 7 14:50:21 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Skip failing tests (gh#gitpython-developers/GitPython#1511).
-------------------------------------------------------------------
Thu Jan 14 14:19:01 UTC 2021 - mmachova@suse.com
- Update to version 3.1.12.1610074031.f653af66:
* fix flake
* fix tests the fast way
* First attempt to fix failing test of #1103
-------------------------------------------------------------------
Sun Jan 10 17:13:24 UTC 2021 - mliska@suse.cz
- Update to version 3.1.12.1609914640.3dd71d3e:
* prepare release
* Fix handle_diff_line for -z option.
* try fixing up test fixtures and implementation
* Add '-z' on top of '--raw' to avoid path name mangling
* fix universal_newlines TypeError
* docs: fix simple typo, repostory -> repository
* Added ability to define git environment in submodule add/update methods
* change decode type and add replace flag
* bump patch level
* Fix default actor name handling
* bump patch level
* Get system user id in a lazy manner
* Keep flake happy
* Do not break convention when updating sys.path
* Bump patch level
* rename sublist to subset
* Rename get_ignored to ignored and fix the documentation
* Find paths ignored in .gitignore
* Add venv to gitignore
* git/repo/base.py: is_dirty(): Fix pathspec handling
* Fix typo
* Update release verification instructions as suggested in #1055
* Adjust signature key - please read if you verify installs/packages
* bump patch level
* Ensure that detached HEAD does not raise when comparing branch name.
* Reformat code to remove unnecessary indentation
* Remove name as not necessary to track down authors.
* update contribution guidelines to be a little less concise and more polite
* Add missing blank line
* Add missing rules to match hierarchy path
* Update AUTHOR to respect to contributing guidelines.
* Add unit tests
* Fix logic to properly compare glob pattern to value
* Add method to retrieve all possible paths to include
* Add reference to repository to config.
* Update check method to find all includes
* Add Regex to match content of "includeIf" section
* inform about Gitoxide
* add myself to authors
* accept datetime instances as dates
* Ensure only fully matching symrefs are deleted
* Fixed all warnings in documentation and updated Makefile to treat warnings as errors.
* Added nose to test-requirements
-------------------------------------------------------------------
Thu Aug 20 10:32:30 UTC 2020 - mimi.vx@gmail.com
- Update to version 3.1.7.1594621338.176838a3:
- refresed test-skips.patch and test_blocking_lock_file-extra-time.patch
- used pytest as test runner
* bump patch level
* Fixed broken file paths.
* bump patch level
* test: add installation test
* tools: update tool scripts after moving tests
* MANIFEST.in: update to exclude tests
* setup.py: exclude all test files
* tests: move to root dir
* bump patch level
* Revert moving tests out of 'git' folder, related to #1030
* bump patch level
* tools: update tool scripts after moving tests
* MANIFEST.in: update to exclude tests
* setup.py: exclude all test files
* tests: move to root dir
* Add Ram Rachum to AUTHORS
* Fix exception causes all over the codebase
* Fix exception causes in 7 modules
* Fix exception causes in cmd.py
-------------------------------------------------------------------
Sun Jun 14 08:43:10 UTC 2020 - dmueller@suse.com
- Update to version 3.1.3.1590895281.24cd6da:
* Bump patch level
* BF: tollerate errors while parsing fetch lines
* Fix flake8 errors
* Improve unfortunate wording
-------------------------------------------------------------------
Tue Jun 02 16:41:06 UTC 2020 - dmueller@suse.com
- Update to version 3.1.2.1588659169.f14903a:
* Bump patch level, this time with known signature
* Accept that this arguably simple feature can't be tested easily…
* allow setting depth when cloning a submodule
* add test case for submodule depth parameter
* add myself to AUTHORS
* Change signing key back to what it was
* bump patch level
* Remove forced verbosity when fetching from a remote
* Now it should really start working - go, doctests, go!
* Maybe this fixes the doc tests
-------------------------------------------------------------------
Mon May 04 09:21:39 UTC 2020 - johannes.grassler@suse.com
- Update to version 3.1.1.1586590969.b860d1873a25:
* bump patch level
* Remove forced verbosity when fetching from a remote
* Now it should really start working - go, doctests, go!
