Hello community, here is the log from the commit of package python-slixmpp for openSUSE:Factory checked in at 2019-02-06 14:07:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-slixmpp (Old) and /work/SRC/openSUSE:Factory/.python-slixmpp.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-slixmpp" Wed Feb 6 14:07:09 2019 rev:5 rq:671888 version:1.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-slixmpp/python-slixmpp.changes 2019-01-15 09:16:35.990222975 +0100 +++ /work/SRC/openSUSE:Factory/.python-slixmpp.new.28833/python-slixmpp.changes 2019-02-06 14:07:11.510651746 +0100 @@ -1,0 +2,10 @@ +Tue Feb 5 14:11:03 UTC 2019 - [email protected] + +- Update to 1.4.2: + * Do not do channel binding without TLS + * Add default timeout of 120s for IQs (prevent slowdowns) + * Fix CVE-2019-1000021 (bsc#1124322) + * Do not query vcard avatars unconditionnally + * Fix GSSAPI (Jelmer Vernooij) + +------------------------------------------------------------------- Old: ---- slixmpp-slix-1.4.1.tar.gz New: ---- slixmpp-slix-1.4.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-slixmpp.spec ++++++ --- /var/tmp/diff_new_pack.UrEtDv/_old 2019-02-06 14:07:12.710651527 +0100 +++ /var/tmp/diff_new_pack.UrEtDv/_new 2019-02-06 14:07:12.714651526 +0100 @@ -20,13 +20,13 @@ %define _name slixmpp %define _tar_ver 127 Name: python-slixmpp -Version: 1.4.1 +Version: 1.4.2 Release: 0 Summary: Python XMPP (Jabber) Library that Implements Everything as a Plugin License: MIT Group: Development/Languages/Python URL: https://slixmpp.readthedocs.io/ -Source: https://lab.louiz.org/poezio/slixmpp/-/archive/slix-1.4.1/slixmpp-slix-%{version}.tar.gz +Source: https://lab.louiz.org/poezio/slixmpp/-/archive/slix-%{version}/slixmpp-slix-%{version}.tar.gz # PATCH-FIX-OPENSUSE slixmpp-fix-legacyauth.patch [email protected] -- Fix an error in legacyauth support. Patch0: %{_name}-fix-legacyauth.patch BuildRequires: %{python_module Cython} ++++++ slixmpp-slix-1.4.1.tar.gz -> slixmpp-slix-1.4.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/INSTALL new/slixmpp-slix-1.4.2/INSTALL --- old/slixmpp-slix-1.4.1/INSTALL 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/INSTALL 2019-01-31 14:50:26.000000000 +0100 @@ -1,6 +1,7 @@ Pre-requisites: - Python 3.5+ - Cython 0.22 and libidn, optionally (making JID faster by compiling the stringprep module) +- GnuPG, for testing Install: > python3 setup.py install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/features/feature_mechanisms/mechanisms.py new/slixmpp-slix-1.4.2/slixmpp/features/feature_mechanisms/mechanisms.py --- old/slixmpp-slix-1.4.1/slixmpp/features/feature_mechanisms/mechanisms.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/features/feature_mechanisms/mechanisms.py 2019-01-31 14:50:26.000000000 +0100 @@ -97,7 +97,10 @@ jid = self.xmpp.requested_jid.bare result[value] = creds.get('email', jid) elif value == 'channel_binding': - result[value] = self.xmpp.socket.get_channel_binding() + if isinstance(self.xmpp.socket, (ssl.SSLSocket, ssl.SSLObject)): + result[value] = self.xmpp.socket.get_channel_binding() + else: + result[value] = None elif value == 'host': result[value] = creds.get('host', self.xmpp.requested_jid.domain) elif value == 'realm': diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0153/vcard_avatar.py new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0153/vcard_avatar.py --- old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0153/vcard_avatar.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0153/vcard_avatar.py 2019-01-31 14:50:26.000000000 +0100 @@ -167,10 +167,7 @@ data = pres['vcard_temp_update']['photo'] if data is None: return - elif data == '' or data != self.api['get_hash'](pres['from']): - ifrom = pres['to'] if self.xmpp.is_component else None - self.api['reset_hash'](pres['from'], ifrom=ifrom) - self.xmpp.event('vcard_avatar_update', pres) + self.xmpp.event('vcard_avatar_update', pres) # ================================================================= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0223.py new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0223.py --- old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0223.