[gentoo-commits] repo/gentoo:master commit in: dev-python/py/files/, dev-python/py/

[Michał Górny]

commit: cda06314562b96bc09f2b423e449d6dc134a
Author: Michał Górny  gentoo  org>
AuthorDate: Sat Dec 12 08:41:56 2020 +
Commit: Michał Górny  gentoo  org>
CommitDate: Sat Dec 12 09:09:38 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cda06314

dev-python/py: Backport CVE-2020-29651 fix

Closes: https://bugs.gentoo.org/759547
Signed-off-by: Michał Górny  gentoo.org>

 dev-python/py/files/py-1.9.0-cve-2020-29651.patch  | 31 ++
 .../py/{py-1.9.0-r1.ebuild => py-1.9.0-r2.ebuild}  |  4 +++
 2 files changed, 35 insertions(+)

diff --git a/dev-python/py/files/py-1.9.0-cve-2020-29651.patch 
b/dev-python/py/files/py-1.9.0-cve-2020-29651.patch
new file mode 100644
index 000..af89fb14808
--- /dev/null
+++ b/dev-python/py/files/py-1.9.0-cve-2020-29651.patch
@@ -0,0 +1,31 @@
+From 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 Mon Sep 17 00:00:00 2001
+From: Ran Benita 
+Date: Fri, 4 Sep 2020 13:57:26 +0300
+Subject: [PATCH] svnwc: fix regular expression vulnerable to DoS in blame
+ functionality
+
+The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject
+to catastrophic backtracing given a string like `"1" * 5000`.
+
+SVN blame output seems to always have at least one space between the
+revision number and the user name, so the ambiguity can be fixed by
+changing the `*` to `+`.
+
+Fixes #256.
+---
+ py/_path/svnwc.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/py/_path/svnwc.py b/py/_path/svnwc.py
+index 3138dd85..b5b9d8d5 100644
+--- a/py/_path/svnwc.py
 b/py/_path/svnwc.py
+@@ -396,7 +396,7 @@ def makecmdoptions(self):
+ def __str__(self):
+ return "" %(self.username,)
+ 
+-rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)')
++rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)')
+ 
+ class SvnWCCommandPath(common.PathBase):
+ """ path implementation offering access/modification to svn working 
copies.

diff --git a/dev-python/py/py-1.9.0-r1.ebuild b/dev-python/py/py-1.9.0-r2.ebuild
similarity index 88%
rename from dev-python/py/py-1.9.0-r1.ebuild
rename to dev-python/py/py-1.9.0-r2.ebuild
index 78e1479659e..c7102745bc3 100644
--- a/dev-python/py/py-1.9.0-r1.ebuild
+++ b/dev-python/py/py-1.9.0-r2.ebuild
@@ -14,6 +14,8 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
 LICENSE="MIT"
 SLOT="0"
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 
sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+# This package is unmaintained and keeps being broken periodically.
+RESTRICT=test
 
 BDEPEND="
dev-python/setuptools_scm[${PYTHON_USEDEP}]"
@@ -21,6 +23,8 @@ BDEPEND="
 PATCHES=(
"${FILESDIR}"/${PN}-1.5.2-skip-apiwarn-pytest31.patch
"${FILESDIR}"/${PN}-1.8.0-pytest-4.patch
+   # https://bugs.gentoo.org/759547
+   "${FILESDIR}"/${P}-cve-2020-29651.patch
 )
 
 distutils_enable_sphinx doc

[gentoo-commits] repo/gentoo:master commit in: dev-python/py/files/, dev-python/py/

[Michał Górny]

commit: 7e8c85ded5c63f4fc99a844e64dd8abe0acbe9f4
Author: Michał Górny  gentoo  org>
AuthorDate: Thu Jul 30 13:37:32 2020 +
Commit: Michał Górny  gentoo  org>
CommitDate: Thu Jul 30 14:30:55 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e8c85de

dev-python/py: Bump to 1.9.0

Signed-off-by: Michał Górny  gentoo.org>

 dev-python/py/Manifest  |  1 +
 dev-python/py/files/py-1.8.0-pytest-4.patch | 25 -
 dev-python/py/py-1.9.0.ebuild   | 42 +
 3 files changed, 43 insertions(+), 25 deletions(-)

diff --git a/dev-python/py/Manifest b/dev-python/py/Manifest
index cad811a5f15..8fb96c6c11f 100644
--- a/dev-python/py/Manifest
+++ b/dev-python/py/Manifest
@@ -1 +1,2 @@
 DIST py-1.8.0.tar.gz 205096 BLAKE2B 
e08554fc3e0bae2e2d4515f075991707af29aa5c39e1387e8f8a7dab25e78c7340d389c79936ddea27b1fb0438ebdee8b5e218bbb48c62089d7fb656b1b6dbe8
 SHA512 
37b9a66229b834a034d9ba6769a46addf098380b494c1eb863607a52d00b7ec5b9157dd7ac6ffc52535a05006648c775c78716d7f85cf44966065b225be6e95b
+DIST py-1.9.0.tar.gz 210098 BLAKE2B 
d7f9b22ebaedd12534198912c1fa0be80f42e97751701442e060e1c244b06ab82239fe78a3cc7119fa4df5d87ecfd97bfb2568744693d3ffe9824ae1d73e59f9
 SHA512 
965b2adfe1b13177629ccfcdf6d0a13460683ca7a01d585163deb1af15d926fc86680d9e51660f6cbb8569f822a4d54ce281c029e363d244ddf67e33b102ad0a

