Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-setuptools for
openSUSE:Factory checked in at 2022-11-15 13:18:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-setuptools (Old)
and /work/SRC/openSUSE:Factory/.python-setuptools.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-setuptools"
Tue Nov 15 13:18:19 2022 rev:72 rq:1035638 version:65.5.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-setuptools/python-setuptools.changes
2022-10-20 11:09:53.447798348 +0200
+++
/work/SRC/openSUSE:Factory/.python-setuptools.new.1597/python-setuptools.changes
2022-11-15 13:21:04.908694312 +0100
@@ -1,0 +2,9 @@
+Mon Nov 14 09:53:11 UTC 2022 - Daniel Garcia <daniel.gar...@suse.com>
+
+- Delete remove_mock.patch, that's not needed anymore, it's upstreamed
+- Update to 65.5.1:
+ * #3638: Drop a test dependency on the mock package, always use
+ :external+python:py:mod:`unittest.mock` -- by :user:`hroncok`
+ * #3659: Fixed REDoS vector in package_index.
+
+-------------------------------------------------------------------
Old:
----
remove_mock.patch
setuptools-65.5.0.tar.gz
New:
----
setuptools-65.5.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-setuptools.spec ++++++
--- /var/tmp/diff_new_pack.OYNqtk/_old 2022-11-15 13:21:05.616697967 +0100
+++ /var/tmp/diff_new_pack.OYNqtk/_new 2022-11-15 13:21:05.620697988 +0100
@@ -16,7 +16,6 @@
#
-%{?!python_module:%define python_module() python3-%{**}}
%define skip_python2 1
%global flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "test"
@@ -38,15 +37,13 @@
# in order to avoid rewriting for subpackage generator
%define mypython python
Name: python-setuptools%{psuffix}
-Version: 65.5.0
+Version: 65.5.1
Release: 0
Summary: Download, build, install, upgrade, and uninstall Python
packages
License: Apache-2.0 AND MIT AND BSD-2-Clause AND Python-2.0
URL: https://github.com/pypa/setuptools
Source:
https://files.pythonhosted.org/packages/source/s/setuptools/setuptools-%{version}.tar.gz
Patch0: sort-for-reproducibility.patch
-# PATCH-FIX-OPENSUSE remove_mock.patch mc...@suse.com
-Patch1: remove_mock.patch
# PATCH-FIX-OPENSUSE fix-get-python-lib-python38.patch bsc#1204395
Patch2: fix-get-python-lib-python38.patch
BuildRequires: %{python_module base >= 3.7}
@@ -68,6 +65,7 @@
BuildRequires: %{python_module pip >= 19.1}
BuildRequires: %{python_module pip-run >= 8.8}
BuildRequires: %{python_module pytest >= 6}
+BuildRequires: %{python_module pytest-timeout}
BuildRequires: %{python_module pytest-xdist}
BuildRequires: %{python_module setuptools = %{version}}
BuildRequires: %{python_module tomli-w >= 1.0.0}
++++++ fix-get-python-lib-python38.patch ++++++
--- /var/tmp/diff_new_pack.OYNqtk/_old 2022-11-15 13:21:05.656698174 +0100
+++ /var/tmp/diff_new_pack.OYNqtk/_new 2022-11-15 13:21:05.660698194 +0100
@@ -1,8 +1,8 @@
-Index: setuptools-63.2.0/setuptools/_distutils/sysconfig.py
+Index: setuptools-65.5.1/setuptools/_distutils/sysconfig.py
===================================================================
---- setuptools-63.2.0.orig/setuptools/_distutils/sysconfig.py
-+++ setuptools-63.2.0/setuptools/_distutils/sysconfig.py
-@@ -229,9 +229,13 @@ def get_python_lib(plat_specific=0, stan
+--- setuptools-65.5.1.orig/setuptools/_distutils/sysconfig.py
++++ setuptools-65.5.1/setuptools/_distutils/sysconfig.py
+@@ -238,9 +238,13 @@ def get_python_lib(plat_specific=0, stan
if os.name == "posix":
if plat_specific or standard_lib:
++++++ setuptools-65.5.0.tar.gz -> setuptools-65.5.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/CHANGES.rst
new/setuptools-65.5.1/CHANGES.rst
--- old/setuptools-65.5.0/CHANGES.rst 2022-10-14 14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/CHANGES.rst 2022-11-04 20:19:31.000000000 +0100
@@ -1,3 +1,13 @@
+v65.5.1
+-------
+
+
+Misc
+^^^^
+* #3638: Drop a test dependency on the ``mock`` package, always use
:external+python:py:mod:`unittest.mock` -- by :user:`hroncok`
+* #3659: Fixed REDoS vector in package_index.
