From d62f66003cb33675a8ed79552b3624f9549d4256 Mon Sep 17 00:00:00 2001 From: Iustin Pop Date: Sun, 23 Feb 2025 23:09:16 +0100 Subject: [PATCH] New upstream version 0.7.1 --- CONTRIBUTING.md | 65 +++++++++++++++++++++++++++++++++++ MANIFEST.in | 3 +- Makefile | 2 +- NEWS.md | 9 +++++ PKG-INFO | 2 +- README.md | 5 +-- doc/conf.py | 6 ++-- doc/news.md | 9 +++++ doc/readme.md | 5 +-- pylibacl.egg-info/PKG-INFO | 2 +- pylibacl.egg-info/SOURCES.txt | 1 + setup.py | 2 +- tests/test_acls.py | 52 +++++++++++++++++----------- 13 files changed, 131 insertions(+), 32 deletions(-) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..ae6a645 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,65 @@ +# Contributing to pylibacl + +Hi, and thanks for any and all contributions! + +## Bugs and patches + +This is a small project, so let's keep things simple: + +- Please file all bug reports on github + (), as this allows + archival and discovery by other people; +- Send patches as pull requests; for larger changes, would be good to + first open a bug to discuss the plans; + +Due to simplicity, there are no old branches being kept alive, but if +it ever happens that a bug is found in older versions and there is +needed to support older Python versions, it is possible to do so. + +## Code standards + +There are no formal standards, but: + +- Code should be tested - this is why there's a [Codecov + integration](https://app.codecov.io/gh/iustin/pylibacl/tree/main). +- New functions should have good docstrings (in the C code). +- New functions/constants should be listed in the documentation, see + `doc/module.rst` for how to include them. +- All non-trivial changes should be listed in `NEWS.md` for further + inclusion in new releases documentation. Add an "unreleased" section + (if one doesn't exist yet) to list the changes. + +## Release process + +Right now, due to GPG signing, I'm doing releases and signing them +manually (offline, I mean). Basically, once GitHub workflows are fine: + +- Bump the version in all places - use `git grep -F $OLD_VER` and + update as needed. +- Ensure that `setup.py` has the right Python versions listed (bit me + more than once). +- Update the `NEWS.md` file is up to date (contents), and use the + right date. +- Check that the generated documentation (`make doc`) looks right. + +Then run these steps: + +``` +$ make clean +$ make distcheck # this leaves things in dist/ +$ git tag -m 'Release pylibacl-0.0.1' --sign v0.0.1 +$ gpg --sign -b -a dist/pylibacl-0.0.1.tar.gz +$ python3 -m twine upload dist/* +``` + +Separately: + +* Upload the `dist/` contents to GitHub and tag a new release. +* Upload the `dist/` contents to the old-style download area, + . + +Hopefully one day all this can be more automated. + +## Signing key + +The releases are currently signed by my key, see . diff --git a/MANIFEST.in b/MANIFEST.in index a0863f6..ca99914 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,7 +1,8 @@ include COPYING include Makefile include NEWS.md -include README.rst +include README.md +include CONTRIBUTING.md include SECURITY.md include acl.c include setup.cfg diff --git a/Makefile b/Makefile index ffa6398..3164897 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ DOCDIR = doc DOCHTML = $(DOCDIR)/html DOCTREES = $(DOCDIR)/doctrees ALLSPHINXOPTS = -d $(DOCTREES) $(SPHINXOPTS) $(DOCDIR) -VERSION = 0.7.0 +VERSION = 0.7.1 FULLVER = pylibacl-$(VERSION) DISTFILE = $(FULLVER).tar.gz diff --git a/NEWS.md b/NEWS.md index ca55b2d..578790e 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,5 +1,14 @@ # News +## Version 0.7.1 + +*released Fri, 14 Feb 2025* + +Minor