Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package azure-cli-core for openSUSE:Factory checked in at 2024-08-08 10:58:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/azure-cli-core (Old) and /work/SRC/openSUSE:Factory/.azure-cli-core.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "azure-cli-core" Thu Aug 8 10:58:42 2024 rev:71 rq:1192486 version:2.63.0 Changes: -------- --- /work/SRC/openSUSE:Factory/azure-cli-core/azure-cli-core.changes 2024-07-25 16:21:52.474290268 +0200 +++ /work/SRC/openSUSE:Factory/.azure-cli-core.new.7232/azure-cli-core.changes 2024-08-08 10:59:12.121602364 +0200 @@ -1,0 +2,12 @@ +Wed Aug 7 09:20:05 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> + +- New upstream release + + Version 2.63.0 + + For detailed information about changes see the + HISTORY.rst file provided with this package +- Drop extra LICENSE.txt as upstream now ships its own +- Drop patches for issues fixed upstream + + acc_update-psutil.patch +- Update Requires from setup.py + +------------------------------------------------------------------- Old: ---- LICENSE.txt acc_update-psutil.patch azure_cli_core-2.62.0.tar.gz New: ---- azure_cli_core-2.63.0.tar.gz BETA DEBUG BEGIN: Old:- Drop patches for issues fixed upstream + acc_update-psutil.patch - Update Requires from setup.py BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ azure-cli-core.spec ++++++ --- /var/tmp/diff_new_pack.RbVaBo/_old 2024-08-08 10:59:12.629623249 +0200 +++ /var/tmp/diff_new_pack.RbVaBo/_new 2024-08-08 10:59:12.629623249 +0200 @@ -24,16 +24,14 @@ %global _sitelibdir %{%{pythons}_sitelib} Name: azure-cli-core -Version: 2.62.0 +Version: 2.63.0 Release: 0 Summary: Microsoft Azure CLI Core Module License: MIT Group: System/Management URL: https://github.com/Azure/azure-cli Source: https://files.pythonhosted.org/packages/source/a/azure-cli-core/azure_cli_core-%{version}.tar.gz -Source1: LICENSE.txt Patch0: acc_disable-update-check.patch -Patch1: acc_update-psutil.patch BuildRequires: %{pythons}-azure-nspkg >= 3.0.0 BuildRequires: %{pythons}-pip BuildRequires: %{pythons}-setuptools @@ -53,9 +51,9 @@ Requires: %{pythons}-knack < 1.0.0 Requires: %{pythons}-knack >= 0.11.0 Requires: %{pythons}-msal < 2.0.0 -Requires: %{pythons}-msal >= 1.28.1 +Requires: %{pythons}-msal >= 1.30.0 Requires: %{pythons}-msal-extensions < 2.0.0 -Requires: %{pythons}-msal-extensions >= 1.2.0~b1 +Requires: %{pythons}-msal-extensions >= 1.2.0 Requires: %{pythons}-msrestazure < 0.7.0 Requires: %{pythons}-msrestazure >= 0.6.4 Requires: %{pythons}-packaging >= 20.9 @@ -80,7 +78,6 @@ %autosetup -p1 -n azure_cli_core-%{version} %build -install -m 644 %{SOURCE1} %{_builddir}/azure-cli-core-%{version} %pyproject_wheel %install ++++++ azure_cli_core-2.62.0.tar.gz -> azure_cli_core-2.63.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/HISTORY.rst new/azure_cli_core-2.63.0/HISTORY.rst --- old/azure_cli_core-2.62.0/HISTORY.rst 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/HISTORY.rst 2024-07-31 05:39:17.000000000 +0200 @@ -3,6 +3,13 @@ Release History =============== +2.63.0 +++++++ +* Resolve CVE-2024-39689 (#29320) +* Support `az config set extension.dynamic_install_allow_preview` for extension dynamic installation configuration (#29413) +* Resolve CVE-2024-6345 (#29433) +* `az logout`: Remove service principal access tokens from token cache (#29441) + 2.62.0 ++++++ * Fix #28997: Fix error "User cancelled the Accounts Control Operation" when logging in with WAM as Administrator (#29088) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/PKG-INFO new/azure_cli_core-2.63.0/PKG-INFO --- old/azure_cli_core-2.62.0/PKG-INFO 2024-07-04 04:24:02.767936700 +0200 +++ new/azure_cli_core-2.63.0/PKG-INFO 2024-07-31 05:39:33.541276200 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: azure-cli-core -Version: 2.62.0 +Version: 2.63.0 Summary: Microsoft Azure Command-Line Tools Core Module Home-page: https://github.com/Azure/azure-cli Author: Microsoft Corporation @@ -26,13 +26,13 @@ Requires-Dist: humanfriendly~=10.0 Requires-Dist: jmespath Requires-Dist: knack~=0.11.0 -Requires-Dist: msal-extensions==1.2.0b1 -Requires-Dist: msal[broker]==1.28.1 +Requires-Dist: msal-extensions==1.2.0 +Requires-Dist: msal[broker]==1.30.0 Requires-Dist: msrestazure~=0.6.4 Requires-Dist: packaging>=20.9 Requires-Dist: paramiko<4.0.0,>=2.0.8 Requires-Dist: pkginfo>=1.5.0.1 -Requires-Dist: psutil~=5.9; sys_platform != "cygwin" +Requires-Dist: psutil>=5.9; sys_platform != "cygwin" Requires-Dist: PyJWT>=2.1.0 Requires-Dist: pyopenssl>=17.1.0 Requires-Dist: requests[socks] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/__init__.py new/azure_cli_core-2.63.0/azure/cli/core/__init__.py --- old/azure_cli_core-2.62.0/azure/cli/core/__init__.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/__init__.py 2024-07-31 05:39:17.000000000 +0200 @@ -4,7 +4,7 @@ # -------------------------------------------------------------------------------------------- # pylint: disable=line-too-long -__version__ = "2.62.0" +__version__ = "2.63.0" import os import sys diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/_profile.py new/azure_cli_core-2.63.0/azure/cli/core/_profile.py --- old/azure_cli_core-2.62.0/azure/cli/core/_profile.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/_profile.py 2024-07-31 05:39:17.000000000 +0200 @@ -302,16 +302,25 @@ return deepcopy(consolidated) def logout(self, user_or_sp): + # The order of below steps matter! We must + # 1. Remove the account from MSAL token cache and SP store + # 2. Remove the account from CLI profile + # This way, if step 1 fails, CLI still keeps track of the account. Otherwise, if we do the + # reverse and step 1 fails, CLI will lose track of the account. + + # Step 1: Remove the account from MSAL token cache and SP store (SP only) + # We can't distinguish whether user_or_sp is a user or SP, so try both + identity = _create_identity_instance(self.cli_ctx, self._authority) + identity.logout_user(user_or_sp) + identity.logout_service_principal(user_or_sp) + + # Step 2: Remove the account from CLI profile subscriptions = self.load_cached_subscriptions(all_clouds=True) result = [x for x in subscriptions if user_or_sp.lower() == x[_USER_ENTITY][_USER_NAME].lower()] subscriptions = [x for x in subscriptions if x not in result] self._storage[_SUBSCRIPTIONS] = subscriptions - identity = _create_identity_instance(self.cli_ctx, self._authority) - identity.logout_user(user_or_sp) - identity.logout_service_principal(user_or_sp) - def logout_all(self): self._storage[_SUBSCRIPTIONS] = [] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/aaz/_field_value.py new/azure_cli_core-2.63.0/azure/cli/core/aaz/_field_value.py --- old/azure_cli_core-2.62.0/azure/cli/core/aaz/_field_value.