From 8ed8f54ea45301307010911fcbe05bbde4a8b0374ce9e8c4f8cb8fce00c29165 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sat, 1 Oct 2022 17:23:23 +0000 Subject: [PATCH 1/6] - update to 4.3.4: * Fix backward compatibility from 4.3.2 in Lock.acquire() * Fix XAUTOCLAIM to return the full response, instead of only keys 2+ * Added dynamic_startup_nodes configuration to RedisCluster. * Fix retries in async mode * Async cluster: fix simultaneous initialize * Uppercased commands in CommandsParser.get_keys * Late eval of the skip condition in async tests * Reuse the old nodes' connections when a cluster topology refresh is being done * Docs: add pipeline examples * Correct retention_msecs value * Cluster: use pipeline to execute split commands * Docs: Add a note about client_setname and client_name difference OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-redis?expand=0&rev=63 --- python-redis.changes | 17 +++++++++++++++++ python-redis.spec | 2 +- redis-4.3.3.tar.gz | 3 --- redis-4.3.4.tar.gz | 3 +++ 4 files changed, 21 insertions(+), 4 deletions(-) delete mode 100644 redis-4.3.3.tar.gz create mode 100644 redis-4.3.4.tar.gz diff --git a/python-redis.changes b/python-redis.changes index a681204..02f6acc 100644 --- a/python-redis.changes +++ b/python-redis.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Sat Oct 1 17:22:27 UTC 2022 - Dirk Müller + +- update to 4.3.4: + * Fix backward compatibility from 4.3.2 in Lock.acquire() + * Fix XAUTOCLAIM to return the full response, instead of only keys 2+ + * Added dynamic_startup_nodes configuration to RedisCluster. + * Fix retries in async mode + * Async cluster: fix simultaneous initialize + * Uppercased commands in CommandsParser.get_keys + * Late eval of the skip condition in async tests + * Reuse the old nodes' connections when a cluster topology refresh is being done + * Docs: add pipeline examples + * Correct retention_msecs value + * Cluster: use pipeline to execute split commands + * Docs: Add a note about client_setname and client_name difference + ------------------------------------------------------------------- Mon Jun 13 10:18:12 UTC 2022 - Ben Greiner diff --git a/python-redis.spec b/python-redis.spec index 9bbc605..906f245 100644 --- a/python-redis.spec +++ b/python-redis.spec @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python3-%{**}} %define skip_python2 1 Name: python-redis -Version: 4.3.3 +Version: 4.3.4 Release: 0 Summary: Python client for Redis key-value store License: MIT diff --git a/redis-4.3.3.tar.gz b/redis-4.3.3.tar.gz deleted file mode 100644 index 711e974..0000000 --- a/redis-4.3.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2f7a57cf4af15cd543c4394bcbe2b9148db2606a37edba755368836e3a1d053e -size 4564562 diff --git a/redis-4.3.4.tar.gz b/redis-4.3.4.tar.gz new file mode 100644 index 0000000..165e844 --- /dev/null +++ b/redis-4.3.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ddf27071df4adf3821c4f2ca59d67525c3a82e5f268bed97b813cb4fabf87880 +size 4569389 From 4274d7b8f57c37b6a7be87a55bd72e84e474165554026bb74221aa1262dcdf7d Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 18 Jan 2023 13:10:50 +0000 Subject: [PATCH 2/6] - Disable broken test test_xautoclaim gh#redis/redis-py#2554 - udpate to 4.3.5: * Add support for TIMESERIES 1.8 (#2296) * Graph - add counters for removed labels and properties (#2292) * Add support for TDIGEST.QUANTILE extensions (#2317) * Add TDIGEST.TRIMMED_MEAN (#2300) * Add support for async GRAPH module (#2273) * Support TDIGEST.MERGESTORE and make compression optional on TDIGEST.CREATE (#2319) * Adding reserve as an alias for create, so that we have BF.RESERVE and CF.RESERVE accuratenly supported (#2331) * Fix async connection.is_connected to return a boolean value (#2278) * Fix: workaround asyncio bug on connection reset by peer (#2259) * Fix crash: key expire while search (#2270) * Async cluster: fix concurrent pipeline (#2280) * Fix async SEARCH pipeline (#2316) * Fix KeyError in async cluster - initialize before execute multi key commands (#2439) * Supply chain risk reduction: remove dependency on library named deprecated (#2386) * Search test - Ignore order of the items in the response (#2322) * Fix GRAPH.LIST & TDIGEST.QUANTILE tests (#2335) * Fix TimeSeries range aggregation (twa) tests (#2358) * Mark TOPK.COUNT as deprecated (#2363) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-redis?expand=0&rev=64 --- python-redis.changes | 28 ++++++++++++++++++++++++++++ python-redis.spec | 7 ++++--- redis-4.3.4.tar.gz | 3 --- redis-4.3.5.tar.gz | 3 +++ 4 files changed, 35 insertions(+), 6 deletions(-) delete mode 100644 redis-4.3.4.tar.gz create mode 100644 redis-4.3.5.tar.gz diff --git a/python-redis.changes b/python-redis.changes index 02f6acc..18168d2 100644 --- a/python-redis.changes +++ b/python-redis.