diff --git a/dev-python/py/files/py-1.8.0-pytest-4.patch 
b/dev-python/py/files/py-1.8.0-pytest-4.patch
index d9d5cfa5b65..7d4de73ba77 100644
--- a/dev-python/py/files/py-1.8.0-pytest-4.patch
+++ b/dev-python/py/files/py-1.8.0-pytest-4.patch
@@ -38,31 +38,6 @@ Signed-off-by: Stanislav Levin 
  testing/root/test_std.py |  3 ++-
  17 files changed, 100 insertions(+), 82 deletions(-)
 
-diff --git a/doc/faq.txt b/doc/faq.txt
-index 52cb4b3f..cac83b2c 100644
 a/doc/faq.txt
-+++ b/doc/faq.txt
-@@ -98,20 +98,6 @@ in a managed class/module/function scope.
- .. _`xUnit style setup`: test/xunit_setup.html
- .. _`pytest_nose`: test/plugin/nose.html
- 
--.. _`why pytest_pyfuncarg__ methods?`:
--
--Why the ``pytest_funcarg__*`` name for funcarg factories?
-
--
--When experimenting with funcargs an explicit registration mechanism
--was considered.  But lacking a good use case for this indirection and
--flexibility we decided to go for `Convention over Configuration`_ and
--allow to directly specify the factory.  Besides removing the need
--for an indirection it allows to "grep" for ``pytest_funcarg__MYARG``
--and will safely find all factory functions for the ``MYARG`` function
--argument.  It helps to alleviate the de-coupling of function
--argument usage and creation.
--
- .. _`Convention over Configuration`: 
http://en.wikipedia.org/wiki/Convention_over_Configuration
- 
- Can I yield multiple values from a factory function?
 diff --git a/testing/code/test_assertion.py b/testing/code/test_assertion.py
 index e2a7f903..4cb39fe2 100644
 --- a/testing/code/test_assertion.py

diff --git a/dev-python/py/py-1.9.0.ebuild b/dev-python/py/py-1.9.0.ebuild
new file mode 100644
index 000..958ce68bf62
--- /dev/null
+++ b/dev-python/py/py-1.9.0.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python2_7 python3_{6..9} pypy3 )
+
+inherit distutils-r1
+
+DESCRIPTION="library with cross-python path, ini-parsing, io, code, log 
facilities"
+HOMEPAGE="https://pylib.readthedocs.io/en/latest/ https://pypi.org/project/py/;
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+BDEPEND="
+   dev-python/setuptools_scm[${PYTHON_USEDEP}]"
+
+PATCHES=(
+   "${FILESDIR}"/${PN}-1.5.2-skip-apiwarn-pytest31.patch
+   "${FILESDIR}"/${PN}-1.8.0-pytest-4.patch
+)
+
+distutils_enable_sphinx doc
+distutils_enable_tests pytest
+
+src_prepare() {
+   # broken on py3.8, don't seem important
+   sed -i -e 's:test_syntaxerror_rerepresentation:_&:' \
+   -e 's:test_comments:_&:' \
+   testing/code/test_source.py || die
+   # broken on py3.9, this package is just dead
+   sed -i -e 's:test_getfslineno:_&:' \
+   testing/code/test_source.py || die
+
+   distutils-r1_src_prepare
+
+   # broken, and relying on exact assertion strings
+   rm testing/code/test_assertion.py || die
+}

[gentoo-commits] repo/gentoo:master commit in: dev-python/py/files/, dev-python/py/

[Thomas Deutschmann]

commit: cdf4918d154aa61d1323245c173cc7c08a5d1327
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Wed Apr 18 13:17:51 2018 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Wed Apr 18 13:22:02 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdf4918d

dev-python/py: Fix tests

Closes: https://bugs.gentoo.org/642440
Package-Manager: Portage-2.3.30, Repoman-2.3.9

