Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-onionshare for
openSUSE:Factory checked in at 2022-04-08 22:45:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-onionshare (Old)
and /work/SRC/openSUSE:Factory/.python-onionshare.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-onionshare"
Fri Apr 8 22:45:54 2022 rev:11 rq:967749 version:2.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-onionshare/python-onionshare.changes
2021-10-08 00:07:33.377906486 +0200
+++
/work/SRC/openSUSE:Factory/.python-onionshare.new.1900/python-onionshare.changes
2022-04-08 22:46:04.674899955 +0200
@@ -1,0 +2,49 @@
+Fri Feb 25 06:52:51 UTC 2022 - Axel Braun <[email protected]>
+
+- Additional changes:
+ * drop python-stem in favor of python-cepa
+ * relax-async-mode.patch added
+ * fix-test-cli-web.patch added
+ * fix for boo#1194866
+
+-------------------------------------------------------------------
+Thu Feb 24 19:33:47 UTC 2022 - Ferdinand Thiessen <[email protected]>
+
+- Update to version 2.5.0
+ * CVE-2022-21696: It was possible to change the username to that
+ of another chat participant with an additional space character
+ at the end of the name string.
+ * CVE-2022-21695: Authenticated users (or unauthenticated in
+ public mode) could send messages without being visible in the
+ list of chat participants
+ * CVE-2022-21694:
+ * CVE-2022-21693: An adversary with a primitive that allows for
+ filesystem access from the context of the Onionshare process
+ could access sensitive files in the entire user home folder.
+ * CVE-2022-21692: anyone with access to the chat environment
+ could write messages disguised as another chat participant
+ * CVE-2022-21691: chat participants could spoof their channel
+ leave message, tricking others into assuming they left the chatroom.
+ * CVE-2022-21690: The path parameter of the requested URL was not
+ sanitized before being passed to the QT frontend. This path is
+ used in all components for displaying the server access history.
+ * CVE-2022-21688, CVE-2022-21689: Use microseconds in Receive mode
+ directory creation to avoid potential DoS
+ * Major feature:
+ * Obtain bridges from Moat / BridgeDB
+ * Snowflake bridge support
+ * New feature:
+ * Tor connection settings, as well as general settings,
+ are now Tabs rather than dialogs
+ * User can customize the Content-Security-Policy header
+ in Website mode
+ * Built-in bridges are automatically updated from Tor's API
+ when the user has chosen to use them
+ * Switch to using stem fork called cepa
+ * Various bug fixes
+- Drop desktop file, upstream already provides one
+- Install metainfo file
+- Adjust requirements
+- Added relax-async-mode.patch
+
+-------------------------------------------------------------------
Old:
----
onionshare-2.4.tar.gz
onionshare.desktop
New:
----
fix-test-cli-web.patch
onionshare-2.5.tar.gz
relax-async-mode.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-onionshare.spec ++++++
--- /var/tmp/diff_new_pack.85OMaR/_old 2022-04-08 22:46:05.414891742 +0200
+++ /var/tmp/diff_new_pack.85OMaR/_new 2022-04-08 22:46:05.414891742 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package python-onionshare
+# spec file
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2018-2021 Dr. Axel Braun
#
# All modifications and additions to the file contributed by third parties
@@ -19,59 +19,61 @@
%define modname onionshare
Name: python-%{modname}
-Version: 2.4
+Version: 2.5
Release: 0
Summary: Self-hosting Tor Onion Service based file sharing
License: GPL-3.0-or-later
Group: Productivity/Networking/File-Sharing
-URL: https://github.com/micahflee/onionshare
-Source0:
https://github.com/micahflee/onionshare/archive/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz
-Source1: %{modname}.desktop
+URL: https://github.com/onionshare/onionshare
+Source0:
https://github.com/onionshare/onionshare/archive/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz
# PATCH-FIX-OPENSUSE skip test_large_download in gui tests
Patch0: 0001-adjust_tests.diff
-
+# PATCH-FIX-UPSTREAM fix-test-cli-web.patch --
https://github.com/onionshare/onionshare/issues/1534
+Patch1: fix-test-cli-web.patch
+# PATCH-FIX-OPENSUSE relax-async-mode.patch -- Do not rely on gevent
+Patch2: relax-async-mode.patch
BuildRequires: fdupes
+BuildRequires: hicolor-icon-theme
BuildRequires: python-rpm-macros
-BuildRequires: python3-Flask
-BuildRequires: python3-Flask-HTTPAuth
-BuildRequires: python3-Flask-SocketIO
+BuildRequires: python3-Flask >= 1.4.1
+BuildRequires: python3-Flask-SocketIO >= 5.0.1
BuildRequires: python3-PyNaCl
BuildRequires: python3-PySocks
BuildRequires: python3-Unidecode
+BuildRequires: python3-cepa >= 1.8.3
BuildRequires: python3-colorama
-BuildRequires: python3-nautilus
+BuildRequires: python3-eventlet
+BuildRequires: python3-poetry
BuildRequires: python3-psutil
-BuildRequires: python3-pycrypto
-BuildRequires: python3-pyside2
+BuildRequires: python3-pyside2 >= 5.15.2
BuildRequires: python3-pytest
BuildRequires: python3-pytest-qt
BuildRequires: python3-pytest-xvfb
BuildRequires: python3-qrcode
BuildRequires: python3-requests
BuildRequires: python3-setuptools
-BuildRequires: python3-stem
+BuildRequires: python3-urllib3
BuildRequires: tor
BuildRequires: update-desktop-files
-Requires: python3-Flask
-Requires: python3-Flask-HTTPAuth
-Requires: python3-Flask-SocketIO
+Requires: python3-Flask >= 1.4.1
+Requires: python3-Flask-SocketIO >= 5.0.1
+Requires: python3-PyNaCl
Requires: python3-Unidecode
+Requires: python3-cepa >= 1.8.3
Requires: python3-colorama
+Requires: python3-eventlet
Requires: python3-psutil
-Requires: python3-PyNaCl
-Requires: python3-pycrypto
-Requires: python3-pyside2
+Requires: python3-pyside2 >= 5.15.2
Requires: python3-qrcode
Requires: python3-requests
-Requires: python3-stem
+Requires: python3-urllib3
Requires: tor
-BuildArch: noarch
-
Provides: %{name}-%{version}
Obsoletes: %{name}-data < %{version}
Obsoletes: python36-onionshare < %{version}
Obsoletes: python38-onionshare < %{version}
Obsoletes: python39-onionshare < %{version}
+BuildArch: noarch
%description
OnionShare lets the user share files securely and anonymously. It
@@ -83,32 +85,27 @@
Tor Browser to download the file.
