- Update to 1.0.6

* drop testing and support for Python3.8, add Python 3.13, change document to reflect this. * implement safe_getattr and safe_format functions; fix bugs in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage * make all procedure attributes private to curb access to AST nodes, which can be exploited * improvements to error messages, including use ast functions to construct better error messages * remove import of numpy.linalg, as documented * update doc description for security advisory OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-asteval?expand=0&rev=42
2025-01-27 13:48:13 +00:00
commit 832698586f
8 changed files with 311 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
--- a/asteval-1.0.0.tar.gz
+++ b/asteval-1.0.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:03abb8c4057123e52c9052ff5745ffa0c7022aa73383e6143f2357098a1698d5
+size 49426
--- a/asteval-1.0.2.tar.gz
+++ b/asteval-1.0.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:00e27d9dc565858056d04ebf741f9db4dc4ba319ac3517d094b1608e7f73fa6a
+size 49933
--- a/asteval-1.0.5.tar.gz
+++ b/asteval-1.0.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bac3c8dd6d2b789e959cfec9bb296fb8338eec066feae618c462132701fbc665
+size 50826
--- a/asteval-1.0.6.tar.gz
+++ b/asteval-1.0.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1aa8e7304b2e171a90d64dd269b648cacac4e46fe5de54ac0db24776c0c4a19f
+size 52079
--- a/python-asteval.changes
+++ b/python-asteval.changes
@@ -0,0 +1,203 @@
+-------------------------------------------------------------------
+Mon Jan 27 12:42:41 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.0.6
+  * drop testing and support for Python3.8, add Python 3.13,
+    change document to reflect this.
+  * implement safe_getattr and safe_format functions; fix bugs
+    in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage
+  * make all procedure attributes private to curb access to AST
+    nodes, which can be exploited
+  * improvements to error messages, including use ast functions
+    to construct better error messages
+  * remove import of numpy.linalg, as documented
+  * update doc description for security advisory
+
+-------------------------------------------------------------------
+Thu Oct 10 15:41:37 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.5:
+  * more work on handling errors, including fixing #133 and
+    adding more comprehensive tests for #129 and #132
+- update to 1.0.4:
+  * fix error handling that might result in null exception
+- update to 1.0.3:
+  * functions ("Procedures") defined within asteval have a `
+    _signature()` method, now use in repr
+  * add support for deleting subscript
+  * nested symbol tables now have a  Group() function
+  * update coverage config
+  * cleanups of exception handling :  errors must now have an
+    exception
+  * several related fixes to suppress repeated exceptions: see GH
+    #132 and #129
+  * make non-boolean return values from comparison operators
+    behave like Python - not immediately testing as bool
+
+-------------------------------------------------------------------
+Fri Aug  9 06:56:27 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.2:
+  * fix NameError handling in expression code
+  * make exception messages more Python-like
+
+- update to 1.0.1:
+  * security fixes, based on audit by Andrew Effenhauser, Ayman
+    Hammad, and Daniel Crowley, IBM X-Force Security Research
+    division
+  * remove numpy modules polynomial, fft, linalg by default for
+    security concerns
+  * disallow string.format(), improve security of f-string
+    evaluation
+
+-------------------------------------------------------------------
+Tue Jul  2 20:14:13 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.0:
+  * fix (again) nested list comprehension (Issues #127 and #126).
+  * add more testing of multiple list comprehensions.
+  * more complete support for Numpy 2, and removal of many Numpy
+    symbols that have been long deprecated.
+  * remove AST nodes deprecated in Python 3.8.
+  * clean up build files and outdated tests.
+  * fixes to codecov configuration.
+  * update docs.
+
+-------------------------------------------------------------------
+Wed Jun 12 09:58:28 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.9.33:
+  * fixes for multiple list comprehensions (addressing #126)
+  * add testing with optionally installed numpy_financial to CI
+  * test existence of all numpy imports to better safeguard
+    against missing functions (for safer numpy 2 transition)
+  * update rendered doc to include PDF and zipped HTML
+
+-------------------------------------------------------------------
+Fri Mar 22 19:39:07 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.9.32:
+  * add deprecations message for numpy functions to be removed in
+    numpy 2.0
+  * comparison operations use try/except for short-circuiting
+    instead of checking for numpy arrays (addressing #123)
+  * add Python 3.12 to testing
+  * move repository from "newville" to "lmfit" organization
+  * update doc theme, GitHub locations pointed to by docs, other
+    doc tweaks.
+
+-------------------------------------------------------------------
+Tue Jul 18 18:09:28 UTC 2023 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Update to 0.9.31:
+  * cleanup numpy imports to avoid deprecated functions, add financial
+  functions from numpy_financial module, if installed.
+  * prefer 'user_symbols' when initializing Interpreter, but still support
+  'usersyms' argument. Will deprecate and remove eventually.
+  * add support of optional (off-by default) "nested symbol table".
