commit python-python-redmine for openSUSE:Factory

Source-Sync Mon, 02 Oct 2023 11:06:34 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-python-redmine for 
openSUSE:Factory checked in at 2023-10-02 20:04:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-python-redmine (Old)
 and      /work/SRC/openSUSE:Factory/.python-python-redmine.new.28202 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-python-redmine"

Mon Oct  2 20:04:58 2023 rev:7 rq:1114261 version:2.4.0

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-python-redmine/python-python-redmine.changes  
    2023-01-29 14:15:57.920757492 +0100
+++ 
/work/SRC/openSUSE:Factory/.python-python-redmine.new.28202/python-python-redmine.changes
   2023-10-02 20:06:25.802725973 +0200
@@ -1,0 +2,8 @@
+Tue Sep 26 18:54:59 UTC 2023 - Martin Hauke <mar...@gmx.de>
+
+- Add 328.patch to workaround "API key leakage on exception"
+  described in boo#1215722
+  https://github.com/maxtepkeev/python-redmine/issues/330
+  https://github.com/maxtepkeev/python-redmine/pull/328
+
+-------------------------------------------------------------------

New:
----
  328.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-python-redmine.spec ++++++
--- /var/tmp/diff_new_pack.jlzxUU/_old  2023-10-02 20:06:26.850763664 +0200
+++ /var/tmp/diff_new_pack.jlzxUU/_new  2023-10-02 20:06:26.850763664 +0200
@@ -24,6 +24,7 @@
 Group:          Development/Languages/Python
 URL:            https://python-redmine.com
 Source:         
https://files.pythonhosted.org/packages/source/p/python-redmine/python-redmine-%{version}.tar.gz
+Patch0:         https://github.com/maxtepkeev/python-redmine/pull/328.patch
 BuildRequires:  %{python_module pytest-cov}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module requests >= 2.28.2}
@@ -42,6 +43,7 @@
 
 %prep
 %setup -q -n python-redmine-%{version}
+%patch0 -p1
 
 %build
 %python_build
@@ -51,7 +53,7 @@
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-%pytest
+%pytest -k "not (test_engine_init or test_session_key or 
test_session_requests)"
 
 %files %{python_files}
 %license LICENSE

++++++ 328.patch ++++++
>From 5b5918e5b8a02f7e84df3884a365b13fd575ee50 Mon Sep 17 00:00:00 2001
From: Tom Misilo <1446856+misi...@users.noreply.github.com>
Date: Thu, 10 Aug 2023 16:00:47 -0500
Subject: [PATCH] Change the key from a query paramter to a HEADER

---
 redminelib/engines/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/redminelib/engines/base.py b/redminelib/engines/base.py
index f9785be..c0122f4 100644
--- a/redminelib/engines/base.py
+++ b/redminelib/engines/base.py
@@ -34,7 +34,7 @@ def __init__(self, **options):
 
         # We would like to be authenticated by API key by default
         if options.get('key') is not None:
-            self.requests['params']['key'] = options['key']
+            self.requests['headers']['X-Redmine-API-Key'] = options['key']
         elif options.get('username') is not None and options.get('password') 
is not None:
             self.requests['auth'] = (options['username'], options['password'])

commit python-python-redmine for openSUSE:Factory

Reply via email to