- Update to 4.5.4:

* Security + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28858, bsc#1209811) + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28859, bsc#1209812) * New Features + Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588) + Added queue_class to REDIS_ALLOWED_KEYS (#2577) + Made search document subscriptable (#2615) + Sped up the protocol parsing (#2596) + Use hiredis::pack_command to serialized the commands. (#2570) + Add support for unlink in cluster pipeline (#2562) * Bug Fixes + Fixing cancelled async futures (#2666) + Fix: do not use asyncio's timeout lib before 3.11.2 (#2659) + Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630) + CWE-404 AsyncIO Race Condition Fix (#2624, #2579) + Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582) + Replace async_timeout by asyncio.timeout (#2602) + Update json().arrindex() default values (#2611) + Fix #2581 UnixDomainSocketConnection object has no attribute _command_packer (#2583) + Fix issue with pack_commands returning an empty byte sequence (#2416) + Async HiredisParser should finish parsing after a Connection.disconnect() (#2557) + Check for none, prior to raising exception (#2569) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-redis?expand=0&rev=67
2023-04-18 03:13:49 +00:00 · 2023-04-18 03:13:49 +00:00 · 5884f3b76f
commit 5884f3b76f
parent bf1ee5d359
5 changed files with 71 additions and 42 deletions
--- a/python-redis.changes
+++ b/python-redis.changes
@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Tue Apr 18 03:12:39 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 4.5.4:
+  * Security
+    + Cancelling an async future does not, properly trigger, leading to a
+      potential data leak in specific cases. (CVE-2023-28858, bsc#1209811) 
+    + Cancelling an async future does not, properly trigger, leading to a
+      potential data leak in specific cases. (CVE-2023-28859, bsc#1209812)
+  * New Features
+    + Introduce AbstractConnection so that UnixDomainSocketConnection can
+      call super().init (#2588)
+    + Added queue_class to REDIS_ALLOWED_KEYS (#2577)
+    + Made search document subscriptable (#2615)
+    + Sped up the protocol parsing (#2596)
+    + Use hiredis::pack_command to serialized the commands. (#2570)
+    + Add support for unlink in cluster pipeline (#2562)
+  * Bug Fixes
+    + Fixing cancelled async futures (#2666)
+    + Fix: do not use asyncio's timeout lib before 3.11.2 (#2659)
+    + Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor
+      argument (#2630)
+    + CWE-404 AsyncIO Race Condition Fix (#2624, #2579)
+    + Fix behaviour of async PythonParser to match RedisParser as for
+      issue #2349 (#2582)
+    + Replace async_timeout by asyncio.timeout (#2602)
+    + Update json().arrindex() default values (#2611)
+    + Fix #2581 UnixDomainSocketConnection object has no attribute
+      _command_packer (#2583)
+    + Fix issue with pack_commands returning an empty byte sequence (#2416)
+    + Async HiredisParser should finish parsing after a
+      Connection.disconnect() (#2557)
+    + Check for none, prior to raising exception (#2569)
+    + Tuple function cannot be passed more than one argument (#2573)
+    + Synchronise concurrent command calls to single-client to single-client
+      mode (#2568)
+    + Async: added 'blocking' argument to call lock method (#2454)
+    + Added a replacement for the default cluster node in the event of
+      failure. (#2463)
+    + Fixed geosearch: Wrong number of arguments for geosearch command (#2464)
+- Clean up BuildRequires and Requires.
+
 -------------------------------------------------------------------
 Wed Jan 18 13:09:12 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>

--- a/python-redis.spec
+++ b/python-redis.spec
@ -16,40 +16,27 @@
 #


-%define skip_python2 1
 Name:           python-redis
-Version:        4.3.5
+Version:        4.5.4
 Release:        0
 Summary:        Python client for Redis key-value store
 License:        MIT
-Group:          Development/Languages/Python
 URL:            https://github.com/redis/redis-py
 Source0:        https://files.pythonhosted.org/packages/source/r/redis/redis-%{version}.tar.gz
 Source1:        https://github.com/redis/redis-py/raw/v%{version}/tox.ini
-BuildRequires:  %{python_module Deprecated >= 1.2.3}
 BuildRequires:  %{python_module async-timeout >= 4.0.2}
-BuildRequires:  %{python_module base >= 3.6}
-BuildRequires:  %{python_module importlib-metadata >= 1.0 if %python-base < 3.8}
-# requires mock.AsyncMock
-BuildRequires:  %{python_module mock if %python-base < 3.8}
-BuildRequires:  %{python_module packaging >= 20.4}
+BuildRequires:  %{python_module base >= 3.7}
+BuildRequires:  %{python_module packaging}
 BuildRequires:  %{python_module pytest-asyncio}
 BuildRequires:  %{python_module pytest-timeout}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module setuptools}
-BuildRequires:  %{python_module typing-extensions if %python-base < 3.8}
 BuildRequires:  fdupes
 BuildRequires:  psmisc
 BuildRequires:  python-rpm-macros
 BuildRequires:  redis
-Requires:       python-Deprecated >= 1.2.3
 Requires:       python-async-timeout >= 4.0.2
-Requires:       python-packaging >= 20.4
 Requires:       redis
-%if 0%{?python_version_nodots} < 38
-Requires:       python-importlib-metadata >= 1.0
-Requires:       python-typing-extensions
-%endif
 Recommends:     python-hiredis >= 1.0.0
 BuildArch:      noarch
 %python_subpackages
@ -92,9 +79,9 @@ if [ $(getconf LONG_BIT) -ne 64 ]; then
  # reference precision issues on 32-bit
  donttest=" or test_geopos"
 fi
-# gh#redis/redis-py#2554
-donttest=" or test_xautoclaim"
-%pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py
+# gh#redis/redis-py#2554 and gh#redis/redis-py#2679
+donttest=" or test_xautoclaim or test_acl_list"
+%pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py --ignore tests/test_asyncio/test_cluster.py --redis-url=redis://localhost:6379/

