commit python-social-auth-app-django for openSUSE:Factory

10 Jun 2024

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-social-auth-app-django for openSUSE:Factory checked in at 2024-06-10 17:38:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-social-auth-app-django (Old)
 and      /work/SRC/openSUSE:Factory/.python-social-auth-app-django.new.19518 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-social-auth-app-django"

Mon Jun 10 17:38:18 2024 rev:13 rq:1179662 version:5.4.1

Changes:
--------

--- /work/SRC/openSUSE:Factory/python-social-auth-app-django/python-social-auth-app-django.changes	2024-03-28 14:29:19.738547526 +0100
+++ /work/SRC/openSUSE:Factory/.python-social-auth-app-django.new.19518/python-social-auth-app-django.changes	2024-06-10 17:38:40.185253569 +0200
@@ -1,0 +2,8 @@
+Mon Jun 10 09:09:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 5.4.1 (bsc#1223373, CVE-2024-32879):
+  * Added reverse migration for JSON field
+  * Fixed improper handling of case sensitivity with
+    MySQL/MariaDB (CVE-2024-32879)
+
+-------------------------------------------------------------------

Old:
----
  social-auth-app-django-5.4.0.tar.gz

New:
----
  social-auth-app-django-5.4.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-social-auth-app-django.spec ++++++
--- /var/tmp/diff_new_pack.0zIk7I/_old	2024-06-10 17:38:41.185290563 +0200
+++ /var/tmp/diff_new_pack.0zIk7I/_new	2024-06-10 17:38:41.189290711 +0200
@@ -20,7 +20,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %{?sle15_python_module_pythons}
 Name:           python-social-auth-app-django
-Version:        5.4.0
+Version:        5.4.1
 Release:        0
 Summary:        Python Social Authentication, Django integration
 License:        BSD-3-Clause

++++++ social-auth-app-django-5.4.0.tar.gz -> social-auth-app-django-5.4.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/CHANGELOG.md new/social-auth-app-django-5.4.1/CHANGELOG.md
--- old/social-auth-app-django-5.4.0/CHANGELOG.md	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/CHANGELOG.md	2024-04-24 19:22:24.000000000 +0200
@@ -5,6 +5,12 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [5.4.1](https://github.com/python-social-auth/social-app-django/releases/tag/5.4.1) - 2024-04-24
+
+### Changed
+- Added reverse migration for JSON field
+- Fixed improper handling of case sensitivity with MySQL/MariaDB (CVE-2024-32879)
+
 ## [5.4.0](https://github.com/python-social-auth/social-app-django/releases/tag/5.4.0) - 2023-10-17
 
 ### Changed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/PKG-INFO new/social-auth-app-django-5.4.1/PKG-INFO
--- old/social-auth-app-django-5.4.0/PKG-INFO	2023-10-17 09:41:24.227967700 +0200
+++ new/social-auth-app-django-5.4.1/PKG-INFO	2024-04-24 19:22:32.757662000 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: social-auth-app-django
-Version: 5.4.0
+Version: 5.4.1
 Summary: Python Social Authentication, Django integration.
 Home-page: https://github.com/python-social-auth/social-app-django
 Author: Matias Aguirre
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/pyproject.toml new/social-auth-app-django-5.4.1/pyproject.toml
--- old/social-auth-app-django-5.4.0/pyproject.toml	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/pyproject.toml	2024-04-24 19:22:24.000000000 +0200
@@ -11,9 +11,9 @@
   "doc",
   "site"
 ]
-format = "github"
 ignore = []
 line-length = 120
+output-format = "github"
 select = ["E", "F", "I", "PLC", "PLE", "UP"]
 target-version = "py37"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/requirements-dev.txt new/social-auth-app-django-5.4.1/requirements-dev.txt
--- old/social-auth-app-django-5.4.0/requirements-dev.txt	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/requirements-dev.txt	2024-04-24 19:22:24.000000000 +0200
@@ -1,4 +1,4 @@
 -r requirements.txt
 coverage
 pre-commit==3.5.0
-tox==4.11.3
+tox==4.14.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/setup.py new/social-auth-app-django-5.4.1/setup.py
--- old/social-auth-app-django-5.4.0/setup.py	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/setup.py	2024-04-24 19:22:24.000000000 +0200
@@ -1,4 +1,5 @@
 """Setup file for easy installation"""
+
 import re
 from os.path import dirname, join
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/social_auth_app_django.egg-info/PKG-INFO new/social-auth-app-django-5.4.1/social_auth_app_django.egg-info/PKG-INFO
--- old/social-auth-app-django-5.4.0/social_auth_app_django.egg-info/PKG-INFO	2023-10-17 09:41:24.000000000 +0200
+++ new/social-auth-app-django-5.4.1/social_auth_app_django.egg-info/PKG-INFO	2024-04-24 19:22:32.000000000 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: social-auth-app-django
-Version: 5.4.0
+Version: 5.4.1
 Summary: Python Social Authentication, Django integration.
 Home-page: https://github.com/python-social-auth/social-app-django
 Author: Matias Aguirre
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/social_django/__init__.py new/social-auth-app-django-5.4.1/social_django/__init__.py
--- old/social-auth-app-django-5.4.0/social_django/__init__.py	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/social_django/__init__.py	2024-04-24 19:22:24.000000000 +0200
@@ -1,4 +1,4 @@
-__version__ = "5.4.0"
+__version__ = "5.4.1"
 
 
 from social_core.backends.base import BaseAuth
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/social_django/admin.py new/social-auth-app-django-5.4.1/social_django/admin.py
--- old/social-auth-app-django-5.4.0/social_django/admin.py	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/social_django/admin.py	2024-04-24 19:22:24.000000000 +0200
@@ -1,4 +1,5 @@
 """Admin settings"""
+
 from itertools import chain
 
 from django.conf import settings
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/social_django/migrations/0013_migrate_extra_data.py new/social-auth-app-django-5.4.1/social_django/migrations/0013_migrate_extra_data.py
--- old/social-auth-app-django-5.4.0/social_django/migrations/0013_migrate_extra_data.py	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/social_django/migrations/0013_migrate_extra_data.py	2024-04-24 19:22:24.000000000 +0200
@@ -2,7 +2,7 @@
 
 import json
 
-from django.db import migrations
+from django.db import migrations, models
 
 
 def migrate_json_field(apps, schema_editor):
@@ -41,11 +41,50 @@
         auth.save(update_fields=["data_new"])
 
 
+def migrate_json_field_backwards(apps, schema_editor):
+    UserSocialAuth = apps.get_model("social_django", "UserSocialAuth")
+    Partial = apps.get_model("social_django", "Partial")
+    db_alias = schema_editor.connection.alias
+    to_be_updated = []
+
+    is_text_field = isinstance(
+        UserSocialAuth._meta.get_field("extra_data"),
+        models.TextField,
+    )
+    for auth in UserSocialAuth.objects.using(db_alias).iterator():
+        new_value = auth.extra_data_new
+        if is_text_field:
+            new_value = json.dumps(new_value)
+        auth.extra_data = new_value
+        to_be_updated.append(auth)
+
+        if len(to_be_updated) >= 1000:
+            UserSocialAuth.objects.bulk_update(to_be_updated, ["extra_data"])
+            to_be_updated.clear()
+
+    if to_be_updated:
+        UserSocialAuth.objects.bulk_update(to_be_updated, ["extra_data"])
+        to_be_updated.clear()
+
+    is_text_field = issubclass(
+        Partial._meta.get_field("data"),
+        models.TextField,
+    )
+    for auth in Partial.objects.using(db_alias).all():
+        new_value = auth.data_new
+        if is_text_field:
+            new_value = json.dumps(new_value)
+        auth.data = new_value
+        auth.save(update_fields=["data"])
+
+
 class Migration(migrations.Migration):
     dependencies = [
         ("social_django", "0012_usersocialauth_extra_data_new"),
     ]
 
     operations = [
-        migrations.RunPython(migrate_json_field, elidable=True),
+        migrations.RunPython(
+            migrate_json_field, migrate_json_field_backwards, elidable=True
+        ),
     ]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/social_django/models.py new/social-auth-app-django-5.4.1/social_django/models.py
--- old/social-auth-app-django-5.4.0/social_django/models.py	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/social_django/models.py	2024-04-24 19:22:24.000000000 +0200
@@ -1,4 +1,5 @@
 """Django ORM models for Social Auth"""
+
 from django.conf import settings
 from django.db import models
 from django.db.utils import IntegrityError
@@ -53,11 +54,15 @@
         abstract = True
 
     @classmethod
-    def get_social_auth(cls, provider, uid):
-        try:
-            return cls.objects.select_related("user").get(provider=provider, uid=uid)
-        except cls.DoesNotExist:
-            return None
+    def get_social_auth(cls, provider: str, uid: str):
+        for social in cls.objects.select_related("user").filter(
+            provider=provider, uid=uid
+        ):
+            # We need to compare to filter out case-insensitive lookups in
+            # some databases (MySQL/MariaDB)
+            if social.uid == uid:
+                return social
+        return None
 
     @classmethod
     def username_max_length(cls):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/social_django/storage.py new/social-auth-app-django-5.4.1/social_django/storage.py
--- old/social-auth-app-django-5.4.0/social_django/storage.py	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/social_django/storage.py	2024-04-24 19:22:24.000000000 +0200
@@ -1,4 +1,5 @@
 """Django ORM models for Social Auth"""
+
 import base64
 
 from django.core.exceptions import FieldDoesNotExist
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/social-auth-app-django-5.4.0/social_django/urls.py new/social-auth-app-django-5.4.1/social_django/urls.py
--- old/social-auth-app-django-5.4.0/social_django/urls.py	2023-10-17 09:41:13.000000000 +0200
+++ new/social-auth-app-django-5.4.1/social_django/urls.py	2024-04-24 19:22:24.000000000 +0200
@@ -1,4 +1,5 @@
 """URLs module"""
+
 from django.conf import settings
 from django.urls import path
 from social_core.utils import setting_name

    

Source-Sync

tags

participants (1)