- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):

* #551 Resolves security issue that results in RCE. The fix breaks backwards compatibility for those that rely on the __array__ attribute used by numpy. This RCE is only exploitable when the server-side gets the attribute __array__ and calls it (e.g., np.array(x)). This issues effects all versions since major release 4. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-rpyc?expand=0&rev=32
2024-03-13 13:16:49 +00:00
parent 35672831e0
commit 454b296016
4 changed files with 22 additions and 8 deletions
--- a/5.3.1.tar.gz
+++ b/5.3.1.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7fb1519174c436d8baab2eafe162311612a071a23169c0f020b10ccfda0bc5d3
-size 1271046
--- a/6.0.0.tar.gz
+++ b/6.0.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3492e83d7dd67011a9215612c13d92f52e96a0690fc7bbaea4b3ead1e9de5517
+size 1273858
--- a/python-rpyc.changes
+++ b/python-rpyc.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Mar 13 13:13:19 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):
+  * #551 Resolves security issue that results in RCE. The fix breaks
+    backwards compatibility for those that rely on the __array__
+    attribute used by numpy. This RCE is only exploitable when the
+    server-side gets the attribute __array__ and calls it (e.g.,
+    np.array(x)). This issues effects all versions since major release
+    4.
+
 -------------------------------------------------------------------
 Fri Dec 29 09:53:28 UTC 2023 - Dirk Müller <dmueller@suse.com>

--- a/python-rpyc.spec
+++ b/python-rpyc.spec
@@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package python-rpyc
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-rpyc%{psuffix}
-Version:        5.3.1
+Version:        6.0.0
 Release:        0
 Summary:        Remote Python Call (RPyC), a RPC library
 License:        MIT
@@ -40,7 +40,7 @@ BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-plumbum >= 1.2
 Requires(post): update-alternatives
-Requires(postun):update-alternatives
+Requires(postun): update-alternatives
 BuildArch:      noarch
 %if %{with test}
 BuildRequires:  %{python_module gevent}
@@ -81,10 +81,13 @@ mv %{buildroot}%{_bindir}/rpyc_registry.py %{buildroot}%{_bindir}/rpyc_registry

 %if %{with test}
 %check
-donttest="TestDeploy or Test_Ssh or TestUdpRegistry or win32pipes or test_server_stops or test_immutable_object_return or test_return_of_modified_parameter or test_return_of_unmodified_parameter or test_dataframe_pickling or test_ssl_conenction or test_connection"
+export PYTEST_ADDOPTS="--import-mode=importlib" PYTHONPATH="."
+pushd tests
+donttest="TestDeploy or TestUdpRegistry"
 # Fails with python 3.11
 donttest+=" or test_gdb"
 %pytest -k "not ($donttest)"
+popd
 %endif

 %if !%{with test}