From acd9a332de45460487c5ed86662d83ff70a6f20218da1401e8a4172aaada86c1 Mon Sep 17 00:00:00 2001 From: Nico Krapp Date: Thu, 13 Nov 2025 16:40:19 +0000 Subject: [PATCH] - Update to 1.0.7 * return in while, for, and with blocks in functions properly signal an immediate exit of the function. (fixes #141) * fix augassign to retain line numbers for exceptions properly. (#140) * make sure that "unsafe_modules" should not be accessed even if imported and exposed by other modules * cleanup unused nodes * tweaks and fixes to docs * drop testing with Python 3.9 * add testing for Python 3.14 * update pyproject.toml from the endless churn from PyPA, to move the location and formatting for the LICENSE, to continue compliance with the endless churn from PyPA. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-asteval?expand=0&rev=45 --- .gitattributes | 23 +++++ .gitignore | 1 + asteval-1.0.6.tar.gz | 3 + asteval-1.0.7.tar.gz | 3 + python-asteval.changes | 221 +++++++++++++++++++++++++++++++++++++++++ python-asteval.spec | 72 ++++++++++++++ 6 files changed, 323 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 asteval-1.0.6.tar.gz create mode 100644 asteval-1.0.7.tar.gz create mode 100644 python-asteval.changes create mode 100644 python-asteval.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/asteval-1.0.6.tar.gz b/asteval-1.0.6.tar.gz new file mode 100644 index 0000000..304d2a8 --- /dev/null +++ b/asteval-1.0.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1aa8e7304b2e171a90d64dd269b648cacac4e46fe5de54ac0db24776c0c4a19f +size 52079 diff --git a/asteval-1.0.7.tar.gz b/asteval-1.0.7.tar.gz new file mode 100644 index 0000000..301506e --- /dev/null +++ b/asteval-1.0.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:729fa010511957afcbdbadb0304da09cef6904c145b6901e917afac2dd5668a1 +size 51859 diff --git a/python-asteval.changes b/python-asteval.changes new file mode 100644 index 0000000..0acf4bc --- /dev/null +++ b/python-asteval.changes @@ -0,0 +1,221 @@ +------------------------------------------------------------------- +Thu Nov 13 14:25:13 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 1.0.7 + * return in while, for, and with blocks in functions properly signal + an immediate exit of the function. (fixes #141) + * fix augassign to retain line numbers for exceptions properly. (#140) + * make sure that "unsafe_modules" should not be accessed even if imported + and exposed by other modules + * cleanup unused nodes + * tweaks and fixes to docs + * drop testing with Python 3.9 + * add testing for Python 3.14 + * update pyproject.toml from the endless churn from PyPA, to move the + location and formatting for the LICENSE, to continue compliance with + the endless churn from PyPA. + +------------------------------------------------------------------- +Mon Jan 27 12:42:41 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 1.0.6 + * drop testing and support for Python3.8, add Python 3.13, + change document to reflect this. + * implement safe_getattr and safe_format functions; fix bugs + in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (bsc#1236405, + CVE-2025-24359) + * make all procedure attributes private to curb access to AST + nodes, which can be exploited + * improvements to error messages, including use ast functions + to construct better error messages + * remove import of numpy.linalg, as documented + * update doc description for security advisory + +------------------------------------------------------------------- +Thu Oct 10 15:41:37 UTC 2024 - Dirk Müller + +- update to 1.0.5: + * more work on handling errors, including fixing #133 and + adding more comprehensive tests for #129 and #132 +- update to 1.0.4: + * fix error handling that might result in null exception +- update to 1.0.3: + * functions ("Procedures") defined within asteval have a ` + _signature()` method, now use in repr + * add support for deleting subscript + * nested symbol tables now have a Group() function + * update coverage config + * cleanups of exception handling : errors must now have an + exception + * several related fixes to suppress repeated exceptions: see GH + #132 and #129 + * make non-boolean return values from comparison operators + behave like Python - not immediately testing as bool + +------------------------------------------------------------------- +Fri Aug 9 06:56:27 UTC 2024 - Dirk Müller + +- update to 1.0.2: + * fix NameError handling in expression code + * make exception messages more Python-like + +- update to 1.0.1: + * security fixes, based on audit by Andrew Effenhauser, Ayman + Hammad, and Daniel Crowley, IBM X-Force Security Research + division + * remove numpy modules polynomial, fft, linalg by default for + security concerns + * disallow string.format(), improve security of f-string + evaluation + +------------------------------------------------------------------- +Tue Jul 2 20:14:13 UTC 2024 - Dirk Müller + +- update to 1.0.0: + * fix (again) nested list comprehension (Issues #127 and #126). + * add more testing of multiple list comprehensions. + * more complete support for Numpy 2, and removal of many Numpy + symbols that have been long deprecated. + * remove AST nodes deprecated in Python 3.8. + * clean up build files and outdated tests. + * fixes to codecov configuration. + * update docs. + +------------------------------------------------------------------- +Wed Jun 12 09:58:28 UTC 2024 - Dirk Müller + +- update to 0.9.33: + * fixes for multiple list comprehensions (addressing #126) + * add testing with optionally installed numpy_financial to CI + * test existence of all numpy imports to better safeguard + against missing functions (for safer numpy 2 transition) + * update rendered doc to include PDF and zipped HTML + +------------------------------------------------------------------- +Fri Mar 22 19:39:07 UTC 