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/aaz/_field_value.py 2024-07-31 05:39:17.000000000 +0200 @@ -182,8 +182,7 @@ return len(self._data) def __iter__(self): - for key in self._data: - yield key + yield from self._data def __eq__(self, other): if isinstance(other, AAZBaseValue): @@ -326,8 +325,7 @@ self._len = 0 if self._data is not None and self._data != AAZUndefined: for idx in self._data: - if idx + 1 > self._len: - self._len = idx + 1 + self._len = max(self._len, idx + 1) def __getitem__(self, idx) -> AAZBaseValue: if not isinstance(idx, int): @@ -341,8 +339,7 @@ if idx not in self._data: self._data[idx] = AAZValuePatch.build(item_schema) - if idx + 1 > self._len: - self._len = idx + 1 + self._len = max(self._len, idx + 1) return item_schema._ValueCls(item_schema, self._data[idx]) @@ -362,8 +359,7 @@ self._data[idx] = item_schema.process_data(data, key=idx) - if idx + 1 > self._len: - self._len = idx + 1 + self._len = max(self._len, idx + 1) def __delitem__(self, idx): if not isinstance(idx, int): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/aaz/_help.py new/azure_cli_core-2.63.0/azure/cli/core/aaz/_help.py --- old/azure_cli_core-2.62.0/azure/cli/core/aaz/_help.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/aaz/_help.py 2024-07-31 05:39:17.000000000 +0200 @@ -120,8 +120,7 @@ prop_group_name = prop_schema._arg_group or "" header_len = len(prop_name) + len(prop_tags) + (1 if prop_tags else 0) - if header_len > max_header_len: - max_header_len = header_len + max_header_len = max(max_header_len, header_len) layouts.append({ "name": prop_name, "tags": prop_tags, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/aaz/_operation.py new/azure_cli_core-2.63.0/azure/cli/core/aaz/_operation.py --- old/azure_cli_core-2.62.0/azure/cli/core/aaz/_operation.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/aaz/_operation.py 2024-07-31 05:39:17.000000000 +0200 @@ -652,8 +652,7 @@ if disc_schema is not None: schemas.append(disc_schema) for schema in schemas: - for key in schema._fields: - yield key + yield from schema._fields def _throw_and_show_options(self, instance, part, path, flatten): parent = '.'.join(path[:-1]).replace('.[', '[') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/auth/identity.py new/azure_cli_core-2.63.0/azure/cli/core/auth/identity.py --- old/azure_cli_core-2.62.0/azure/cli/core/auth/identity.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/auth/identity.py 2024-07-31 05:39:17.000000000 +0200 @@ -11,7 +11,7 @@ from azure.cli.core._environment import get_config_dir from knack.log import get_logger from knack.util import CLIError -from msal import PublicClientApplication +from msal import PublicClientApplication, ConfidentialClientApplication # Service principal entry properties from .msal_authentication import _CLIENT_ID, _TENANT, _CLIENT_SECRET, _CERTIFICATE, _CLIENT_ASSERTION, \ @@ -203,8 +203,9 @@ def login_in_cloud_shell(self, scopes): raise NotImplementedError - def logout_user(self, user): - accounts = self._msal_app.get_accounts(user) + def logout_user(self, username): + # If username is an SP client ID, it is ignored + accounts = self._msal_app.get_accounts(username) for account in accounts: self._msal_app.remove_account(account) @@ -218,12 +219,21 @@ for e in file_extensions.values(): _try_remove(self._token_cache_file + e) - def logout_service_principal(self, sp): - # remove service principal secrets - self._service_principal_store.remove_entry(sp) + def logout_service_principal(self, client_id): + # If client_id is a username, it is ignored + + # Step 1: Remove SP from MSAL token cache + # Note that removing SP access tokens shouldn't rely on SP store + cca = ConfidentialClientApplication(client_id, **self._msal_app_kwargs) + cca.remove_tokens_for_client() + + # Step 2: Remove SP from SP store + self._service_principal_store.remove_entry(client_id) def logout_all_service_principal(self): # remove service principal secrets + # TODO: As MSAL provides no interface to get all service principals in its token cache, this method can't + # clear all service principals' access tokens from MSAL token cache. for e in file_extensions.values(): _try_remove(self._secret_file + e) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/extension/__init__.py new/azure_cli_core-2.63.0/azure/cli/core/extension/__init__.py --- old/azure_cli_core-2.62.0/azure/cli/core/extension/__init__.