Accepting request 1109354 from devel:languages:python:pytest

- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969) - Add patch remove-svn-remants.patch to help with that goal. - Refresh pr_222.patch as needed for above. - Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972) - Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0 OBS-URL: https://build.opensuse.org/request/show/1109354 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-py?expand=0&rev=42
2023-09-07 19:12:07 +00:00 · 2023-09-07 19:12:07 +00:00 · ed4bf9c57e
commit ed4bf9c57e
parent f1f853737f 4ce4906c94
4 changed files with 59 additions and 146 deletions
--- a/pr_222.patch
+++ b/pr_222.patch
@ -369,152 +369,6 @@ Index: py-1.9.0/testing/path/test_cacheutil.py
 
     def test_delentry_raising(self):
         self.cache.getorbuild(100, lambda: 100)
-Index: py-1.9.0/testing/path/test_svnauth.py
-===================================================================
--- py-1.9.0.orig/testing/path/test_svnauth.py
-+++ py-1.9.0/testing/path/test_svnauth.py
-@@ -2,6 +2,7 @@ import py
- from py.path import SvnAuth
- import time
- import sys
-+import pytest
- 
- svnbin = py.path.local.sysfind('svn')
- 
-@@ -261,7 +262,8 @@ class TestSvnURLAuth(object):
-         u.propget('foo')
-         assert '--username="foo" --password="bar"' in u.commands[0]
- 
-def pytest_funcarg__setup(request):
-+@pytest.fixture
-+def setup(request):
-     return Setup(request)
- 
- class Setup:
-@@ -271,7 +273,7 @@ class Setup:
-         if not request.config.option.runslowtests:
-             py.test.skip('use --runslowtests to run these tests')
- 
-        tmpdir = request.getfuncargvalue("tmpdir")
-+        tmpdir = request.getfixturevalue("tmpdir")
-         repodir = tmpdir.join("repo")
-         py.process.cmdexec('svnadmin create %s' % repodir)
-         if sys.platform == 'win32':
-Index: py-1.9.0/testing/path/test_svnurl.py
-===================================================================
--- py-1.9.0.orig/testing/path/test_svnurl.py
-+++ py-1.9.0/testing/path/test_svnurl.py
-@@ -2,10 +2,12 @@ import py
- from py._path.svnurl import InfoSvnCommand
- import datetime
- import time
-+import pytest
- from svntestbase import CommonSvnTests
- 
-def pytest_funcarg__path1(request):
-    repo, repourl, wc = request.getfuncargvalue("repowc1")
-+@pytest.fixture
-+def path1(request):
-+    repo, repourl, wc = request.getfixturevalue("repowc1")
-     return py.path.svnurl(repourl)
- 
- class TestSvnURLCommandPath(CommonSvnTests):
-@@ -20,10 +22,12 @@ class TestSvnURLCommandPath(CommonSvnTes
-         super(TestSvnURLCommandPath, self).test_visit_ignore(path1)
- 
-     def test_svnurl_needs_arg(self, path1):
-        py.test.raises(TypeError, "py.path.svnurl()")
-+        with py.test.raises(TypeError):
-+            py.path.svnurl()
- 
-     def test_svnurl_does_not_accept_None_either(self, path1):
-        py.test.raises(Exception, "py.path.svnurl(None)")
-+        with py.test.raises(Exception):
-+            py.path.svnurl(None)
- 
-     def test_svnurl_characters_simple(self, path1):
-         py.path.svnurl("svn+ssh://hello/world")
-@@ -32,7 +36,8 @@ class TestSvnURLCommandPath(CommonSvnTes
-         py.path.svnurl("http://user@host.com/some/dir")
- 
-     def test_svnurl_characters_at_path(self, path1):
-        py.test.raises(ValueError, 'py.path.svnurl("http://host.com/foo@bar")')
-+        with py.test.raises(ValueError):
-+            py.path.svnurl("http://host.com/foo@bar")
- 
-     def test_svnurl_characters_colon_port(self, path1):
-         py.path.svnurl("http://host.com:8080/some/dir")
-@@ -45,7 +50,8 @@ class TestSvnURLCommandPath(CommonSvnTes
-         # colons are allowed on win32, because they're part of the drive
-         # part of an absolute path... however, they shouldn't be allowed in
-         # other parts, I think
-        py.test.raises(ValueError, 'py.path.svnurl("http://host.com/foo:bar")')
-+        with py.test.raises(ValueError):
-+            py.path.svnurl("http://host.com/foo:bar")
- 
-     def test_export(self, path1, tmpdir):
-         tmpdir = tmpdir.join("empty")
-@@ -92,4 +98,5 @@ class TestSvnInfoCommand:
-         assert info.kind == 'dir'
- 
- def test_badchars():
-    py.test.raises(ValueError, "py.path.svnurl('http://host/tmp/@@@:')")
-+    with py.test.raises(ValueError):
-+        py.path.svnurl('http://host/tmp/@@@:')
-Index: py-1.9.0/testing/path/test_svnwc.py
-===================================================================
--- py-1.9.0.orig/testing/path/test_svnwc.py
-+++ py-1.9.0/testing/path/test_svnwc.py
-@@ -30,8 +30,9 @@ def test_make_repo(path1, tmpdir):
-     rev = wc.commit()
-     assert rev is None
- 
-def pytest_funcarg__path1(request):
-    repo, repourl, wc = request.getfuncargvalue("repowc1")
-+@pytest.fixture
-+def path1(request):
-+    repo, repourl, wc = request.getfixturevalue("repowc1")
-     return wc
- 
- class TestWCSvnCommandPath(CommonSvnTests):
-@@ -346,7 +347,8 @@ class TestWCSvnCommandPath(CommonSvnTest
-         somefile = root.join('somefile')
-         somefile.ensure(file=True)
-         # not yet added to repo
-        py.test.raises(Exception, 'somefile.lock()')
-+        with py.test.raises(Exception):
-+            somefile.lock()
-         somefile.write('foo')
-         somefile.commit('test')
-         assert somefile.check(versioned=True)
-@@ -357,13 +359,15 @@ class TestWCSvnCommandPath(CommonSvnTest
-             assert locked[0].basename == somefile.basename
-             assert locked[0].dirpath().basename == somefile.dirpath().basename
-             #assert somefile.locked()
-            py.test.raises(Exception, 'somefile.lock()')
-+            with py.test.raises(Exception):
-+                somefile.lock()
-         finally:
-             somefile.unlock()
-         #assert not somefile.locked()
-         locked = root.status().locked
-         assert locked == []
-        py.test.raises(Exception, 'somefile,unlock()')
-+        with py.test.raises(Exception):
-+            somefile,unlock()
-         somefile.remove()
- 
-     def test_commit_nonrecursive(self, path1):
-@@ -481,7 +485,8 @@ class TestInfoSvnWCCommand:
- 
- 
- def test_characters_at():
-    py.test.raises(ValueError, "py.path.svnwc('/tmp/@@@:')")
-+    with py.test.raises(ValueError):
-+        py.path.svnwc('/tmp/@@@:')
- 
- def test_characters_tilde():
-     py.path.svnwc('/tmp/test~')
 Index: py-1.9.0/testing/root/test_builtin.py
 ===================================================================
 --- py-1.9.0.orig/testing/root/test_builtin.py
--- a/python-py.changes
+++ b/python-py.changes
@ -16,6 +16,13 @@ Thu Apr 13 22:43:30 UTC 2023 - Matej Cepl <mcepl@suse.com>