2024 - Dirk Müller + +- update to 0.9.32: + * add deprecations message for numpy functions to be removed in + numpy 2.0 + * comparison operations use try/except for short-circuiting + instead of checking for numpy arrays (addressing #123) + * add Python 3.12 to testing + * move repository from "newville" to "lmfit" organization + * update doc theme, GitHub locations pointed to by docs, other + doc tweaks. + +------------------------------------------------------------------- +Tue Jul 18 18:09:28 UTC 2023 - Antonio Teixeira + +- Update to 0.9.31: + * cleanup numpy imports to avoid deprecated functions, add financial + functions from numpy_financial module, if installed. + * prefer 'user_symbols' when initializing Interpreter, but still support + 'usersyms' argument. Will deprecate and remove eventually. + * add support of optional (off-by default) "nested symbol table". + * update tests to run most tests with symbol tables of dict and nested + group type. + * general code and testing cleanup. + * add config argument to Interpreter to more fully control which nodes are supported + * add support for import and importfrom -- off by default + * add support for with blocks + * add support for f-strings + * add support of set and dict comprehension + * fix bug with 'int**int' not returning a float. + +------------------------------------------------------------------- +Thu Feb 16 21:08:13 UTC 2023 - Dirk Müller + +- update to 0.9.29: + * bug fixes + +------------------------------------------------------------------- +Thu Dec 1 22:16:19 UTC 2022 - Yogalakshmi Arunachalam + +- Update to 0.9.28 + * add support for Python 3.11 + * add support for multiple list comprehensions + * improve performance of making the initial symbol table, + and Interpreter creation, including better checking for index_tricks attributes + +------------------------------------------------------------------- +Tue Sep 6 20:15:58 UTC 2022 - Yogalakshmi Arunachalam + +- update to 0.9.27: + * more cleanups + +------------------------------------------------------------------- +Sun Jan 23 16:38:46 UTC 2022 - Dirk Müller + +- update to 0.9.26: + * fix setup.py again + +------------------------------------------------------------------- +Sat Jan 15 16:47:20 UTC 2022 - Dirk Müller + +- update to 0.9.25: + * fixes import errors for Py3.6 and 3.7, setting version with + importlib_metadata.version if available. + * use setuptools_scm and importlib for version + * treat all __dunder__ attributes of all objects as inherently unsafe. + +------------------------------------------------------------------- +Wed Feb 17 11:57:46 UTC 2021 - Ben Greiner + +- Update to 0.9.22 + * another important but small fix for Python 3.9 + * Merge branch 'nested_interrupts_returns' +- Drop hard numpy requirement, don't test on python36 + +------------------------------------------------------------------- +Fri Jan 17 12:49:59 UTC 2020 - Marketa Calabkova + +- update to 0.9.18 + * drop python2 + * few fixes + +------------------------------------------------------------------- +Mon Dec 9 17:26:14 UTC 2019 - Todd R + +- Update to 0.9.17 + * add 3.8 to travis config + +------------------------------------------------------------------- +Tue Oct 29 05:01:27 UTC 2019 - Todd R + +- Update to 0.9.16 + * auto-run codecov only if numpy is installed + +------------------------------------------------------------------- +Fri Sep 13 12:09:15 UTC 2019 - Tomáš Chvátal + +- Update to 0.9.15: + * some doc improvements + +------------------------------------------------------------------- +Thu Jul 25 13:36:37 UTC 2019 - pgajdos@suse.com + +- version update to 0.9.14 + * no upstream changelog + +------------------------------------------------------------------- +Wed Mar 6 12:17:43 UTC 2019 - Tomáš Chvátal + +- Update 0.9.13: + * Various spelling fixes + * Error reporting tweaks + +------------------------------------------------------------------- +Wed Aug 29 10:27:20 UTC 2018 - tchvatal@suse.com + +- Fix the test call to work on 42.3 + +------------------------------------------------------------------- +Sat Jun 2 19:10:58 UTC 2018 - toddrme2178@gmail.com + +- Use license tag + +------------------------------------------------------------------- +Thu Mar 22 04:49:27 UTC 2018 - toddrme2178@gmail.com + +- Initial version diff --git a/python-asteval.spec b/python-asteval.spec new file mode 100644 index 0000000..fe1d531 --- /dev/null +++ b/python-asteval.spec @@ -0,0 +1,72 @@ +# +# spec file for package python-asteval +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-asteval +Version: 1.0.7 +Release: 0 +Summary: Safe, minimalistic evaluator of python expression using ast module +License: MIT +Group: Development/Languages/Python +URL: https://github.com/lmfit/asteval +Source: https://files.pythonhosted.org/packages/source/a/asteval/asteval-%{version}.tar.gz +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools_scm} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +BuildArch: noarch +# SECTION test requirements +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module pytest-cov} +# /SECTION +%python_subpackages + +%description +ASTEVAL provides a numpy-aware, safe(ish) 'eval' function + +Emphasis is on mathematical expressions, and so numpy ufuncs +are used if available. Symbols are held in the Interpreter +symbol table 'symtable': a simple dictionary supporting a +simple, flat namespace. + +Expressions can be compiled into ast node for later evaluation, +using the values in the symbol table current at evaluation time. + +%prep +%setup -q -n asteval-%{version} +sed -i -e '/^#!\//, 1d' asteval/asteval.py + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%pytest + +%files %{python_files} +%doc README.rst +%license LICENSE +%{python_sitelib}/asteval +%{python_sitelib}/asteval-%{version}.dist-info + +%changelog