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Wed Jan 18 13:09:12 UTC 2023 - Daniel Garcia + +- Disable broken test test_xautoclaim gh#redis/redis-py#2554 +- udpate to 4.3.5: + * Add support for TIMESERIES 1.8 (#2296) + * Graph - add counters for removed labels and properties (#2292) + * Add support for TDIGEST.QUANTILE extensions (#2317) + * Add TDIGEST.TRIMMED_MEAN (#2300) + * Add support for async GRAPH module (#2273) + * Support TDIGEST.MERGESTORE and make compression optional on TDIGEST.CREATE + (#2319) + * Adding reserve as an alias for create, so that we have BF.RESERVE and + CF.RESERVE accuratenly supported (#2331) + * Fix async connection.is_connected to return a boolean value (#2278) + * Fix: workaround asyncio bug on connection reset by peer (#2259) + * Fix crash: key expire while search (#2270) + * Async cluster: fix concurrent pipeline (#2280) + * Fix async SEARCH pipeline (#2316) + * Fix KeyError in async cluster - initialize before execute multi key + commands (#2439) + * Supply chain risk reduction: remove dependency on library named deprecated + (#2386) + * Search test - Ignore order of the items in the response (#2322) + * Fix GRAPH.LIST & TDIGEST.QUANTILE tests (#2335) + * Fix TimeSeries range aggregation (twa) tests (#2358) + * Mark TOPK.COUNT as deprecated (#2363) + ------------------------------------------------------------------- Sat Oct 1 17:22:27 UTC 2022 - Dirk Müller diff --git a/python-redis.spec b/python-redis.spec index 906f245..3eac1f6 100644 --- a/python-redis.spec +++ b/python-redis.spec @@ -1,7 +1,7 @@ # # spec file for package python-redis # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,10 +16,9 @@ # -%{?!python_module:%define python_module() python3-%{**}} %define skip_python2 1 Name: python-redis -Version: 4.3.4 +Version: 4.3.5 Release: 0 Summary: Python client for Redis key-value store License: MIT @@ -93,6 +92,8 @@ if [ $(getconf LONG_BIT) -ne 64 ]; then # reference precision issues on 32-bit donttest=" or test_geopos" fi +# gh#redis/redis-py#2554 +donttest=" or test_xautoclaim" %pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py %files %{python_files} diff --git a/redis-4.3.4.tar.gz b/redis-4.3.4.tar.gz deleted file mode 100644 index 165e844..0000000 --- a/redis-4.3.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ddf27071df4adf3821c4f2ca59d67525c3a82e5f268bed97b813cb4fabf87880 -size 4569389 diff --git a/redis-4.3.5.tar.gz b/redis-4.3.5.tar.gz new file mode 100644 index 0000000..bd93de8 --- /dev/null +++ b/redis-4.3.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30c07511627a4c5c4d970e060000772f323174f75e745a26938319817ead7a12 +size 4577422 From 6bf3e78d6dc3bd2cdc7c32e4132055aaa52cb051b535562358ea62a68803100c Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 1 Apr 2023 02:45:41 +0000 Subject: [PATCH 3/6] - Upgrade to 4.4.4 (also bsc#1209811, CVE-2023-28858 & bsc#1209812, CVE-2023-28859) to fix possible async command information disclosure. - Upgrade to 4.4.3: Update urgency: HIGH: There is a critical bug that may affect a subset of users. Upgrade! - CWE-404 AsyncIO Race Condition Fix - Upgrade to 4.4.2: - Add support for BF.CARD - Add support for custom connection pool class in NodesManager Allow replica to master promotion in nodes_cache Security Fix: Updating graph parser for potential injection cases - Upgrade to 4.4.0: - Async clusters: Support creating locks inside async functions - Async: added 'blocking' argument to call lock method - Added a replacement for the default cluster node in the event of failure. - Fixed geosearch: Wrong number of arguments for geosearch command - Updating dev dependencies - Removing deprecated LGTM - Added an explicit index name in RediSearch example - Adding connection step to bloom filter examples - Skip test_acl_list test (gh#redis/redis-py#2679) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-redis?expand=0&rev=65 --- keys.zip | 3 +++ python-redis.changes | 28 ++++++++++++++++++++++++++++ python-redis.spec | 11 +++++++++-- redis-4.3.5.tar.gz | 3 --- redis-4.4.4.tar.gz | 3 +++ tox.ini | 32 ++++++++++++++++---------------- 6 files changed, 59 insertions(+), 21 deletions(-) create mode 100644 keys.zip delete mode 100644 redis-4.3.5.tar.gz create mode 100644 redis-4.4.4.tar.gz diff --git a/keys.zip b/keys.zip new file mode 100644 index 0000000..a940c4a --- /dev/null +++ b/keys.