python/python-pylibacl
SHA256
14
0
Fork 0
forked from pool/python-pylibacl
Code Pull Requests Activity

- update to 0.6.0:

Browse Source 
- Support for pathlib objects in `apply_to` and `has_extended`
    functions when running with Python 3.6 and newer.
  - Use of built-in C API functions for bytes/unicode/pathlib conversion
    when dealing with file names, removing custom code (with the
    associated benefits).
  - Initialisation protocol has been changed, to disallow uninitialised
    objects; this means that `__new__` will always create valid objects,
    to prevent the need for checking initialisation status in all code
    paths; this also (implicitly) fixes memory leaks on re-initialisation
    (calling `__init__(342200246)` on an existing object) and segfaults (!) on
    non-initialised object attribute access. Note ACL re-initialisation is
    tricky and (still) leads to undefined behaviour of existing Entry
    objects pointing to it.
  - Fix another bug in ACL re-initialisation where failures would result
    in invalid objects; now failed re-initialisation does not touch the
    original object.
  - Restore `__setstate__`/`__getstate__` support on Linux; this was
    inadvertently removed due a typo(!) when adding support for it in
    FreeBSD. Pickle should work again for ACL instances, although not sure
    how stable this serialisation format actually is.
  - Additionally, slightly change `__setstate__()` input to not allow
    Unicode, since the serialisation format is an opaque binary format.
  - Fix (and change) entry qualifier (which is a user/group ID) behaviour:
    assume/require that uid_t/gid_t are unsigned types (they are with
    glibc, MacOS and FreeBSD at least; the standard doesn't document the
    signedness), and convert parsing and returning the qualifier to behave
    accordingly. The breakage was most apparent on 32-bit architectures,
    in which context the problem was originally reported (see issue #13).
  - Added a `data` keyword argument to `ACL()`, which allows restoring an

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pylibacl?expand=0&rev=17
This commit is contained in:
Dirk Mueller
2022-03-26 19:55:28 +00:00
committed by Git OBS Bridge
parent 4b5fcea7ca
commit 872cc55dc1
5 changed files with 48 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
09c5bd80cf811a0e7b81ceddfb525d576885e097.patch
View File

@@ -1,115 +0,0 @@
From 09c5bd80cf811a0e7b81ceddfb525d576885e097 Mon Sep 17 00:00:00 2001
From: Iustin Pop <iustin@k1024.org>
Date: Wed, 4 Dec 2019 00:35:33 +0100
Subject: [PATCH] Change entry qualifier set/get behaviour
This was intended to address #13, but investigation found out more
breakage than just that. It's hard to make overflow/underflow tests
without assuming the signedness of the uid_t/gid_t types, so
assume/require that they're unsigned (it is true with glibc, MacOS and
FreeBSD) and use this to improve the behaviour:
- Fix setting very large qualifiers, both in the sense of correctly
reporting overflow when too large, and not longer falsely reporting
overflow for larger than signed max but smaller than unsigned max;
- Fix returning very large (larger than signed max value) qualifiers;
Fixes #13.
---
NEWS | 6 ++++++
acl.c | 17 +++++++++++------
tests/test_acls.py | 11 +++++------
3 files changed, 22 insertions(+), 12 deletions(-)
Index: b/acl.c
===================================================================
--- a/acl.c
+++ b/acl.c
@@ -889,7 +889,7 @@ static PyObject* Entry_get_tag_type(PyOb
*/
static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
Entry_Object *self = (Entry_Object*) obj;
- long uidgid;
+ unsigned long uidgid;
uid_t uid;
gid_t gid;
void *p;
@@ -906,7 +906,10 @@ static int Entry_set_qualifier(PyObject*
"qualifier must be integer");
return -1;
}
- if((uidgid = PyInt_AsLong(value)) == -1) {
+ /* This is the negative value check, and larger than long
+ check. If uid_t/gid_t are long-sized, this is enough to check
+ for both over and underflow. */
+ if((uidgid = PyLong_AsUnsignedLong(value)) == (unsigned long) -1) {
if(PyErr_Occurred() != NULL) {
return -1;
}
@@ -920,9 +923,11 @@ static int Entry_set_qualifier(PyObject*
}
uid = uidgid;
gid = uidgid;
+ /* This is an extra overflow check, in case uid_t/gid_t are
+ int-sized (and int size smaller than long size). */
switch(tag) {
case ACL_USER:
- if((long)uid != uidgid) {
+ if((unsigned long)uid != uidgid) {
PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
return -1;
} else {
@@ -930,7 +935,7 @@ static int Entry_set_qualifier(PyObject*
}
break;
case ACL_GROUP:
- if((long)gid != uidgid) {
+ if((unsigned long)gid != uidgid) {
PyErr_SetString(PyExc_OverflowError, "cannot assign given qualifier");
return -1;
} else {
@@ -953,7 +958,7 @@ static int Entry_set_qualifier(PyObject*
/* Returns the qualifier of the entry */
static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
Entry_Object *self = (Entry_Object*) obj;
- long value;
+ unsigned long value;
tag_qual tq;
if (self->entry == NULL) {
@@ -973,7 +978,7 @@ static PyObject* Entry_get_qualifier(PyO
" group tag");
return NULL;
}
- return PyInt_FromLong(value);
+ return PyLong_FromUnsignedLong(value);
}
/* Returns the parent ACL of the entry */
Index: b/test/test_acls.py
===================================================================
--- a/test/test_acls.py
+++ b/test/test_acls.py
@@ -579,10 +579,7 @@ class ModificationTests(aclTest, unittes
qualifier = 1
e.tag_type = tag
while True:
- if tag == posix1e.ACL_USER:
- regex = re.compile("user with uid %d" % qualifier)
- else:
- regex = re.compile("group with gid %d" % qualifier)
+ regex = re.compile("(user|group) with (u|g)id %d" % qualifier)
try:
e.qualifier = qualifier
except OverflowError:
@@ -597,7 +594,9 @@ class ModificationTests(aclTest, unittes
"""Tests qualifier overflow handling"""
acl = posix1e.ACL()
e = acl.append()
- qualifier = sys.maxsize * 2
+ # the uid_t/gid_t are unsigned, so they can hold slightly more
+ # than sys.maxsize*2 (on Linux).
+ qualifier = (sys.maxsize + 1) * 2
for tag in [posix1e.ACL_USER, posix1e.ACL_GROUP]:
e.tag_type = tag
with self.assertRaises(OverflowError):