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/extension/__init__.py 2024-07-31 05:39:17.000000000 +0200 @@ -8,7 +8,7 @@ import traceback import json import re -from distutils.sysconfig import get_python_lib # pylint: disable=deprecated-module +from sysconfig import get_path import pkginfo from knack.config import CLIConfig @@ -22,7 +22,7 @@ EXTENSIONS_DIR = os.path.expanduser(_CUSTOM_EXT_DIR) if _CUSTOM_EXT_DIR else os.path.join(GLOBAL_CONFIG_DIR, 'cliextensions') DEV_EXTENSION_SOURCES = _DEV_EXTENSION_SOURCES.split(',') if _DEV_EXTENSION_SOURCES else [] -EXTENSIONS_SYS_DIR = os.path.expanduser(_CUSTOM_EXT_SYS_DIR) if _CUSTOM_EXT_SYS_DIR else os.path.join(get_python_lib(), 'azure-cli-extensions') +EXTENSIONS_SYS_DIR = os.path.expanduser(_CUSTOM_EXT_SYS_DIR) if _CUSTOM_EXT_SYS_DIR else os.path.join(get_path("purelib"), 'azure-cli-extensions') EXTENSIONS_MOD_PREFIX = 'azext_' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/extension/dynamic_install.py new/azure_cli_core-2.63.0/azure/cli/core/extension/dynamic_install.py --- old/azure_cli_core-2.62.0/azure/cli/core/extension/dynamic_install.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/extension/dynamic_install.py 2024-07-31 05:39:17.000000000 +0200 @@ -109,6 +109,19 @@ return run_after_extension_installed +def _get_extension_allow_preview_install_config(cli_ctx): + default_value = True + if cli_ctx and cli_ctx.config.get('extension', 'dynamic_install_allow_preview', None) is None: + logger.warning("Preview version of extension is enabled by default for extension installation now. " + "Will be disabled in future release. ") + logger.warning("Please run 'az config set extension.dynamic_install_allow_preview=true or false' " + "to config it specifically. ") + dynamic_install_allow_preview = cli_ctx.config.getboolean('extension', + 'dynamic_install_allow_preview', + default_value) if cli_ctx else default_value + return dynamic_install_allow_preview + + def try_install_extension(parser, args): # parser.cli_ctx is None when parser.prog is beyond 'az', such as 'az iot'. # use cli_ctx from cli_help which is not lost. @@ -181,13 +194,15 @@ # extension is already installed and return if yes as the error is not caused by extension not installed. from azure.cli.core.extension import get_extension, ExtensionNotInstalledException from azure.cli.core.extension._resolve import resolve_from_index, NoExtensionCandidatesError + extension_allow_preview = _get_extension_allow_preview_install_config(cli_ctx) try: ext = get_extension(ext_name) except ExtensionNotInstalledException: pass else: try: - resolve_from_index(ext_name, cur_version=ext.version, cli_ctx=cli_ctx) + resolve_from_index(ext_name, cur_version=ext.version, cli_ctx=cli_ctx, + allow_preview=extension_allow_preview) except NoExtensionCandidatesError: return @@ -224,7 +239,7 @@ print_error = True if install_ext: from azure.cli.core.extension.operations import add_extension - add_extension(cli_ctx=cli_ctx, extension_name=ext_name, upgrade=True) + add_extension(cli_ctx=cli_ctx, extension_name=ext_name, upgrade=True, allow_preview=extension_allow_preview) if run_after_extension_installed: import subprocess import platform diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure/cli/core/profiles/_shared.py new/azure_cli_core-2.63.0/azure/cli/core/profiles/_shared.py --- old/azure_cli_core-2.62.0/azure/cli/core/profiles/_shared.