import UBI python-configobj-5.0.8-10.el10

.gitignore

@@ -1,2 +1 @@
-SOURCES/v5.0.6.tar.gz
+v5.0.8.tar.gz
-/v5.0.6.tar.gz

0001-Address-CVE-2023-26112-ReDoS.patch

@@ -0,0 +1,51 @@
+From a82ea8fb0338f2bd46cf627c4b763094448e6bd7 Mon Sep 17 00:00:00 2001
+From: cdcadman <mythirty@gmail.com>
+Date: Wed, 17 May 2023 03:57:08 -0700
+Subject: [PATCH] Address CVE-2023-26112 ReDoS
+
+---
+ src/configobj/validate.py         |  2 +-
+ src/tests/test_validate_errors.py | 10 +++++++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/configobj/validate.py b/src/configobj/validate.py
+index 9267a3f..98d879f 100644
+--- a/src/configobj/validate.py
++++ b/src/configobj/validate.py
+@@ -541,7 +541,7 @@ class Validator(object):
+     """
+ 
+     # this regex does the initial parsing of the checks
+-    _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL)
++    _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL)
+ 
+     # this regex takes apart keyword arguments
+     _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$',  re.DOTALL)
+diff --git a/src/tests/test_validate_errors.py b/src/tests/test_validate_errors.py
+index 399daa8..f7d6c27 100644
+--- a/src/tests/test_validate_errors.py
++++ b/src/tests/test_validate_errors.py
+@@ -3,7 +3,7 @@ import os
+ import pytest
+ 
+ from configobj import ConfigObj, get_extra_values, ParseError, NestingError
+-from configobj.validate import Validator
++from configobj.validate import Validator, VdtUnknownCheckError
+ 
+ @pytest.fixture()
+ def thisdir():
+@@ -77,3 +77,11 @@ def test_no_parent(tmpdir, specpath):
+     ini.write('[[haha]]')
+     with pytest.raises(NestingError):
+         conf = ConfigObj(str(ini), configspec=specpath, file_error=True)
++
++
++def test_re_dos(val):
++    value = "aaa"
++    i = 165100
++    attack = '\x00'*i + ')' + '('*i
++    with pytest.raises(VdtUnknownCheckError):
++        val.check(attack, value)
+-- 
+2.40.1
+

python-configobj.spec

@@ -1,43 +1,35 @@
-%global pypi_name configobj
+Name:           python-configobj
-
+Version:        5.0.8
-Name:           python-%{pypi_name}
+Release:        10%{?dist}
-Version:        5.0.6
-Release:        11%{?dist}
 Summary:        Config file reading, writing, and validation
-
+License:        BSD-3-Clause
-Group:          System Environment/Libraries
-License:        BSD
 URL:            http://configobj.readthedocs.org/
 # Moved to the github release instead of the pypi one since multiple elements (License and tests)
 # are not available using pypi. Two bugs have been filled about this:
 # https://github.com/DiffSK/configobj/issues/98
 # https://github.com/DiffSK/configobj/issues/99
 # Source0:        https://pypi.python.org/packages/source/c/configobj/configobj-5.0.6.tar.gz
-Source0:        https://github.com/DiffSK/%{pypi_name}/archive/v%{version}.tar.gz
+Source0:        https://github.com/DiffSK/configobj/archive/v%{version}.tar.gz
+Patch1:         0001-Address-CVE-2023-26112-ReDoS.patch
 BuildArch:      noarch
+BuildRequires:  python%{python3_pkgversion}-devel
+BuildRequires:  python%{python3_pkgversion}-setuptools
+BuildRequires:  python%{python3_pkgversion}-six
+BuildRequires:  python%{python3_pkgversion}-pytest
+%global _description \
+ConfigObj is a simple but powerful configuration file reader and writer: an ini\
+file round tripper. Its main feature is that it is very easy to use, with a\
+straightforward programmers interface and a simple syntax for config files. 
+%description %_description
 