%prep
-%setup -q -n %{modname}-%{version}
-%autopatch -p1
-cp %{SOURCE1} .
-
-sed -i 's/sys.platform != "Linux"/sys.platform != "linux"/'
cli/tests/test_cli_settings.py cli/tests/test_cli_common.py
+%autosetup -p1 -n %{modname}-%{version}
%build
-cd cli
+pushd cli
%python3_build
-cd ../desktop/src
+popd
+pushd desktop
%python3_build
%install
-cd cli
+pushd cli
%python3_install
-
-cd ../desktop/src
+popd
+pushd desktop
%python3_install
-mkdir -p %{buildroot}%{_datadir}/pixmaps
-cp org.onionshare.OnionShare.svg %{buildroot}%{_datadir}/pixmaps/.
-
-pwd
-
-desktop-file-install --dir %{buildroot}%{_datadir}/applications/
org.onionshare.OnionShare.desktop
-%suse_update_desktop_file org.onionshare.OnionShare
+install -Dm 0644 org.onionshare.OnionShare.appdata.xml \
+ %{buildroot}%{_datadir}/metainfo/org.onionshare.OnionShare.metainfo.xml
+install -Dm 0644 org.onionshare.OnionShare.svg \
+
%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/org.onionshare.OnionShare.svg
+%suse_update_desktop_file -i org.onionshare.OnionShare
%fdupes %{buildroot}%{python3_sitelib}
@@ -135,8 +132,9 @@
%{_bindir}/%{modname}-cli
%license LICENSE
%doc README.md
-%{_datadir}/applications/*
-%{_datadir}/pixmaps/*
+%{_datadir}/applications/org.onionshare.OnionShare.desktop
+%{_datadir}/metainfo/org.onionshare.OnionShare.metainfo.xml
+%{_datadir}/icons/hicolor/scalable/apps/org.onionshare.OnionShare.svg
%{python3_sitelib}/onionshare
%{python3_sitelib}/onionshare-%{version}*-info
%{python3_sitelib}/onionshare_cli
++++++ fix-test-cli-web.patch ++++++
diff -Nur onionshare-2.5/cli/tests/test_cli_web.py new/cli/tests/test_cli_web.py
--- onionshare-2.5/cli/tests/test_cli_web.py 2022-01-17 21:56:39.000000000
+0100
+++ new/cli/tests/test_cli_web.py 2022-02-24 23:43:29.209447238 +0100
@@ -624,7 +624,7 @@
]
)
- @pytest.mark.skipif(sys.platform != "Linux", reason="requires Linux")
+ @pytest.mark.skipif(sys.platform != "linux", reason="requires Linux")
@check_unsupported("http", ["--version"])
def test_httpie(self, temp_dir, common_obj):
web = web_obj(temp_dir, common_obj, "share", 3)
++++++ onionshare-2.4.tar.gz -> onionshare-2.5.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-onionshare/onionshare-2.4.tar.gz
/work/SRC/openSUSE:Factory/.python-onionshare.new.1900/onionshare-2.5.tar.gz
differ: char 12, line 1
++++++ relax-async-mode.patch ++++++
diff -Nur onionshare-2.5/cli/onionshare_cli/web/web.py
new/cli/onionshare_cli/web/web.py
--- onionshare-2.5/cli/onionshare_cli/web/web.py 2022-01-17
21:56:39.000000000 +0100
+++ new/cli/onionshare_cli/web/web.py 2022-02-25 01:35:45.401731026 +0100
@@ -164,10 +164,10 @@
elif self.mode == "chat":
if self.common.verbose:
self.socketio = SocketIO(
- async_mode="gevent", logger=True, engineio_logger=True
+ logger=True, engineio_logger=True
)
else:
- self.socketio = SocketIO(async_mode="gevent")
+ self.socketio = SocketIO()
self.socketio.init_app(self.app)
self.chat_mode = ChatModeWeb(self.common, self)