+
+
v65.5.0
-------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/PKG-INFO
new/setuptools-65.5.1/PKG-INFO
--- old/setuptools-65.5.0/PKG-INFO 2022-10-14 14:35:13.036669700 +0200
+++ new/setuptools-65.5.1/PKG-INFO 2022-11-04 20:19:53.997620000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: setuptools
-Version: 65.5.0
+Version: 65.5.1
Summary: Easily download, build, install, upgrade, and uninstall Python
packages
Home-page: https://github.com/pypa/setuptools
Author: Python Packaging Authority
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/docs/userguide/quickstart.rst
new/setuptools-65.5.1/docs/userguide/quickstart.rst
--- old/setuptools-65.5.0/docs/userguide/quickstart.rst 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/docs/userguide/quickstart.rst 2022-11-04
20:19:31.000000000 +0100
@@ -299,7 +299,7 @@
---------------------
Packages built with ``setuptools`` can specify dependencies to be automatically
installed when the package itself is installed.
-The example below show how to configure this kind of dependencies:
+The example below shows how to configure this kind of dependencies:
.. tab:: pyproject.toml
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/setuptools-65.5.0/pkg_resources/tests/test_markers.py
new/setuptools-65.5.1/pkg_resources/tests/test_markers.py
--- old/setuptools-65.5.0/pkg_resources/tests/test_markers.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/pkg_resources/tests/test_markers.py 2022-11-04
20:19:31.000000000 +0100
@@ -1,4 +1,4 @@
-import mock
+from unittest import mock
from pkg_resources import evaluate_marker
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/setuptools-65.5.0/pkg_resources/tests/test_pkg_resources.py
new/setuptools-65.5.1/pkg_resources/tests/test_pkg_resources.py
--- old/setuptools-65.5.0/pkg_resources/tests/test_pkg_resources.py
2022-10-14 14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/pkg_resources/tests/test_pkg_resources.py
2022-11-04 20:19:31.000000000 +0100
@@ -9,10 +9,7 @@
import distutils.dist
import distutils.command.install_egg_info
-try:
- from unittest import mock
-except ImportError:
- import mock
+from unittest import mock
from pkg_resources import (
DistInfoDistribution, Distribution, EggInfoDistribution,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/pytest.ini
new/setuptools-65.5.1/pytest.ini
--- old/setuptools-65.5.0/pytest.ini 2022-10-14 14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/pytest.ini 2022-11-04 20:19:31.000000000 +0100
@@ -64,3 +64,6 @@
ignore:Support for .* in .pyproject.toml. is still .beta.
