Hello community, here is the log from the commit of package osc for openSUSE:Factory checked in at 2019-07-24 20:51:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osc (Old) and /work/SRC/openSUSE:Factory/.osc.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osc" Wed Jul 24 20:51:07 2019 rev:136 rq:718310 version:0.165.3 Changes: -------- --- /work/SRC/openSUSE:Factory/osc/osc.changes 2019-07-11 13:16:38.834800398 +0200 +++ /work/SRC/openSUSE:Factory/.osc.new.4126/osc.changes 2019-07-24 20:51:08.582446264 +0200 @@ -1,0 +2,10 @@ +Wed Jul 24 13:18:01 UTC 2019 - Marco Strigl <[email protected]> + +- 0.165.3 (boo#1142662) + * switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. + This will fix all decoding issues with osc diff, osc ci and osc rq -d + * fix osc ls -lb handling empty size and mtime + * removed decoding on osc api command. + * fixed broken TLS certificate handling (boo#1142518, CVE-2019-3685) + +------------------------------------------------------------------- Old: ---- osc-0.165.2.tar.gz New: ---- osc-0.165.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osc.spec ++++++ --- /var/tmp/diff_new_pack.aDmZgw/_old 2019-07-24 20:51:09.650446102 +0200 +++ /var/tmp/diff_new_pack.aDmZgw/_new 2019-07-24 20:51:09.654446101 +0200 @@ -27,12 +27,12 @@ %define use_python python %endif -%define version_unconverted 0.165.2 +%define version_unconverted 0.165.3 %define osc_plugin_dir %{_prefix}/lib/osc-plugins %define macros_file macros.osc Name: osc -Version: 0.165.2 +Version: 0.165.3 Release: 0 Summary: Open Build Service Commander License: GPL-2.0-or-later ++++++ PKGBUILD ++++++ --- /var/tmp/diff_new_pack.aDmZgw/_old 2019-07-24 20:51:09.686446097 +0200 +++ /var/tmp/diff_new_pack.aDmZgw/_new 2019-07-24 20:51:09.690446095 +0200 @@ -1,5 +1,5 @@ pkgname=osc -pkgver=0.165.2 +pkgver=0.165.3 pkgrel=0 pkgdesc="Open Build Service client" arch=('i686' 'x86_64') ++++++ _service ++++++ --- /var/tmp/diff_new_pack.aDmZgw/_old 2019-07-24 20:51:09.702446094 +0200 +++ /var/tmp/diff_new_pack.aDmZgw/_new 2019-07-24 20:51:09.702446094 +0200 @@ -1,7 +1,7 @@ <services> <service name="tar_scm" mode="disabled"> - <param name="version">0.165.2</param> - <param name="revision">0.165.2</param> + <param name="version">0.165.3</param> + <param name="revision">0.165.3</param> <param name="url">git://github.com/openSUSE/osc.git</param> <param name="scm">git</param> </service> ++++++ debian.changelog ++++++ --- /var/tmp/diff_new_pack.aDmZgw/_old 2019-07-24 20:51:09.734446089 +0200 +++ /var/tmp/diff_new_pack.aDmZgw/_new 2019-07-24 20:51:09.734446089 +0200 @@ -1,4 +1,4 @@ -osc (0.165.2) unstable; urgency=low +osc (0.165.3) unstable; urgency=low - Update to 0.161.1 -- Marco Strigl <[email protected]> Thu, 26 Oct 2017 14:42:00 +0200 ++++++ osc-0.165.2.tar.gz -> osc-0.165.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/osc-0.165.2/.travis.yml new/osc-0.165.3/.travis.yml --- old/osc-0.165.2/.travis.yml 2019-07-08 11:28:50.000000000 +0200 +++ new/osc-0.165.3/.travis.yml 2019-07-24 15:13:39.000000000 +0200 @@ -1,8 +1,6 @@ language: python python: - '2.7' -- '3.3' -- '3.4' - '3.6' addons: apt: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/osc-0.165.2/NEWS new/osc-0.165.3/NEWS --- old/osc-0.165.2/NEWS 2019-07-08 11:28:50.000000000 +0200 +++ new/osc-0.165.3/NEWS 2019-07-24 15:13:39.000000000 +0200 @@ -1,3 +1,10 @@ +0.165.3 + - switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. + This will fix all decoding issues with osc diff, osc