Bug#702771: unblock: sqlobject/0.12.4-2.2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package sqlobject
sqlobject 0.12.4-2.2 fixes #695233, which prevents it from working
properly with the default postgres version in wheezy. Since sqlobject
is a database ORM, this is a reasonably serious regression from
squeeze, so it would be useful to have it fixed.
debdiff sqlobject_0.12.4-2.1.dsc sqlobject_0.12.4-2.2.dsc
diff -Nru sqlobject-0.12.4/debian/changelog sqlobject-0.12.4/debian/changelog
--- sqlobject-0.12.4/debian/changelog 2012-01-14 16:12:15.000000000 +0200
+++ sqlobject-0.12.4/debian/changelog 2013-02-11 13:03:52.000000000 +0200
@@ -1,3 +1,13 @@
+sqlobject (0.12.4-2.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix "SQLObject doesn't escape strings correctly for postgresql 9.1":
+ new patch postgres_escape_0.12.4 backported from upstream (1.2.0).
+ (Closes: #695233)
+
+ -- Neil Muller <drnlmuller+debian@gmail.com> Mon, 11 Feb 2013 13:03:04 +0200
+
+
sqlobject (0.12.4-2.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4
--- sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 1970-01-01 02:00:00.000000000 +0200
+++ sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 2013-02-11 13:02:03.000000000 +0200
@@ -0,0 +1,169 @@
+Description: Postgresql 9.1 changed the default value of standard_conforming_strings to on. SQLObject only added support for the E'' escape syntax in version 1.2.0
+Origin: upstream, Version 1.2.0
+Bug-Debian: http://bugs.debian.org/695233
+Author: phd
+Last-Update: 2013-02-11
+
+--- a/sqlobject/converters.py (revision 4567)
++++ b/sqlobject/converters.py (working copy)
+@@ -1,6 +1,11 @@
++from array import array
++import datetime
++from decimal import Decimal
+ import sys
+-from array import array
++import time
++from types import ClassType, InstanceType, NoneType
+
++
+ try:
+ import mx.DateTime.ISO
+ origISOStr = mx.DateTime.ISO.strGMT
+@@ -15,17 +20,12 @@
+ DateTimeType = None
+ DateTimeDeltaType = None
+
+-import time
+-import datetime
+-
+ try:
+ import Sybase
+ NumericType=Sybase.NumericType
+ except ImportError:
+ NumericType = None
+
+-from decimal import Decimal
+-from types import ClassType, InstanceType, NoneType
+
+ ########################################
+ ## Quoting
+@@ -90,6 +90,8 @@
+ value = value.replace("'", "''")
+ else:
+ assert 0, "Database %s unknown" % db
++ if db in ('postgres', 'rdbhost') and ('\\' in value):
++ return "E'%s'" % value
+ return "'%s'" % value
+
+ registerConverter(str, StringLikeConverter)
+@@ -198,3 +200,17 @@
+ return converter(obj, db)
+ else:
+ return reprFunc(db)
++
++
++def quote_str(s, db):
++ if db in ('postgres', 'rdbhost') and ('\\' in s):
++ return "E'%s'" % s
++ return "'%s'" % s
++
++def unquote_str(s):
++ if s.upper().startswith("E'") and s.endswith("'"):
++ return s[2:-1]
++ elif s.startswith("'") and s.endswith("'"):
++ return s[1:-1]
++ else:
++ return s
+Index: sqlobject/sqlbuilder.py
+===================================================================
+--- a/sqlobject/sqlbuilder.py (revision 4567)
++++ b/sqlobject/sqlbuilder.py (working copy)
+@@ -70,7 +70,7 @@
+ import weakref
+
+ import classregistry
+-from converters import sqlrepr, registerConverter
++from converters import registerConverter, sqlrepr, quote_str, unquote_str
+
+
+ class VersionError(Exception):
+@@ -896,18 +896,18 @@
+ if isinstance(s, SQLExpression):
+ values = []
+ if self.prefix:
+- values.append("'%s'" % self.prefix)
++ values.append(quote_str(self.prefix, db))
+ s = _quote_like_special(sqlrepr(s, db), db)
+ values.append(s)
+ if self.postfix:
+- values.append("'%s'" % self.postfix)
++ values.append(quote_str(self.postfix, db))
+ if db == "mysql":