ignore::setuptools.command.editable_wheel.InformationOnly
+
+ # https://github.com/pypa/setuptools/issues/3655
+ ignore:The --rsyncdir command line argument and rsyncdirs config
variable are deprecated.:DeprecationWarning
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/setup.cfg
new/setuptools-65.5.1/setup.cfg
--- old/setuptools-65.5.0/setup.cfg 2022-10-14 14:35:13.036669700 +0200
+++ new/setuptools-65.5.1/setup.cfg 2022-11-04 20:19:53.997620000 +0100
@@ -1,6 +1,6 @@
[metadata]
name = setuptools
-version = 65.5.0
+version = 65.5.1
author = Python Packaging Authority
author_email = distutils-...@python.org
description = Easily download, build, install, upgrade, and uninstall Python
packages
@@ -51,7 +51,6 @@
pytest-enabler >= 1.3
pytest-perf
- mock
flake8-2020
virtualenv>=13.0.0
wheel
@@ -64,6 +63,7 @@
pip_run>=8.8
ini2toml[lite]>=0.9
tomli-w>=1.0.0
+ pytest-timeout
testing-integration =
pytest
pytest-xdist
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/setuptools/command/build.py
new/setuptools-65.5.1/setuptools/command/build.py
--- old/setuptools-65.5.0/setuptools/command/build.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/command/build.py 2022-11-04
20:19:31.000000000 +0100
@@ -48,8 +48,8 @@
Subcommands **SHOULD** take advantage of ``editable_mode=True`` to
adequate
its behaviour or perform optimisations.
- For example, if a subcommand don't need to generate any extra file
and
- everything it does is to copy a source file into the build directory,
+ For example, if a subcommand doesn't need to generate an extra file
and
+ all it does is to copy a source file into the build directory,
``run()`` **SHOULD** simply "early return".
Similarly, if the subcommand creates files that would be placed
alongside
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/setuptools/package_index.py
new/setuptools-65.5.1/setuptools/package_index.py
--- old/setuptools-65.5.0/setuptools/package_index.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/package_index.py 2022-11-04
20:19:31.000000000 +0100
@@ -1,4 +1,5 @@
-"""PyPI and direct package downloading"""
+"""PyPI and direct package downloading."""
+
import sys
import os
import re
@@ -19,9 +20,20 @@
import setuptools
from pkg_resources import (
- CHECKOUT_DIST, Distribution, BINARY_DIST, normalize_path, SOURCE_DIST,
- Environment, find_distributions, safe_name, safe_version,
- to_filename, Requirement, DEVELOP_DIST, EGG_DIST, parse_version,
+ CHECKOUT_DIST,
+ Distribution,
+ BINARY_DIST,
+ normalize_path,
+ SOURCE_DIST,
+ Environment,
+ find_distributions,
+ safe_name,
+ safe_version,
+ to_filename,
+ Requirement,
+ DEVELOP_DIST,
+ EGG_DIST,
+ parse_version,
)
from distutils import log
from distutils.errors import DistutilsError
@@ -40,7 +52,9 @@
EXTENSIONS = ".tar.gz .tar.bz2 .tar .zip .tgz".split()
__all__ = [
- 'PackageIndex', 'distros_for_url', 'parse_bdist_wininst',
+ 'PackageIndex',
+ 'distros_for_url',
+ 'parse_bdist_wininst',
'interpret_distro_name',
]
@@ -48,7 +62,8 @@
_tmpl = "setuptools/{setuptools.__version__} Python-urllib/{py_major}"
user_agent = _tmpl.format(
- py_major='{}.{}'.format(*sys.version_info), setuptools=setuptools)
+ py_major='{}.{}'.format(*sys.version_info), setuptools=setuptools
+)
def parse_requirement_arg(spec):
@@ -120,13 +135,15 @@
wheel = Wheel(basename)
if not wheel.is_compatible():
return []
- return [Distribution(
- location=location,
- project_name=wheel.project_name,
- version=wheel.version,
- # Increase priority over eggs.
- precedence=EGG_DIST + 1,
- )]
+ return [
+ Distribution(
+ location=location,
+ project_name=wheel.project_name,
+ version=wheel.version,
+ # Increase priority over eggs.