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:58f83435356f3456ff912a88047d90b1f4600f573b3f9bc10d32ed1acdb39578 +size 9481 diff --git a/python-redis.changes b/python-redis.changes index 18168d2..c6f617d 100644 --- a/python-redis.changes +++ b/python-redis.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Fri Mar 31 16:57:04 UTC 2023 - Matej Cepl + +- Upgrade to 4.4.4 (also bsc#1209811, CVE-2023-28858 & + bsc#1209812, CVE-2023-28859) to fix possible async command + information disclosure. +- Upgrade to 4.4.3: + Update urgency: HIGH: There is a critical bug that may affect a + subset of users. Upgrade! + - CWE-404 AsyncIO Race Condition Fix +- Upgrade to 4.4.2: + - Add support for BF.CARD + - Add support for custom connection pool class in NodesManager + Allow replica to master promotion in nodes_cache + Security Fix: Updating graph parser for potential injection cases +- Upgrade to 4.4.0: + - Async clusters: Support creating locks inside async functions + - Async: added 'blocking' argument to call lock method + - Added a replacement for the default cluster node in the event + of failure. + - Fixed geosearch: Wrong number of arguments for geosearch + command + - Updating dev dependencies + - Removing deprecated LGTM + - Added an explicit index name in RediSearch example + - Adding connection step to bloom filter examples +- Skip test_acl_list test (gh#redis/redis-py#2679) + ------------------------------------------------------------------- Wed Jan 18 13:09:12 UTC 2023 - Daniel Garcia diff --git a/python-redis.spec b/python-redis.spec index 3eac1f6..e5fb035 100644 --- a/python-redis.spec +++ b/python-redis.spec @@ -18,7 +18,7 @@ %define skip_python2 1 Name: python-redis -Version: 4.3.5 +Version: 4.4.4 Release: 0 Summary: Python client for Redis key-value store License: MIT @@ -26,6 +26,7 @@ Group: Development/Languages/Python URL: https://github.com/redis/redis-py Source0: https://files.pythonhosted.org/packages/source/r/redis/redis-%{version}.tar.gz Source1: https://github.com/redis/redis-py/raw/v%{version}/tox.ini +Source2: keys.zip BuildRequires: %{python_module Deprecated >= 1.2.3} BuildRequires: %{python_module async-timeout >= 4.0.2} BuildRequires: %{python_module base >= 3.6} @@ -42,6 +43,7 @@ BuildRequires: fdupes BuildRequires: psmisc BuildRequires: python-rpm-macros BuildRequires: redis +BuildRequires: unzip Requires: python-Deprecated >= 1.2.3 Requires: python-async-timeout >= 4.0.2 Requires: python-packaging >= 20.4 @@ -62,6 +64,10 @@ The Python interface to the Redis key-value store. # tox.ini for pytest markers cp %{SOURCE1} . +# keys and certificates for testing +mkdir -p docker/stunnel/ && cd docker/stunnel +unzip %{SOURCE2} + %build %python_build @@ -93,7 +99,8 @@ if [ $(getconf LONG_BIT) -ne 64 ]; then donttest=" or test_geopos" fi # gh#redis/redis-py#2554 -donttest=" or test_xautoclaim" +# gh#redis/redis-py#2679 +donttest=" or test_xautoclaim or test_acl_list" %pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py %files %{python_files} diff --git a/redis-4.3.5.tar.gz b/redis-4.3.5.tar.gz deleted file mode 100644 index bd93de8..0000000 --- a/redis-4.3.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30c07511627a4c5c4d970e060000772f323174f75e745a26938319817ead7a12 -size 4577422 diff --git a/redis-4.4.4.tar.gz b/redis-4.4.4.tar.gz new file mode 100644 index 0000000..4f8cb83 --- /dev/null +++ b/redis-4.4.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:68226f7ede928db8302f29ab088a157f41061fa946b7ae865452b6d7838bbffb +size 4549578 diff --git a/tox.ini b/tox.ini index 2f9b788..07de61e 100644 --- a/tox.ini +++ b/tox.ini @@ -9,15 +9,16 @@ markers = asyncio: marker for async tests replica: replica tests experimental: run only experimental tests +asyncio_mode = auto [tox] minversion = 3.2.0 requires = tox-docker -envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py36,py37,py38,py39,pypy3},linters,docs +envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py37,py38,py39,pypy3},linters,docs [docker:master] name = master -image = redisfab/redis-py:6.2.6-buster +image = redisfab/redis-py:6.2.6 ports = 6379:6379/tcp healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6379)) else False" @@ -26,7 +27,7 @@ volumes = [docker:replica] name = replica -image = redisfab/redis-py:6.2.6-buster +image = redisfab/redis-py:6.2.6 links = master:master ports = @@ -37,7 +38,7 @@ volumes = [docker:unstable] name = unstable -image = redisfab/redis-py:unstable-bionic +image = redisfab/redis-py:unstable ports = 6378:6378/tcp healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6378)) else False" @@ -46,7 +47,7 @@ volumes = [docker:unstable_cluster] name = unstable_cluster -image = redisfab/redis-py-cluster:unstable-bionic +image = redisfab/redis-py-cluster:unstable ports = 6372:6372/tcp 6373:6373/tcp @@ -60,7 +61,7 @@ volumes = [docker:sentinel_1] name = sentinel_1 -image = redisfab/redis-py-sentinel:6.2.6-buster +image = redisfab/redis-py-sentinel:6.2.6 links = master:master ports = @@ -71,7 +72,7 @@ volumes = [docker:sentinel_2] name = sentinel_2 -image = redisfab/redis-py-sentinel:6.2.6-buster +image = redisfab/redis-py-sentinel:6.2.6 links = master:master ports = @@ -82,7 +83,7 @@ volumes = [docker:sentinel_3] name = sentinel_3 -image = redisfab/redis-py-sentinel:6.2.6-buster +image = redisfab/redis-py-sentinel:6.2.6 links = master:master ports = @@ -100,7 +101,7 @@ healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(sock [docker:redis_cluster] name = redis_cluster -image = redisfab/redis-py-cluster:6.2.6-buster +image = redisfab/redis-py-cluster:6.2.6 ports = 16379:16379/tcp 16380:16380/tcp @@ -114,7 +115,7 @@ volumes = [docker:redismod_cluster] name = redismod_cluster -image = redisfab/redis-py-modcluster:6.2.6 +image = redisfab/redis-py-modcluster:edge ports = 46379:46379/tcp 46380:46380/tcp @@ -279,7 +280,6 @@ docker = sentinel_3 redis_cluster redismod - redismod_cluster stunnel extras = hiredis: hiredis @@ -288,10 +288,10 @@ setenv = CLUSTER_URL = "redis://localhost:16379/0" UNSTABLE_CLUSTER_URL = "redis://localhost:6372/0" commands = - standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' {posargs} - standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --uvloop {posargs} - cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} {posargs} - cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --uvloop {posargs} + standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-results.xml {posargs} + standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-uvloop-results.xml --uvloop {posargs} + cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-results.xml {posargs} + cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-uvloop-results.xml --uvloop {posargs} [testenv:redis5] deps = @@ -343,7 +343,7 @@ deps_files = dev_requirements.txt docker = commands = flake8 - black --target-version py36 --check --diff . + black --target-version py37 --check --diff . isort --check-only --diff . vulture redis whitelist.py --min-confidence 80 flynt --fail-on-change --dry-run . From bf1ee5d3598b69452c804c3777b996c13bc7b638968d75e1736de74424efd891 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 1 Apr 2023 08:13:48 +0000 Subject: [PATCH 4/6] Accepting request 1076597 from devel:languages:python revert OBS-URL: https://build.opensuse.org/request/show/1076597 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-redis?expand=0&rev=66 --- keys.zip | 3 --- python-redis.changes | 28 ---------------------------- python-redis.spec | 11 ++--------- redis-4.3.5.tar.gz | 3 +++ redis-4.4.4.tar.gz | 3 --- tox.ini | 32 ++++++++++++++++---------------- 6 files changed, 21 insertions(+), 59 deletions(-) delete mode 100644 keys.zip create mode 100644 redis-4.3.5.tar.gz delete mode 100644 redis-4.4.4.tar.gz diff --git a/keys.zip b/keys.zip deleted file mode 100644 index a940c4a..0000000 --- a/keys.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:58f83435356f3456ff912a88047d90b1f4600f573b3f9bc10d32ed1acdb39578 -size 9481 diff --git a/python-redis.changes b/python-redis.changes index c6f617d..18168d2 100644 --- a/python-redis.changes +++ b/python-redis.changes @@ -1,31 +1,3 @@ -------------------------------------------------------------------- -Fri Mar 31 16:57:04 UTC 2023 - Matej Cepl - -- Upgrade to 4.4.4 (also bsc#1209811, CVE-2023-28858 & - bsc#1209812, CVE-2023-28859) to fix possible async command - information disclosure. -- Upgrade to 4.4.3: - Update urgency: HIGH: There is a critical bug that may affect a - subset of users. Upgrade! - - CWE-404 AsyncIO Race Condition Fix -- Upgrade to 4.4.2: - - Add support for BF.CARD - - Add support for custom connection pool class in NodesManager - Allow replica to master promotion in nodes_cache - Security Fix: Updating graph parser for potential injection cases -- Upgrade to 4.4.0: - - Async clusters: Support creating locks inside async functions - - Async: added 'blocking' argument to call lock method - - Added a replacement for the