ci and osc rq -d + - fix osc ls -lb handling empty size and mtime + - removed decoding on osc api command. + - fixed broken TLS certificate handling (boo#1142518, CVE-2019-3685) + 0.165.2 - support different token operations (runservice, release and rebuild) (requires OBS 2.10) - fix osc token decode error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/osc-0.165.2/osc/commandline.py new/osc-0.165.3/osc/commandline.py --- old/osc-0.165.2/osc/commandline.py 2019-07-08 11:28:50.000000000 +0200 +++ new/osc-0.165.3/osc/commandline.py 2019-07-24 15:13:39.000000000 +0200 @@ -393,6 +393,10 @@ for f in result[1]: if f.size is None and f.mtime is None: print("%9s %12s %-40s" % ('unknown', 'unknown', f.name)) + elif f.size is None and f.mtime is not None: + print("%9s %s %-40s" % ('unknown', shorttime(f.mtime), f.name)) + elif f.size is not None and f.mtime is None: + print("%9d %12s %-40s" % (f.size, 'unknown', f.name)) else: print("%9d %s %-40s" % (f.size, shorttime(f.mtime), f.name)) else: @@ -1405,16 +1409,19 @@ rdiff = None if opts.diff or not opts.message: try: - rdiff = 'old: %s/%s\nnew: %s/%s rev %s\n' % (dst_project, dst_package, src_project, src_package, rev) - rdiff += decode_it(server_diff(apiurl, - dst_project, dst_package, None, - src_project, src_package, rev, True)) + rdiff = b'old: %s/%s\nnew: %s/%s rev %s\n' % (dst_project.encode(), dst_package.encode(), src_project.encode(), src_package.encode(), str(rev).encode()) + rdiff += server_diff(apiurl, + dst_project, dst_package, None, + src_project, src_package, rev, True) except: - rdiff = '' + rdiff = b'' if opts.diff: run_pager(rdiff) return + if rdiff is not None: + rdiff = decode_it(rdiff) + supersede_existing = False reqs = [] if not opts.supersede: @@ -1510,13 +1517,13 @@ sys.exit("Please fix this first") t = linkinfo.get('project') if t: - rdiff = '' + rdiff = b'' try: rdiff = server_diff(apiurl, t, p, opts.revision, project, p, None, True) except: - rdiff = '' + rdiff = b'' - if rdiff != '': + if rdiff != b'': targetprojects.append(t) pac.append(p) else: @@ -2495,10 +2502,10 @@ if not r.get_actions('submit') and not r.get_actions('maintenance_incident') and not r.get_actions('maintenance_release'): raise oscerr.WrongOptions('\'--diff\' not possible (request has no supported actions)') for action in sr_actions: - diff += 'old: %s/%s\nnew: %s/%s\n' % (action.src_project, action.src_package, - action.tgt_project, action.tgt_package) + diff += b'old: %s/%s\nnew: %s/%s\n' % (action.src_project.encode(), action.src_package.encode(), + action.tgt_project.encode(), action.tgt_package.encode()) diff += submit_action_diff(apiurl, action) - diff += '\n\n' + diff += b'\n\n' run_pager(decode_it(diff), tmp_suffix='') # checkout @@ -3864,15 +3871,15 @@ return else: rev1, rev2 = parseRevisionOption(opts.revision) - diff = '' + diff = b'' for pac in pacs: if not rev2: for i in pac.get_diff(rev1): - diff += ''.join(i) + diff += b''.join(i) else: - diff += decode_it(server_diff_noex(pac.apiurl, pac.prjname, pac.name, rev1, - pac.prjname, pac.name, rev2, - not opts.plain, opts.missingok, opts.meta, not opts.unexpand)) + diff += server_diff_noex(pac.apiurl, pac.prjname, pac.name, rev1, + pac.prjname, pac.name, rev2, + not opts.plain, opts.missingok, opts.meta, not opts.unexpand) run_pager(diff) @@ -4156,7 +4163,13 @@ print("".join(decode_it(x) for x in p.stdout.readlines())) elif opts.unified: print() - print(decode_it(rdiff)) + if isinstance(rdiff, str): + print(rdiff) + else: + try: + sys.stdout.buffer.write(rdiff) + except AttributeError as e: + print(decode_it(rdiff)) #run_pager(rdiff) def _prdiff_output_matching_requests(self, opts, requests, @@ -7989,7 +8002,7 @@ data=opts.data, file=opts.file, headers=opts.headers) - out = decode_it(r.read()) + out = r.read() if opts.edit: text = edit_text(out) @@ -7997,9 +8010,12 @@ url, data=text, headers=opts.headers) - out = decode_it(r.read()) + out = r.read() - sys.stdout.write(out) + if isinstance(out, str): + sys.stdout.write(out) + else: + sys.stdout.buffer.write(out) @cmdln.option('-b', '--bugowner-only', action='store_true', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/osc-0.165.2/osc/core.py new/osc-0.165.3/osc/core.py --- old/osc-0.165.2/osc/core.py 2019-07-08 11:28:50.000000000 +0200 +++ new/osc-0.165.3/osc/core.py 2019-07-24 15:13:39.000000000 +0200 @@ -5,7 +5,7 @@ from __future__ import print_function -__version__ = '0.165.2' +__version__ = '0.165.3' # __store_version__ is to be incremented when the format of the working copy # "store" changes in an incompatible way. Please add any needed migration @@ -1963,26 +1963,30 @@ def get_diff(self, revision=None, ignoreUnversioned=False): import tempfile - diff_hdr = 'Index: %s\n' - diff_hdr += '===================================================================\n' + diff_hdr = b'Index: %s\n' + diff_hdr += b'===================================================================\n' kept = [] added = [] deleted = [] def diff_add_delete(fname, add, revision): diff = [] - diff.append(diff_hdr % fname) + diff.append(diff_hdr % fname.encode()) tmpfile = None origname = fname if add: - diff.append('--- %s\t(revision 0)\n' % fname) + diff.append(b'--- %s\t(revision 0)\n' % fname.encode()) rev = 'revision 0' if revision and not fname in self.to_be_added: rev = 'working copy' - diff.append('+++ %s\t(%s)\n' % (fname, rev)) + diff.append(b'+++ %s\t(%s)\n' % (fname.encode(), rev.encode())) fname = os.path.join(self.absdir, fname) else: - diff.append('--- %s\t(revision %s)\n' % (fname, revision or self.rev)) - diff.append('+++ %s\t(working copy)\n' % fname) + if revision: + b_revision = str(revision).encode() + else: + b_revision = self.rev.encode() + diff.append(b'--- %s\t(revision %s)\n' % (fname.encode(), b_revision)) + diff.append(b'+++ %s\t(working copy)\n' % fname.encode()) fname = os.path.join(self.storedir, fname) try: @@ -1991,22 +1995,22 @@ get_source_file(self.apiurl, self.prjname, self.name, origname, tmpfile, revision) fname = tmpfile if binary_file(fname): - what = 'added' + what = b'added' if not add: - what = 'deleted' + what = b'deleted' diff = diff[:1] - diff.append('Binary file \'%s\' %s.\n' % (origname, what)) + diff.append(b'Binary file \'%s\' %s.\n' % (origname.encode(), what)) return diff - tmpl = '+%s' - ltmpl = '@@ -0,0 +1,%d @@\n' + tmpl = b'+%s' + ltmpl = b'@@ -0,0 +1,%d @@\n' if not add: - tmpl = '-%s' - ltmpl = '@@ -1,%d +0,0 @@\n' - lines = [tmpl % i for i in open(fname, 'r').readlines()] + tmpl = b'-%s' + ltmpl = b'@@ -1,%d +0,0 @@\n' + lines = [tmpl % i for i in open(fname, 'rb').readlines()] if len(lines): diff.append(ltmpl % len(lines)) - if not lines[-1].endswith('\n'): - lines.append('\n\\ No newline at end of file\n') + if not lines[-1].endswith(b'\n'): + lines.append(b'\n\\ No newline at end of file\n') diff.extend(lines) finally: if tmpfile is not None: @@ -2051,7 +2055,7 @@ continue elif revision and self.findfilebyname(f.name).md5 == f.md5 and state != 'M': continue - yield [diff_hdr % f.name] + yield [diff_hdr % f.name.encode()] if revision is None: yield get_source_file_diff(self.absdir, f.name, self.rev) else: @@ -4053,7 +4057,7 @@ if isinstance(message, str): print(message) else: - print(decode_it(message)) + sys.stdout.buffer.write(message) else: tmpfile = tempfile.NamedTemporaryFile(suffix=tmp_suffix) if isinstance(message, str): @@ -4778,15 +4782,15 @@ file1 = os.path.join(olddir, oldfilename) # old/stored original file2 = os.path.join(dir, filename) # working copy if binary_file(file1) or binary_file(file2): - return ['Binary file \'%s\' has changed.\n' % origfilename] + return [b'Binary file \'%s\' has changed.\n' % origfilename.encode()] f1 = f2 = None try: - f1 = open(file1, 'rt') + f1 = open(file1, 'rb') s1 = f1.readlines() f1.close() - f2 = open(file2, 'rt') + f2 = open(file2, 'rb') s2 = f2.readlines() f2.close() finally: @@ -4794,23 +4798,31 @@ f1.close() if f2: f2.close() + + from_file = b'%s\t(revision %s)' % (origfilename.encode(), str(rev).encode()) + to_file = b'%s\t(working copy)' % origfilename.encode() - d = difflib.unified_diff(s1, s2, - fromfile = '%s\t(revision %s)' % (origfilename, rev), \ - tofile = '%s\t(working copy)' % origfilename) + if sys.version_info < (3,0): + d = difflib.unified_diff(s1, s2, + fromfile = from_file, \ + tofile = to_file) + else: + d = difflib.diff_bytes(difflib.unified_diff, s1, s2, \ + fromfile = from_file, \ + tofile = to_file) d = list(d) # python2.7's difflib slightly changed the format # adapt old format to the new format if len(d) > 1: - d[0] = d[0].replace(' \n', '\n') - d[1] = d[1].replace(' \n', '\n') + d[0] = d[0].replace(b' \n', b'\n') + d[1] = d[1].replace(b' \n', b'\n') # if file doesn't end with newline, we need to append one in the diff result for i, line in enumerate(d): - if not line.endswith('\n'): - d[i] += '\n\\ No newline at end of file' + if not line.endswith(b'\n'): + d[i] += b'\n\\ No newline at end of file' if i+1 != len(d): - d[i] += '\n' + d[i] += b'\n' return d def server_diff(apiurl, @@ -4866,14 +4878,14 @@ msg = None body = None try: - body = decode_it(e.read()) - if not 'bad link' in body: - return '# diff failed: ' + body + body = e.read() + if not b'bad link' in body: + return b'# diff failed: ' + body except: - return '# diff failed with unknown error' + return b'# diff failed with unknown error' if expand: - rdiff = "## diff on expanded link not possible, showing unexpanded version\n" + rdiff = b"## diff on expanded link not possible, showing unexpanded version\n" try: rdiff += server_diff_noex(apiurl, old_project, old_package, old_revision, @@ -4884,7 +4896,7 @@ summary = '' if not elm is None: summary = elm.text - return 'error: diffing failed: %s' % summary + return b'error: diffing failed: %s' % summary.encode() return rdiff @@ -4933,10 +4945,10 @@ if e.code != 404: raise e root = ET.fromstring(e.read()) - return 'error: \'%s\' does not exist' % root.find('summary').text + return b'error: \'%s\' does not exist' % root.find('summary').text.encode() elif e.code == 404: root = ET.fromstring(e.read()) - return 'error: \'%s\' does not exist' % root.find('summary').text + return b'error: \'%s\' does not exist' % root.find('summary').text.encode() raise e def make_dir(apiurl, project, package, pathname=None, prj_dir=None, package_tracking=True, pkg_path=None): @@ -7247,13 +7259,11 @@ if pac.status(filename) == 'M': diff += get_source_file_diff(pac.absdir, filename, pac.rev) elif pac.status(filename) == 