Hello community, here is the log from the commit of package python-amqp for openSUSE:Factory checked in at 2020-08-06 17:31:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-amqp (Old) and /work/SRC/openSUSE:Factory/.python-amqp.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-amqp" Thu Aug 6 17:31:43 2020 rev:33 rq:824326 version:2.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-amqp/python-amqp.changes 2020-06-11 14:44:59.245432392 +0200 +++ /work/SRC/openSUSE:Factory/.python-amqp.new.3399/python-amqp.changes 2020-08-06 17:32:27.097099036 +0200 @@ -1,0 +2,9 @@ +Tue Aug 4 12:09:50 UTC 2020 - Dirk Mueller <dmuel...@suse.com> + +- update to 2.6.1: + - Fix buffer overflow in frame_writer after frame_max is increased. `frame_writer` + allocates a `bytearray` on intialization with a length based on the `connection.frame_max` + value. If `connection.frame_max` is changed to a larger value, this causes an + error like `pack_into requires a buffer of at least 408736 bytes`. + +------------------------------------------------------------------- Old: ---- amqp-2.6.0.tar.gz New: ---- amqp-2.6.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-amqp.spec ++++++ --- /var/tmp/diff_new_pack.S2us2Y/_old 2020-08-06 17:32:27.813099203 +0200 +++ /var/tmp/diff_new_pack.S2us2Y/_new 2020-08-06 17:32:27.817099204 +0200 @@ -18,7 +18,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-amqp -Version: 2.6.0 +Version: 2.6.1 Release: 0 Summary: Low-level AMQP client for Python (fork of amqplib) License: LGPL-2.1-or-later ++++++ amqp-2.6.0.tar.gz -> amqp-2.6.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/Changelog new/amqp-2.6.1/Changelog --- old/amqp-2.6.0/Changelog 2020-06-01 07:45:06.000000000 +0200 +++ new/amqp-2.6.1/Changelog 2020-07-31 18:27:12.000000000 +0200 @@ -7,6 +7,19 @@ .. _version-2.6.0: +2.6.1 +===== +:release-date: 2020-07-31 10.30 P.M UTC+6:00 +:release-by: Asif Saif Uddin + +- Fix buffer overflow in frame_writer after frame_max is increased. `frame_writer` +allocates a `bytearray` on intialization with a length based on the `connection.frame_max` +value. If `connection.frame_max` is changed to a larger value, this causes an +error like `pack_into requires a buffer of at least 408736 bytes`. + + +.. _version-2.6.0: + 2.6.0 ===== :release-date: 20-06-01 12.00 P.M UTC+6:00 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/PKG-INFO new/amqp-2.6.1/PKG-INFO --- old/amqp-2.6.0/PKG-INFO 2020-06-01 08:15:08.735072100 +0200 +++ new/amqp-2.6.1/PKG-INFO 2020-07-31 18:31:53.780775300 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: amqp -Version: 2.6.0 +Version: 2.6.1 Summary: Low-level AMQP client for Python (fork of amqplib). Home-page: http://github.com/celery/py-amqp Author: Barry Pederson @@ -18,6 +18,7 @@ Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3.8 Classifier: License :: OSI Approved :: BSD License Classifier: Intended Audience :: Developers Classifier: Operating System :: OS Independent diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/README.rst new/amqp-2.6.1/README.rst --- old/amqp-2.6.0/README.rst 2020-06-01 07:47:59.000000000 +0200 +++ new/amqp-2.6.1/README.rst 2020-07-31 18:29:04.000000000 +0200 @@ -4,7 +4,7 @@ |build-status| |coverage| |license| |wheel| |pyversion| |pyimp| -:Version: 2.6.0 +:Version: 2.6.1 :Web: https://amqp.readthedocs.io/ :Download: https://pypi.org/project/amqp/ :Source: http://github.com/celery/py-amqp/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/amqp/__init__.py new/amqp-2.6.1/amqp/__init__.py --- old/amqp-2.6.0/amqp/__init__.py 2020-06-01 07:46:47.000000000 +0200 +++ new/amqp-2.6.1/amqp/__init__.py 2020-07-31 18:28:16.000000000 +0200 @@ -6,7 +6,7 @@ from collections import namedtuple -__version__ = '2.6.0' +__version__ = '2.6.1' __author__ = 'Barry Pederson' __maintainer__ = 'Asif Saif Uddin, Matus Valo' __contact__ = 'pya...