Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-python/rencode
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/rencode')
-rw-r--r--dev-python/rencode/Manifest3
-rw-r--r--dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch17
-rw-r--r--dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch34
-rw-r--r--dev-python/rencode/metadata.xml15
-rw-r--r--dev-python/rencode/rencode-1.0.5-r1.ebuild19
-rw-r--r--dev-python/rencode/rencode-1.0.6-r3.ebuild42
-rw-r--r--dev-python/rencode/rencode-1.0.6.ebuild20
7 files changed, 102 insertions, 48 deletions
diff --git a/dev-python/rencode/Manifest b/dev-python/rencode/Manifest
index 42deb1db69d8..8bb5414afd6f 100644
--- a/dev-python/rencode/Manifest
+++ b/dev-python/rencode/Manifest
@@ -1,2 +1 @@
-DIST rencode-1.0.5.tar.gz 24530 BLAKE2B c650bf7befd62c8654bd0496f12f15a242a304ab9333bdf258222dd333081bd23715accdabbc55a271e8e869ca96f6aa0b43b335c6758be5b03073ebc05e3bb6 SHA512 809d7070b746fe77419e7b4d2eed274e1e0b3b4f15bcddb466806478a90f89965b0b456443b390cce6d1ca9df409367f336dd659f4481cd442e3cc459bd63c18
-DIST rencode-1.0.6.tar.gz 25455 BLAKE2B def013a569a53e2b2d96b3430c13676810bc5879e565f091dbc44f1ae950b8ec7ca0fa5e35a974432fd71a1bcca5a3f1f18bb2a9f042480167ab50e4f0aba8c3 SHA512 f04de4d3a83aed916bdc4b7a8ca772655e9324d0531ee882cb7d2a1e92b397bdcec8497bf02939e0a806886ecc62ed2e7319dfee054dad1b69052157f0959e8f
+DIST rencode-1.0.6.gh.tar.gz 25455 BLAKE2B def013a569a53e2b2d96b3430c13676810bc5879e565f091dbc44f1ae950b8ec7ca0fa5e35a974432fd71a1bcca5a3f1f18bb2a9f042480167ab50e4f0aba8c3 SHA512 f04de4d3a83aed916bdc4b7a8ca772655e9324d0531ee882cb7d2a1e92b397bdcec8497bf02939e0a806886ecc62ed2e7319dfee054dad1b69052157f0959e8f
diff --git a/dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch b/dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch
new file mode 100644
index 000000000000..1a7e0ea2b87a
--- /dev/null
+++ b/dev-python/rencode/files/rencode-1.0.6-drop-wheel-dependency.patch
@@ -0,0 +1,17 @@
+commit 3019171614f22c3d489d46e0fb22c07bf393830f
+Author: Louis Sautier <sautier.louis@gmail.com>
+Date: Sun Aug 8 22:51:53 2021 +0200
+
+ Remove unnecessary wheel dependency
+
+diff --git a/setup.py b/setup.py
+index 023df09..6445c0a 100644
+--- a/setup.py
++++ b/setup.py
+@@ -92,5 +92,5 @@ setup(
+ url="https://github.com/aresch/rencode",
+ cmdclass={'build_ext': optional_build_ext},
+ ext_modules=ext_modules,
+- setup_requires=['setuptools', 'wheel'],
++ setup_requires=['setuptools'],
+ )
diff --git a/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch b/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch
new file mode 100644
index 000000000000..0a997d408017
--- /dev/null
+++ b/dev-python/rencode/files/rencode-1.0.6-fix-CVE-2021-40839.patch
@@ -0,0 +1,34 @@
+From: Andrew Resch <andrewresch@gmail.com>
+Date: Mon, 9 Aug 2021 20:44:51 -0700
+Subject: [PATCH] Fix checking if typecode is valid while decoding.
+
+This bug will cause rencode to hang if the invalid typecode is included
+in a sequence type (list, dict) since the position will not change and
+the loop checking for the termination byte never returns.
+
+This change is a copy of PR #29 with a few aesthetic changes.