+ return "CONCAT(%s)" % ", ".join(values)
+ else:
+ return " || ".join(values)
+ elif isinstance(s, basestring):
+- s = _quote_like_special(sqlrepr(s, db)[1:-1], db)
+- return "'%s%s%s'" % (self.prefix, s, self.postfix)
++ s = _quote_like_special(unquote_str(sqlrepr(s, db)), db)
++ return quote_str("%s%s%s" % (self.prefix, s, self.postfix), db)
+ else:
+ raise TypeError, "expected str, unicode or SQLExpression, got %s" % type(s)
+
+Index: sqlobject/tests/test_converters.py
+===================================================================
+--- a/sqlobject/tests/test_converters.py (revision 4567)
++++ b/sqlobject/tests/test_converters.py (working copy)
+@@ -1,9 +1,11 @@
+ import sys
+ from sqlobject.sqlbuilder import sqlrepr
++from sqlobject.converters import registerConverter, sqlrepr, \
++ quote_str, unquote_str
+ from sqlobject.sqlbuilder import SQLExpression, SQLObjectField, \
+ Select, Insert, Update, Delete, Replace, \
+- SQLTrueClauseClass, SQLConstant, SQLPrefix, SQLCall, SQLOp
+-from sqlobject.converters import registerConverter
++ SQLTrueClauseClass, SQLConstant, SQLPrefix, SQLCall, SQLOp, \
++ _LikeQuoted
+
+ class TestClass:
+
+@@ -40,23 +42,23 @@
+ assert sqlrepr('A String', 'firebird') == "'A String'"
+
+ def test_string_newline():
+- assert sqlrepr('A String\nAnother', 'postgres') == "'A String\\nAnother'"
++ assert sqlrepr('A String\nAnother', 'postgres') == "E'A String\\nAnother'"
+ assert sqlrepr('A String\nAnother', 'sqlite') == "'A String\nAnother'"
+
+ def test_string_tab():
+- assert sqlrepr('A String\tAnother', 'postgres') == "'A String\\tAnother'"
++ assert sqlrepr('A String\tAnother', 'postgres') == "E'A String\\tAnother'"
+
+ def test_string_r():
+- assert sqlrepr('A String\rAnother', 'postgres') == "'A String\\rAnother'"
++ assert sqlrepr('A String\rAnother', 'postgres') == "E'A String\\rAnother'"
+
+ def test_string_b():
+- assert sqlrepr('A String\bAnother', 'postgres') == "'A String\\bAnother'"
++ assert sqlrepr('A String\bAnother', 'postgres') == "E'A String\\bAnother'"
+
+ def test_string_000():
+- assert sqlrepr('A String\000Another', 'postgres') == "'A String\\0Another'"
++ assert sqlrepr('A String\000Another', 'postgres') == "E'A String\\0Another'"
+
+ def test_string_():
+- assert sqlrepr('A String\tAnother', 'postgres') == "'A String\\tAnother'"
++ assert sqlrepr('A String\tAnother', 'postgres') == "E'A String\\tAnother'"
+ assert sqlrepr('A String\'Another', 'firebird') == "'A String''Another'"
+
+ def test_simple_unicode():
+@@ -195,3 +197,18 @@
+ pass
+ else:
+ assert sqlrepr(Set([1])) == "(1)"
++
++def test_quote_unquote_str():
++ assert quote_str('test%', 'postgres') == "'test%'"
++ assert quote_str('test%', 'sqlite') == "'test%'"
++ assert quote_str('test\%', 'postgres') == "E'test\\%'"
++ assert quote_str('test\\%', 'sqlite') == "'test\%'"
++ assert unquote_str("'test%'") == 'test%'
++ assert unquote_str("'test\\%'") == 'test\\%'
++ assert unquote_str("E'test\\%'") == 'test\\%'
++
++def test_like_quoted():
++ assert sqlrepr(_LikeQuoted('test'), 'postgres') == "'test'"
++ assert sqlrepr(_LikeQuoted('test'), 'sqlite') == "'test'"
++ assert sqlrepr(_LikeQuoted('test%'), 'postgres') == r"E'test\\%'"
++ assert sqlrepr(_LikeQuoted('test%'), 'sqlite') == r"'test\%'"
diff -Nru sqlobject-0.12.4/debian/patches/series sqlobject-0.12.4/debian/patches/series
--- sqlobject-0.12.4/debian/patches/series 2012-01-14 16:05:43.000000000 +0200
+++ sqlobject-0.12.4/debian/patches/series 2013-02-11 12:27:45.000000000 +0200
@@ -1,2 +1,3 @@
get_rid_of_setuptools
psycopg2-autocommit
+postgres_escape_0.12.4
unblock sqlobject/0.12.4-2.2
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: