Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cbor2 for openSUSE:Factory
checked in at 2022-01-17 00:22:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cbor2 (Old)
and /work/SRC/openSUSE:Factory/.python-cbor2.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cbor2"
Mon Jan 17 00:22:47 2022 rev:8 rq:946692 version:5.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cbor2/python-cbor2.changes
2021-06-09 21:53:00.758550732 +0200
+++ /work/SRC/openSUSE:Factory/.python-cbor2.new.1892/python-cbor2.changes
2022-01-17 00:22:49.768191845 +0100
@@ -1,0 +2,10 @@
+Sat Jan 15 17:50:18 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 5.4.2:
+ * Fix segfault when initializing CBORTag with incorrect arguments
+ * Fix sphinx build warnings
+ * Fix SystemErrors when using C-backend, meaningful exceptions now raised
+ * Fix precision loss when decoding base10 decimal fractions
+ * Made CBORTag handling consistent between python and C-module
+
+-------------------------------------------------------------------
Old:
----
cbor2-5.4.0.tar.gz
New:
----
cbor2-5.4.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cbor2.spec ++++++
--- /var/tmp/diff_new_pack.oNC947/_old 2022-01-17 00:22:50.260192156 +0100
+++ /var/tmp/diff_new_pack.oNC947/_new 2022-01-17 00:22:50.264192159 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-cbor2
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-cbor2
-Version: 5.4.0
+Version: 5.4.2
Release: 0
Summary: Pure Python CBOR (de)serializer with extensive tag support
License: MIT
++++++ cbor2-5.4.0.tar.gz -> cbor2-5.4.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/PKG-INFO new/cbor2-5.4.2/PKG-INFO
--- old/cbor2-5.4.0/PKG-INFO 2021-06-04 14:32:10.439574700 +0200
+++ new/cbor2-5.4.2/PKG-INFO 2021-10-14 13:14:02.437785100 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: cbor2
-Version: 5.4.0
+Version: 5.4.2
Summary: Pure Python CBOR (de)serializer with extensive tag support
Home-page: UNKNOWN
Author: Alex Gr??nholm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/cbor2/decoder.py
new/cbor2-5.4.2/cbor2/decoder.py
--- old/cbor2-5.4.0/cbor2/decoder.py 2021-06-04 14:32:03.000000000 +0200
+++ new/cbor2-5.4.2/cbor2/decoder.py 2021-10-14 13:13:48.000000000 +0200
@@ -369,7 +369,11 @@
return CBORSimpleValue(subtype)
# Major tag 7
- return special_decoders[subtype](self)
+ try:
+ return special_decoders[subtype](self)
+ except KeyError as e:
+ raise CBORDecodeValueError(
+ "Undefined Reserved major type 7 subtype 0x%x" % subtype)
from e
#
# Semantic decoders (major tag 6)
@@ -426,13 +430,20 @@
def decode_fraction(self):
# Semantic tag 4
from decimal import Decimal
- exp, sig = self._decode()
- return self.set_shareable(Decimal(sig) * (10 ** Decimal(exp)))
+ try:
+ exp, sig = self._decode()
+ except (TypeError, ValueError) as e:
+ raise CBORDecodeValueError("Incorrect tag 4 payload") from e
+ tmp = Decimal(sig).as_tuple()
+ return self.set_shareable(Decimal((tmp.sign, tmp.digits, exp)))
def decode_bigfloat(self):
# Semantic tag 5
from decimal import Decimal
- exp, sig = self._decode()
+ try:
+ exp, sig = self._decode()
+ except (TypeError, ValueError) as e:
+ raise CBORDecodeValueError("Incorrect tag 5 payload") from e
return self.set_shareable(Decimal(sig) * (2 ** Decimal(exp)))
def decode_stringref(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/cbor2/types.py
new/cbor2-5.4.2/cbor2/types.py
--- old/cbor2-5.4.0/cbor2/types.py 2021-06-04 14:32:03.000000000 +0200
+++ new/cbor2-5.4.2/cbor2/types.py 2021-10-14 13:13:48.000000000 +0200
@@ -44,8 +44,8 @@
__slots__ = 'tag', 'value'
def __init__(self, tag, value):
- if not isinstance(tag, int):
- raise TypeError('CBORTag tags must be integer numbers')
+ if not isinstance(tag, int) or tag not in range(2**64):
+ raise TypeError('CBORTag tags must be positive integers less than
2**64')
self.tag = tag
self.value = value
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/cbor2.egg-info/PKG-INFO
new/cbor2-5.4.2/cbor2.egg-info/PKG-INFO
--- old/cbor2-5.4.0/cbor2.egg-info/PKG-INFO 2021-06-04 14:32:10.000000000
+0200
+++ new/cbor2-5.4.2/cbor2.egg-info/PKG-INFO 2021-10-14 13:14:02.000000000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: cbor2
-Version: 5.4.0
+Version: 5.4.2
Summary: Pure Python CBOR (de)serializer with extensive tag support
Home-page: UNKNOWN
Author: Alex Gr??nholm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/docs/index.rst
new/cbor2-5.4.2/docs/index.rst
--- old/cbor2-5.4.0/docs/index.rst 2021-06-04 14:32:03.000000000 +0200
+++ new/cbor2-5.4.2/docs/index.rst 2021-10-14 13:13:48.000000000 +0200
@@ -10,5 +10,8 @@
usage
customizing
versionhistory
+ Encoder <modules/encoder>
+ Decoder <modules/decoder>
+ Types <modules/types>
* :ref:`API reference <modindex>`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/docs/versionhistory.rst
new/cbor2-5.4.2/docs/versionhistory.rst
--- old/cbor2-5.4.0/docs/versionhistory.rst 2021-06-04 14:32:03.000000000
+0200
+++ new/cbor2-5.4.2/docs/versionhistory.rst 2021-10-14 13:13:48.000000000
+0200
@@ -5,6 +5,17 @@
This library adheres to `Semantic Versioning <http://semver.org/>`_.