+ precedence=EGG_DIST + 1,
+ )
+ ]
if basename.endswith('.exe'):
win_base, py_ver, platform = parse_bdist_wininst(basename)
if win_base is not None:
@@ -137,7 +154,7 @@
#
for ext in EXTENSIONS:
if basename.endswith(ext):
- basename = basename[:-len(ext)]
+ basename = basename[: -len(ext)]
return interpret_distro_name(location, basename, metadata)
return [] # no extension matched
@@ -150,8 +167,7 @@
def interpret_distro_name(
- location, basename, metadata, py_version=None, precedence=SOURCE_DIST,
- platform=None
+ location, basename, metadata, py_version=None, precedence=SOURCE_DIST,
platform=None
):
"""Generate alternative interpretations of a source distro name
@@ -178,9 +194,13 @@
for p in range(1, len(parts) + 1):
yield Distribution(
- location, metadata, '-'.join(parts[:p]), '-'.join(parts[p:]),
- py_version=py_version, precedence=precedence,
- platform=platform
+ location,
+ metadata,
+ '-'.join(parts[:p]),
+ '-'.join(parts[p:]),
+ py_version=py_version,
+ precedence=precedence,
+ platform=platform,
)
@@ -197,8 +217,10 @@
return wrapper
-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
-# this line is here to fix emacs' cruddy broken syntax highlighting
+REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""",
re.I)
+"""
+Regex for an HTML tag with 'rel="val"' attributes.
+"""
@unique_values
@@ -282,11 +304,16 @@
"""A distribution index that scans web pages for download URLs"""
def __init__(
- self, index_url="https://pypi.org/simple/";, hosts=('*',),
- ca_bundle=None, verify_ssl=True, *args, **kw
+ self,
+ index_url="https://pypi.org/simple/";,
+ hosts=('*',),
+ ca_bundle=None,
+ verify_ssl=True,
+ *args,
+ **kw
):
super().__init__(*args, **kw)
- self.index_url = index_url + "/" [:not index_url.endswith('/')]
+ self.index_url = index_url + "/"[: not index_url.endswith('/')]
self.scanned_urls = {}
self.fetched_urls = {}
self.package_pages = {}
@@ -379,7 +406,8 @@
return True
msg = (
"\nNote: Bypassing %s (disallowed host; see "
- "http://bit.ly/2hrImnY for details).\n")
+ "http://bit.ly/2hrImnY for details).\n"
+ )
if fatal:
raise DistutilsError(msg % url)
else:
@@ -417,9 +445,7 @@
if not link.startswith(self.index_url):
return NO_MATCH_SENTINEL
- parts = list(map(
- urllib.parse.unquote, link[len(self.index_url):].split('/')
- ))
+ parts = list(map(urllib.parse.unquote, link[len(self.index_url)
:].split('/')))
if len(parts) != 2 or '#' in parts[1]:
return NO_MATCH_SENTINEL
@@ -461,16 +487,15 @@
def need_version_info(self, url):
self.scan_all(
"Page at %s links to .py file(s) without version info; an index "
- "scan is required.", url
+ "scan is required.",
+ url,
)
def scan_all(self, msg=None, *args):
if self.index_url not in self.fetched_urls:
if msg:
self.warn(msg, *args)
- self.info(
- "Scanning index of all packages (this may take a while)"
- )
+ self.info("Scanning index of all packages (this may take a while)")
self.scan_url(self.index_url)
def find_packages(self, requirement):
@@ -501,9 +526,7 @@
"""
checker is a ContentChecker
"""
- checker.report(
- self.debug,
- "Validating %%s checksum for %s" % filename)
+ checker.report(self.debug, "Validating %%s checksum for %s" % filename)
if not checker.is_valid():
tfp.close()
os.unlink(filename)
@@ -540,7 +563,8 @@
else: # no distros seen for this name, might be misspelled
meth, msg = (
self.warn,
- "Couldn't find index page for %r (maybe misspelled?)")
+ "Couldn't find index page for %r (maybe misspelled?)",
+ )
meth(msg, requirement.unsafe_name)
self.scan_all()
@@ -579,8 +603,14 @@
return getattr(self.fetch_distribution(spec, tmpdir), 'location', None)
def fetch_distribution( # noqa: C901 # is too complex (14) # FIXME
- self, requirement, tmpdir, force_scan=False, source=False,
- develop_ok=False, local_index=None):
+ self,
+ requirement,
+ tmpdir,
+ force_scan=False,
+ source=False,
+ develop_ok=False,
+ local_index=None,
+ ):
"""Obtain a distribution suitable for fulfilling `requirement`
`requirement` must be a ``pkg_resources.Requirement`` instance.