 .../py/files/py-1.4.34-skip-broken-pytest3.patch   | 116 +
 dev-python/py/py-1.4.34.ebuild |   2 +
 2 files changed, 118 insertions(+)

diff --git a/dev-python/py/files/py-1.4.34-skip-broken-pytest3.patch 
b/dev-python/py/files/py-1.4.34-skip-broken-pytest3.patch
new file mode 100644
index 000..67b1f4eb95a
--- /dev/null
+++ b/dev-python/py/files/py-1.4.34-skip-broken-pytest3.patch
@@ -0,0 +1,116 @@
+Backport of 
https://github.com/pytest-dev/py/commit/3305183b964bded36f9cd43976d22524f6ae15b2
+
+--- a/testing/code/test_assertion.py
 b/testing/code/test_assertion.py
+@@ -141,7 +141,10 @@ def test_assert_implicit_multiline():
+ e = exvalue()
+ assert str(e).find('assert [1, 2, 3] !=') != -1
+ 
+-
++@py.test.mark.xfail(py.test.__version__[0] != "2",
++reason="broken on modern pytest",
++run=False
++)
+ def test_assert_with_brokenrepr_arg():
+ class BrokenRepr:
+ def __repr__(self): 0 / 0
+@@ -278,7 +281,10 @@ def test_assert_raise_alias(testdir):
+ ])
+ 
+ 
+-@pytest.mark.skipif("sys.version_info < (2,5)")
++@py.test.mark.xfail(py.test.__version__[0] != "2",
++reason="broken on modern pytest",
++run=False)
++@py.test.mark.skipif("sys.version_info < (2,5)")
+ def test_assert_raise_subclass():
+ class SomeEx(AssertionError):
+ def __init__(self, *args):
+--- a/testing/code/test_excinfo.py
 b/testing/code/test_excinfo.py
+@@ -16,6 +16,13 @@ else:
+ 
+ import pytest
+ pytest_version_info = tuple(map(int, pytest.__version__.split(".")[:3]))
++
++broken_on_modern_pytest = pytest.mark.xfail(
++pytest_version_info[0] != 2,
++reason="this test hasn't been fixed after moving py.code into pytest",
++run=False
++)
++
+ 
+ class TWMock:
+ def __init__(self):
+@@ -355,6 +362,7 @@ class TestFormattedExcinfo:
+ assert lines[0] == "|   def f(x):"
+ assert lines[1] == "pass"
+ 
++@broken_on_modern_pytest
+ def test_repr_source_excinfo(self):
+ """ check if indentation is right """
+ pr = FormattedExcinfo()
+@@ -657,6 +665,7 @@ raise ValueError()
+ assert p._makepath(__file__) == __file__
+ reprtb = p.repr_traceback(excinfo)
+ 
++@broken_on_modern_pytest
+ def test_repr_excinfo_addouterr(self, importasmod):
+ mod = importasmod("""
+ def entry():
+@@ -699,6 +708,7 @@ raise ValueError()
+ assert reprtb.extraline == "!!! Recursion detected (same locals & 
position)"
+ assert str(reprtb)
+ 
++@broken_on_modern_pytest
+ def test_tb_entry_AssertionError(self, importasmod):
+ # probably this test is a bit redundant
+ # as py/magic/testing/test_assertion.py
+@@ -742,6 +752,7 @@ raise ValueError()
+ x = py.builtin._totext(MyRepr())
+ assert x == py.builtin._totext("я", "utf-8")
+ 
++@broken_on_modern_pytest
+ def test_toterminal_long(self, importasmod):
+ mod = importasmod("""
+ def g(x):
+@@ -768,6 +779,7 @@ raise ValueError()
+ assert tw.lines[9] == ""
+ assert tw.lines[10].endswith("mod.py:3: ValueError")
+ 
++@broken_on_modern_pytest
+ def test_toterminal_long_missing_source(self, importasmod, tmpdir):
+ mod = importasmod("""
+ def g(x):
+@@ -793,6 +805,7 @@ raise ValueError()
+ assert tw.lines[7] == ""
+ assert tw.lines[8].endswith("mod.py:3: ValueError")
+ 
++@broken_on_modern_pytest
+ def test_toterminal_long_incomplete_source(self, importasmod, tmpdir):
+ mod = importasmod("""
+ def g(x):
+@@ -818,6 +831,7 @@ raise ValueError()
+ assert tw.lines[7] == ""
+ assert tw.lines[8].endswith("mod.py:3: ValueError")
+ 
++@broken_on_modern_pytest
+ def test_toterminal_long_filenames(self, importasmod):
+ mod = importasmod("""
+ def f():
+@@ -863,6 +877,7 @@ raise ValueError()
+ assert tw.stringio.getvalue()
+ 
+ 
++@broken_on_modern_pytest
+ def test_native_style(self):
+ excinfo = self.excinfo_from_exec("""
+ assert 0
+@@ -877,6 +892,7 @@ raise ValueError()
+ if py.std.sys.version_info >= (2, 5):
+ assert s.count('assert 0') == 2
+ 
++@broken_on_modern_pytest
+ def test_traceback_repr_style(self, importasmod):
+ mod = importasmod("""
+ def f():

diff --git a/dev-python/py/py-1.4.34.ebuild b/dev-python/py/py-1.4.34.ebuild
index