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0223.py 2019-01-31 14:50:26.000000000 +0100 @@ -26,7 +26,7 @@ dependencies = {'xep_0163', 'xep_0060', 'xep_0004'} profile = {'pubsub#persist_items': True, - 'pubsub#send_last_published_item': 'never'} + 'pubsub#access_model': 'whitelist'} def configure(self, node, ifrom=None, callback=None, timeout=None): """ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0335/__init__.py new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0335/__init__.py --- old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0335/__init__.py 1970-01-01 01:00:00.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0335/__init__.py 2019-01-31 14:50:26.000000000 +0100 @@ -0,0 +1,14 @@ +""" + Slixmpp: The Slick XMPP Library + Copyright (C) 2018 Maxime “pep” Buquet + This file is part of Slixmpp. + + See the file LICENSE for copying permission. +""" + +from slixmpp.plugins.base import register_plugin + +from slixmpp.plugins.xep_0335.stanza import JSON_Container +from slixmpp.plugins.xep_0335.json_containers import XEP_0335 + +register_plugin(XEP_0335) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0335/json_containers.py new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0335/json_containers.py --- old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0335/json_containers.py 1970-01-01 01:00:00.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0335/json_containers.py 2019-01-31 14:50:26.000000000 +0100 @@ -0,0 +1,22 @@ +""" + Slixmpp: The Slick XMPP Library + Copyright (C) 2018 Maxime “pep” Buquet + This file is part of Slixmpp. + + See the file LICENSE for copying permission. +""" + +from slixmpp import Message +from slixmpp.plugins import BasePlugin +from slixmpp.xmlstream import register_stanza_plugin +from slixmpp.plugins.xep_0335 import JSON_Container + + +class XEP_0335(BasePlugin): + + name = 'xep_0335' + description = 'XEP-0335: JSON Containers' + stanza = stanza + + def plugin_init(self): + register_stanza_plugin(Message, JSON_Container) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0335/stanza.py new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0335/stanza.py --- old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0335/stanza.py 1970-01-01 01:00:00.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0335/stanza.py 2019-01-31 14:50:26.000000000 +0100 @@ -0,0 +1,28 @@ +""" + Slixmpp: The Slick XMPP Library + Copyright (C) 2018 Maxime “pep” Buquet + This file is part of Slixmpp. + + See the file LICENSE for copying permission. +""" + +import json +from slixmpp.xmlstream import ElementBase + + +class JSON_Container(ElementBase): + name = 'json' + plugin_attrib = 'json' + namespace = 'urn:xmpp:json:0' + interfaces = {'value'} + + def get_value(self): + return json.loads(self.xml.text) + + def set_value(self, value): + if not isinstance(value, str): + value = json.dumps(value) + self.xml.text = value + + def del_value(self): + self.xml.text = '' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0363/http_upload.py new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0363/http_upload.py --- old/slixmpp-slix-1.4.1/slixmpp/plugins/xep_0363/http_upload.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/plugins/xep_0363/http_upload.py 2019-01-31 14:50:26.000000000 +0100 @@ -30,6 +30,10 @@ class FileTooBig(FileUploadError): pass +class HTTPError(FileUploadError): + def __str__(self): + return 'Could not upload file: %d (%s)' % (self.args[0], self.args[1]) + class XEP_0363(BasePlugin): ''' This plugin only supports Python 3.5+ ''' @@ -148,6 +152,8 @@ data=input_file, headers=headers, timeout=timeout) + if response.status >= 400: + raise HTTPError(response.status, await response.text()) log.info('Response code: %d (%s)', response.status, await response.text()) response.close() return slot['get']['url'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/stanza/iq.py new/slixmpp-slix-1.4.2/slixmpp/stanza/iq.py --- old/slixmpp-slix-1.4.1/slixmpp/stanza/iq.