Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package sqlobject sqlobject 0.12.4-2.2 fixes #695233, which prevents it from working properly with the default postgres version in wheezy. Since sqlobject is a database ORM, this is a reasonably serious regression from squeeze, so it would be useful to have it fixed. debdiff sqlobject_0.12.4-2.1.dsc sqlobject_0.12.4-2.2.dsc diff -Nru sqlobject-0.12.4/debian/changelog sqlobject-0.12.4/debian/changelog --- sqlobject-0.12.4/debian/changelog 2012-01-14 16:12:15.000000000 +0200 +++ sqlobject-0.12.4/debian/changelog 2013-02-11 13:03:52.000000000 +0200 @@ -1,3 +1,13 @@ +sqlobject (0.12.4-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix "SQLObject doesn't escape strings correctly for postgresql 9.1": + new patch postgres_escape_0.12.4 backported from upstream (1.2.0). + (Closes: #695233) + + -- Neil Muller <[email protected]> Mon, 11 Feb 2013 13:03:04 +0200 + + sqlobject (0.12.4-2.1) unstable; urgency=low * Non-maintainer upload. diff -Nru sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 --- sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 1970-01-01 02:00:00.000000000 +0200 +++ sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 2013-02-11 13:02:03.000000000 +0200 @@ -0,0 +1,169 @@ +Description: Postgresql 9.1 changed the default value of standard_conforming_strings to on. SQLObject only added support for the E'' escape syntax in version 1.2.0 +Origin: upstream, Version 1.2.0 +Bug-Debian: http://bugs.debian.org/695233 +Author: phd +Last-Update: 2013-02-11 + +--- a/sqlobject/converters.py (revision 4567) ++++ b/sqlobject/converters.py (working copy) +@@ -1,6 +1,11 @@ ++from array import array ++import datetime ++from decimal import Decimal + import sys +-from array import array ++import time ++from types import ClassType, InstanceType, NoneType + ++ + try: + import mx.DateTime.ISO + origISOStr = mx.DateTime.ISO.strGMT +@@ -15,17 +20,12 @@ + DateTimeType = None + DateTimeDeltaType = None + +-import time +-import datetime +- + try: + import Sybase + NumericType=Sybase.NumericType + except ImportError: + NumericType = None + +-from decimal import Decimal +-from types import ClassType, InstanceType, NoneType + + ######################################## + ## Quoting +@@ -90,6 +90,8 @@ + value = value.replace("'", "''") + else: + assert 0, "Database %s unknown" % db ++ if db in ('postgres', 'rdbhost') and ('\\' in value): ++ return "E'%s'" % value + return "'%s'" % value + + registerConverter(str, StringLikeConverter) +@@ -198,3 +200,17 @@ + return converter(obj, db) + else: + return reprFunc(db) ++ ++ ++def quote_str(s, db): ++ if db in ('postgres', 'rdbhost') and ('\\' in s): ++ return "E'%s'" % s ++ return "'%s'" % s ++ ++def unquote_str(s): ++ if s.upper().startswith("E'") and s.endswith("'"): ++ return s[2:-1] ++ elif s.startswith("'") and s.endswith("'"): ++ return s[1:-1] ++ else: ++ return s +Index: sqlobject/sqlbuilder.py +=================================================================== +--- a/sqlobject/sqlbuilder.py (revision 4567) ++++ b/sqlobject/sqlbuilder.py (working copy) +@@ -70,7 +70,7 @@ + import weakref + + import classregistry +-from converters import sqlrepr, registerConverter ++from converters import registerConverter, sqlrepr, quote_str, unquote_str + + + class VersionError(Exception): +@@ -896,18 +896,18 @@ + if isinstance(s, SQLExpression): + values = [] + if self.prefix: +- values.append("'%s'" % self.prefix) ++ values.append(quote_str(self.prefix, db)) + s = _quote_like_special(sqlrepr(s, db), db) + values.append(s) + if self.postfix: +- values.append("'%s'" % self.postfix) ++ values.append(quote_str(self.postfix, db)) + if db == "mysql": + return "CONCAT(%s)" % ", ".join(values) + else: + return " || ".join(values) + elif isinstance(s, basestring): +- s = _quote_like_special(sqlrepr(s, db)[1:-1], db) +- return "'%s%s%s'" % (self.prefix, s, self.postfix) ++ s = _quote_like_special(unquote_str(sqlrepr(s, db)), db) ++ return quote_str("%s%s%s" % (self.prefix, s, self.postfix), db) + else: + raise TypeError, "expected str, unicode or SQLExpression, got %s" % type(s) + +Index: sqlobject/tests/test_converters.py +=================================================================== +--- a/sqlobject/tests/test_converters.py (revision 4567) ++++ b/sqlobject/tests/test_converters.py (working copy) +@@ -1,9 +1,11 @@ + import sys + from sqlobject.sqlbuilder import sqlrepr ++from sqlobject.converters import registerConverter, sqlrepr, \ ++ quote_str, unquote_str + from sqlobject.sqlbuilder import SQLExpression, SQLObjectField, \ + Select, Insert, Update, Delete, Replace, \ +- SQLTrueClauseClass, SQLConstant, SQLPrefix, SQLCall, SQLOp +-from sqlobject.converters import registerConverter ++ SQLTrueClauseClass, SQLConstant, SQLPrefix, SQLCall, SQLOp, \ ++ _LikeQuoted + + class TestClass: + +@@ -40,23 +42,23 @@ + assert sqlrepr('A String', 'firebird') == "'A String'" + + def test_string_newline(): +- assert sqlrepr('A String\nAnother', 'postgres') == "'A String\\nAnother'" ++ assert sqlrepr('A String\nAnother', 'postgres') == "E'A String\\nAnother'" + assert sqlrepr('A String\nAnother', 'sqlite') == "'A String\nAnother'" + + def test_string_tab(): +- assert sqlrepr('A String\tAnother', 'postgres') == "'A String\\tAnother'" ++ assert sqlrepr('A String\tAnother', 'postgres') == "E'A String\\tAnother'" + + def test_string_r(): +- assert sqlrepr('A String\rAnother', 'postgres') == "'A String\\rAnother'" ++ assert sqlrepr('A String\rAnother', 'postgres') == "E'A String\\rAnother'" + + def test_string_b(): +- assert sqlrepr('A String\bAnother', 'postgres') == "'A String\\bAnother'" ++ assert sqlrepr('A String\bAnother', 'postgres') == "E'A String\\bAnother'" + + def test_string_000(): +- assert sqlrepr('A String\000Another', 'postgres') == "'A String\\0Another'" ++ assert sqlrepr('A String\000Another', 'postgres') == "E'A String\\0Another'" + + def test_string_(): +- assert sqlrepr('A String\tAnother', 'postgres') == "'A String\\tAnother'" ++ assert sqlrepr('A String\tAnother', 'postgres') == "E'A String\\tAnother'" + assert sqlrepr('A String\'Another', 'firebird') == "'A String''Another'" + + def test_simple_unicode(): +@@ -195,3 +197,18 @@ + pass + else: + assert sqlrepr(Set([1])) == "(1)" ++ ++def test_quote_unquote_str(): ++ assert quote_str('test%', 'postgres') == "'test%'" ++ assert quote_str('test%', 'sqlite') == "'test%'" ++ assert quote_str('test\%', 'postgres') == "E'test\\%'" ++ assert quote_str('test\\%', 'sqlite') == "'test\%'" ++ assert unquote_str("'test%'") == 'test%' ++ assert unquote_str("'test\\%'") == 'test\\%' ++ assert unquote_str("E'test\\%'") == 'test\\%' ++ ++def test_like_quoted(): ++ assert sqlrepr(_LikeQuoted('test'), 'postgres') == "'test'" ++ assert sqlrepr(_LikeQuoted('test'), 'sqlite') == "'test'" ++ assert sqlrepr(_LikeQuoted('test%'), 'postgres') == r"E'test\\%'" ++ assert sqlrepr(_LikeQuoted('test%'), 'sqlite') == r"'test\%'" diff -Nru sqlobject-0.12.4/debian/patches/series sqlobject-0.12.4/debian/patches/series --- sqlobject-0.12.4/debian/patches/series 2012-01-14 16:05:43.000000000 +0200 +++ sqlobject-0.12.4/debian/patches/series 2013-02-11 12:27:45.000000000 +0200 @@ -1,2 +1,3 @@ get_rid_of_setuptools psycopg2-autocommit +postgres_escape_0.12.4 unblock sqlobject/0.12.4-2.2 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
