Accepting request 1046682 from devel:languages:python

- Update to version 3.1.30.1672298042.141cd65:
  * Make injections of command-invocations harder or impossible for clone and
    others. See #1518 for details. Note that this might constitute a breaking
    change for some users. (bsc#1206099, CVE-2022-24439)
  * Prohibit insecure options and protocols by default, which is potentially a
    breaking change, but a necessary fix for #1515.
  * Make the git.__version__ re-appear.
  * Reduced startup time due to optimized imports.
  * Fix a vulenerability that could cause great slowdowns when encountering
    long remote path names when pulling/fetching.
  * Newly added timeout flag is not be enabled by default, and was renamed
    to kill_after_timeout
  * drop support for python 3.5 to reduce maintenance burden on typing.
  * Add more static typing information
  * git.Commit objects now have a replace method that will return a copy of
    the commit with modified attributes.
  * Add python 3.9 support
  * Drop python 3.4 support
- Refresh patches.

OBS-URL: https://build.opensuse.org/request/show/1046682
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-GitPython?expand=0&rev=25

GitPython-3.1.12.1610074031.f653af66.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:42cef2152b84e2abba1f26b6c1cdcf4c5938017edfe91f4c44dd19770b5c0ff4
-size 10938580

GitPython-3.1.30.1672298042.141cd65.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:80e555f63f6c117e192973770823c9eb2c4601c0f30f8d05c7e16a33aafc2a2d
+size 11972348

_service

@@ -1,12 +1,12 @@
 <services>
   <service name="tar_scm" mode="disabled">
-    <param name="versionprefix">3.1.12</param>
-    <param name="url">git://github.com/gitpython-developers/GitPython</param>
+    <param name="versionprefix">3.1.30</param>
+    <param name="url">https://github.com/gitpython-developers/GitPython</param>
     <param name="scm">git</param>
     <param name="package-meta">yes</param>
     <param name="changesgenerate">enable</param>
     <param name="submodules">enable</param>
-    <param name="revision">f653af66e4c9461579ec44db50e113facf61e2d3</param>
+    <param name="revision">141cd651e459bff8919798b3ccf03dfa167757f6</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="compression">xz</param>

_servicedata

@@ -1,4 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">git://github.com/gitpython-developers/GitPython</param>
-              <param name="changesrevision">f653af66e4c9461579ec44db50e113facf61e2d3</param></service></servicedata>
+              <param name="changesrevision">f653af66e4c9461579ec44db50e113facf61e2d3</param></service><service name="tar_scm">
+                <param name="url">https://github.com/gitpython-developers/GitPython</param>
+              <param name="changesrevision">141cd651e459bff8919798b3ccf03dfa167757f6</param></service></servicedata>

python-GitPython.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Wed Jan  4 06:33:38 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to version 3.1.30.1672298042.141cd65:
+  * Make injections of command-invocations harder or impossible for clone and
+    others. See #1518 for details. Note that this might constitute a breaking
+    change for some users. (bsc#1206099, CVE-2022-24439)
+  * Prohibit insecure options and protocols by default, which is potentially a
+    breaking change, but a necessary fix for #1515.
+  * Make the git.__version__ re-appear.
+  * Reduced startup time due to optimized imports.
+  * Fix a vulenerability that could cause great slowdowns when encountering
+    long remote path names when pulling/fetching.
+  * Newly added timeout flag is not be enabled by default, and was renamed
+    to kill_after_timeout
+  * drop support for python 3.5 to reduce maintenance burden on typing.
+  * Add more static typing information
+  * git.Commit objects now have a replace method that will return a copy of
+    the commit with modified attributes.
+  * Add python 3.9 support
+  * Drop python 3.4 support
+- Refresh patches.
+
 -------------------------------------------------------------------
 Mon Nov  7 23:35:37 UTC 2022 - Matej Cepl <mcepl@suse.com>
 

python-GitPython.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-GitPython
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %define skip_python2 1
 Name:           python-GitPython
-Version:        3.1.12.1610074031.f653af66
+Version:        3.1.30.1672298042.141cd65
 Release:        0
 Summary:        Python Git Library
 License:        BSD-3-Clause
@@ -51,11 +51,10 @@ implement your own storage mechanisms, the currently available implementations
 are 'cgit' and pure python, which is the default.
 
 %prep
-%setup -q -n GitPython-%{version}
-echo y | ./init-tests-after-clone.sh
-%autopatch -p1
+%autosetup -p1 -n GitPython-%{version}
 # do not pull in extra deps
 sed -i -e '/tox/d' -e '/flake8/d' -e '/coverage/d' test-requirements.txt
+sed -i  -e '/addopts/d' pyproject.toml
 
 %build
 %python_build
@@ -78,7 +77,7 @@ git config --global protocol.file.allow "always"
 git config --global user.email "you@example.com"
 git config --global user.name "Your Name"
 
-%pytest -k 'not test_installation' test
+%pytest -k 'not (test_installation or test_rev_parse)'
 
 %files %{python_files}
 %license LICENSE

test-skips.patch

@@ -1,20 +1,21 @@
-Index: GitPython-3.1.7.1594621338.176838a3/test/test_base.py
+Index: GitPython-3.1.30.1672298042.141cd65/test/test_base.py
 ===================================================================
---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_base.py
-+++ GitPython-3.1.7.1594621338.176838a3/test/test_base.py
-@@ -111,7 +111,7 @@ class TestBase(TestBase):
+--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_base.py
++++ GitPython-3.1.30.1672298042.141cd65/test/test_base.py
+@@ -104,7 +104,8 @@ class TestBase(_TestBase):
          assert not rw_repo.config_reader("repository").getboolean("core", "bare")
-         assert osp.isdir(osp.join(rw_repo.working_tree_dir, 'lib'))
+         assert osp.isdir(osp.join(rw_repo.working_tree_dir, "lib"))
  
--    #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!  sometimes...")
+-    @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!  sometimes...")
++    #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!  sometimes...")
 +    @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
-     @with_rw_and_rw_remote_repo('0.1.6')
+     @with_rw_and_rw_remote_repo("0.1.6")
      def test_with_rw_remote_and_rw_repo(self, rw_repo, rw_remote_repo):
          assert not rw_repo.config_reader("repository").getboolean("core", "bare")
-Index: GitPython-3.1.7.1594621338.176838a3/test/test_remote.py
+Index: GitPython-3.1.30.1672298042.141cd65/test/test_remote.py
 ===================================================================
---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_remote.py
-+++ GitPython-3.1.7.1594621338.176838a3/test/test_remote.py
+--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_remote.py
++++ GitPython-3.1.30.1672298042.141cd65/test/test_remote.py
 @@ -4,6 +4,7 @@
  # This module is part of GitPython and is released under
  # the BSD License: http://www.opensource.org/licenses/bsd-license.php
@@ -22,60 +23,78 @@ Index: GitPython-3.1.7.1594621338.176838a3/test/test_remote.py
 +import os
  import random
  import tempfile
- from unittest import skipIf
-@@ -408,7 +409,7 @@ class TestRemote(TestBase):
+ import pytest
+@@ -430,7 +431,8 @@ class TestRemote(TestBase):
          TagReference.delete(rw_repo, new_tag, other_tag)
-         remote.push(":%s" % other_tag.path)
+         remote.push(":%s" % other_tag.path, kill_after_timeout=10.0)
  
 -    @skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!")
++    #@skipIf(HIDE_WINDOWS_FREEZE_ERRORS, "FIXME: Freezes!")
 +    @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
-     @with_rw_and_rw_remote_repo('0.1.6')
+     @with_rw_and_rw_remote_repo("0.1.6")
      def test_base(self, rw_repo, remote_repo):
          num_remotes = 0
-@@ -641,6 +642,7 @@ class TestRemote(TestBase):
+@@ -681,6 +683,7 @@ class TestRemote(TestBase):
          # will raise fatal: Will not delete all non-push URLs
          self.assertRaises(GitCommandError, remote.delete_url, test3)
  
