python/python-rpyc
SHA256
14
0
Fork 0
forked from pool/python-rpyc
Code Pull Requests Activity

- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):

Browse Source 
* #551 Resolves security issue that results in RCE. The fix breaks
    backwards compatibility for those that rely on the __array__
    attribute used by numpy. This RCE is only exploitable when the
    server-side gets the attribute __array__ and calls it (e.g.,
    np.array(x)). This issues effects all versions since major release
    4.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-rpyc?expand=0&rev=32
This commit is contained in:
Daniel Garcia
2024-03-13 13:16:49 +00:00
committed by Git OBS Bridge
parent 35672831e0
commit 454b296016
4 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
5.3.1.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7fb1519174c436d8baab2eafe162311612a071a23169c0f020b10ccfda0bc5d3
size 1271046

3
6.0.0.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3492e83d7dd67011a9215612c13d92f52e96a0690fc7bbaea4b3ead1e9de5517
size 1273858

11
python-rpyc.changes
View File

@@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Mar 13 13:13:19 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):
* #551 Resolves security issue that results in RCE. The fix breaks
backwards compatibility for those that rely on the __array__
attribute used by numpy. This RCE is only exploitable when the
server-side gets the attribute __array__ and calls it (e.g.,
np.array(x)). This issues effects all versions since major release
4.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Dec 29 09:53:28 UTC 2023 - Dirk Müller <dmueller@suse.com> Fri Dec 29 09:53:28 UTC 2023 - Dirk Müller <dmueller@suse.com>

13
python-rpyc.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file # spec file for package python-rpyc
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
%endif %endif
%{?sle15_python_module_pythons} %{?sle15_python_module_pythons}
Name: python-rpyc%{psuffix} Name: python-rpyc%{psuffix}
Version: 5.3.1 Version: 6.0.0
Release: 0 Release: 0
Summary: Remote Python Call (RPyC), a RPC library Summary: Remote Python Call (RPyC), a RPC library
License: MIT License: MIT
@@ -40,7 +40,7 @@ BuildRequires: fdupes
BuildRequires: python-rpm-macros BuildRequires: python-rpm-macros
Requires: python-plumbum >= 1.2 Requires: python-plumbum >= 1.2
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(postun):update-alternatives Requires(postun): update-alternatives
BuildArch: noarch BuildArch: noarch
%if %{with test} %if %{with test}
BuildRequires: %{python_module gevent} BuildRequires: %{python_module gevent}
@@ -81,10 +81,13 @@ mv %{buildroot}%{_bindir}/rpyc_registry.py %{buildroot}%{_bindir}/rpyc_registry
%if %{with test} %if %{with test}
%check %check
donttest="TestDeploy or Test_Ssh or TestUdpRegistry or win32pipes or test_server_stops or test_immutable_object_return or test_return_of_modified_parameter or test_return_of_unmodified_parameter or test_dataframe_pickling or test_ssl_conenction or test_connection" export PYTEST_ADDOPTS="--import-mode=importlib" PYTHONPATH="."
pushd tests
donttest="TestDeploy or TestUdpRegistry"
# Fails with python 3.11 # Fails with python 3.11
donttest+=" or test_gdb" donttest+=" or test_gdb"
%pytest -k "not ($donttest)" %pytest -k "not ($donttest)"
popd
%endif %endif
%if !%{with test} %if !%{with test}