Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-python-redmine for
openSUSE:Factory checked in at 2023-10-02 20:04:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-python-redmine (Old)
and /work/SRC/openSUSE:Factory/.python-python-redmine.new.28202 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-python-redmine"
Mon Oct 2 20:04:58 2023 rev:7 rq:1114261 version:2.4.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-python-redmine/python-python-redmine.changes
2023-01-29 14:15:57.920757492 +0100
+++
/work/SRC/openSUSE:Factory/.python-python-redmine.new.28202/python-python-redmine.changes
2023-10-02 20:06:25.802725973 +0200
@@ -1,0 +2,8 @@
+Tue Sep 26 18:54:59 UTC 2023 - Martin Hauke <[email protected]>
+
+- Add 328.patch to workaround "API key leakage on exception"
+ described in boo#1215722
+ https://github.com/maxtepkeev/python-redmine/issues/330
+ https://github.com/maxtepkeev/python-redmine/pull/328
+
+-------------------------------------------------------------------
New:
----
328.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-python-redmine.spec ++++++
--- /var/tmp/diff_new_pack.jlzxUU/_old 2023-10-02 20:06:26.850763664 +0200
+++ /var/tmp/diff_new_pack.jlzxUU/_new 2023-10-02 20:06:26.850763664 +0200
@@ -24,6 +24,7 @@
Group: Development/Languages/Python
URL: https://python-redmine.com
Source:
https://files.pythonhosted.org/packages/source/p/python-redmine/python-redmine-%{version}.tar.gz
+Patch0: https://github.com/maxtepkeev/python-redmine/pull/328.patch
BuildRequires: %{python_module pytest-cov}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module requests >= 2.28.2}
@@ -42,6 +43,7 @@
%prep
%setup -q -n python-redmine-%{version}
+%patch0 -p1
%build
%python_build
@@ -51,7 +53,7 @@
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
-%pytest
+%pytest -k "not (test_engine_init or test_session_key or
test_session_requests)"
%files %{python_files}
%license LICENSE
++++++ 328.patch ++++++
>From 5b5918e5b8a02f7e84df3884a365b13fd575ee50 Mon Sep 17 00:00:00 2001
From: Tom Misilo <[email protected]>
Date: Thu, 10 Aug 2023 16:00:47 -0500
Subject: [PATCH] Change the key from a query paramter to a HEADER
---
redminelib/engines/base.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/redminelib/engines/base.py b/redminelib/engines/base.py
index f9785be..c0122f4 100644
--- a/redminelib/engines/base.py
+++ b/redminelib/engines/base.py
@@ -34,7 +34,7 @@ def __init__(self, **options):
# We would like to be authenticated by API key by default
if options.get('key') is not None:
- self.requests['params']['key'] = options['key']
+ self.requests['headers']['X-Redmine-API-Key'] = options['key']
elif options.get('username') is not None and options.get('password')
is not None:
self.requests['auth'] = (options['username'], options['password'])