@@ -612,15 +642,13 @@
if dist.precedence == DEVELOP_DIST and not develop_ok:
if dist not in skipped:
self.warn(
- "Skipping development or system egg: %s", dist,
+ "Skipping development or system egg: %s",
+ dist,
)
skipped[dist] = 1
continue
- test = (
- dist in req
- and (dist.precedence <= SOURCE_DIST or not source)
- )
+ test = dist in req and (dist.precedence <= SOURCE_DIST or not
source)
if test:
loc = self.download(dist.location, tmpdir)
dist.download_location = loc
@@ -669,10 +697,15 @@
def gen_setup(self, filename, fragment, tmpdir):
match = EGG_FRAGMENT.match(fragment)
- dists = match and [
- d for d in
- interpret_distro_name(filename, match.group(1), None) if d.version
- ] or []
+ dists = (
+ match
+ and [
+ d
+ for d in interpret_distro_name(filename, match.group(1), None)
+ if d.version
+ ]
+ or []
+ )
if len(dists) == 1: # unambiguous ``#egg`` fragment
basename = os.path.basename(filename)
@@ -689,8 +722,9 @@
"from setuptools import setup\n"
"setup(name=%r, version=%r, py_modules=[%r])\n"
% (
- dists[0].project_name, dists[0].version,
- os.path.splitext(basename)[0]
+ dists[0].project_name,
+ dists[0].version,
+ os.path.splitext(basename)[0],
)
)
return filename
@@ -766,23 +800,22 @@
if warning:
self.warn(warning, v.reason)
else:
- raise DistutilsError("Download error for %s: %s"
- % (url, v.reason)) from v
+ raise DistutilsError(
+ "Download error for %s: %s" % (url, v.reason)
+ ) from v
except http.client.BadStatusLine as v:
if warning:
self.warn(warning, v.line)
else:
raise DistutilsError(
'%s returned a bad status line. The server might be '
- 'down, %s' %
- (url, v.line)
+ 'down, %s' % (url, v.line)
) from v
except (http.client.HTTPException, socket.error) as v:
if warning:
self.warn(warning, v)
else:
- raise DistutilsError("Download error for %s: %s"
- % (url, v)) from v
+ raise DistutilsError("Download error for %s: %s" % (url, v))
from v
def _download_url(self, scheme, url, tmpdir):
# Determine download filename
@@ -887,10 +920,13 @@
if rev is not None:
self.info("Checking out %s", rev)
- os.system("git -C %s checkout --quiet %s" % (
- filename,
- rev,
- ))
+ os.system(
+ "git -C %s checkout --quiet %s"
+ % (
+ filename,
+ rev,
+ )
+ )
return filename
@@ -903,10 +939,13 @@
if rev is not None:
self.info("Updating to %s", rev)
- os.system("hg --cwd %s up -C -r %s -q" % (
- filename,
- rev,
- ))
+ os.system(
+ "hg --cwd %s up -C -r %s -q"
+ % (
+ filename,
+ rev,
+ )
+ )
return filename
@@ -1010,7 +1049,8 @@
@property
def creds_by_repository(self):
sections_with_repositories = [
- section for section in self.sections()
+ section
+ for section in self.sections()
if self.get(section, 'repository').strip()
]
@@ -1114,8 +1154,8 @@
files.append('<a href="{name}">{name}</a>'.format(name=f))
else:
tmpl = (
- "<html><head><title>{url}</title>"
- "</head><body>{files}</body></html>")
+ "<html><head><title>{url}</title>"
"</head><body>{files}</body></html>"
+ )
body = tmpl.format(url=url, files='\n'.join(files))
status, message = 200, "OK"
else:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/setuptools-65.5.0/setuptools/tests/test_bdist_deprecations.py
new/setuptools-65.5.1/setuptools/tests/test_bdist_deprecations.py
--- old/setuptools-65.5.0/setuptools/tests/test_bdist_deprecations.py
2022-10-14 14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/tests/test_bdist_deprecations.py
2022-11-04 20:19:31.000000000 +0100
@@ -1,7 +1,7 @@
"""develop tests
"""
-import mock
import sys
+from unittest import mock
import pytest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/setuptools-65.5.0/setuptools/tests/test_build_clib.py
new/setuptools-65.5.1/setuptools/tests/test_build_clib.py
--- old/setuptools-65.5.0/setuptools/tests/test_build_clib.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/tests/test_build_clib.py 2022-11-04
20:19:31.000000000 +0100
@@ -1,6 +1,7 @@
+from unittest import mock
+
import pytest
-import mock
from distutils.errors import DistutilsSetupError
from setuptools.command.build_clib import build_clib
from setuptools.dist import Distribution
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/setuptools-65.5.0/setuptools/tests/test_easy_install.py
new/setuptools-65.5.1/setuptools/tests/test_easy_install.py
--- old/setuptools-65.5.0/setuptools/tests/test_easy_install.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/tests/test_easy_install.py 2022-11-04
20:19:31.000000000 +0100
@@ -12,7 +12,6 @@
import distutils.errors
import io
import zipfile
-import mock
import time
import re
import subprocess
@@ -20,6 +19,7 @@
import warnings
from collections import namedtuple
from pathlib import Path
+from unittest import mock
import pytest
from jaraco import path
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/setuptools-65.5.0/setuptools/tests/test_packageindex.py
new/setuptools-65.5.1/setuptools/tests/test_packageindex.py
--- old/setuptools-65.5.0/setuptools/tests/test_packageindex.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/tests/test_packageindex.py 2022-11-04
20:19:31.000000000 +0100
@@ -5,8 +5,8 @@
import urllib.request
import urllib.error
import http.client
+from unittest import mock
-import mock
import pytest
import setuptools.package_index
@@ -21,7 +21,9 @@
<a href="http://some_url";>Name</a>
(<a title="MD5 hash"
href="{hash_url}">md5</a>)
- """.lstrip().format(**locals())
+ """.lstrip().format(
+ **locals()
+ )
assert setuptools.package_index.PYPI_MD5.match(doc)
def test_bad_url_bad_port(self):
@@ -38,9 +40,7 @@
# issue 16
# easy_install inquant.contentmirror.plone breaks because of a typo
# in its home URL
- index = setuptools.package_index.PackageIndex(
- hosts=('www.example.com',)
- )
+ index =
setuptools.package_index.PackageIndex(hosts=('www.example.com',))
url = (
'url:%20https://svn.plone.org/svn'
@@ -54,9 +54,7 @@
assert isinstance(v, urllib.error.HTTPError)
def test_bad_url_bad_status_line(self):
- index = setuptools.package_index.PackageIndex(
- hosts=('www.example.com',)
- )
+ index =
setuptools.package_index.PackageIndex(hosts=('www.example.com',))
def _urlopen(*args):
raise http.client.BadStatusLine('line')
@@ -74,9 +72,7 @@
"""
A bad URL with a double scheme should raise a DistutilsError.