3
pylibacl-0.5.4.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:060f375aeff90a16fbc3a827b7e234694ad636485d8ecd6654e01e1fc4ea3b37
size 37016

3
pylibacl-0.6.0.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:88a0a4322e3a62d797d61f96ec7f38d1c471c48a3cc3cedb32ab5c20aa98d9ff
size 41415

42
python-pylibacl.changes
View File

@@ -1,3 +1,45 @@
-------------------------------------------------------------------
Sat Mar 26 19:52:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 0.6.0:
- Support for pathlib objects in `apply_to` and `has_extended`
functions when running with Python 3.6 and newer.
- Use of built-in C API functions for bytes/unicode/pathlib conversion
when dealing with file names, removing custom code (with the
associated benefits).
- Initialisation protocol has been changed, to disallow uninitialised
objects; this means that `__new__` will always create valid objects,
to prevent the need for checking initialisation status in all code
paths; this also (implicitly) fixes memory leaks on re-initialisation
(calling `__init__(342200246)` on an existing object) and segfaults (!) on
non-initialised object attribute access. Note ACL re-initialisation is
tricky and (still) leads to undefined behaviour of existing Entry
objects pointing to it.
- Fix another bug in ACL re-initialisation where failures would result
in invalid objects; now failed re-initialisation does not touch the
original object.
- Restore `__setstate__`/`__getstate__` support on Linux; this was
inadvertently removed due a typo(!) when adding support for it in
FreeBSD. Pickle should work again for ACL instances, although not sure
how stable this serialisation format actually is.
- Additionally, slightly change `__setstate__()` input to not allow
Unicode, since the serialisation format is an opaque binary format.
- Fix (and change) entry qualifier (which is a user/group ID) behaviour:
assume/require that uid_t/gid_t are unsigned types (they are with
glibc, MacOS and FreeBSD at least; the standard doesn't document the
signedness), and convert parsing and returning the qualifier to behave
accordingly. The breakage was most apparent on 32-bit architectures,
in which context the problem was originally reported (see issue #13).
- Added a `data` keyword argument to `ACL()`, which allows restoring an
ACL directly from a serialised form (as given by `__getstate__()`),
which should simplify some uses cases (`a = ACL(); a.__set
state__(342200246)`).
- When available, add the file path to I/O error messages, which should
lead to easier debugging.
- The test suite has changed to `pytest`, which allows increased
coverage via parameterisation.
- drop 09c5bd80cf811a0e7b81ceddfb525d576885e097.patch (upstream)
-------------------------------------------------------------------
Mon Feb 24 15:28:16 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>

8
python-pylibacl.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package python-pylibacl
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2013-2020 LISA GmbH, Bingen, Germany
#
# All modifications and additions to the file contributed by third parties
@@ -19,13 +19,12 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-pylibacl
Version: 0.5.4
Version: 0.6.0
Release: 0
Summary: POSIX1e ACLs for python
License: LGPL-2.1-or-later
URL: https://pylibacl.k1024.org/
Source: https://files.pythonhosted.org/packages/source/p/pylibacl/pylibacl-%{version}.tar.gz
Patch: 09c5bd80cf811a0e7b81ceddfb525d576885e097.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module setuptools}
@@ -42,7 +41,6 @@ of the systems's acl C library - see acl(5).
%prep
%setup -q -n pylibacl-%{version}
%autopatch -p1
%build
%python_build
@@ -56,7 +54,7 @@ of the systems's acl C library - see acl(5).
%files %{python_files}
%license COPYING
%doc NEWS README.rst
%doc NEWS README.md
%{python_sitearch}/*
%changelog