'A': - f = open(os.path.join(pac.absdir, filename), 'r') - for line in f: - diff += '+' + line - f.close() + with open(os.path.join(pac.absdir, filename), 'rb') as f: + diff.extend((b'+' + line for line in f)) if diff: - template = parse_diff_for_commit_message(''.join(diff)) + template = parse_diff_for_commit_message(''.join(decode_list(diff))) return template @@ -7288,7 +7298,7 @@ if changed: footer += changed footer.append('\nDiff for working copy: %s' % p.dir) - footer.extend([''.join(i) for i in p.get_diff(ignoreUnversioned=True)]) + footer.extend([''.join(decode_list(i)) for i in p.get_diff(ignoreUnversioned=True)]) lines.extend(get_commit_message_template(p)) if template is None: if lines and lines[0] == '': @@ -7438,21 +7448,21 @@ tmpfile.close() tmpfile = None if tmpfile is None: - tmpfile = tempfile.NamedTemporaryFile(suffix='.diff', mode='r+') - tmpfile.write(req_summary) - tmpfile.write(issues) + tmpfile = tempfile.NamedTemporaryFile(suffix='.diff', mode='rb+') + tmpfile.write(req_summary.encode()) + tmpfile.write(issues.encode()) try: diff = request_diff(apiurl, request.reqid) - tmpfile.write(decode_it(diff)) + tmpfile.write(diff) except HTTPError as e: if e.code != 400: raise # backward compatible diff for old apis for action in src_actions: - diff = 'old: %s/%s\nnew: %s/%s\n' % (action.src_project, action.src_package, - action.tgt_project, action.tgt_package) + diff = b'old: %s/%s\nnew: %s/%s\n' % (action.src_project.encode(), action.src_package.encode(), + action.tgt_project.encode(), action.tgt_package.encode()) diff += submit_action_diff(apiurl, action) - diff += '\n\n' + diff += b'\n\n' tmpfile.write(diff) tmpfile.flush() run_editor(tmpfile.name) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/osc-0.165.2/osc/oscssl.py new/osc-0.165.3/osc/oscssl.py --- old/osc-0.165.2/osc/oscssl.py 2019-07-08 11:28:50.000000000 +0200 +++ new/osc-0.165.3/osc/oscssl.py 2019-07-24 15:13:39.000000000 +0200 @@ -199,13 +199,13 @@ if target_host != host: request_uri = urldefrag(full_url)[0] - h = httpslib.ProxyHTTPSConnection(host=host, ssl_context=self.ctx) + h = myProxyHTTPSConnection(host=host, ssl_context=self.ctx) else: try: # up to python-3.2 request_uri = req.get_selector() except AttributeError: # from python-3.3 request_uri = req.selector - h = httpslib.HTTPSConnection(host=host, ssl_context=self.ctx) + h = myHTTPSConnection(host=host, ssl_context=self.ctx) # End our change h.set_debuglevel(self._debuglevel) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/osc-0.165.2/tests/test_difffiles.py new/osc-0.165.3/tests/test_difffiles.py --- old/osc-0.165.2/tests/test_difffiles.py 2019-07-08 11:28:50.000000000 +0200 +++ new/osc-0.165.3/tests/test_difffiles.py 2019-07-24 15:13:39.000000000 +0200 @@ -1,5 +1,6 @@ import osc.core import osc.oscerr +from osc.util.helper import decode_list import os import re from common import GET, OscTestCase @@ -298,7 +299,7 @@ def __check_diff(self, p, exp, revision=None): got = '' for i in p.get_diff(revision): - got += ''.join(i) + got += ''.join(decode_list(i)) # When a hunk header refers to a single line in the "from" # file and/or the "to" file, e.g. ++++++ osc.dsc ++++++ --- /var/tmp/diff_new_pack.aDmZgw/_old 2019-07-24 20:51:10.070446038 +0200 +++ /var/tmp/diff_new_pack.aDmZgw/_new 2019-07-24 20:51:10.074446037 +0200 @@ -1,6 +1,6 @@ Format: 1.0 Source: osc -Version: 0.165.2 +Version: 0.165.3 Binary: osc Maintainer: Adrian Schroeter <[email protected]> Architecture: any