default cluster node in the event - of failure. - - Fixed geosearch: Wrong number of arguments for geosearch - command - - Updating dev dependencies - - Removing deprecated LGTM - - Added an explicit index name in RediSearch example - - Adding connection step to bloom filter examples -- Skip test_acl_list test (gh#redis/redis-py#2679) - ------------------------------------------------------------------- Wed Jan 18 13:09:12 UTC 2023 - Daniel Garcia diff --git a/python-redis.spec b/python-redis.spec index e5fb035..3eac1f6 100644 --- a/python-redis.spec +++ b/python-redis.spec @@ -18,7 +18,7 @@ %define skip_python2 1 Name: python-redis -Version: 4.4.4 +Version: 4.3.5 Release: 0 Summary: Python client for Redis key-value store License: MIT @@ -26,7 +26,6 @@ Group: Development/Languages/Python URL: https://github.com/redis/redis-py Source0: https://files.pythonhosted.org/packages/source/r/redis/redis-%{version}.tar.gz Source1: https://github.com/redis/redis-py/raw/v%{version}/tox.ini -Source2: keys.zip BuildRequires: %{python_module Deprecated >= 1.2.3} BuildRequires: %{python_module async-timeout >= 4.0.2} BuildRequires: %{python_module base >= 3.6} @@ -43,7 +42,6 @@ BuildRequires: fdupes BuildRequires: psmisc BuildRequires: python-rpm-macros BuildRequires: redis -BuildRequires: unzip Requires: python-Deprecated >= 1.2.3 Requires: python-async-timeout >= 4.0.2 Requires: python-packaging >= 20.4 @@ -64,10 +62,6 @@ The Python interface to the Redis key-value store. # tox.ini for pytest markers cp %{SOURCE1} . -# keys and certificates for testing -mkdir -p docker/stunnel/ && cd docker/stunnel -unzip %{SOURCE2} - %build %python_build @@ -99,8 +93,7 @@ if [ $(getconf LONG_BIT) -ne 64 ]; then donttest=" or test_geopos" fi # gh#redis/redis-py#2554 -# gh#redis/redis-py#2679 -donttest=" or test_xautoclaim or test_acl_list" +donttest=" or test_xautoclaim" %pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py %files %{python_files} diff --git a/redis-4.3.5.tar.gz b/redis-4.3.5.tar.gz new file mode 100644 index 0000000..bd93de8 --- /dev/null +++ b/redis-4.3.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30c07511627a4c5c4d970e060000772f323174f75e745a26938319817ead7a12 +size 4577422 diff --git a/redis-4.4.4.tar.gz b/redis-4.4.4.tar.gz deleted file mode 100644 index 4f8cb83..0000000 --- a/redis-4.4.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:68226f7ede928db8302f29ab088a157f41061fa946b7ae865452b6d7838bbffb -size 4549578 diff --git a/tox.ini b/tox.ini index 07de61e..2f9b788 100644 --- a/tox.ini +++ b/tox.ini @@ -9,16 +9,15 @@ markers = asyncio: marker for async tests replica: replica tests experimental: run only experimental tests -asyncio_mode = auto [tox] minversion = 3.2.0 requires = tox-docker -envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py37,py38,py39,pypy3},linters,docs +envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py36,py37,py38,py39,pypy3},linters,docs [docker:master] name = master -image = redisfab/redis-py:6.2.6 +image = redisfab/redis-py:6.2.6-buster ports = 6379:6379/tcp healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6379)) else False" @@ -27,7 +26,7 @@ volumes = [docker:replica] name = replica -image = redisfab/redis-py:6.2.6 +image = redisfab/redis-py:6.2.6-buster links = master:master ports = @@ -38,7 +37,7 @@ volumes = [docker:unstable] name = unstable -image = redisfab/redis-py:unstable +image = redisfab/redis-py:unstable-bionic ports = 6378:6378/tcp healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6378)) else False" @@ -47,7 +46,7 @@ volumes = [docker:unstable_cluster] name = unstable_cluster -image = redisfab/redis-py-cluster:unstable +image = redisfab/redis-py-cluster:unstable-bionic ports = 6372:6372/tcp 6373:6373/tcp @@ -61,7 +60,7 @@ volumes = [docker:sentinel_1] name = sentinel_1 -image = redisfab/redis-py-sentinel:6.2.6 +image = redisfab/redis-py-sentinel:6.2.6-buster links = master:master ports = @@ -72,7 +71,7 @@ volumes = [docker:sentinel_2] name = sentinel_2 -image = redisfab/redis-py-sentinel:6.2.6 +image = redisfab/redis-py-sentinel:6.2.6-buster links = master:master ports = @@ -83,7 +82,7 @@ volumes = [docker:sentinel_3] name = sentinel_3 -image = redisfab/redis-py-sentinel:6.2.6 +image = redisfab/redis-py-sentinel:6.2.6-buster links = master:master ports = @@ -101,7 +100,7 @@ healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(sock [docker:redis_cluster] name = redis_cluster -image = redisfab/redis-py-cluster:6.2.6 +image = redisfab/redis-py-cluster:6.2.6-buster ports = 