python/python-python-rpm-spec
SHA256
14
0
Fork 0
forked from pool/python-python-rpm-spec
Code Pull Requests Activity

Accepting request 1154482 from devel:languages:python

Browse Source 
- Update to 0.15.0:
  * The `replace_macro` function gained a new `max_attempts` parameter that
    prevents endless recursion in certain scenarios. Thanks @kraptor.
  * Add support for Python 3.12.
  * Drop support for Python 3.7. It is EOL and no longer supported by the
    Python core team.
- Switch to autosetup macro.
- Drop patch avoid-DoS-on-carefully-crafted-spec-files.patch, now included
  upstream.

OBS-URL: https://build.opensuse.org/request/show/1154482
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-python-rpm-spec?expand=0&rev=7
This commit is contained in:
Ana Guerrero
2024-03-04 20:25:10 +00:00
committed by Git OBS Bridge
parent 7885073e53 f327df728e
commit 1d2fdac492
5 changed files with 23 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
avoid-DoS-on-carefully-crafted-spec-files.patch
View File

@@ -1,30 +0,0 @@
diff --git a/pyrpm/spec.py b/pyrpm/spec.py
index 42515bf..1a290ba 100644
--- a/pyrpm/spec.py
+++ b/pyrpm/spec.py
@@ -490,7 +490,7 @@ def from_string(cls, string: str) -> "Spec":
return spec
-def replace_macros(string: str, spec: Spec) -> str:
+def replace_macros(string: str, spec: Spec, max_attempts: int = 1000) -> str:
"""Replace all macros in given string with corresponding values.
For example, a string '%{name}-%{version}.tar.gz' will be transformed to 'foo-2.0.tar.gz'.
@@ -555,9 +555,13 @@ def get_replacement_string(match: re.Match) -> str:
# Recursively expand macros
# Note: If macros are not defined in the spec file, this won't try to
# expand them.
- while True:
+ attempt = 0
+ ret = ""
+ while attempt < max_attempts:
+ attempt += 1
ret = re.sub(_macro_pattern, get_replacement_string, string)
if ret != string:
string = ret
continue
- return ret
+ break
+ return ret
\ No newline at end of file

13
python-python-rpm-spec.changes
View File

@@ -1,3 +1,16 @@
-------------------------------------------------------------------
Mon Mar 4 03:15:47 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 0.15.0:
* The `replace_macro` function gained a new `max_attempts` parameter that
prevents endless recursion in certain scenarios. Thanks @kraptor.
* Add support for Python 3.12.
* Drop support for Python 3.7. It is EOL and no longer supported by the
Python core team.
- Switch to autosetup macro.
- Drop patch avoid-DoS-on-carefully-crafted-spec-files.patch, now included
upstream.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 13 15:17:43 UTC 2023 - Martin Schreiner <martin.schreiner@suse.com> Wed Sep 13 15:17:43 UTC 2023 - Martin Schreiner <martin.schreiner@suse.com>

22
python-python-rpm-spec.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file for package python-python-rpm-spec # spec file for package python-python-rpm-spec
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,13 @@
# #
%define skip_python2 1
Name: python-python-rpm-spec Name: python-python-rpm-spec
Version: 0.14.1 Version: 0.15.0
Release: 0 Release: 0
Summary: Python module for parsing RPM spec files Summary: Python module for parsing RPM spec files
License: MIT License: MIT
Group: Development/Libraries/Python
URL: https://github.com/bkircher/python-rpm-spec URL: https://github.com/bkircher/python-rpm-spec
Source0: https://files.pythonhosted.org/packages/source/p/python-rpm-spec/python-rpm-spec-%{version}.tar.gz Source0: https://files.pythonhosted.org/packages/source/p/python_rpm_spec/python_rpm_spec-%{version}.tar.gz
# PATCH-FIX-OPENSUSE avoid-DoS-on-carefully-crafted-spec-files.patch bsc#1215274
# this patch fixes an endless loop that could be triggered by carefully crafting
# a malicious RPM spec file that uses macro expansions, causing a denial-of-service
# PR to upstream code here: https://github.com/bkircher/python-rpm-spec/pull/62
Patch0: avoid-DoS-on-carefully-crafted-spec-files.patch
BuildRequires: %{python_module flit} BuildRequires: %{python_module flit}
BuildRequires: %{python_module pip} BuildRequires: %{python_module pip}
BuildRequires: %{python_module pytest} BuildRequires: %{python_module pytest}
@@ -47,8 +40,7 @@ RPM is built. This module allows you to parse spec files and gives you simple
access to various bits of information that is contained in the spec file. access to various bits of information that is contained in the spec file.
%prep %prep
%setup -q -n python-rpm-spec-%{version} %autosetup -p1 -n python_rpm_spec-%{version}
%patch0 -p1
%build %build
%pyproject_wheel %pyproject_wheel
@@ -61,9 +53,9 @@ access to various bits of information that is contained in the spec file.
%pytest tests %pytest tests
%files %{python_files} %files %{python_files}
%doc CHANGELOG* README* %doc CHANGELOG.md README.md
%license LICENSE* %license LICENSE
%{python_sitelib}/python_rpm_spec-%{version}*-info
%{python_sitelib}/pyrpm %{python_sitelib}/pyrpm
%{python_sitelib}/python_rpm_spec-%{version}.dist-info
%changelog %changelog

3
python-rpm-spec-0.14.1.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0d4224d21ae59b60b19676cb9db027d1af132868cf8d0b4650960ff9468ebb4a
size 59082

3
python_rpm_spec-0.15.0.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6ff7f0cd63059efe7cbc466431f70de485fc105ae8422321134d297dde9f3585
size 60078