+**5.4.2** (2021-10-14)
+
+- Fix segfault when initializing CBORTag with incorrect arguments (Sekenre)
+- Fix sphinx build warnings (Sekenre)
+
+**5.4.1** (2021-07-23)
+
+- Fix SystemErrors when using C-backend, meaningful exceptions now raised
(Sekenre)
+- Fix precision loss when decoding base10 decimal fractions (Sekenre)
+- Made CBORTag handling consistent between python and C-module (Sekenre)
+
**5.4.0** (2021-06-04)
- Fix various bounds checks in the C-backend (Sekenre)
@@ -23,7 +34,7 @@
- README: More detail and examples
- Bugfix: Fix segfault on loading huge arrays with C-backend (Sekenre)
- Build system: Allow packagers to force C-backend building or disable using
env var (jameshilliard)
-- Feature: :module:`cbor2.tool` Command line diagnostic tool (Sekenre)
+- Feature: :py:mod:`cbor2.tool` Command line diagnostic tool (Sekenre)
- Feature: Ignore semantic tag used for file magic 55799 AKA "Self-Described
CBOR" (kalcutter)
**5.1.2** (2020-07-21)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/source/decoder.c
new/cbor2-5.4.2/source/decoder.c
--- old/cbor2-5.4.0/source/decoder.c 2021-06-04 14:32:03.000000000 +0200
+++ new/cbor2-5.4.2/source/decoder.c 2021-10-14 13:13:48.000000000 +0200
@@ -1189,28 +1189,37 @@
CBORDecoder_decode_fraction(CBORDecoderObject *self)
{
// semantic type 4
- PyObject *tuple, *tmp, *sig, *exp, *ten, *ret = NULL;
+ PyObject *payload_t, *tmp, *sig, *exp, *ret = NULL;
+ PyObject *decimal_t, *sign, *digits, *args = NULL;
if (!_CBOR2_Decimal && _CBOR2_init_Decimal() == -1)
return NULL;
// NOTE: There's no particular necessity for this to be immutable, it's
// just a performance choice
- tuple = decode(self, DECODE_IMMUTABLE | DECODE_UNSHARED);
- if (tuple) {
- if (PyTuple_CheckExact(tuple) && PyTuple_GET_SIZE(tuple) == 2) {
- exp = PyTuple_GET_ITEM(tuple, 0);
- sig = PyTuple_GET_ITEM(tuple, 1);
- ten = PyObject_CallFunction(_CBOR2_Decimal, "i", 10);
- if (ten) {
- tmp = PyNumber_Power(ten, exp, Py_None);
- if (tmp) {
- ret = PyNumber_Multiply(sig, tmp);
- Py_DECREF(tmp);
+ payload_t = decode(self, DECODE_IMMUTABLE | DECODE_UNSHARED);
+ if (payload_t) {
+ if (PyTuple_CheckExact(payload_t) && PyTuple_GET_SIZE(payload_t) == 2)
{
+ exp = PyTuple_GET_ITEM(payload_t, 0);
+ sig = PyTuple_GET_ITEM(payload_t, 1);
+ tmp = PyObject_CallFunction(_CBOR2_Decimal, "O", sig);
+ if (tmp) {
+ decimal_t = PyObject_CallMethod(tmp, "as_tuple", NULL);
+ if (decimal_t) {
+ sign = PyTuple_GET_ITEM(decimal_t, 0);
+ digits = PyTuple_GET_ITEM(decimal_t, 1);
+ args = PyTuple_Pack(3, sign, digits, exp);
+ ret = PyObject_CallFunction(_CBOR2_Decimal, "(O)", args);
+ Py_DECREF(decimal_t);
+ Py_DECREF(args);
}
- Py_DECREF(ten);
+ Py_DECREF(tmp);
}
- }
- Py_DECREF(tuple);
+ } else {
+ PyErr_Format(
+ _CBOR2_CBORDecodeValueError,
+ "Incorrect tag 4 payload");
+ }
+ Py_DECREF(payload_t);
}
set_shareable(self, ret);
return ret;
@@ -1241,7 +1250,11 @@
}
Py_DECREF(two);
}
- }
+ } else {
+ PyErr_Format(
+ _CBOR2_CBORDecodeValueError,
+ "Incorrect tag 5 payload");
+ }
Py_DECREF(tuple);
}
set_shareable(self, ret);
@@ -1601,7 +1614,9 @@
case 27: return CBORDecoder_decode_float64(self);
case 31: CBOR2_RETURN_BREAK;
default:
- // XXX Raise exception?