+  * update tests to run most tests with symbol tables of dict and nested
+  group type.
+  * general code and testing cleanup.
+  * add config argument to Interpreter to more fully control which nodes are supported
+  * add support for import and importfrom -- off by default
+  * add support for with blocks
+  * add support for f-strings
+  * add support of set and dict comprehension
+  * fix bug with 'int**int' not returning a float.
+
+-------------------------------------------------------------------
+Thu Feb 16 21:08:13 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.9.29:
+  * bug fixes
+
+-------------------------------------------------------------------
+Thu Dec  1 22:16:19 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>
+
+- Update to 0.9.28
+  * add support for Python 3.11
+  * add support for multiple list comprehensions
+  * improve performance of making the initial symbol table,
+    and Interpreter creation, including better checking for index_tricks attributes
+
+-------------------------------------------------------------------
+Tue Sep  6 20:15:58 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>
+
+- update to 0.9.27:
+  * more cleanups
+
+-------------------------------------------------------------------
+Sun Jan 23 16:38:46 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.9.26:
+  * fix setup.py again
+
+-------------------------------------------------------------------
+Sat Jan 15 16:47:20 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.9.25:
+  * fixes import errors for Py3.6 and 3.7, setting version with
+    importlib_metadata.version if available.
+  * use setuptools_scm and importlib for version
+  * treat all __dunder__ attributes of all objects as inherently unsafe.
+
+-------------------------------------------------------------------
+Wed Feb 17 11:57:46 UTC 2021 - Ben Greiner <code@bnavigator.de>
+
+- Update to 0.9.22
+  * another important but small fix for Python 3.9
+  * Merge branch 'nested_interrupts_returns'
+- Drop hard numpy requirement, don't test on python36
+
+-------------------------------------------------------------------
+Fri Jan 17 12:49:59 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
+
+- update to 0.9.18
+  * drop python2
+  * few fixes
+
+-------------------------------------------------------------------
+Mon Dec  9 17:26:14 UTC 2019 - Todd R <toddrme2178@gmail.com>
+
+- Update to 0.9.17
+  * add 3.8 to travis config
+
+-------------------------------------------------------------------
+Tue Oct 29 05:01:27 UTC 2019 - Todd R <toddrme2178@gmail.com>
+
+- Update to 0.9.16
+  * auto-run codecov only if numpy is installed
+
+-------------------------------------------------------------------
+Fri Sep 13 12:09:15 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Update to 0.9.15:
+  * some doc improvements
+
+-------------------------------------------------------------------
+Thu Jul 25 13:36:37 UTC 2019 - pgajdos@suse.com
+
+- version update to 0.9.14
+  * no upstream changelog
+
+-------------------------------------------------------------------
+Wed Mar  6 12:17:43 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Update 0.9.13:
+  * Various spelling fixes
+  * Error reporting tweaks
+
+-------------------------------------------------------------------
+Wed Aug 29 10:27:20 UTC 2018 - tchvatal@suse.com
+
+- Fix the test call to work on 42.3
+
+-------------------------------------------------------------------
+Sat Jun  2 19:10:58 UTC 2018 - toddrme2178@gmail.com
+
+- Use license tag
+
+-------------------------------------------------------------------
+Thu Mar 22 04:49:27 UTC 2018 - toddrme2178@gmail.com
+
+- Initial version
--- a/python-asteval.spec
+++ b/python-asteval.spec
@@ -0,0 +1,72 @@
+#
+# spec file for package python-asteval
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%{?sle15_python_module_pythons}
+Name:           python-asteval
+Version:        1.0.6
+Release:        0
+Summary:        Safe, minimalistic evaluator of python expression using ast module
+License:        MIT
+Group:          Development/Languages/Python
+URL:            https://github.com/lmfit/asteval
+Source:         https://files.pythonhosted.org/packages/source/a/asteval/asteval-%{version}.tar.gz
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module setuptools_scm}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
+BuildRequires:  fdupes
+BuildRequires:  python-rpm-macros
+BuildArch:      noarch
+# SECTION test requirements
+BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module pytest-cov}
+# /SECTION
+%python_subpackages
+
+%description
+ASTEVAL provides a numpy-aware, safe(ish) 'eval' function
+
+Emphasis is on mathematical expressions, and so numpy ufuncs
+are used if available.  Symbols are held in the Interpreter
+symbol table 'symtable':  a simple dictionary supporting a
+simple, flat namespace.
+
+Expressions can be compiled into ast node for later evaluation,
+using the values in the symbol table current at evaluation time.
+
+%prep
+%setup -q -n asteval-%{version}
+sed -i -e '/^#!\//, 1d' asteval/asteval.py
+
+%build
+%pyproject_wheel
+
+%install
+%pyproject_install
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+
+%check
+%pytest
+
+%files %{python_files}
+%doc README.rst
+%license LICENSE
+%{python_sitelib}/asteval
+%{python_sitelib}/asteval-%{version}.dist-info
+
+%changelog