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure/cli/core/profiles/_shared.py 2024-07-31 05:39:17.000000000 +0200 @@ -261,7 +261,7 @@ ResourceType.MGMT_ARO: '2023-09-04', ResourceType.MGMT_DATABOXEDGE: '2021-02-01-preview', ResourceType.MGMT_CUSTOMLOCATION: '2021-03-15-preview', - ResourceType.MGMT_CONTAINERSERVICE: SDKProfile('2024-02-01'), + ResourceType.MGMT_CONTAINERSERVICE: SDKProfile('2024-05-01'), ResourceType.MGMT_APPCONTAINERS: '2022-10-01', }, '2020-09-01-hybrid': { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure_cli_core.egg-info/PKG-INFO new/azure_cli_core-2.63.0/azure_cli_core.egg-info/PKG-INFO --- old/azure_cli_core-2.62.0/azure_cli_core.egg-info/PKG-INFO 2024-07-04 04:24:02.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure_cli_core.egg-info/PKG-INFO 2024-07-31 05:39:33.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: azure-cli-core -Version: 2.62.0 +Version: 2.63.0 Summary: Microsoft Azure Command-Line Tools Core Module Home-page: https://github.com/Azure/azure-cli Author: Microsoft Corporation @@ -26,13 +26,13 @@ Requires-Dist: humanfriendly~=10.0 Requires-Dist: jmespath Requires-Dist: knack~=0.11.0 -Requires-Dist: msal-extensions==1.2.0b1 -Requires-Dist: msal[broker]==1.28.1 +Requires-Dist: msal-extensions==1.2.0 +Requires-Dist: msal[broker]==1.30.0 Requires-Dist: msrestazure~=0.6.4 Requires-Dist: packaging>=20.9 Requires-Dist: paramiko<4.0.0,>=2.0.8 Requires-Dist: pkginfo>=1.5.0.1 -Requires-Dist: psutil~=5.9; sys_platform != "cygwin" +Requires-Dist: psutil>=5.9; sys_platform != "cygwin" Requires-Dist: PyJWT>=2.1.0 Requires-Dist: pyopenssl>=17.1.0 Requires-Dist: requests[socks] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/azure_cli_core.egg-info/requires.txt new/azure_cli_core-2.63.0/azure_cli_core.egg-info/requires.txt --- old/azure_cli_core-2.62.0/azure_cli_core.egg-info/requires.txt 2024-07-04 04:24:02.000000000 +0200 +++ new/azure_cli_core-2.63.0/azure_cli_core.egg-info/requires.txt 2024-07-31 05:39:33.000000000 +0200 @@ -5,8 +5,8 @@ humanfriendly~=10.0 jmespath knack~=0.11.0 -msal-extensions==1.2.0b1 -msal[broker]==1.28.1 +msal-extensions==1.2.0 +msal[broker]==1.30.0 msrestazure~=0.6.4 packaging>=20.9 paramiko<4.0.0,>=2.0.8 @@ -16,7 +16,7 @@ requests[socks] [:sys_platform != "cygwin"] -psutil~=5.9 +psutil>=5.9 [:sys_platform == "linux"] distro diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/azure_cli_core-2.62.0/setup.py new/azure_cli_core-2.63.0/setup.py --- old/azure_cli_core-2.62.0/setup.py 2024-07-04 04:23:33.000000000 +0200 +++ new/azure_cli_core-2.63.0/setup.py 2024-07-31 05:39:17.000000000 +0200 @@ -8,7 +8,7 @@ from codecs import open from setuptools import setup, find_packages -VERSION = "2.62.0" +VERSION = "2.63.0" # If we have source, validate that our version numbers match # This should prevent uploading releases with mismatched versions. @@ -52,14 +52,14 @@ 'humanfriendly~=10.0', 'jmespath', 'knack~=0.11.0', - 'msal-extensions==1.2.0b1', - 'msal[broker]==1.28.1', + 'msal-extensions==1.2.0', + 'msal[broker]==1.30.0', 'msrestazure~=0.6.4', 'packaging>=20.9', 'paramiko>=2.0.8,<4.0.0', 'pkginfo>=1.5.0.1', # psutil can't install on cygwin: https://github.com/Azure/azure-cli/issues/9399 - 'psutil~=5.9; sys_platform != "cygwin"', + 'psutil>=5.9; sys_platform != "cygwin"', 'PyJWT>=2.1.0', 'pyopenssl>=17.1.0', # https://github.com/pyca/pyopenssl/pull/612 'requests[socks]'