+
+--- a/rencode/rencode.pyx
++++ b/rencode/rencode.pyx
+@@ -527,6 +527,8 @@
+ return decode_fixed_dict(data, pos)
+ elif typecode == CHR_DICT:
+ return decode_dict(data, pos)
++ else:
++ raise ValueError("Invalid typecode: %d at pos: %d" % (typecode, pos[0]))
+
+ def loads(data, decode_utf8=False):
+ """
+--- a/tests/test_rencode.py
++++ b/tests/test_rencode.py
+@@ -223,5 +223,10 @@
+ assert rencode_orig.__version__
+ self.assertEqual(rencode.__version__[1:], rencode_orig.__version__[1:], "version number does not match")
+
++ def test_invalid_typecode(self):
++ s = b";\x2f\x7f"
++ with self.assertRaises(ValueError):
++ rencode.loads(s)
++
+ if __name__ == '__main__':
+ unittest.main()
diff --git a/dev-python/rencode/metadata.xml b/dev-python/rencode/metadata.xml
index 3ca1128740cf..8d8569b19226 100644
--- a/dev-python/rencode/metadata.xml
+++ b/dev-python/rencode/metadata.xml
@@ -1,15 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<!-- maintainer-needed -->
<longdescription lang="en">
-The rencode module is similar to bencode from the BitTorrent project. For
-complex, heterogeneous data structures with many small elements, r-encodings
-take up significantly less space than b-encodings. This version of rencode is
-a complete rewrite in Cython to attempt to increase the performance over the
-pure Python module written by Petru Paler, Connelly Barnes et al.
-</longdescription>
+ The rencode module is similar to bencode from the BitTorrent project. For
+ complex, heterogeneous data structures with many small elements, r-encodings
+ take up significantly less space than b-encodings. This version of rencode is
+ a complete rewrite in Cython to attempt to increase the performance over the
+ pure Python module written by Petru Paler, Connelly Barnes et al.
+ </longdescription>
<upstream>
<remote-id type="github">aresch/rencode</remote-id>
+ <remote-id type="pypi">rencode</remote-id>
</upstream>
</pkgmetadata>
diff --git a/dev-python/rencode/rencode-1.0.5-r1.ebuild b/dev-python/rencode/rencode-1.0.5-r1.ebuild
deleted file mode 100644
index a18a687d4905..000000000000
--- a/dev-python/rencode/rencode-1.0.5-r1.ebuild
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-inherit distutils-r1
-
-DESCRIPTION="similar to bencode from the BitTorrent project"
-HOMEPAGE="https://github.com/aresch/rencode"
-SRC_URI="https://github.com/aresch/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 ~arm ~ppc ~sparc x86 ~amd64-linux ~x86-linux"
-IUSE=""
-
-RDEPEND=""
-DEPEND="dev-python/cython[${PYTHON_USEDEP}]"
diff --git a/dev-python/rencode/rencode-1.0.6-r3.ebuild b/dev-python/rencode/rencode-1.0.6-r3.ebuild
new file mode 100644
index 000000000000..a8a254443730
--- /dev/null
+++ b/dev-python/rencode/rencode-1.0.6-r3.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_EXT=1
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit distutils-r1
+
+DESCRIPTION="similar to bencode from the BitTorrent project"
+HOMEPAGE="
+ https://github.com/aresch/rencode/
+ https://pypi.org/project/rencode/
+"
+SRC_URI="
+ https://github.com/aresch/${PN}/archive/v${PV}.tar.gz
+ -> ${P}.gh.tar.gz
+"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~riscv ~sparc x86 ~amd64-linux ~x86-linux"
+
+BDEPEND="
+ dev-python/cython[${PYTHON_USEDEP}]
+"
+
+distutils_enable_tests pytest
+
+PATCHES=(
+ # https://github.com/aresch/rencode/commit/16e61e1ff4294bddb7c881536d3d454355c78969
+ "${FILESDIR}/${P}-drop-wheel-dependency.patch"
+ # bug #812437
+ "${FILESDIR}/${P}-fix-CVE-2021-40839.patch"
+)
+
+python_test() {
+ rm -rf rencode || die
+ epytest
+}
diff --git a/dev-python/rencode/rencode-1.0.6.ebuild b/dev-python/rencode/rencode-1.0.6.ebuild
deleted file mode 100644
index 31f20413b8ba..000000000000
--- a/dev-python/rencode/rencode-1.0.6.ebuild
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-inherit distutils-r1
-
-DESCRIPTION="similar to bencode from the BitTorrent project"
-HOMEPAGE="https://github.com/aresch/rencode"
-SRC_URI="https://github.com/aresch/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 ~arm ~ppc ~sparc x86 ~amd64-linux ~x86-linux"
-IUSE=""
-
-RDEPEND=""
-DEPEND="dev-python/cython[${PYTHON_USEDEP}]
- dev-python/wheel[${PYTHON_USEDEP}]"