Hello community,
here is the log from the commit of package python-amqp for openSUSE:Factory
checked in at 2020-08-06 17:31:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-amqp (Old)
and /work/SRC/openSUSE:Factory/.python-amqp.new.3399 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-amqp"
Thu Aug 6 17:31:43 2020 rev:33 rq:824326 version:2.6.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-amqp/python-amqp.changes 2020-06-11
14:44:59.245432392 +0200
+++ /work/SRC/openSUSE:Factory/.python-amqp.new.3399/python-amqp.changes
2020-08-06 17:32:27.097099036 +0200
@@ -1,0 +2,9 @@
+Tue Aug 4 12:09:50 UTC 2020 - Dirk Mueller <dmuel...@suse.com>
+
+- update to 2.6.1:
+ - Fix buffer overflow in frame_writer after frame_max is increased.
`frame_writer`
+ allocates a `bytearray` on intialization with a length based on the
`connection.frame_max`
+ value. If `connection.frame_max` is changed to a larger value, this causes an
+ error like `pack_into requires a buffer of at least 408736 bytes`.
+
+-------------------------------------------------------------------
Old:
----
amqp-2.6.0.tar.gz
New:
----
amqp-2.6.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-amqp.spec ++++++
--- /var/tmp/diff_new_pack.S2us2Y/_old 2020-08-06 17:32:27.813099203 +0200
+++ /var/tmp/diff_new_pack.S2us2Y/_new 2020-08-06 17:32:27.817099204 +0200
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-amqp
-Version: 2.6.0
+Version: 2.6.1
Release: 0
Summary: Low-level AMQP client for Python (fork of amqplib)
License: LGPL-2.1-or-later
++++++ amqp-2.6.0.tar.gz -> amqp-2.6.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/Changelog new/amqp-2.6.1/Changelog
--- old/amqp-2.6.0/Changelog 2020-06-01 07:45:06.000000000 +0200
+++ new/amqp-2.6.1/Changelog 2020-07-31 18:27:12.000000000 +0200
@@ -7,6 +7,19 @@
.. _version-2.6.0:
+2.6.1
+=====
+:release-date: 2020-07-31 10.30 P.M UTC+6:00
+:release-by: Asif Saif Uddin
+
+- Fix buffer overflow in frame_writer after frame_max is increased.
`frame_writer`
+allocates a `bytearray` on intialization with a length based on the
`connection.frame_max`
+value. If `connection.frame_max` is changed to a larger value, this causes an
+error like `pack_into requires a buffer of at least 408736 bytes`.
+
+
+.. _version-2.6.0:
+
2.6.0
=====
:release-date: 20-06-01 12.00 P.M UTC+6:00
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/PKG-INFO new/amqp-2.6.1/PKG-INFO
--- old/amqp-2.6.0/PKG-INFO 2020-06-01 08:15:08.735072100 +0200
+++ new/amqp-2.6.1/PKG-INFO 2020-07-31 18:31:53.780775300 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.2
Name: amqp
-Version: 2.6.0
+Version: 2.6.1
Summary: Low-level AMQP client for Python (fork of amqplib).
Home-page: http://github.com/celery/py-amqp
Author: Barry Pederson
@@ -18,6 +18,7 @@
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
Classifier: License :: OSI Approved :: BSD License
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/README.rst new/amqp-2.6.1/README.rst
--- old/amqp-2.6.0/README.rst 2020-06-01 07:47:59.000000000 +0200
+++ new/amqp-2.6.1/README.rst 2020-07-31 18:29:04.000000000 +0200
@@ -4,7 +4,7 @@
|build-status| |coverage| |license| |wheel| |pyversion| |pyimp|
-:Version: 2.6.0
+:Version: 2.6.1
:Web: https://amqp.readthedocs.io/
:Download: https://pypi.org/project/amqp/
:Source: http://github.com/celery/py-amqp/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/amqp/__init__.py
new/amqp-2.6.1/amqp/__init__.py
--- old/amqp-2.6.0/amqp/__init__.py 2020-06-01 07:46:47.000000000 +0200
+++ new/amqp-2.6.1/amqp/__init__.py 2020-07-31 18:28:16.000000000 +0200
@@ -6,7 +6,7 @@
from collections import namedtuple
-__version__ = '2.6.0'
+__version__ = '2.6.1'
__author__ = 'Barry Pederson'
__maintainer__ = 'Asif Saif Uddin, Matus Valo'
__contact__ = 'pya...@celeryproject.org'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/amqp/method_framing.py
new/amqp-2.6.1/amqp/method_framing.py
--- old/amqp-2.6.0/amqp/method_framing.py 2019-07-12 07:25:19.000000000
+0200
+++ new/amqp-2.6.1/amqp/method_framing.py 2020-07-31 18:31:21.000000000
+0200
@@ -85,20 +85,37 @@
return on_frame
+class Buffer(object):
+ def __init__(self, buf):
+ self.buf = buf
+
+ @property
+ def buf(self):
+ return self._buf
+
+ @buf.setter
+ def buf(self, buf):
+ self._buf = buf
+ self.view = memoryview(buf)
+
+
def frame_writer(connection, transport,
pack=pack, pack_into=pack_into, range=range, len=len,
bytes=bytes, str_to_bytes=str_to_bytes, text_t=text_t):
"""Create closure that writes frames."""
