Accepting request 1240582 from devel:languages:python

- Update to 1.0.6
  * drop testing and support for Python3.8, add Python 3.13,
    change document to reflect this.
  * implement safe_getattr and safe_format functions; fix bugs
    in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (bsc#1236405,
    CVE-2025-24359)
  * make all procedure attributes private to curb access to AST
    nodes, which can be exploited
  * improvements to error messages, including use ast functions
    to construct better error messages
  * remove import of numpy.linalg, as documented
  * update doc description for security advisory

OBS-URL: https://build.opensuse.org/request/show/1240582
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-asteval?expand=0&rev=21

asteval-0.9.33.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:94981701f4d252c88aa5e821121b1aabef73a003da138fc6405169c9e675d24d
-size 57211

asteval-1.0.6.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1aa8e7304b2e171a90d64dd269b648cacac4e46fe5de54ac0db24776c0c4a19f
+size 52079

python-asteval.changes

@@ -1,3 +1,69 @@
+-------------------------------------------------------------------
+Mon Jan 27 12:42:41 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.0.6
+  * drop testing and support for Python3.8, add Python 3.13,
+    change document to reflect this.
+  * implement safe_getattr and safe_format functions; fix bugs
+    in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (bsc#1236405,
+    CVE-2025-24359)
+  * make all procedure attributes private to curb access to AST
+    nodes, which can be exploited
+  * improvements to error messages, including use ast functions
+    to construct better error messages
+  * remove import of numpy.linalg, as documented
+  * update doc description for security advisory
+
+-------------------------------------------------------------------
+Thu Oct 10 15:41:37 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.5:
+  * more work on handling errors, including fixing #133 and
+    adding more comprehensive tests for #129 and #132
+- update to 1.0.4:
+  * fix error handling that might result in null exception
+- update to 1.0.3:
+  * functions ("Procedures") defined within asteval have a `
+    _signature()` method, now use in repr
+  * add support for deleting subscript
+  * nested symbol tables now have a  Group() function
+  * update coverage config
+  * cleanups of exception handling :  errors must now have an
+    exception
+  * several related fixes to suppress repeated exceptions: see GH
+    #132 and #129
+  * make non-boolean return values from comparison operators
+    behave like Python - not immediately testing as bool
+
+-------------------------------------------------------------------
+Fri Aug  9 06:56:27 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.2:
+  * fix NameError handling in expression code
+  * make exception messages more Python-like
+
+- update to 1.0.1:
+  * security fixes, based on audit by Andrew Effenhauser, Ayman
+    Hammad, and Daniel Crowley, IBM X-Force Security Research
+    division
+  * remove numpy modules polynomial, fft, linalg by default for
+    security concerns
+  * disallow string.format(), improve security of f-string
+    evaluation
+
+-------------------------------------------------------------------
+Tue Jul  2 20:14:13 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.0.0:
+  * fix (again) nested list comprehension (Issues #127 and #126).
+  * add more testing of multiple list comprehensions.
+  * more complete support for Numpy 2, and removal of many Numpy
+    symbols that have been long deprecated.
+  * remove AST nodes deprecated in Python 3.8.
+  * clean up build files and outdated tests.
+  * fixes to codecov configuration.
+  * update docs.
+
 -------------------------------------------------------------------
 Wed Jun 12 09:58:28 UTC 2024 - Dirk Müller <dmueller@suse.com>
 

python-asteval.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-asteval
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,25 +16,25 @@
 #
 
 
-%{?!python_module:%define python_module() python3-%{**}}
-%define skip_python2 1
+%{?sle15_python_module_pythons}
 Name:           python-asteval
-Version:        0.9.33
+Version:        1.0.6
 Release:        0
 Summary:        Safe, minimalistic evaluator of python expression using ast module
 License:        MIT
 Group:          Development/Languages/Python
 URL:            https://github.com/lmfit/asteval
 Source:         https://files.pythonhosted.org/packages/source/a/asteval/asteval-%{version}.tar.gz
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools_scm}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 BuildArch:      noarch
 # SECTION test requirements
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module pytest-cov}
-BuildRequires:  %{python_module numpy if (%python-base without python36-base)}
 # /SECTION
 %python_subpackages
 
@@ -54,10 +54,10 @@ using the values in the symbol table current at evaluation time.
 sed -i -e '/^#!\//, 1d' asteval/asteval.py
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
@@ -66,6 +66,7 @@ sed -i -e '/^#!\//, 1d' asteval/asteval.py
 %files %{python_files}
 %doc README.rst
 %license LICENSE
-%{python_sitelib}/*
+%{python_sitelib}/asteval
+%{python_sitelib}/asteval-%{version}.dist-info
 
 %changelog