"""
- index = setuptools.package_index.PackageIndex(
- hosts=('www.example.com',)
- )
+ index =
setuptools.package_index.PackageIndex(hosts=('www.example.com',))
# issue 20
url = 'http://http://svn.pythonpaste.org/Paste/wphp/trunk'
@@ -93,22 +89,17 @@
raise RuntimeError("Did not raise")
def test_bad_url_screwy_href(self):
- index = setuptools.package_index.PackageIndex(
- hosts=('www.example.com',)
- )
+ index =
setuptools.package_index.PackageIndex(hosts=('www.example.com',))
# issue #160
if sys.version_info[0] == 2 and sys.version_info[1] == 7:
# this should not fail
url = 'http://example.com'
- page = ('<a href="http://www.famfamfam.com]('
- 'http://www.famfamfam.com/";>')
+ page = '<a href="http://www.famfamfam.com]('
'http://www.famfamfam.com/";>'
index.process_index(url, page)
def test_url_ok(self):
- index = setuptools.package_index.PackageIndex(
- hosts=('www.example.com',)
- )
+ index =
setuptools.package_index.PackageIndex(hosts=('www.example.com',))
url = 'file:///tmp/test_package_index'
assert index.url_ok(url, True)
@@ -169,9 +160,7 @@
'b0',
'rc0',
]
- post = [
- '.post0'
- ]
+ post = ['.post0']
dev = [
'.dev0',
]
@@ -186,10 +175,14 @@
for e in epoch
for r in releases
for p in sum([pre, post, dev], [''])
- for locs in local]
+ for locs in local
+ ]
for v, vc in versions:
- dists = list(setuptools.package_index.distros_for_url(
- 'http://example.com/example.zip#egg=example-' + v))
+ dists = list(
+ setuptools.package_index.distros_for_url(
+ 'http://example.com/example.zip#egg=example-' + v
+ )
+ )
assert dists[0].version == ''
assert dists[1].version == vc
@@ -204,8 +197,7 @@
expected_dir = str(tmpdir / 'project@master')
expected = (
- 'git clone --quiet '
- 'https://github.example/group/project {expected_dir}'
+ 'git clone --quiet ' 'https://github.example/group/project
{expected_dir}'
).format(**locals())
first_call_args = os_system_mock.call_args_list[0][0]
assert first_call_args == (expected,)
@@ -226,8 +218,7 @@
expected_dir = str(tmpdir / 'project')
expected = (
- 'git clone --quiet '
- 'https://github.example/group/project {expected_dir}'
+ 'git clone --quiet ' 'https://github.example/group/project
{expected_dir}'
).format(**locals())
os_system_mock.assert_called_once_with(expected)
@@ -243,8 +234,7 @@
expected_dir = str(tmpdir / 'project')
expected = (
- 'svn checkout -q '
- 'svn+https://svn.example/project {expected_dir}'
+ 'svn checkout -q ' 'svn+https://svn.example/project {expected_dir}'
).format(**locals())
os_system_mock.assert_called_once_with(expected)
@@ -252,7 +242,8 @@
class TestContentCheckers:
def test_md5(self):
checker = setuptools.package_index.HashChecker.from_url(
- 'http://foo/bar#md5=f12895fdffbd45007040d2e44df98478')
+ 'http://foo/bar#md5=f12895fdffbd45007040d2e44df98478'
+ )
checker.feed('You should probably not be using MD5'.encode('ascii'))
assert checker.hash.hexdigest() == 'f12895fdffbd45007040d2e44df98478'
assert checker.is_valid()
@@ -260,25 +251,27 @@
def test_other_fragment(self):
"Content checks should succeed silently if no hash is present"
checker = setuptools.package_index.HashChecker.from_url(
- 'http://foo/bar#something%20completely%20different')
+ 'http://foo/bar#something%20completely%20different'
+ )
checker.feed('anything'.encode('ascii'))
assert checker.is_valid()
def test_blank_md5(self):
"Content checks should succeed if a hash is empty"
- checker = setuptools.package_index.HashChecker.from_url(
- 'http://foo/bar#md5=')
+ checker =
setuptools.package_index.HashChecker.from_url('http://foo/bar#md5=')
checker.feed('anything'.encode('ascii'))
assert checker.is_valid()