 %files %{python_files}
 %license LICENSE
--- a/redis-4.3.5.tar.gz
+++ b/redis-4.3.5.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:30c07511627a4c5c4d970e060000772f323174f75e745a26938319817ead7a12
-size 4577422
--- a/redis-4.5.4.tar.gz
+++ b/redis-4.5.4.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:73ec35da4da267d6847e47f68730fdd5f62e2ca69e3ef5885c6a78a9374c3893
+size 4552103
--- a/tox.ini
+++ b/tox.ini
@ -9,15 +9,16 @@ markers =
    asyncio: marker for async tests
    replica: replica tests
    experimental: run only experimental tests
+asyncio_mode = auto

 [tox]
 minversion = 3.2.0
 requires = tox-docker
-envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py36,py37,py38,py39,pypy3},linters,docs
+envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py37,py38,py39,pypy3},linters,docs

 [docker:master]
 name = master
-image = redisfab/redis-py:6.2.6-buster
+image = redisfab/redis-py:6.2.6
 ports =
    6379:6379/tcp
 healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6379)) else False"
@ -26,7 +27,7 @@ volumes =

 [docker:replica]
 name = replica
-image = redisfab/redis-py:6.2.6-buster
+image = redisfab/redis-py:6.2.6
 links =
    master:master
 ports =
@ -37,7 +38,7 @@ volumes =

 [docker:unstable]
 name = unstable
-image = redisfab/redis-py:unstable-bionic
+image = redisfab/redis-py:unstable
 ports =
    6378:6378/tcp
 healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6378)) else False"
@ -46,7 +47,7 @@ volumes =

 [docker:unstable_cluster]
 name = unstable_cluster
-image = redisfab/redis-py-cluster:unstable-bionic
+image = redisfab/redis-py-cluster:unstable
 ports =
    6372:6372/tcp
    6373:6373/tcp
@ -60,7 +61,7 @@ volumes =

 [docker:sentinel_1]
 name = sentinel_1
-image = redisfab/redis-py-sentinel:6.2.6-buster
+image = redisfab/redis-py-sentinel:6.2.6
 links =
    master:master
 ports =
@ -71,7 +72,7 @@ volumes =

 [docker:sentinel_2]
 name = sentinel_2
-image = redisfab/redis-py-sentinel:6.2.6-buster
+image = redisfab/redis-py-sentinel:6.2.6
 links =
    master:master
 ports =
@ -82,7 +83,7 @@ volumes =

 [docker:sentinel_3]
 name = sentinel_3
-image = redisfab/redis-py-sentinel:6.2.6-buster
+image = redisfab/redis-py-sentinel:6.2.6
 links =
    master:master
 ports =
@ -91,16 +92,16 @@ healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(sock
 volumes =
    bind:rw:{toxinidir}/docker/redis6.2/sentinel/sentinel_3.conf:/sentinel.conf

-[docker:redismod]
-name = redismod
-image = redislabs/redismod:edge
+[docker:redis_stack]
+name = redis_stack
+image = redis/redis-stack-server:edge
 ports =
    36379:6379/tcp
 healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',36379)) else False"

 [docker:redis_cluster]
 name = redis_cluster
-image = redisfab/redis-py-cluster:6.2.6-buster
+image = redisfab/redis-py-cluster:6.2.6
 ports =
    16379:16379/tcp
    16380:16380/tcp
@ -114,7 +115,7 @@ volumes =

 [docker:redismod_cluster]
 name = redismod_cluster
-image = redisfab/redis-py-modcluster:6.2.6
+image = redisfab/redis-py-modcluster:edge
 ports =
    46379:46379/tcp
    46380:46380/tcp
@ -278,8 +279,7 @@ docker =
    sentinel_2
    sentinel_3
    redis_cluster
-    redismod
-    redismod_cluster
+    redis_stack
    stunnel
 extras =
    hiredis: hiredis
@ -288,10 +288,10 @@ setenv =
    CLUSTER_URL = "redis://localhost:16379/0"
    UNSTABLE_CLUSTER_URL = "redis://localhost:6372/0"
 commands =
-    standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' {posargs}
-    standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --uvloop {posargs}
-    cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} {posargs}
-    cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --uvloop {posargs}
+    standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-results.xml {posargs}
+    standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-uvloop-results.xml --uvloop {posargs}
+    cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-results.xml {posargs}
+    cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-uvloop-results.xml --uvloop {posargs}

 [testenv:redis5]
 deps =
@ -343,7 +343,7 @@ deps_files = dev_requirements.txt
 docker =
 commands =
    flake8
-    black --target-version py36 --check --diff .
+    black --target-version py37 --check --diff .
    isort --check-only --diff .
    vulture redis whitelist.py --min-confidence 80
    flynt --fail-on-change --dry-run .