 +    @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'GitHub connection error')
      def test_fetch_error(self):
-         rem = self.rorepo.remote('origin')
+         rem = self.rorepo.remote("origin")
          with self.assertRaisesRegex(GitCommandError, "[Cc]ouldn't find remote ref __BAD_REF__"):
-Index: GitPython-3.1.7.1594621338.176838a3/test/test_submodule.py
+Index: GitPython-3.1.30.1672298042.141cd65/test/test_submodule.py
 ===================================================================
---- GitPython-3.1.7.1594621338.176838a3.orig/test/test_submodule.py
-+++ GitPython-3.1.7.1594621338.176838a3/test/test_submodule.py
-@@ -420,12 +420,13 @@ class TestSubmodule(TestBase):
-     def test_base_bare(self, rwrepo):
-         self._do_base_tests(rwrepo)
- 
--    @skipIf(HIDE_WINDOWS_KNOWN_ERRORS and sys.version_info[:2] == (3, 5), """
+--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_submodule.py
++++ GitPython-3.1.30.1672298042.141cd65/test/test_submodule.py
+@@ -453,14 +453,15 @@ class TestSubmodule(TestBase):
+         reason="Cygwin GitPython can't find submodule SHA",
+         raises=ValueError
+     )
+-    @skipIf(
+-        HIDE_WINDOWS_KNOWN_ERRORS,
+-        """
 -        File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute
 -        raise GitCommandNotFound(command, err)
 -        git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid')
--        cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""")  # noqa E501
-+    #@skipIf(HIDE_WINDOWS_KNOWN_ERRORS and sys.version_info[:2] == (3, 5), """
+-        cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""",
+-    )  # noqa E501
++    #@skipIf(
++    #    HIDE_WINDOWS_KNOWN_ERRORS,
++    #    """
 +    #    File "C:\\projects\\gitpython\\git\\cmd.py", line 559, in execute
 +    #    raise GitCommandNotFound(command, err)
 +    #    git.exc.GitCommandNotFound: Cmd('git') not found due to: OSError('[WinError 6] The handle is invalid')
-+    #    cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""")  # noqa E501
-     @with_rw_repo(k_subm_current, bare=False)
++    #    cmdline: git clone -n --shared -v C:\\projects\\gitpython\\.git Users\\appveyor\\AppData\\Local\\Temp\\1\\tmplyp6kr_rnon_bare_test_root_module""",
++    #)  # noqa E501
 +    @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
+     @with_rw_repo(k_subm_current, bare=False)
      def test_root_module(self, rwrepo):
          # Can query everything without problems
-         rm = RootModule(self.rorepo)
-@@ -750,6 +751,7 @@ class TestSubmodule(TestBase):
+@@ -802,6 +803,7 @@ class TestSubmodule(TestBase):
      #         "FIXME: helper.wrapper fails with: PermissionError: [WinError 5] Access is denied: "
      #         "'C:\\Users\\appveyor\\AppData\\Local\\Temp\\1\\test_work_tree_unsupportedryfa60di\\master_repo\\.git\\objects\\pack\\pack-bc9e0787aef9f69e1591ef38ea0a6f566ec66fe3.idx")  # noqa E501
      @with_rw_directory
 +    @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
      def test_git_submodule_compatibility(self, rwdir):
-         parent = git.Repo.init(osp.join(rwdir, 'parent'))
-         sm_path = join_path_native('submodules', 'intermediate', 'one')
-@@ -825,6 +827,7 @@ class TestSubmodule(TestBase):
+         parent = git.Repo.init(osp.join(rwdir, "parent"))
+         sm_path = join_path_native("submodules", "intermediate", "one")
+@@ -887,6 +889,7 @@ class TestSubmodule(TestBase):
          # end for each dry-run mode
  
      @with_rw_directory
 +    @skipIf(os.environ.get('SKIP_LOCALHOST', 'false') == 'true', 'git-daemon connection error')
      def test_remove_norefs(self, rwdir):
-         parent = git.Repo.init(osp.join(rwdir, 'parent'))
-         sm_name = 'mymodules/myname'
+         parent = git.Repo.init(osp.join(rwdir, "parent"))
+         sm_name = "mymodules/myname"
+Index: GitPython-3.1.30.1672298042.141cd65/test/test_repo.py
+===================================================================
+--- GitPython-3.1.30.1672298042.141cd65.orig/test/test_repo.py
++++ GitPython-3.1.30.1672298042.141cd65/test/test_repo.py
+@@ -250,6 +250,7 @@ class TestRepo(TestBase):
+             except UnicodeEncodeError:
+                 self.fail("Raised UnicodeEncodeError")
+ 
++    @skipIf(os.environ.get('SKIP_GITHUB', 'false') == 'true', 'Gitlab connection error')
+     @with_rw_directory
+     def test_leaking_password_in_clone_logs(self, rw_dir):
+         password = "fakepassword1234"