 - Make calling of %{sle15modernpython} optional.

+-------------------------------------------------------------------
+Tue Jan 17 05:13:56 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969) 
+- Add patch remove-svn-remants.patch to help with that goal.
+- Refresh pr_222.patch as needed for above.
+
 -------------------------------------------------------------------
 Tue Nov 29 17:04:41 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>

@ -29,6 +36,12 @@ Tue Mar 15 08:13:43 UTC 2022 - Stephan Kulow <coolo@suse.com>

 - use %python_expand for %fdupes

+-------------------------------------------------------------------
+Mon Mar 14 10:53:30 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
+- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
+
 -------------------------------------------------------------------
 Sun Jan 23 15:40:00 UTC 2022 - Dirk Müller <dmueller@suse.com>

--- a/python-py.spec
+++ b/python-py.spec
@ -36,6 +36,8 @@ URL:            https://github.com/pytest-dev/py
 Source:         https://files.pythonhosted.org/packages/source/p/py/py-%{version}.tar.gz
 # https://github.com/pytest-dev/py/pull/222
 Patch0:         pr_222.patch
+# CVE-2022-42969 Remove all traces of svn
+Patch1:         remove-svn-remants.patch
 BuildRequires:  %{python_module apipkg}
 BuildRequires:  %{python_module iniconfig}
 BuildRequires:  %{python_module setuptools_scm}
@ -71,6 +73,14 @@ rm -f tox.ini
 rm -f testing/log/test_warning.py
 rm -r py/_vendored_packages

+# CVE-2022-42969 Remove all traces of svn
+pushd py/_path
+rm svnwc.py svnurl.py
+popd
+pushd testing/path
+rm conftest.py svntestbase.py test_svnauth.py test_svnurl.py test_svnwc.py
+popd
+
 %build
 %python_build

--- a/remove-svn-remants.patch
+++ b/remove-svn-remants.patch
@ -0,0 +1,36 @@
+Index: py-1.10.0/testing/path/test_local.py
+===================================================================
+--- py-1.10.0.orig/testing/path/test_local.py
+++ py-1.10.0/testing/path/test_local.py
+@@ -338,11 +338,11 @@ class TestLocalPath(common.CommonFSTests
+         l2 = local(l)
+         assert l2 == l
+ 
+-        wc = py.path.svnwc('.')
+-        l3 = local(wc)
+-        assert l3 is not wc
+-        assert l3.strpath == wc.strpath
+-        assert not hasattr(l3, 'commit')
+        #wc = py.path.svnwc('.')
+        #l3 = local(wc)
+        #assert l3 is not wc
+        #assert l3.strpath == wc.strpath
+        #assert not hasattr(l3, 'commit')
+ 
+     @py.test.mark.xfail(run=False, reason="unreliable est for long filenames")
+     def test_long_filenames(self, tmpdir):
+Index: py-1.10.0/py/__init__.py
+===================================================================
+--- py-1.10.0.orig/py/__init__.py
+++ py-1.10.0/py/__init__.py
+@@ -57,10 +57,7 @@ apipkg.initpkg(__name__, attr={'_apipkg'
+ 
+     'path' : {
+         '__doc__'        : '._path:__doc__',
+-        'svnwc'          : '._path.svnwc:SvnWCCommandPath',
+-        'svnurl'         : '._path.svnurl:SvnCommandPath',
+         'local'          : '._path.local:LocalPath',
+-        'SvnAuth'        : '._path.svnwc:SvnAuth',
+     },
+ 
+     # python inspection/code-generation API