10 changed files with 66 additions and 4 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
 1
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/PyMySQL-1.0.2.tar.gz
+/PyMySQL-1.0.2.tar.gz
--- a/.python3.11-PyMySQL.metadata
+++ b/.python3.11-PyMySQL.metadata
@ -1 +0,0 @@
 d58a2901d390e651df3e17f1225c33b868f75650 SOURCES/PyMySQL-1.0.2.tar.gz
--- a/CVE-2024-36039.patch
+++ b/CVE-2024-36039.patch
@ -0,0 +1,17 @@
 diff --git a/pymysql/converters.py b/pymysql/converters.py
 index 1adac75..dbf97ca 100644
 --- a/pymysql/converters.py
 +++ b/pymysql/converters.py
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):
 def escape_dict(val, charset, mapping=None):
 -    n = {}
 -    for k, v in val.items():
 -        quoted = escape_item(v, charset, mapping)
 -        n[k] = quoted
 -    return n
 +    raise TypeError("dict can not be used as parameter")
 def escape_sequence(val, charset, mapping=None):
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,7 @@
 --- !Policy
 product_versions:
  - rhel-9
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/plan.fmf
+++ b/plan.fmf
@ -0,0 +1,8 @@
 execute:
  how: tmt
 discover:
  - how: shell
    tests:
     - name: simple import
       test: python3.11 -c 'import pymysql'
  - how: fmf
--- a/SPECS/python3.11-PyMySQL.spec
+++ b/SPECS/python3.11-PyMySQL.spec
@ -5,13 +5,18 @@
 Name:           python%{python3_pkgversion}-%{pypi_name}
 Version:        1.0.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Pure-Python MySQL client library
 License:        MIT
 URL:            https://pypi.python.org/pypi/%{pypi_name}/
 Source0:        %pypi_source
 # Security fix for CVE-2024-36039: SQL injection if used with untrusted JSON input
 # Resolved upstream: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
 # Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2282821
 Patch0:         CVE-2024-36039.patch
 BuildArch:      noarch
@ -33,7 +38,7 @@ and Jython.
 %prep
-%setup -qn %{pypi_name}-%{version}
+%autosetup -n %{pypi_name}-%{version} -p1
 rm -rf %{pypi_name}.egg-info
 # Remove tests files so they are not installed globally.
 rm -rf tests
@ -58,6 +63,10 @@ rm -rf tests
 %{python3_sitelib}/pymysql/
 %changelog
 * Fri May 31 2024 Charalampos Stratakis <cstratak@redhat.com> - 1.0.2-2
 - Security fix for CVE-2024-36039
 Resolves: RHEL-38370
 * Wed Nov 30 2022 Charalampos Stratakis <cstratak@redhat.com> - 1.0.2-1
 - Initial package
 - Fedora contributions by:
--- a/1
+++ b/1
@ -0,0 +1 @@
 SHA512 (PyMySQL-1.0.2.tar.gz) = c831505dafe6aebf039129ec4b09ef6dcafd490bcee2b515f42c0d0412fe9c379ba28650fb329d21f1da7e9fcae64968e1bc6065a04a08e00497a24967e27146
--- a/tests/smoke_test.fmf
+++ b/tests/smoke_test.fmf
@ -0,0 +1,8 @@
 require:
 - mariadb-server
 - python3.11-PyMySQL
 test: |
  systemctl start mariadb &&
  python3.11 smoke_test.py &&
  systemctl stop mariadb
--- a/tests/smoke_test.py
+++ b/tests/smoke_test.py
@ -0,0 +1,12 @@
 #!/usr/bin/python3
 # Modified from
 # https://github.com/PyMySQL/PyMySQL/blob/v1.0.2/example.py
 import pymysql
 connection = pymysql.connect(unix_socket="/var/lib/mysql/mysql.sock", db="mysql")
 cursor = connection.cursor()
 cursor.execute("SELECT Host,User FROM user")
 print(cursor.description)
 cursor.close()
 connection.close()
`@ -1 +1 @@`
	`SOURCES/PyMySQL-1.0.2.tar.gz`	`/PyMySQL-1.0.2.tar.gz`
		`@ -1 +0,0 @@`
			`d58a2901d390e651df3e17f1225c33b868f75650 SOURCES/PyMySQL-1.0.2.tar.gz`
		`@ -0,0 +1 @@`
							`SHA512 (PyMySQL-1.0.2.tar.gz) = c831505dafe6aebf039129ec4b09ef6dcafd490bcee2b515f42c0d0412fe9c379ba28650fb329d21f1da7e9fcae64968e1bc6065a04a08e00497a24967e27146`