16379:16379/tcp 16380:16380/tcp @@ -115,7 +114,7 @@ volumes = [docker:redismod_cluster] name = redismod_cluster -image = redisfab/redis-py-modcluster:edge +image = redisfab/redis-py-modcluster:6.2.6 ports = 46379:46379/tcp 46380:46380/tcp @@ -280,6 +279,7 @@ docker = sentinel_3 redis_cluster redismod + redismod_cluster stunnel extras = hiredis: hiredis @@ -288,10 +288,10 @@ setenv = CLUSTER_URL = "redis://localhost:16379/0" UNSTABLE_CLUSTER_URL = "redis://localhost:6372/0" commands = - standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-results.xml {posargs} - standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-uvloop-results.xml --uvloop {posargs} - cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-results.xml {posargs} - cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-uvloop-results.xml --uvloop {posargs} + standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' {posargs} + standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --uvloop {posargs} + cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} {posargs} + cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --uvloop {posargs} [testenv:redis5] deps = @@ -343,7 +343,7 @@ deps_files = dev_requirements.txt docker = commands = flake8 - black --target-version py37 --check --diff . + black --target-version py36 --check --diff . isort --check-only --diff . vulture redis whitelist.py --min-confidence 80 flynt --fail-on-change --dry-run . From 5884f3b76f08eef253d8b1103fcb2f04849bcb0b442f8bb6f2e71089ed81e58b Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Tue, 18 Apr 2023 03:13:49 +0000 Subject: [PATCH 5/6] - Update to 4.5.4: * Security + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28858, bsc#1209811) + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28859, bsc#1209812) * New Features + Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588) + Added queue_class to REDIS_ALLOWED_KEYS (#2577) + Made search document subscriptable (#2615) + Sped up the protocol parsing (#2596) + Use hiredis::pack_command to serialized the commands. (#2570) + Add support for unlink in cluster pipeline (#2562) * Bug Fixes + Fixing cancelled async futures (#2666) + Fix: do not use asyncio's timeout lib before 3.11.2 (#2659) + Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630) + CWE-404 AsyncIO Race Condition Fix (#2624, #2579) + Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582) + Replace async_timeout by asyncio.timeout (#2602) + Update json().arrindex() default values (#2611) + Fix #2581 UnixDomainSocketConnection object has no attribute _command_packer (#2583) + Fix issue with pack_commands returning an empty byte sequence (#2416) + Async HiredisParser should finish parsing after a Connection.disconnect() (#2557) + Check for none, prior to raising exception (#2569) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-redis?expand=0&rev=67 --- python-redis.changes | 42 ++++++++++++++++++++++++++++++++++++++++++ python-redis.spec | 25 ++++++------------------- redis-4.3.5.tar.gz | 3 --- redis-4.5.4.tar.gz | 3 +++ tox.ini | 40 ++++++++++++++++++++-------------------- 5 files changed, 71 insertions(+), 42 deletions(-) delete mode 100644 redis-4.3.5.tar.gz create mode 100644 redis-4.5.4.tar.gz diff --git a/python-redis.changes b/python-redis.changes index 18168d2..160c056 100644 --- a/python-redis.changes +++ b/python-redis.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Tue Apr 18 03:12:39 UTC 2023 - Steve Kowalik + +- Update to 4.5.4: + * Security + + Cancelling an async future does not, properly trigger, leading to a + potential data leak in specific cases. (CVE-2023-28858, bsc#1209811) + + Cancelling an async future does not, properly trigger, leading to a + potential data leak in specific cases. (CVE-2023-28859, bsc#1209812) + * New Features + + Introduce AbstractConnection so that UnixDomainSocketConnection can + call super().init (#2588) + + Added queue_class to REDIS_ALLOWED_KEYS (#2577) + + Made search document subscriptable (#2615) + + Sped up the protocol parsing (#2596) + + Use hiredis::pack_command to serialized the commands. (#2570) + + Add support for unlink in cluster pipeline (#2562) + * Bug Fixes + + Fixing cancelled async futures (#2666) + + Fix: do not use asyncio's timeout lib before 3.11.2 (#2659) + + Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor + argument (#2630) + + CWE-404 AsyncIO Race Condition Fix (#2624, #2579) + + Fix behaviour of async PythonParser to match RedisParser as for + issue #2349 (#2582) + + Replace async_timeout by