* Maybe this fixes the doc tests
* This should fix tests, as tree[0] is not a tree anymore
* Test for PyOxidizer and avoid trying to use __file__ if present
* Satisfy flake8 requirement related to #1000
* Try again to apply patch related to #1000
* make clear that appveyor and travis are not used anymore
* Remove code-coverage from requirements - codecov wants way too many permissions…
-------------------------------------------------------------------
Thu Apr 2 11:03:10 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
- Disable three more tests on git submodules:
* https://github.com/gitpython-developers/GitPython/issues/597
* test-skips.patch
-------------------------------------------------------------------
Mon Mar 30 10:40:09 UTC 2020 - tchvatal@suse.com
- Update to version 3.1.0.1582544583.8c9da73:
* Replace invalid bytes when decoding TagObject stream
* Use UTF-8 encoding when getting information about a symbolic reference
* Remove and replace references to nose with unittest in documentation
* Remove nose from test requirements
* Replace nose with unittest in tox configuration
* Replace nose with unittest in Travis CI script
* Added changelog for unreleased changes
* Restrict gitdb2 version to <4
* Remove test.lib.asserts and use unittest.mock.patch directly
* Replace assert_false with assertFalse
* Replace assert_true with assertTrue
* Replace raises with assertRaises
* Replace assert_raises with assertRaises
* Replace assert_not_equal with assertNotEqual
* Replace assert_equal with assertEqual
* Remove and replace assert_match with assertRegex
* Remove old, no longer used assert methods
* Remove references to old mock library in documentation
* Remove outdated checks for unittest.mock existence
* Fix Python version requirement in documentation
* Remove badges for no longer existing Waffle site from README
* Add support for Python 3.8
* Replace deprecated Logger.warn with Logger.warning
* Replace deprecated assertRaisesRegexp alias with assertRaisesRegex
* Replace deprecated assertNotEquals alias with assertNotEqual
* Replace deprecated assertEquals alias with assertEqual in TestGit
* Replace deprecated assertRegexpMatches alias with assertRegex
* Replace deprecated failUnlessRaises alias with assertRaises in tests
* Improve requirements.txt format
* Remove checks for pathlib existence in TestRepo for Python < 3.4
* Improve README Python requirement specificity
* Simplify Travis CI configuration
* Require latest gitdb version (with dropped python 2 support)
* Fix spelling in Dockerfile description LABEL
* Fix Repo.__repr__ when subclassed
* Apparently -s must be there, even if --sign-with is specified??
* Sign with a different key for now, it's USB-C and can be used
* disable signing - don't have a USB-A to -C adapter :(
* Remove now unused is_invoking_git variable in test
* Fix requirements.txt formatting
* Remove unnecessary check for PermissionError for Python < 3.3
* Improve setup.py python_requires
* Remove unnecessary check for logging.NullHandler for Python 2.6
* Remove check for Python 2.7
- Rebase patch test-skips.patch and test_blocking_lock_file-extra-time.patch
- Give up on tests for now, gh#gitpython-developers/GitPython#914
-------------------------------------------------------------------
Sat Nov 16 16:40:59 UTC 2019 - Arun Persaud <arun@gmx.de>
- specfile:
* be more explicit in %files section
* updated line numbers in patches
- update to version 3.0.5:
* Remove duplicate license parameter
* Fix/deepsource issues
* Check if submodule exists before referencing
* Fix cloning to path with unicode
* Global ConfigParser
* Fix 'PushInfo' object has no attribute 'name'
* Reading and writing global configuration parameters acknowledged
help wanted
* Added Git Gud to projects
* Git.AutoInterrupt.__del__() OSError: [WinError 6] The handle is
invalid acknowledged help wanted tag.Windows
- changes from version 3.0.4:
* Fix repo.index.diff("HEAD", create_patch=True) always returning an
empty list
* Fix how Diff handles commits that contain submodule changes
* Fix pickling of tzoffset
* Add support for 'C'-type diffs
* Fixed#731
* Update .deepsource.toml
* Allow single item for index.addremovemove
-------------------------------------------------------------------
Mon Oct 07 13:33:58 UTC 2019 - tchvatal@suse.com
- Update to version 3.0.3.1570041589.23b83cd:
* Prepare v3.0.3
* git: repo: base: update clone_from env argument description
* remove previously added debug code from test_doc.py
* Revert "Remove control character stripping."
* Try to fix tests; get more debug output
* Update util.py
* Update util.py
* Remove control character stripping.
* add type check to git.Remote.__eq__
* Take advantage of universal newlines.
* Parse rejected deletes.
* Remove assert that can fail erroneously.
* Fix test_commit_msg_hook_success.
* fix decoding problem
* Fix #889: Add DeepSource config and fix some major issues
-------------------------------------------------------------------
Tue Sep 24 09:03:41 UTC 2019 - tchvatal@suse.com
- Update to version 3.0.2.1566444429.0765792:
* prepare next release
* BF: remove ddt from requirements.txt since no ddt required at run time.
* Bump version to 3.0.1
* Remove dependency on 'gitdb'; fixes #908
* Changelog information
* Adding test
* Returning commit object instead of hash value
* Snack case as requested in #903
* Method stating which commit is being played during an halted rebase
* Fix performance regression, see #906
- Drop merged patch merged_pr_793.patch
- Rebase patch test-skips.patch
-------------------------------------------------------------------
Fri Mar 15 13:52:47 UTC 2019 - tchvatal@suse.com
- Update to version 2.1.11.1531661757.92a4819:
* Bump version to 2.1.11
* fix whitespace violation
* Update test_docs.py
* Dedent code blocks in tutorial.
* Allow pathlib.Path in Repo.__init__
* Fix small typo
* Fix exception on import in MacOS
* Bump to 2.1.10
* Add change in type support
* Get correcly rename change_type.
- Simplify the service file and generating of the tarball
and base everything on a tag
-------------------------------------------------------------------
Wed Mar 13 12:09:51 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Activate test suite and remove bcond test
- Add merged_pr_793.patch already merged upstream to fix Python 3.7,
especially git submodules
- Add test_blocking_lock_file-extra-time.patch to avoid an
indeterministic timing failure
- Add test-skips.patch to skip one expected failure and workaround
two unknown failures
- Remove test suite from the runtime package
- Add doc/source/*.rst to %docs
- Remove dependency on python3-mock
- Set build dependency ddt minimum version 1.1.1
-------------------------------------------------------------------
Tue Dec 4 12:48:28 UTC 2018 - Matej Cepl <mcepl@suse.com>
- Remove superfluous devel dependency for noarch package
-------------------------------------------------------------------
Thu Sep 27 11:17:43 UTC 2018 - comurphy@suse.com
- Require git-core instead of git
-------------------------------------------------------------------
Tue Aug 7 14:58:46 UTC 2018 - toddrme2178@gmail.com
- update to 2.1.11
* Update test_docs.py
* Dedent code blocks in tutorial.
* Exception when constructing a Repo() from a pathlib.Path acknowledged help wanted
* Allow pathlib.Path in Repo.__init__
* Fix exception on import in MacOS
* Failed import raises non-ImportError exception on MacOS
- update to 2.1.10
* Fix rename change type & support 'change in type' acknowledged
* Configurable chunk size
* Avoid from_timestamp() function to raise an exception when the offset…
* Adding files to repository that is located directly in the root acknowledged
* git: index: base: use os.path.relpath
-------------------------------------------------------------------
Sat Apr 14 17:16:15 UTC 2018 - arun@gmx.de
- update to version 2.1.9:
* Drop support for EOL Python 2.6 and 3.3
* Allow mmap not just for py2.6, 2.7 and 3.6+ but also 3.0+
* Fix doc typos
-------------------------------------------------------------------
Wed Jan 17 16:12:22 UTC 2018 - toddrme2178@gmail.com
- Implement single-spec version
- Update to version 2.1.8
* bugfixes
- Update to version 2.1.6
* bugfixes
* support for worktrees
- Update to version 2.1.3
* bugfixes
- Update to version 2.1.1
* bugfixes
- Update to version 2.1.0
* Much better windows support!
* The `GIT_DIR` environment variable does not override the `path` argument when
initializing a `Repo` object anymore. However, if said `path` unset, `GIT_DIR`
will be used to fill the void.
- Update to version 2.0.9
* Bugfixes
* `tag.commit` will now resolve commits deeply.
* `Repo` objects can now be pickled, which helps with multi-processing.
* `Head.checkout()` now deals with detached heads, which is when it will return
the `HEAD` reference instead.
* `DiffIndex.iter_change_type(...)` produces better results when diffing
-------------------------------------------------------------------
Wed Aug 31 17:27:54 UTC 2016 - dmueller@suse.com
- update to 2.0.8:
* Py2.6 support dropped
* lots of new features and bugfixes
-------------------------------------------------------------------
Wed May 6 09:41:17 UTC 2015 - benoit.monin@gmx.fr
- update to version 1.0.1:
* A list of all issues can be found on github
- additional changes from version 1.0.0:
* This version is equivalent to v0.3.7, but finally acknowledges
that GitPython is stable and production ready
- additional changes from version 0.3.7:
* IndexFile.add() will now write the index without any extension
data by default
* Renamed ignore_tree_extension_data keyword argument in
IndexFile.write(...) to ignore_extension_data
* If the git command executed during Remote.push(...)|fetch(...)
returns with an non-zero exit code and GitPython didn't obtain
any head-information, the corresponding GitCommandError will be
raised
* If the git executable can't be found in the PATH or at the path
provided by GIT_PYTHON_GIT_EXECUTABLE, this is made obvious by
throwing GitCommandNotFound, both on unix and on windows.
* A list of all issues can be found on github
- additional changes from version 0.3.6:
* special members like __init__ are now listed in the API
documentation
* tutorial section was revised entirely, more advanced examples
were added
* As rev_parse will now throw BadName as well as BadObject,
client code will have to catch both exception types
* Repo.working_tree_dir now returns None if it is bare
* IndexFile.add() previously raised AssertionError when paths
where used with bare repository, now it raises
InvalidGitRepositoryError
* Added Repo.merge_base() implementation. See the respective
issue on github
* [include] sections in git configuration files are now respected
* Added GitConfigParser.rename_section()
* Added Submodule.rename()
* A list of all issues can be found on github
- additional changes from version 0.3.5:
* push/pull/fetch operations will not block anymore
* diff() can now properly detect renames, both in patch and raw
format
* repo.odb.update_cache() is now called automatically after fetch
and pull operations
* Repo(path) will not automatically search upstream anymore and
find any git directory on its way up
* IndexFile.commit() now runs the pre-commit and post-commit hooks
* A list of all issues can be found on github
- additional changes from version 0.3.4:
* Internally, hexadecimal SHA1 are treated as ascii encoded
strings
* Id attribute of Commit objects is now hexsha, instead of binsha
* IMPORTANT: If you were using the config_writer(), you
implicitly relied on __del__ to work as expected to flush
changes. To be sure changes are flushed under PY3, you will
have to call the new release() method to trigger a flush
* The Tree now has a .join('name') method which is equivalent to
tree / 'name'
- additional changes from version 0.3.3:
* When fetching, pulling or pushing, and an error occours, it
will not be reported on stdout anymore
* Code Cleanup (in preparation for python 3 support)
- additional changes from version 0.3.2.1:
* Fix for #207
- additional changes from version 0.3.2:
* Release of most recent version as non-RC build, just to allow
pip to install the latest version right away.
- update project URL
- point the source URL to pypi
- set a minimum version for python-gitdb and add it to
BuildRequires to validate dependencies at build time.
- add python-ordereddict as dependency for SLE11 (python 2.6)
- remove outdated py_requires
-------------------------------------------------------------------
Thu Sep 26 13:13:58 UTC 2013 - speilicke@suse.com
- Require git-core for the cgit backend (bnc#841684)
-------------------------------------------------------------------
Tue Jun 26 09:55:59 UTC 2012 - saschpe@suse.de
- Spec file cleanup
-------------------------------------------------------------------
Wed Jul 6 20:34:02 UTC 2011 - alexandre@exatati.com.br
- Update to 0.3.2.RC1;
- Regenerate spec file with py2pack;
- Building as noarch now.
-------------------------------------------------------------------
Tue Sep 7 13:31:06 UTC 2010 - alexandre@exatati.com.br
- Update to 0.3.0-beta2;
- Bzip2 source file.