def test_get_hash_name_md5(self):
checker = setuptools.package_index.HashChecker.from_url(
- 'http://foo/bar#md5=f12895fdffbd45007040d2e44df98478')
+ 'http://foo/bar#md5=f12895fdffbd45007040d2e44df98478'
+ )
assert checker.hash_name == 'md5'
def test_report(self):
checker = setuptools.package_index.HashChecker.from_url(
- 'http://foo/bar#md5=f12895fdffbd45007040d2e44df98478')
+ 'http://foo/bar#md5=f12895fdffbd45007040d2e44df98478'
+ )
rep = checker.report(lambda x: x, 'My message about %s')
assert rep == 'My message about md5'
@@ -287,8 +280,8 @@
def temp_home(tmpdir, monkeypatch):
key = (
'USERPROFILE'
- if platform.system() == 'Windows' and sys.version_info > (3, 8) else
- 'HOME'
+ if platform.system() == 'Windows' and sys.version_info > (3, 8)
+ else 'HOME'
)
monkeypatch.setitem(os.environ, key, str(tmpdir))
@@ -298,13 +291,25 @@
class TestPyPIConfig:
def test_percent_in_password(self, temp_home):
pypirc = temp_home / '.pypirc'
- pypirc.write(DALS("""
+ pypirc.write(
+ DALS(
+ """
[pypi]
repository=https://pypi.org
username=jaraco
password=pity%
- """))
+ """
+ )
+ )
cfg = setuptools.package_index.PyPIConfig()
cred = cfg.creds_by_repository['https://pypi.org']
assert cred.username == 'jaraco'
assert cred.password == 'pity%'
+
+
+@pytest.mark.timeout(1)
+def test_REL_DoS():
+ """
+ REL should not hang on a contrived attack string.
+ """
+ setuptools.package_index.REL.search('< rel=' + ' ' * 2**12)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/setuptools/tests/test_register.py
new/setuptools-65.5.1/setuptools/tests/test_register.py
--- old/setuptools-65.5.0/setuptools/tests/test_register.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/tests/test_register.py 2022-11-04
20:19:31.000000000 +0100
@@ -2,10 +2,7 @@
from setuptools.dist import Distribution
from setuptools.errors import RemovedCommandError
-try:
- from unittest import mock
-except ImportError:
- import mock
+from unittest import mock
import pytest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/setuptools/tests/test_upload.py
new/setuptools-65.5.1/setuptools/tests/test_upload.py
--- old/setuptools-65.5.0/setuptools/tests/test_upload.py 2022-10-14
14:34:42.000000000 +0200
+++ new/setuptools-65.5.1/setuptools/tests/test_upload.py 2022-11-04
20:19:31.000000000 +0100
@@ -2,10 +2,7 @@
from setuptools.dist import Distribution
from setuptools.errors import RemovedCommandError
-try:
- from unittest import mock
-except ImportError:
- import mock
+from unittest import mock
import pytest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/setuptools.egg-info/PKG-INFO
new/setuptools-65.5.1/setuptools.egg-info/PKG-INFO
--- old/setuptools-65.5.0/setuptools.egg-info/PKG-INFO 2022-10-14
14:35:12.000000000 +0200
+++ new/setuptools-65.5.1/setuptools.egg-info/PKG-INFO 2022-11-04
20:19:53.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: setuptools
-Version: 65.5.0
+Version: 65.5.1
Summary: Easily download, build, install, upgrade, and uninstall Python
packages
Home-page: https://github.com/pypa/setuptools
Author: Python Packaging Authority
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/setuptools-65.5.0/setuptools.egg-info/requires.txt
new/setuptools-65.5.1/setuptools.egg-info/requires.txt
--- old/setuptools-65.5.0/setuptools.egg-info/requires.txt 2022-10-14
14:35:12.000000000 +0200
+++ new/setuptools-65.5.1/setuptools.egg-info/requires.txt 2022-11-04
20:19:53.000000000 +0100
@@ -24,7 +24,6 @@
flake8<5
pytest-enabler>=1.3
pytest-perf
-mock
flake8-2020
virtualenv>=13.0.0
wheel
@@ -37,6 +36,7 @@
pip_run>=8.8
ini2toml[lite]>=0.9
tomli-w>=1.0.0
+pytest-timeout
[testing-integration]
pytest