asyncio.timeout (#2602) + + Update json().arrindex() default values (#2611) + + Fix #2581 UnixDomainSocketConnection object has no attribute + _command_packer (#2583) + + Fix issue with pack_commands returning an empty byte sequence (#2416) + + Async HiredisParser should finish parsing after a + Connection.disconnect() (#2557) + + Check for none, prior to raising exception (#2569) + + Tuple function cannot be passed more than one argument (#2573) + + Synchronise concurrent command calls to single-client to single-client + mode (#2568) + + Async: added 'blocking' argument to call lock method (#2454) + + Added a replacement for the default cluster node in the event of + failure. (#2463) + + Fixed geosearch: Wrong number of arguments for geosearch command (#2464) +- Clean up BuildRequires and Requires. + ------------------------------------------------------------------- Wed Jan 18 13:09:12 UTC 2023 - Daniel Garcia diff --git a/python-redis.spec b/python-redis.spec index 3eac1f6..d239df9 100644 --- a/python-redis.spec +++ b/python-redis.spec @@ -16,40 +16,27 @@ # -%define skip_python2 1 Name: python-redis -Version: 4.3.5 +Version: 4.5.4 Release: 0 Summary: Python client for Redis key-value store License: MIT -Group: Development/Languages/Python URL: https://github.com/redis/redis-py Source0: https://files.pythonhosted.org/packages/source/r/redis/redis-%{version}.tar.gz Source1: https://github.com/redis/redis-py/raw/v%{version}/tox.ini -BuildRequires: %{python_module Deprecated >= 1.2.3} BuildRequires: %{python_module async-timeout >= 4.0.2} -BuildRequires: %{python_module base >= 3.6} -BuildRequires: %{python_module importlib-metadata >= 1.0 if %python-base < 3.8} -# requires mock.AsyncMock -BuildRequires: %{python_module mock if %python-base < 3.8} -BuildRequires: %{python_module packaging >= 20.4} +BuildRequires: %{python_module base >= 3.7} +BuildRequires: %{python_module packaging} BuildRequires: %{python_module pytest-asyncio} BuildRequires: %{python_module pytest-timeout} BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} -BuildRequires: %{python_module typing-extensions if %python-base < 3.8} BuildRequires: fdupes BuildRequires: psmisc BuildRequires: python-rpm-macros BuildRequires: redis -Requires: python-Deprecated >= 1.2.3 Requires: python-async-timeout >= 4.0.2 -Requires: python-packaging >= 20.4 Requires: redis -%if 0%{?python_version_nodots} < 38 -Requires: python-importlib-metadata >= 1.0 -Requires: python-typing-extensions -%endif Recommends: python-hiredis >= 1.0.0 BuildArch: noarch %python_subpackages @@ -92,9 +79,9 @@ if [ $(getconf LONG_BIT) -ne 64 ]; then # reference precision issues on 32-bit donttest=" or test_geopos" fi -# gh#redis/redis-py#2554 -donttest=" or test_xautoclaim" -%pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py +# gh#redis/redis-py#2554 and gh#redis/redis-py#2679 +donttest=" or test_xautoclaim or test_acl_list" +%pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py --ignore tests/test_asyncio/test_cluster.py --redis-url=redis://localhost:6379/ %files %{python_files} %license LICENSE diff --git a/redis-4.3.5.tar.gz b/redis-4.3.5.tar.gz deleted file mode 100644 index bd93de8..0000000 --- a/redis-4.3.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30c07511627a4c5c4d970e060000772f323174f75e745a26938319817ead7a12 -size 4577422 diff --git a/redis-4.5.4.tar.gz b/redis-4.5.4.tar.gz new file mode 100644 index 0000000..a52549d --- /dev/null +++ b/redis-4.5.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:73ec35da4da267d6847e47f68730fdd5f62e2ca69e3ef5885c6a78a9374c3893 +size 4552103 diff --git a/tox.ini b/tox.ini index 2f9b788..420b081 100644 --- a/tox.ini +++ b/tox.ini @@ -9,15 +9,16 @@ markers = asyncio: marker for async tests replica: replica tests experimental: run only experimental tests +asyncio_mode = auto [tox] minversion = 3.2.0 requires = tox-docker -envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py36,py37,py38,py39,pypy3},linters,docs +envlist = {standalone,cluster}-{plain,hiredis,ocsp}-{uvloop,asyncio}-{py37,py38,py39,pypy3},linters,docs [docker:master] name = master -image = redisfab/redis-py:6.2.6-buster +image = redisfab/redis-py:6.2.6 ports = 6379:6379/tcp healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6379)) else False" @@ -26,7 +27,7 @@ volumes = [docker:replica] name = replica -image = redisfab/redis-py:6.2.6-buster +image = redisfab/redis-py:6.2.6 links = master:master ports = @@ -37,7 +38,7 @@ volumes = [docker:unstable] name = unstable -image = redisfab/redis-py:unstable-bionic +image = redisfab/redis-py:unstable ports = 6378:6378/tcp healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',6378)) else False" @@ -46,7 +47,7 @@ volumes = [docker:unstable_cluster] name = unstable_cluster -image = redisfab/redis-py-cluster:unstable-bionic +image = redisfab/redis-py-cluster:unstable ports = 6372:6372/tcp 6373:6373/tcp @@ -60,7 +61,7 @@ volumes = [docker:sentinel_1] name = sentinel_1 -image = redisfab/redis-py-sentinel:6.2.6-buster +image = redisfab/redis-py-sentinel:6.2.6 links = master:master ports = @@ -71,7 +72,7 @@ volumes = [docker:sentinel_2] name = sentinel_2 -image = redisfab/redis-py-sentinel:6.2.6-buster +image = redisfab/redis-py-sentinel:6.2.6 links = master:master ports = @@ -82,7 +83,7 @@ volumes = [docker:sentinel_3] name = sentinel_3 -image = redisfab/redis-py-sentinel:6.2.6-buster +image = redisfab/redis-py-sentinel:6.2.6 links = master:master ports = @@ -91,16 +92,16 @@ healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(sock volumes = bind:rw:{toxinidir}/docker/redis6.2/sentinel/sentinel_3.conf:/sentinel.conf -[docker:redismod] -name = redismod -image = redislabs/redismod:edge +[docker:redis_stack] +name = redis_stack +image = redis/redis-stack-server:edge ports = 36379:6379/tcp healtcheck_cmd = python -c "import socket;print(True) if 0 == socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect_ex(('127.0.0.1',36379)) else False" [docker:redis_cluster] name = redis_cluster -image = redisfab/redis-py-cluster:6.2.6-buster +image = redisfab/redis-py-cluster:6.2.6 ports = 16379:16379/tcp 16380:16380/tcp @@ -114,7 +115,7 @@ volumes = [docker:redismod_cluster] name = redismod_cluster -image = redisfab/redis-py-modcluster:6.2.6 +image = redisfab/redis-py-modcluster:edge ports = 46379:46379/tcp 46380:46380/tcp @@ -278,8 +279,7 @@ docker = sentinel_2 sentinel_3 redis_cluster - redismod - redismod_cluster + redis_stack stunnel extras = hiredis: hiredis @@ -288,10 +288,10 @@ setenv = CLUSTER_URL = "redis://localhost:16379/0" UNSTABLE_CLUSTER_URL = "redis://localhost:6372/0" commands = - standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' {posargs} - standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --uvloop {posargs} - cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} {posargs} - cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --uvloop {posargs} + standalone: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-results.xml {posargs} + standalone-uvloop: pytest --cov=./ --cov-report=xml:coverage_redis.xml -W always -m 'not onlycluster' --junit-xml=standalone-uvloop-results.xml --uvloop {posargs} + cluster: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-results.xml {posargs} + cluster-uvloop: pytest --cov=./ --cov-report=xml:coverage_cluster.xml -W always -m 'not onlynoncluster and not redismod' --redis-url={env:CLUSTER_URL:} --redis-unstable-url={env:UNSTABLE_CLUSTER_URL:} --junit-xml=cluster-uvloop-results.xml --uvloop {posargs} [testenv:redis5] deps = @@ -343,7 +343,7 @@ deps_files = dev_requirements.txt docker = commands = flake8 - black --target-version py36 --check --diff . + black --target-version py37 --check --diff . isort --check-only --diff . vulture redis whitelist.py --min-confidence 80 flynt --fail-on-change --dry-run . From 3c4e486ff3acbce6fdc4788414277b3ec0a80ae2d49c833702c178fab5dcc34f Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Tue, 18 Apr 2023 03:37:41 +0000 Subject: [PATCH 6/6] Fix accidental donttest overwrite OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-redis?expand=0&rev=68 --- python-redis.changes | 2 +- python-redis.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python-redis.changes b/python-redis.changes index 160c056..77fd2b1 100644 --- a/python-redis.changes +++ b/python-redis.changes @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Tue Apr 18 03:12:39 UTC 2023 - Steve Kowalik +Tue Apr 18 03:37:06 UTC 2023 - Steve Kowalik - Update to 4.5.4: * Security diff --git a/python-redis.spec b/python-redis.spec index d239df9..fbb4835 100644 --- a/python-redis.spec +++ b/python-redis.spec @@ -80,7 +80,7 @@ if [ $(getconf LONG_BIT) -ne 64 ]; then donttest=" or test_geopos" fi # gh#redis/redis-py#2554 and gh#redis/redis-py#2679 -donttest=" or test_xautoclaim or test_acl_list" +donttest="$donttest or test_xautoclaim or test_acl_list" %pytest -m 'not (onlycluster or redismod)' -k "not (dummyprefix $donttest)" --ignore tests/test_ssl.py --ignore tests/test_asyncio/test_cluster.py --redis-url=redis://localhost:6379/ %files %{python_files}