-BuildRequires:  python3-devel
+%package     -n python%{python3_pkgversion}-configobj
-BuildRequires:  python3-setuptools
+Summary:        %{summary}
-BuildRequires:  python3-six
+%{?python_provide:%python_provide python%{python3_pkgversion}-configobj}
-BuildRequires:  python3-pytest
+Requires:       python%{python3_pkgversion}-six
-
+%description -n python%{python3_pkgversion}-configobj %_description
-%description
-ConfigObj is a simple but powerful configuration file reader and writer: an ini
-file round tripper. Its main feature is that it is very easy to use, with a
-straightforward programmer's interface and a simple syntax for config files. 
-
-%package -n python3-configobj
-Summary:        Config file reading, writing, and validation for Python 3
-%{?python_provide:%python_provide python3-%{pypi_name}}
-
-Requires:       python3-six
-%description -n python3-configobj
-ConfigObj is a simple but powerful configuration file reader and writer: an ini
-file round tripper. Its main feature is that it is very easy to use, with a
-straightforward programmer's interface and a simple syntax for config files. 
 
 %prep
-%autosetup -n %{pypi_name}-%{version}
+%autosetup -p1 -n configobj-%{version}
 
 %build
 %py3_build
@@ -46,21 +38,112 @@ straightforward programmer's interface and a simple syntax for config files.
 %py3_install
 
 %check
-# this needs to be set for tests.test_configobj.test_options_deprecation
+export PYTHONPATH=$(pwd)/build/lib
-export PYTHONWARNINGS=always
+%{__python3} src/tests/configobj_doctests.py
-%{__python3} test_configobj.py
+%{__python3} -m configobj.validate
-%{__python3} -m pytest tests
+%pytest -c setup.cfg --color=yes
 
-%files -n python3-%{pypi_name}
+%files -n python%{python3_pkgversion}-configobj
 %doc README.md
 %license LICENSE
-%{python3_sitelib}/*
+%{python3_sitelib}/configobj
-%{python3_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
+%{python3_sitelib}/validate
+%{python3_sitelib}/configobj-%{version}-py%{python3_version}.egg-info
 
 %changelog
-* Tue Jun 05 2018 Petr Viktorin <pviktori@redhat.com> - 5.0.6-11
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 5.0.8-10
-- Remove the Python 2 version
+- Bump release for October 2024 mass rebuild:
-  https://bugzilla.redhat.com/show_bug.cgi?id=1567146
+  Resolves: RHEL-64018
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.0.8-9
+- Bump release for June 2024 mass rebuild
+
+* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.8-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.8-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Oct 09 2023 Terje Rosten <terje.rosten@ntnu.no> - 5.0.8-6
+- Add patch to fix CVE-2023-26112
+
+* Sun Oct 01 2023 Terje Rosten <terje.rosten@ntnu.no> - 5.0.8-5
+- SPDX fix from Daniel P. Berrange
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.8-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 5.0.8-3
+- Rebuilt for Python 3.12
+
+* Tue May 23 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 5.0.8-2
+- Avoid pytest-cov dependency
+
+* Sat Feb 04 2023 Terje Rosten <terje.rosten@ntnu.no> - 5.0.8-1
+- 5.0.8
+- Execute tests as upstream does
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-30
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 5.0.6-28
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sun Aug 08 2021 Sam P <survient@fedoraproject.org> - 5.0.6-26
+- Change to use python3_pkgversion macro for EPEL 7 support
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 5.0.6-24
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 5.0.6-21
+- Rebuilt for Python 3.9
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-20
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sun Oct 20 2019 Miro Hrončok <mhroncok@redhat.com> - 5.0.6-19
+- Subpackage python2-configobj has been removed
+  See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 5.0.6-18
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 5.0.6-17
+- Rebuilt for Python 3.8
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Jun 15 2018 Miro Hrončok <mhroncok@redhat.com> - 5.0.6-13
+- Rebuilt for Python 3.7
+
+* Thu Mar 15 2018 Terje Rosten <terje.rosten@ntnu.no> - 5.0.6-12
+- Minor clean up
+
+* Tue Mar 13 2018 Iryna Shcherbina <ishcherb@redhat.com> - 5.0.6-11
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

sources

@@ -1 +1 @@
-SHA512 (v5.0.6.tar.gz) = 326eb86e362f281ebf07abcb1cf7616abb270c482eafe842371cda8708245ca5e8262f1644b7164664ecc10e9004ed061c9de18cd233a657d4697dbc3ba3c59d
+SHA512 (v5.0.8.tar.gz) = 26cdfec9f4d7adbab579191b29e6642f4f2a6fc73353f877565b76682d6087748f466f9cbb82fccfb2d409bace29c377c2276848179f5cb396e6ff1375c8edf2