+ PyErr_Format(
+ _CBOR2_CBORDecodeValueError,
+ "Undefined Reserved major type 7 subtype 0x%x", subtype);
break;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/source/tags.c
new/cbor2-5.4.2/source/tags.c
--- old/cbor2-5.4.0/source/tags.c 2021-06-04 14:32:03.000000000 +0200
+++ new/cbor2-5.4.2/source/tags.c 2021-10-14 13:13:48.000000000 +0200
@@ -52,11 +52,25 @@
CBORTag_init(CBORTagObject *self, PyObject *args, PyObject *kwargs)
{
static char *keywords[] = {"tag", "value", NULL};
- PyObject *tmp, *value = NULL;
+ PyObject *tmp, *value, *tmp_tag = NULL;
+ uint64_t tag = 0;
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|KO", keywords,
- &self->tag, &value))
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OO", keywords,
+ &tmp_tag, &value))
return -1;
+ // Raises an overflow error if it doesn't work
+ tag = PyLong_AsUnsignedLongLong(tmp_tag);
+
+ if (tag == (uint64_t)-1) {
+ if (PyErr_Occurred()){
+ if (PyErr_ExceptionMatches(PyExc_OverflowError)) {
+ PyErr_Clear(); // clear the overflow error
+ PyErr_SetString(PyExc_TypeError, "CBORTag tags must be
positive integers less than 2**64");
+ } // otherwise must be some other exception probably type err
+ return -1;
+ } // otherwise it's 2**64-1 which is fine :)
+ }
+ self->tag = tag;
if (value) {
tmp = self->value;
@@ -67,7 +81,7 @@
return 0;
}
-�
+
// Special methods ///////////////////////////////////////////////////////////
static PyObject *
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/tests/test_decoder.py
new/cbor2-5.4.2/tests/test_decoder.py
--- old/cbor2-5.4.0/tests/test_decoder.py 2021-06-04 14:32:03.000000000
+0200
+++ new/cbor2-5.4.2/tests/test_decoder.py 2021-10-14 13:13:48.000000000
+0200
@@ -384,6 +384,11 @@
assert decoded == Decimal('273.15')
+def test_decimal_precision(impl):
+ decoded =
impl.loads(unhexlify('c482384dc252011f1fe37d0c70ff50456ba8b891997b07d6'))
+ assert decoded == Decimal('9.7703426561852468194804075821069770622934E-38')
+
+
def test_bigfloat(impl):
decoded = impl.loads(unhexlify('c5822003'))
assert decoded == Decimal('1.5')
@@ -692,3 +697,23 @@
'4c271579b01633a3ef6271be5c225eb2'
)
)
+
+
+@pytest.mark.parametrize('data, expected', [
+ ('fc', '1c'), ('fd', '1d'), ('fe', '1e')
+ ],
+)
+def test_reserved_special_tags(impl, data, expected):
+ with pytest.raises(impl.CBORDecodeValueError) as exc_info:
+ impl.loads(unhexlify(data))
+ assert exc_info.value.args[0] == "Undefined Reserved major type 7 subtype
0x" + expected
+
+
+@pytest.mark.parametrize('data, expected', [
+ ('c400', '4'), ('c500', '5')
+ ],
+)
+def test_decimal_payload_unpacking(impl, data, expected):
+ with pytest.raises(impl.CBORDecodeValueError) as exc_info:
+ impl.loads(unhexlify(data))
+ assert exc_info.value.args[0] == f"Incorrect tag {expected} payload"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cbor2-5.4.0/tests/test_encoder.py
new/cbor2-5.4.2/tests/test_encoder.py
--- old/cbor2-5.4.0/tests/test_encoder.py 2021-06-04 14:32:03.000000000
+0200
+++ new/cbor2-5.4.2/tests/test_encoder.py 2021-10-14 13:13:48.000000000
+0200
@@ -520,3 +520,14 @@
'd81901' 'd81900'
)
assert impl.dumps(value, string_referencing=True, canonical=True) ==
expected
+
+
+@pytest.mark.parametrize('tag', [-1, 2**64, 'f'], ids=['too small', 'too
large', 'wrong type'])
+def test_invalid_tag(impl, tag):
+ with pytest.raises(TypeError):
+ impl.dumps(impl.CBORTag(tag, 'value'))
+
+
+def test_largest_tag(impl):
+ expected = unhexlify('dbffffffffffffffff6176')
+ assert impl.dumps(impl.CBORTag(2**64-1, 'v')) == expected
