diff --git a/GitPython-3.1.12.1610074031.f653af66.tar.xz b/GitPython-3.1.12.1610074031.f653af66.tar.xz deleted file mode 100644 index 0c4097d..0000000 --- a/GitPython-3.1.12.1610074031.f653af66.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:42cef2152b84e2abba1f26b6c1cdcf4c5938017edfe91f4c44dd19770b5c0ff4 -size 10938580 diff --git a/GitPython-3.1.30.1672298042.141cd65.tar.xz b/GitPython-3.1.30.1672298042.141cd65.tar.xz new file mode 100644 index 0000000..58b594b --- /dev/null +++ b/GitPython-3.1.30.1672298042.141cd65.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:80e555f63f6c117e192973770823c9eb2c4601c0f30f8d05c7e16a33aafc2a2d +size 11972348 diff --git a/_service b/_service index 627fbed..58ab07d 100644 --- a/_service +++ b/_service @@ -1,12 +1,12 @@ - 3.1.12 - git://github.com/gitpython-developers/GitPython + 3.1.30 + https://github.com/gitpython-developers/GitPython git yes enable enable - f653af66e4c9461579ec44db50e113facf61e2d3 + 141cd651e459bff8919798b3ccf03dfa167757f6 xz diff --git a/_servicedata b/_servicedata index dc656f3..e48da29 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,6 @@ git://github.com/gitpython-developers/GitPython - f653af66e4c9461579ec44db50e113facf61e2d3 \ No newline at end of file + f653af66e4c9461579ec44db50e113facf61e2d3 + https://github.com/gitpython-developers/GitPython + 141cd651e459bff8919798b3ccf03dfa167757f6 \ No newline at end of file diff --git a/python-GitPython.changes b/python-GitPython.changes index 1659816..c9b3722 100644 --- a/python-GitPython.changes +++ b/python-GitPython.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Wed Jan 4 06:33:38 UTC 2023 - Steve Kowalik + +- Update to version 3.1.30.1672298042.141cd65: + * Make injections of command-invocations harder or impossible for clone and + others. See #1518 for details. Note that this might constitute a breaking + change for some users. (bsc#1206099, CVE-2022-24439) + * Prohibit insecure options and protocols by default, which is potentially a + breaking change, but a necessary fix for #1515. + * Make the git.__version__ re-appear. + * Reduced startup time due to optimized imports. + * Fix a vulenerability that could cause great slowdowns when encountering + long remote path names when pulling/fetching. + * Newly added timeout flag is not be enabled by default, and was renamed + to kill_after_timeout + * drop support for python 3.5 to reduce maintenance burden on typing. + * Add more static typing information + * git.Commit objects now have a replace method that will return a copy of + the commit with modified attributes. + * Add python 3.9 support + * Drop python 3.4 support +- Refresh patches. + ------------------------------------------------------------------- Mon Nov 7 23:35:37 UTC 2022 - Matej Cepl diff --git a/python-GitPython.spec b/python-GitPython.spec index 1eea5e9..8262309 100644 --- a/python-GitPython.spec +++ b/python-GitPython.spec @@ -1,7 +1,7 @@ # # spec file for package python-GitPython # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define skip_python2 1 Name: python-GitPython -Version: 3.1.12.1610074031.f653af66 +Version: 3.1.30.1672298042.141cd65 Release: 0 Summary: Python Git Library License: BSD-3-Clause @@ -51,11 +51,10 @@ implement your own storage mechanisms, the currently available implementations are 'cgit' and pure python, which is the default. %prep -%setup -q -n GitPython-%{version} -echo y | ./init-tests-after-clone.sh -%autopatch -p1 +%autosetup -p1 -n GitPython-%{version} # do not pull in extra deps sed -i -e '/tox/d' -e '/flake8/d' -e '/coverage/d' test-requirements.txt +sed -i -e '/addopts/d' pyproject.toml %build %python_build @@ -78,7 +77,7 @@ git config --global protocol.file.allow "always" git config --global user.email "you@example.com" git config --global user.name "Your Name" -%pytest -k 'not test_installation' test +%pytest -k 'not (test_installation or test_rev_parse)' %files %{python_files} %license LICENSE diff --git a/test-skips.patch b/test-skips.patch index 1dd51fe..4ba094a 100644 --- a/test-skips.patch +++ b/test-skips.patch @@ -1,20 +1,21 @@ -Index: GitPython-3.1.7.1594621338.176838a3/test/test_base.py +Index: GitPython-3.1.30.1672298042.141cd65/test/test_base.py =================================================================== ---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_base.py -+++ GitPython-3.1.7.1594621338.176838a3/test/test_base.py -@@ -111,7 +111,7 @@ class TestBase(TestBase): +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_base.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_base.py +@@ -104,7 +104,8 @@ class TestBase(_TestBase): assert not rw_repo.config_reader("repository").getboolean("core", "bare") - assert osp.isdir(osp.join(rw_repo.working_tree_dir, 'lib')) + assert osp.isdir(osp.join(rw_repo.working_tree_dir, "lib")) -- #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") +- @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") ++ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes! sometimes...") + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') - @with_rw_and_rw_remote_repo('0.1.6') + @with_rw_and_rw_remote_repo("0.1.6") def test_with_rw_remote_and_rw_repo(self, rw_repo, rw_remote_repo): assert not rw_repo.config_reader("repository").getboolean("core", "bare") -Index: GitPython-3.1.7.1594621338.176838a3/test/test_remote.py +Index: GitPython-3.1.30.1672298042.141cd65/test/test_remote.py =================================================================== ---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_remote.py -+++ GitPython-3.1.7.1594621338.176838a3/test/test_remote.py +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_remote.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_remote.py @@ -4,6 +4,7 @@ # This module is part of GitPython and is released under # the BSD License: http://www.opensource.org/licenses/bsd-license.php @@ -22,60 +23,78 @@ Index: GitPython-3.1.7.1594621338.176838a3/test/test_remote.py +import os import random import tempfile - from unittest import skipIf -@@ -408,7 +409,7 @@ class TestRemote(TestBase): + import pytest +@@ -430,7 +431,8 @@ class TestRemote(TestBase): TagReference.delete(rw_repo, new_tag, other_tag) - remote.push(":%s" % other_tag.path) + remote.push(":%s" % other_tag.path, kill_after_timeout=10.0) - @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!") ++ #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!") + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') - @with_rw_and_rw_remote_repo('0.1.6') + @with_rw_and_rw_remote_repo("0.1.6") def test_base(self, rw_repo, remote_repo): num_remotes = 0 -@@ -641,6 +642,7 @@ class TestRemote(TestBase): +@@ -681,6 +683,7 @@ class TestRemote(TestBase): # will raise fatal: Will not delete all non-push URLs self.assertRaises(GitCommandError, remote.delete_url, test3) + @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'GitHub connection error') def test_fetch_error(self): - rem = self.rorepo.remote('origin') + rem = self.rorepo.remote("origin") with self.assertRaisesRegex(GitCommandError, "[Cc]ouldn't find remote ref __BAD_REF__"): -Index: GitPython-3.1.7.1594621338.176838a3/test/test_submodule.py +Index: GitPython-3.1.30.1672298042.141cd65/test/test_submodule.py =================================================================== ---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_submodule.py -+++ GitPython-3.1.7.1594621338.176838a3/test/test_submodule.py -@@ -420,12 +420,13 @@ class TestSubmodule(TestBase): - def test_base_bare(self, rwrepo): - self._do_base_tests(rwrepo) - -- @skipIf(HIDE_WINDOWS_KNOWN_ERRORS and sys.version_info[:2] == (3, 5), """ +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_submodule.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_submodule.py +@@ -453,14 +453,15 @@ class TestSubmodule(TestBase): + reason="Cygwin GitPython can't find submodule SHA", + raises=ValueError + ) +- @skipIf( +- HIDE_WINDOWS_KNOWN_ERRORS, +- """ - File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute - raise GitCommandNotFound(command, err) - git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid') -- cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""") # noqa E501 -+ #@skipIf(HIDE_WINDOWS_KNOWN_ERRORS and sys.version_info[:2] == (3, 5), """ +- cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""", +- ) # noqa E501 ++ #@skipIf( ++ # HIDE_WINDOWS_KNOWN_ERRORS, ++ # """ + # File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute + # raise GitCommandNotFound(command, err) + # git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid') -+ # cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""") # noqa E501 - @with_rw_repo(k_subm_current, bare=False) ++ # cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""", ++ #) # noqa E501 + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') + @with_rw_repo(k_subm_current, bare=False) def test_root_module(self, rwrepo): # Can query everything without problems - rm = RootModule(self.rorepo) -@@ -750,6 +751,7 @@ class TestSubmodule(TestBase): +@@ -802,6 +803,7 @@ class TestSubmodule(TestBase): # "FIXME: helper.wrapper fails with: PermissionError: [WinError 5] Access is denied: " # "'C:\\Users\\appveyor\\AppData\\Local\\Temp\\1\\test_work_tree_unsupportedryfa60di\\master_repo\\.git\\objects\\pack\\pack-bc9e0787aef9f69e1591ef38ea0a6f566ec66fe3.idx") # noqa E501 @with_rw_directory + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') def test_git_submodule_compatibility(self, rwdir): - parent = git.Repo.init(osp.join(rwdir, 'parent')) - sm_path = join_path_native('submodules', 'intermediate', 'one') -@@ -825,6 +827,7 @@ class TestSubmodule(TestBase): + parent = git.Repo.init(osp.join(rwdir, "parent")) + sm_path = join_path_native("submodules", "intermediate", "one") +@@ -887,6 +889,7 @@ class TestSubmodule(TestBase): # end for each dry-run mode @with_rw_directory + @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error') def test_remove_norefs(self, rwdir): - parent = git.Repo.init(osp.join(rwdir, 'parent')) - sm_name = 'mymodules/myname' + parent = git.Repo.init(osp.join(rwdir, "parent")) + sm_name = "mymodules/myname" +Index: GitPython-3.1.30.1672298042.141cd65/test/test_repo.py +=================================================================== +--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_repo.py ++++ GitPython-3.1.30.1672298042.141cd65/test/test_repo.py +@@ -250,6 +250,7 @@ class TestRepo(TestBase): + except UnicodeEncodeError: + self.fail("Raised UnicodeEncodeError") + ++ @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'Gitlab connection error') + @with_rw_directory + def test_leaking_password_in_clone_logs(self, rw_dir): + password = "fakepassword1234"