@celeryproject.org' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/amqp/method_framing.py new/amqp-2.6.1/amqp/method_framing.py --- old/amqp-2.6.0/amqp/method_framing.py 2019-07-12 07:25:19.000000000 +0200 +++ new/amqp-2.6.1/amqp/method_framing.py 2020-07-31 18:31:21.000000000 +0200 @@ -85,20 +85,37 @@ return on_frame +class Buffer(object): + def __init__(self, buf): + self.buf = buf + + @property + def buf(self): + return self._buf + + @buf.setter + def buf(self, buf): + self._buf = buf + self.view = memoryview(buf) + + def frame_writer(connection, transport, pack=pack, pack_into=pack_into, range=range, len=len, bytes=bytes, str_to_bytes=str_to_bytes, text_t=text_t): """Create closure that writes frames.""" write = transport.write - # memoryview first supported in Python 2.7 - # Initial support was very shaky, so could be we have to - # check for a bugfix release. - buf = bytearray(connection.frame_max - 8) - view = memoryview(buf) + buffer_store = Buffer(bytearray(connection.frame_max - 8)) def write_frame(type_, channel, method_sig, args, content): chunk_size = connection.frame_max - 8 + # frame_max can be updated via connection._on_tune. If + # it became larger, then we need to resize the buffer + # to prevent overflow. + if chunk_size > len(buffer_store.buf): + buffer_store.buf = bytearray(chunk_size) + buf = buffer_store.buf + view = buffer_store.view offset = 0 properties = None args = str_to_bytes(args) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/amqp.egg-info/PKG-INFO new/amqp-2.6.1/amqp.egg-info/PKG-INFO --- old/amqp-2.6.0/amqp.egg-info/PKG-INFO 2020-06-01 08:15:08.000000000 +0200 +++ new/amqp-2.6.1/amqp.egg-info/PKG-INFO 2020-07-31 18:31:53.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: amqp -Version: 2.6.0 +Version: 2.6.1 Summary: Low-level AMQP client for Python (fork of amqplib). Home-page: http://github.com/celery/py-amqp Author: Barry Pederson @@ -18,6 +18,7 @@ Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3.8 Classifier: License :: OSI Approved :: BSD License Classifier: Intended Audience :: Developers Classifier: Operating System :: OS Independent diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/docs/includes/introduction.txt new/amqp-2.6.1/docs/includes/introduction.txt --- old/amqp-2.6.0/docs/includes/introduction.txt 2020-06-01 07:49:30.000000000 +0200 +++ new/amqp-2.6.1/docs/includes/introduction.txt 2020-07-31 18:28:47.000000000 +0200 @@ -1,4 +1,4 @@ -:Version: 2.6.0 +:Version: 2.6.1 :Web: https://amqp.readthedocs.io/ :Download: https://pypi.org/project/amqp/ :Source: http://github.com/celery/py-amqp/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/setup.py new/amqp-2.6.1/setup.py --- old/amqp-2.6.0/setup.py 2020-06-01 08:15:02.000000000 +0200 +++ new/amqp-2.6.1/setup.py 2020-06-01 08:17:15.000000000 +0200 @@ -26,6 +26,7 @@ Programming Language :: Python :: 3.5 Programming Language :: Python :: 3.6 Programming Language :: Python :: 3.7 + Programming Language :: Python :: 3.8 License :: OSI Approved :: BSD License Intended Audience :: Developers Operating System :: OS Independent diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/amqp-2.6.0/t/unit/test_method_framing.py new/amqp-2.6.1/t/unit/test_method_framing.py --- old/amqp-2.6.0/t/unit/test_method_framing.py 2019-07-12 07:25:19.000000000 +0200 +++ new/amqp-2.6.1/t/unit/test_method_framing.py 2020-07-31 18:31:21.000000000 +0200 @@ -138,3 +138,12 @@ assert isinstance(memory, memoryview) assert 'body'.encode('utf-16') in memory.tobytes() assert msg.properties['content_encoding'] == 'utf-16' + + def test_frame_max_update(self): + msg = Message(body='t' * (self.connection.frame_max + 10)) + frame = 2, 1, spec.Basic.Publish, b'x' * 10, msg + self.connection.frame_max += 100 + self.g(*frame) + self.write.assert_called() + memory = self.write.call_args[0][0] + assert isinstance(memory, memoryview)