Mon Apr 29 18:57:35 2024 UTC (28d)
devel/py-python-bugzilla: Fix for API key leak

From Ricardo Branco in PR pkg/58213.
Fixes NetBSD/pkgsrc#138.


(bsiegert)
diff -r1.6 -r1.7 pkgsrc/devel/py-bugzilla/Makefile
diff -r1.5 -r1.6 pkgsrc/devel/py-bugzilla/distinfo
diff -r0 -r1.1 pkgsrc/devel/py-bugzilla/patches/patch-bugzilla___session.py
cvs diff -r1.6 -r1.7 pkgsrc/devel/py-bugzilla/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/py-bugzilla/Makefile 2022/07/08 14:01:33 1.6
+++ pkgsrc/devel/py-bugzilla/Makefile 2024/04/29 18:57:35 1.7
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: Makefile,v 1.6 2022/07/08 14:01:33 wiz Exp $ 1# $NetBSD: Makefile,v 1.7 2024/04/29 18:57:35 bsiegert Exp $
2 2
3DISTNAME= python-bugzilla-3.2.0 3DISTNAME= python-bugzilla-3.2.0
4PKGNAME= ${PYPKGPREFIX}-${DISTNAME} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
 5PKGREVISION= 1
5CATEGORIES= devel python 6CATEGORIES= devel python
6MASTER_SITES= ${MASTER_SITE_PYPI:=p/python-bugzilla/} 7MASTER_SITES= ${MASTER_SITE_PYPI:=p/python-bugzilla/}
7 8
8MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= https://github.com/python-bugzilla/python-bugzilla 10HOMEPAGE= https://github.com/python-bugzilla/python-bugzilla
10COMMENT= Bugzilla XMLRPC access module 11COMMENT= Bugzilla XMLRPC access module
11LICENSE= gnu-gpl-v2 12LICENSE= gnu-gpl-v2
12 13
13DEPENDS+= ${PYPKGPREFIX}-requests-[0-9]*:../../devel/py-requests 14DEPENDS+= ${PYPKGPREFIX}-requests-[0-9]*:../../devel/py-requests
14TEST_DEPENDS+= ${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test 15TEST_DEPENDS+= ${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test
15 16
16PYTHON_VERSIONS_INCOMPATIBLE= 27 17PYTHON_VERSIONS_INCOMPATIBLE= 27
17 18
cvs diff -r1.5 -r1.6 pkgsrc/devel/py-bugzilla/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/py-bugzilla/distinfo 2022/07/08 14:01:33 1.5
+++ pkgsrc/devel/py-bugzilla/distinfo 2024/04/29 18:57:35 1.6
@@ -1,5 +1,6 @@ @@ -1,5 +1,6 @@
1$NetBSD: distinfo,v 1.5 2022/07/08 14:01:33 wiz Exp $ 1$NetBSD: distinfo,v 1.6 2024/04/29 18:57:35 bsiegert Exp $
2 2
3BLAKE2s (python-bugzilla-3.2.0.tar.gz) = d92cf6d3e3defd7f44349756507f631041851581395b3a303159d692201f441d 3BLAKE2s (python-bugzilla-3.2.0.tar.gz) = d92cf6d3e3defd7f44349756507f631041851581395b3a303159d692201f441d
4SHA512 (python-bugzilla-3.2.0.tar.gz) = 215945a0ffd637be5567839303a738a0eef74427838bf0074a5f0ab6022306f47fc0dd5c43a3513b627fb458711f38046321ee9c2c3d43b61ffc577d6dd12375 4SHA512 (python-bugzilla-3.2.0.tar.gz) = 215945a0ffd637be5567839303a738a0eef74427838bf0074a5f0ab6022306f47fc0dd5c43a3513b627fb458711f38046321ee9c2c3d43b61ffc577d6dd12375
5Size (python-bugzilla-3.2.0.tar.gz) = 114279 bytes 5Size (python-bugzilla-3.2.0.tar.gz) = 114279 bytes
 6SHA1 (patch-bugzilla___session.py) = 134ed66dae860195941dfc9c908b525a11112246
File Added: pkgsrc/devel/py-bugzilla/patches/patch-bugzilla___session.py
$NetBSD: patch-bugzilla___session.py,v 1.1 2024/04/29 18:57:35 bsiegert Exp $

Fix for API key leak, https://github.com/python-bugzilla/python-bugzilla/issues/187
--- bugzilla/_session.py.orig	2021-10-05 20:49:16.000000000 +0000
+++ bugzilla/_session.py
@@ -97,14 +97,14 @@ class _BugzillaSession(object):
         if "timeout" not in kwargs:
             kwargs["timeout"] = timeout
 
-        response = self._session.request(*args, **kwargs)
+        try:
+            response = self._session.request(*args, **kwargs)
 
-        if self._is_xmlrpc:
-            # Yes this still appears to matter for properly decoding unicode
-            # code points in bugzilla.redhat.com content
-            response.encoding = "UTF-8"
+            if self._is_xmlrpc:
+                # Yes this still appears to matter for properly decoding unicode
+                # code points in bugzilla.redhat.com content
+                response.encoding = "UTF-8"
 
-        try:
             response.raise_for_status()
         except Exception as e:
             # Scrape the api key out of the returned exception string