version, with a few test improvements, and updated documentation +building dependencies. No user-visible changes otherwise. + +Tested with CPython versions 3.7-3.13, and PyPy 3.7-3.10. + ## Version 0.7.0 *released Sun, 23 Apr 2023* diff --git a/PKG-INFO b/PKG-INFO index 8fe963f..3687bca 100644 --- a/PKG-INFO +++ b/PKG-INFO @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: pylibacl -Version: 0.7.0 +Version: 0.7.1 Summary: POSIX.1e ACLs for python Home-page: https://pylibacl.k1024.org/ Author: Iustin Pop diff --git a/README.md b/README.md index c8e32c3..c4f6cc2 100644 --- a/README.md +++ b/README.md @@ -5,14 +5,15 @@ POSIX.1e Access Control Lists present in some OS/file-systems combinations. Downloads: go to . Latest -version is 0.7.0. The source repository is either at +version is 0.7.1. The source repository is either at or at . For any issues, please file bugs at . -See the `CONTRIBUTING.md` file for details on how to contribute. +See the `CONTRIBUTING.md` file for details on how to contribute, or +support me on [ko-fi](https://ko-fi.com/iustin). [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/iustin/pylibacl/ci.yml?branch=main)](https://github.com/iustin/pylibacl/actions/workflows/ci.yml) [![Codecov](https://img.shields.io/codecov/c/github/iustin/pylibacl)](https://codecov.io/gh/iustin/pylibacl) diff --git a/doc/conf.py b/doc/conf.py index 1f80083..f04efc4 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -25,7 +25,7 @@ sys.path.insert(0, os.path.abspath('../')) # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinx.ext.autodoc', 'sphinx.ext.todo', 'recommonmark'] +extensions = ['sphinx.ext.autodoc', 'sphinx.ext.todo', 'myst_parser'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] @@ -48,9 +48,9 @@ copyright = u'2002-2009, 2012, 2014, 2015, Iustin Pop' # built documents. # # The short X.Y version. -version = '0.7.0' +version = '0.7.1' # The full version, including alpha/beta/rc tags. -release = '0.7.0' +release = '0.7.1' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/doc/news.md b/doc/news.md index ca55b2d..578790e 100644 --- a/doc/news.md +++ b/doc/news.md @@ -1,5 +1,14 @@ # News +## Version 0.7.1 + +*released Fri, 14 Feb 2025* + +Minor version, with a few test improvements, and updated documentation +building dependencies. No user-visible changes otherwise. + +Tested with CPython versions 3.7-3.13, and PyPy 3.7-3.10. + ## Version 0.7.0 *released Sun, 23 Apr 2023* diff --git a/doc/readme.md b/doc/readme.md index c8e32c3..c4f6cc2 100644 --- a/doc/readme.md +++ b/doc/readme.md @@ -5,14 +5,15 @@ POSIX.1e Access Control Lists present in some OS/file-systems combinations. Downloads: go to . Latest -version is 0.7.0. The source repository is either at +version is 0.7.1. The source repository is either at or at . For any issues, please file bugs at . -See the `CONTRIBUTING.md` file for details on how to contribute. +See the `CONTRIBUTING.md` file for details on how to contribute, or +support me on [ko-fi](https://ko-fi.com/iustin). [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/iustin/pylibacl/ci.yml?branch=main)](https://github.com/iustin/pylibacl/actions/workflows/ci.yml) [![Codecov](https://img.shields.io/codecov/c/github/iustin/pylibacl)](https://codecov.io/gh/iustin/pylibacl) diff --git a/pylibacl.egg-info/PKG-INFO b/pylibacl.egg-info/PKG-INFO index 8fe963f..3687bca 100644 --- a/pylibacl.egg-info/PKG-INFO +++ b/pylibacl.egg-info/PKG-INFO @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: pylibacl -Version: 0.7.0 +Version: 0.7.1 Summary: POSIX.1e ACLs for python Home-page: https://pylibacl.k1024.org/ Author: Iustin Pop diff --git a/pylibacl.egg-info/SOURCES.txt b/pylibacl.egg-info/SOURCES.txt index 48723b7..c7a6c39 100644 --- a/pylibacl.egg-info/SOURCES.txt +++ b/pylibacl.egg-info/SOURCES.txt @@ -1,3 +1,4 @@ +CONTRIBUTING.md COPYING MANIFEST.in Makefile diff --git a/setup.py b/setup.py index 5afc738..ac0f487 100755 --- a/setup.py +++ b/setup.py @@ -31,7 +31,7 @@ long_desc = """This is a C extension module for Python which implements POSIX ACLs manipulation. It is a wrapper on top of the systems's acl C library - see acl(5).""" -version = "0.7.0" +version = "0.7.1" setup(name="pylibacl", version=version, diff --git a/tests/test_acls.py b/tests/test_acls.py index 5bb4837..0937fdb 100644 --- a/tests/test_acls.py +++ b/tests/test_acls.py @@ -523,33 +523,45 @@ class TestAclExtensions: assert a == b assert b != c + @staticmethod + def get_nulled_state(src=None): + """Generate a mostly-valid external serialization + + Passing arbitrary state into acl_copy_int() is dangerous. That + C function gets a void * buffer, and then casts that to an ACL + structure, irrespective of buffer length; this can lead to + segfaults (via unallocated memory indexing). Depending on the + exact buffer, the same code might segfault on all + architectures, some architectures, all C compiler versions, or + some C compilers, or any combination of the above :( + + To mitigate this, pass a much larger buffer size as returned + from the state, just nulled out - in the Linux version of the + library, the first byte is the structure size and is tested + for correct size, and a null byte will cause failure. + + """ + if src is None: + src = posix1e.ACL() + state = src.__getstate__() + nulled = b'\x00' * (10 * len(state)) + return nulled + @require_copy_ext - def test_acl_copy_ext_failure(self): + def test_acl_copy_int_failure(self): a = posix1e.ACL() - state = a.__getstate__() - # This is a dangerous test. The acl_copy_int() C function gets - # a void * buffer, and then casts that to an ACL structure, - # irrespective of buffer length; this can lead to segfaults - # (via unallocated memory indexing) - # - # To mitigate this, pass same buffer size as returned from the - # state, just nulled out - in the Linux version of the - # library, the first byte is the structure size and is tested - # for correct size, and a null byte will cause failure. - nulled = b'\x00' * len(state) + nulled = self.get_nulled_state(a) with pytest.raises(IOError): a.__setstate__(nulled) @require_copy_ext - def test_acl_copy_ext_failure(self): + def test_acl_copy_int_failure_is_noop(self): a = posix1e.ACL(text=BASIC_ACL_TEXT) b = posix1e.ACL() c = posix1e.ACL(acl=a) assert a == c assert a != b - state = b.__getstate__() - # See notes in the test_acl_copy_ext_failure() for how tricky this is. - nulled = b'\x00' * len(state) + nulled = self.get_nulled_state(b) with pytest.raises(IOError): a.__setstate__(nulled) # Assert that 'a' didn't change in the attempt to restore @@ -557,13 +569,13 @@ class TestAclExtensions: assert a == c @require_copy_ext - def test_acl_copy_ext_args(self): + def test_acl_copy_int_args(self): a = posix1e.ACL() with pytest.raises(TypeError): a.__setstate__(None) @require_copy_ext - def test_acl_init_copy_ext(self): + def test_acl_init_copy_int(self): a = posix1e.ACL(text=BASIC_ACL_TEXT) b = posix1e.ACL() c = posix1e.ACL(data=a.__getstate__()) @@ -571,9 +583,9 @@ class TestAclExtensions: assert c == a @require_copy_ext - def test_acl_init_copy_ext_invalid(self): + def test_acl_init_copy_int_invalid(self): with pytest.raises(IOError): - posix1e.ACL(data=b"foobar") + posix1e.ACL(data=self.get_nulled_state()) class TestWrite: -- 2.39.5