write = transport.write
- # memoryview first supported in Python 2.7
- # Initial support was very shaky, so could be we have to
- # check for a bugfix release.
- buf = bytearray(connection.frame_max - 8)
- view = memoryview(buf)
+ buffer_store = Buffer(bytearray(connection.frame_max - 8))
def write_frame(type_, channel, method_sig, args, content):
chunk_size = connection.frame_max - 8
+ # frame_max can be updated via connection._on_tune. If
+ # it became larger, then we need to resize the buffer
+ # to prevent overflow.
+ if chunk_size > len(buffer_store.buf):
+ buffer_store.buf = bytearray(chunk_size)
+ buf = buffer_store.buf
+ view = buffer_store.view
offset = 0
properties = None
args = str_to_bytes(args)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/amqp.egg-info/PKG-INFO
new/amqp-2.6.1/amqp.egg-info/PKG-INFO
--- old/amqp-2.6.0/amqp.egg-info/PKG-INFO 2020-06-01 08:15:08.000000000
+0200
+++ new/amqp-2.6.1/amqp.egg-info/PKG-INFO 2020-07-31 18:31:53.000000000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.2
Name: amqp
-Version: 2.6.0
+Version: 2.6.1
Summary: Low-level AMQP client for Python (fork of amqplib).
Home-page: http://github.com/celery/py-amqp
Author: Barry Pederson
@@ -18,6 +18,7 @@
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
Classifier: License :: OSI Approved :: BSD License
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/docs/includes/introduction.txt
new/amqp-2.6.1/docs/includes/introduction.txt
--- old/amqp-2.6.0/docs/includes/introduction.txt 2020-06-01
07:49:30.000000000 +0200
+++ new/amqp-2.6.1/docs/includes/introduction.txt 2020-07-31
18:28:47.000000000 +0200
@@ -1,4 +1,4 @@
-:Version: 2.6.0
+:Version: 2.6.1
:Web: https://amqp.readthedocs.io/
:Download: https://pypi.org/project/amqp/
:Source: http://github.com/celery/py-amqp/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/setup.py new/amqp-2.6.1/setup.py
--- old/amqp-2.6.0/setup.py 2020-06-01 08:15:02.000000000 +0200
+++ new/amqp-2.6.1/setup.py 2020-06-01 08:17:15.000000000 +0200
@@ -26,6 +26,7 @@
Programming Language :: Python :: 3.5
Programming Language :: Python :: 3.6
Programming Language :: Python :: 3.7
+ Programming Language :: Python :: 3.8
License :: OSI Approved :: BSD License
Intended Audience :: Developers
Operating System :: OS Independent
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/amqp-2.6.0/t/unit/test_method_framing.py
new/amqp-2.6.1/t/unit/test_method_framing.py
--- old/amqp-2.6.0/t/unit/test_method_framing.py 2019-07-12
07:25:19.000000000 +0200
+++ new/amqp-2.6.1/t/unit/test_method_framing.py 2020-07-31
18:31:21.000000000 +0200
@@ -138,3 +138,12 @@
assert isinstance(memory, memoryview)
assert 'body'.encode('utf-16') in memory.tobytes()
assert msg.properties['content_encoding'] == 'utf-16'
+
+ def test_frame_max_update(self):
+ msg = Message(body='t' * (self.connection.frame_max + 10))
+ frame = 2, 1, spec.Basic.Publish, b'x' * 10, msg
+ self.connection.frame_max += 100
+ self.g(*frame)
+ self.write.assert_called()
+ memory = self.write.call_args[0][0]
+ assert isinstance(memory, memoryview)