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/stanza/iq.py 2019-01-31 14:50:26.000000000 +0100 @@ -187,6 +187,10 @@ future = asyncio.Future() + # Prevents handlers from existing forever. + if timeout is None: + timeout = 120 + def callback_success(result): type_ = result['type'] if type_ == 'result': diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/util/sasl/mechanisms.py new/slixmpp-slix-1.4.2/slixmpp/util/sasl/mechanisms.py --- old/slixmpp-slix-1.4.1/slixmpp/util/sasl/mechanisms.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/util/sasl/mechanisms.py 2019-01-31 14:50:26.000000000 +0100 @@ -516,13 +516,13 @@ def setup(self, name): authzid = self.credentials['authzid'] if not authzid: - authzid = 'xmpp@%s' % self.credentials['service-name'] + authzid = 'xmpp@' + self.credentials['service-name'].decode() _, self.gss = kerberos.authGSSClientInit(authzid) self.step = 0 def process(self, challenge=b''): - b64_challenge = b64encode(challenge) + b64_challenge = b64encode(challenge).decode('ascii') try: if self.step == 0: result = kerberos.authGSSClientStep(self.gss, b64_challenge) @@ -536,7 +536,7 @@ kerberos.authGSSClientUnwrap(self.gss, b64_challenge) resp = kerberos.authGSSClientResponse(self.gss) - kerberos.authGSSClientWrap(self.gss, resp, username) + kerberos.authGSSClientWrap(self.gss, resp, username.decode()) resp = kerberos.authGSSClientResponse(self.gss) except kerberos.GSSError as e: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/version.py new/slixmpp-slix-1.4.2/slixmpp/version.py --- old/slixmpp-slix-1.4.1/slixmpp/version.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/version.py 2019-01-31 14:50:26.000000000 +0100 @@ -9,5 +9,5 @@ # We don't want to have to import the entire library # just to get the version info for setup.py -__version__ = '1.4.1' -__version_info__ = (1, 4, 1) +__version__ = '1.4.2' +__version_info__ = (1, 4, 2) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/xmlstream/stanzabase.py new/slixmpp-slix-1.4.2/slixmpp/xmlstream/stanzabase.py --- old/slixmpp-slix-1.4.1/slixmpp/xmlstream/stanzabase.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/xmlstream/stanzabase.py 2019-01-31 14:50:26.000000000 +0100 @@ -177,8 +177,9 @@ if '}' in ns_block: # Apply the found namespace to following elements # that do not have namespaces. - namespace = ns_block.split('}')[0] - elements = ns_block.split('}')[1].split('/') + ns_block_split = ns_block.split('}') + namespace = ns_block_split[0] + elements = ns_block_split[1].split('/') else: # Apply the stanza's namespace to the following # elements since no namespace was provided. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slixmpp-slix-1.4.1/slixmpp/xmlstream/tostring.py new/slixmpp-slix-1.4.2/slixmpp/xmlstream/tostring.py --- old/slixmpp-slix-1.4.1/slixmpp/xmlstream/tostring.py 2018-10-28 14:15:51.000000000 +0100 +++ new/slixmpp-slix-1.4.2/slixmpp/xmlstream/tostring.py 2019-01-31 14:50:26.000000000 +0100 @@ -45,11 +45,12 @@ output = [outbuffer] # Extract the element's tag name. - tag_name = xml.tag.split('}', 1)[-1] + tag_split = xml.tag.split('}', 1) + tag_name = tag_split[-1] # Extract the element's namespace if it is defined. if '}' in xml.tag: - tag_xmlns = xml.tag.split('}', 1)[0][1:] + tag_xmlns = tag_split[0][1:] else: tag_xmlns = '' @@ -82,8 +83,9 @@ if '}' not in attrib: output.append(' %s="%s"' % (attrib, value)) else: - attrib_ns = attrib.split('}')[0][1:] - attrib = attrib.split('}')[1] + attrib_split = attrib.split('}') + attrib_ns = attrib_split[0][1:] + attrib = attrib_split[1] if attrib_ns == XML_NS: output.append(' xml:%s="%s"' % (attrib, value)) elif stream and attrib_ns in stream.namespace_map: @@ -144,10 +146,7 @@ '"': '"'} if not use_cdata: - text = list(text) - for i, c in enumerate(text): - text[i] = escapes.get(c, c) - return ''.join(text) + return ''.join(escapes.get(c, c) for c in text) else: escape_needed = False for c in text:
