diff options
Diffstat (limited to 'dev-python/rencode')
-rw-r--r-- | dev-python/rencode/Manifest | 3 | ||||
-rw-r--r-- | dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch | 17 | ||||
-rw-r--r-- | dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch | 34 | ||||
-rw-r--r-- | dev-python/rencode/metadata.xml | 15 | ||||
-rw-r--r-- | dev-python/rencode/rencode-1.0.5-r1.ebuild | 19 | ||||
-rw-r--r-- | dev-python/rencode/rencode-1.0.6-r3.ebuild | 42 | ||||
-rw-r--r-- | dev-python/rencode/rencode-1.0.6.ebuild | 20 |
7 files changed, 102 insertions, 48 deletions
diff --git a/dev-python/rencode/Manifest b/dev-python/rencode/Manifest index 42deb1db69d8..8bb5414afd6f 100644 --- a/dev-python/rencode/Manifest +++ b/dev-python/rencode/Manifest @@ -1,2 +1 @@ -DIST rencode-1.0.5.tar.gz 24530 BLAKE2B c650bf7befd62c8654bd0496f12f15a242a304ab9333bdf258222dd333081bd23715accdabbc55a271e8e869ca96f6aa0b43b335c6758be5b03073ebc05e3bb6 SHA512 809d7070b746fe77419e7b4d2eed274e1e0b3b4f15bcddb466806478a90f89965b0b456443b390cce6d1ca9df409367f336dd659f4481cd442e3cc459bd63c18 -DIST rencode-1.0.6.tar.gz 25455 BLAKE2B def013a569a53e2b2d96b3430c13676810bc5879e565f091dbc44f1ae950b8ec7ca0fa5e35a974432fd71a1bcca5a3f1f18bb2a9f042480167ab50e4f0aba8c3 SHA512 f04de4d3a83aed916bdc4b7a8ca772655e9324d0531ee882cb7d2a1e92b397bdcec8497bf02939e0a806886ecc62ed2e7319dfee054dad1b69052157f0959e8f +DIST rencode-1.0.6.gh.tar.gz 25455 BLAKE2B def013a569a53e2b2d96b3430c13676810bc5879e565f091dbc44f1ae950b8ec7ca0fa5e35a974432fd71a1bcca5a3f1f18bb2a9f042480167ab50e4f0aba8c3 SHA512 f04de4d3a83aed916bdc4b7a8ca772655e9324d0531ee882cb7d2a1e92b397bdcec8497bf02939e0a806886ecc62ed2e7319dfee054dad1b69052157f0959e8f diff --git a/dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch b/dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch new file mode 100644 index 000000000000..1a7e0ea2b87a --- /dev/null +++ b/dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch @@ -0,0 +1,17 @@ +commit 3019171614f22c3d489d46e0fb22c07bf393830f +Author: Louis Sautier <sautier.louis@gmail.com> +Date: Sun Aug 8 22:51:53 2021 +0200 + + Remove unnecessary wheel dependency + +diff --git a/setup.py b/setup.py +index 023df09..6445c0a 100644 +--- a/setup.py ++++ b/setup.py +@@ -92,5 +92,5 @@ setup( + url="https://github.com/aresch/rencode", + cmdclass={'build_ext': optional_build_ext}, + ext_modules=ext_modules, +- setup_requires=['setuptools', 'wheel'], ++ setup_requires=['setuptools'], + ) diff --git a/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch b/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch new file mode 100644 index 000000000000..0a997d408017 --- /dev/null +++ b/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch @@ -0,0 +1,34 @@ +From: Andrew Resch <andrewresch@gmail.com> +Date: Mon, 9 Aug 2021 20:44:51 -0700 +Subject: [PATCH] Fix checking if typecode is valid while decoding. + +This bug will cause rencode to hang if the invalid typecode is included +in a sequence type (list, dict) since the position will not change and +the loop checking for the termination byte never returns. + +This change is a copy of PR #29 with a few aesthetic changes. + +--- a/rencode/rencode.pyx ++++ b/rencode/rencode.pyx +@@ -527,6 +527,8 @@ + return decode_fixed_dict(data, pos) + elif typecode == CHR_DICT: + return decode_dict(data, pos) ++ else: ++ raise ValueError("Invalid typecode: %d at pos: %d" % (typecode, pos[0])) + + def loads(data, decode_utf8=False): + """ +--- a/tests/test_rencode.py ++++ b/tests/test_rencode.py +@@ -223,5 +223,10 @@ + assert rencode_orig.__version__ + self.assertEqual(rencode.__version__[1:], rencode_orig.__version__[1:], "version number does not match") + ++ def test_invalid_typecode(self): ++ s = b";\x2f\x7f" ++ with self.assertRaises(ValueError): ++ rencode.loads(s) ++ + if __name__ == '__main__': + unittest.main() diff --git a/dev-python/rencode/metadata.xml b/dev-python/rencode/metadata.xml index 3ca1128740cf..8d8569b19226 100644 --- a/dev-python/rencode/metadata.xml +++ b/dev-python/rencode/metadata.xml @@ -1,15 +1,16 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <!-- maintainer-needed --> <longdescription lang="en"> -The rencode module is similar to bencode from the BitTorrent project. For -complex, heterogeneous data structures with many small elements, r-encodings -take up significantly less space than b-encodings. This version of rencode is -a complete rewrite in Cython to attempt to increase the performance over the -pure Python module written by Petru Paler, Connelly Barnes et al. -</longdescription> + The rencode module is similar to bencode from the BitTorrent project. For + complex, heterogeneous data structures with many small elements, r-encodings + take up significantly less space than b-encodings. This version of rencode is + a complete rewrite in Cython to attempt to increase the performance over the + pure Python module written by Petru Paler, Connelly Barnes et al. + </longdescription> <upstream> <remote-id type="github">aresch/rencode</remote-id> + <remote-id type="pypi">rencode</remote-id> </upstream> </pkgmetadata> diff --git a/dev-python/rencode/rencode-1.0.5-r1.ebuild b/dev-python/rencode/rencode-1.0.5-r1.ebuild deleted file mode 100644 index a18a687d4905..000000000000 --- a/dev-python/rencode/rencode-1.0.5-r1.ebuild +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) -inherit distutils-r1 - -DESCRIPTION="similar to bencode from the BitTorrent project" -HOMEPAGE="https://github.com/aresch/rencode" -SRC_URI="https://github.com/aresch/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="amd64 ~arm ~ppc ~sparc x86 ~amd64-linux ~x86-linux" -IUSE="" - -RDEPEND="" -DEPEND="dev-python/cython[${PYTHON_USEDEP}]" diff --git a/dev-python/rencode/rencode-1.0.6-r3.ebuild b/dev-python/rencode/rencode-1.0.6-r3.ebuild new file mode 100644 index 000000000000..a8a254443730 --- /dev/null +++ b/dev-python/rencode/rencode-1.0.6-r3.ebuild @@ -0,0 +1,42 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_EXT=1 +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..13} ) + +inherit distutils-r1 + +DESCRIPTION="similar to bencode from the BitTorrent project" +HOMEPAGE=" + https://github.com/aresch/rencode/ + https://pypi.org/project/rencode/ +" +SRC_URI=" + https://github.com/aresch/${PN}/archive/v${PV}.tar.gz + -> ${P}.gh.tar.gz +" + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="amd64 ~arm ~arm64 ~ppc ~riscv ~sparc x86 ~amd64-linux ~x86-linux" + +BDEPEND=" + dev-python/cython[${PYTHON_USEDEP}] +" + +distutils_enable_tests pytest + +PATCHES=( + # https://github.com/aresch/rencode/commit/16e61e1ff4294bddb7c881536d3d454355c78969 + "${FILESDIR}/${P}-drop-wheel-dependency.patch" + # bug #812437 + "${FILESDIR}/${P}-fix-CVE-2021-40839.patch" +) + +python_test() { + rm -rf rencode || die + epytest +} diff --git a/dev-python/rencode/rencode-1.0.6.ebuild b/dev-python/rencode/rencode-1.0.6.ebuild deleted file mode 100644 index 31f20413b8ba..000000000000 --- a/dev-python/rencode/rencode-1.0.6.ebuild +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) -inherit distutils-r1 - -DESCRIPTION="similar to bencode from the BitTorrent project" -HOMEPAGE="https://github.com/aresch/rencode" -SRC_URI="https://github.com/aresch/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="amd64 ~arm ~ppc ~sparc x86 ~amd64-linux ~x86-linux" -IUSE="" - -RDEPEND="" -DEPEND="dev-python/cython[${PYTHON_USEDEP}] - dev-python/wheel[${PYTHON_USEDEP}]" |