-------------------------------------------------------------------
Thu Jul 8 15:11:43 UTC 2010 - alexandre@exatati.com.br
- Update to 0.3.0-beta1.
-------------------------------------------------------------------
Wed Apr 7 11:58:12 UTC 2010 - alexandre@exatati.com.br
- Update to 0.2.0-beta1;
- Spec file cleaned with spec-cleaner.
-------------------------------------------------------------------
Tue Nov 24 11:21:41 UTC 2009 - alexandre@exatati.com.br
- Initial pacakge (0.1.6) for openSUSE.

95
python-GitPython.spec Normal file
View File

@ -0,0 +1,95 @@
#
# spec file for package python-GitPython
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define skip_python2 1
%define simple_ver 3.1.34
%{?sle15_python_module_pythons}
Name: python-GitPython
Version: 3.1.34.1693646983.2a2ae77
Release: 0
Summary: Python Git Library
License: BSD-3-Clause
URL: https://github.com/gitpython-developers/GitPython
Source: GitPython-%{version}.tar.xz
Patch0: test-skips.patch
Patch1: test_blocking_lock_file-extra-time.patch
# PATCH-FIX-UPSTREAM CVE-2023-41040.patch gh#gitpython-developers/GitPython#1644
Patch2: CVE-2023-41040.patch
BuildRequires: %{python_module ddt >= 1.1.1}
BuildRequires: %{python_module gitdb >= 4.0.1}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module smmap >= 3.0.1}
BuildRequires: %{python_module wheel}
BuildRequires: fdupes
BuildRequires: git-core
BuildRequires: python-rpm-macros
Requires: git-core
Requires: python-gitdb >= 4.0.1
BuildArch: noarch
%python_subpackages
%description
GitPython is a python library used to interact with Git repositories.
GitPython provides object model read and write access to your git repository.
Access repository information conveniently, alter the index directly, handle
remotes, or go down to low-level object database access with big-files support.
With the new object database abstraction added in 0.3, its even possible to
implement your own storage mechanisms, the currently available implementations
are 'cgit' and pure python, which is the default.
%prep
%autosetup -p1 -n GitPython-%{version}
# do not pull in extra deps
sed -i -e '/tox/d' -e '/flake8/d' -e '/coverage/d' test-requirements.txt
sed -i -e '/addopts/d' pyproject.toml
%build
%pyproject_wheel
%install
%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
# While SKIP_GITHUB is fine, the two tests skipped with SKIP_LOCALHOST
# should work as the test runner sets up a git daemon.
export SKIP_GITHUB=true
export SKIP_LOCALHOST=true
export TRAVIS=true
export LANG=en_US.UTF-8
export GIT_PYTHON_TEST_GIT_REPO_BASE=${PWD}
git config --global protocol.file.allow "always"
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
# And it completely unraveled again gh#gitpython-developers/GitPython#914
%pytest -k 'not (test_installation or test_rev_parse)' || /bin/true
%files %{python_files}
%license LICENSE
%doc AUTHORS CHANGES README.md doc/source/*.rst
%{python_sitelib}/git
%{python_sitelib}/GitPython-%{simple_ver}.dist-info
%changelog

107
test-skips.patch Normal file
View File

@ -0,0 +1,107 @@
---
test/test_base.py | 3 ++-
test/test_remote.py | 5 ++++-
test/test_repo.py | 1 +
test/test_submodule.py | 19 +++++++++++--------
4 files changed, 18 insertions(+), 10 deletions(-)
Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_base.py
===================================================================
--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_base.py
+++ GitPython-3.1.34.1693646983.2a2ae77/test/test_base.py
@@ -109,7 +109,8 @@ class TestBase(_TestBase):
assert osp.isdir(osp.join(rw_repo.working_tree_dir, "lib"))
assert osp.isdir(rw_repo.working_dir)
- @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...")
+ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...")
+ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
@with_rw_and_rw_remote_repo("0.1.6")
def test_with_rw_remote_and_rw_repo(self, rw_repo, rw_remote_repo):
assert not rw_repo.config_reader("repository").getboolean("core", "bare")
Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_remote.py
===================================================================
--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_remote.py
+++ GitPython-3.1.34.1693646983.2a2ae77/test/test_remote.py
@@ -4,6 +4,7 @@
# This module is part of GitPython and is released under
# the BSD License: http://www.opensource.org/licenses/bsd-license.php
+import os
import random
import tempfile
import pytest
@@ -430,7 +431,8 @@ class TestRemote(TestBase):
TagReference.delete(rw_repo, new_tag, other_tag)
remote.push(":%s" % other_tag.path, kill_after_timeout=10.0)
- @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!")
+ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!")
+ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
@with_rw_and_rw_remote_repo("0.1.6")
def test_base(self, rw_repo, remote_repo):
num_remotes = 0
@@ -681,6 +683,7 @@ class TestRemote(TestBase):
# will raise fatal: Will not delete all non-push URLs
self.assertRaises(GitCommandError, remote.delete_url, test3)
+ @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'GitHub connection error')
def test_fetch_error(self):
rem = self.rorepo.remote("origin")
with self.assertRaisesRegex(GitCommandError, "[Cc]ouldn't find remote ref __BAD_REF__"):
Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_repo.py
===================================================================
--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_repo.py
+++ GitPython-3.1.34.1693646983.2a2ae77/test/test_repo.py
@@ -250,6 +250,7 @@ class TestRepo(TestBase):
except UnicodeEncodeError:
self.fail("Raised UnicodeEncodeError")
+ @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'Gitlab connection error')
@with_rw_directory
@skip("the referenced repository was removed, and one needs to setup a new password controlled repo under the orgs control")
def test_leaking_password_in_clone_logs(self, rw_dir):
Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_submodule.py
===================================================================
--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_submodule.py
+++ GitPython-3.1.34.1693646983.2a2ae77/test/test_submodule.py
@@ -453,14 +453,15 @@ class TestSubmodule(TestBase):
reason="Cygwin GitPython can't find submodule SHA",
raises=ValueError
)
- @skipIf(
- HIDE_WINDOWS_KNOWN_ERRORS,
- """
- File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute
- raise GitCommandNotFound(command, err)
- git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid')
- cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""",
- ) # noqa E501
+ #@skipIf(
+ # HIDE_WINDOWS_KNOWN_ERRORS,
+ # """
+ # File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute
+ # raise GitCommandNotFound(command, err)
+ # git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid')
+ # cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""",
+ #) # noqa E501
+ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
@with_rw_repo(k_subm_current, bare=False)
def test_root_module(self, rwrepo):
# Can query everything without problems
@@ -802,6 +803,7 @@ class TestSubmodule(TestBase):
# "FIXME: helper.wrapper fails with: PermissionError: [WinError 5] Access is denied: "
# "'C:\\Users\\appveyor\\AppData\\Local\\Temp\\1\\test_work_tree_unsupportedryfa60di\\master_repo\\.git\\objects\\pack\\pack-bc9e0787aef9f69e1591ef38ea0a6f566ec66fe3.idx") # noqa E501
@with_rw_directory
+ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
def test_git_submodule_compatibility(self, rwdir):
parent = git.Repo.init(osp.join(rwdir, "parent"))
sm_path = join_path_native("submodules", "intermediate", "one")
@@ -887,6 +889,7 @@ class TestSubmodule(TestBase):
# end for each dry-run mode
@with_rw_directory
+ @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
def test_remove_norefs(self, rwdir):
parent = git.Repo.init(osp.join(rwdir, "parent"))
sm_name = "mymodules/myname"

View File

@ -0,0 +1,19 @@
---
test/test_util.py | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
Index: GitPython-3.1.34.1693646983.2a2ae77/test/test_util.py
===================================================================
--- GitPython-3.1.34.1693646983.2a2ae77.orig/test/test_util.py
+++ GitPython-3.1.34.1693646983.2a2ae77/test/test_util.py
@@ -173,9 +173,7 @@ class TestUtils(TestBase):
self.assertRaises(IOError, wait_lock._obtain_lock)
elapsed = time.time() - start
extra_time = 0.02
- if is_win:
- # for Appveyor
- extra_time *= 6 # NOTE: Indeterministic failures here...
+ extra_time *= 6 # NOTE: Indeterministic failures here...
self.assertLess(elapsed, wait_time + extra_time)
def test_user_id(self):