Bug#1058562: bullseye-pu: package python-django-imagekit/4.0.2-3+deb11u1

To: Debian BTS <submit@bugs.debian.org>
Subject: Bug#1058562: bullseye-pu: package python-django-imagekit/4.0.2-3+deb11u1
From: Santiago Vila <sanvila@debian.org>
Date: Wed, 13 Dec 2023 00:28:16 +0100
Message-id: <[🔎] 41e1c7b9-7f6f-4c85-9fc5-1f8e64892bd2@debian.org>
Reply-to: Santiago Vila <sanvila@debian.org>, 1058562@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python-django-imagekit@packages.debian.org, sanvila@debian.org
Control: affects -1 + src:python-django-imagekit

[ Reason ]
This release fixes Bug #991650 FTBFS because of failing tests.

[ Impact ]
Anybody trying to build the package from source will get a build error.

[ Tests ]
I've checked that the package builds again after the fix.

[ Risks ]
Low risk. The patch was already tested in the unstable of the time.
There are no real code changes in the program itself, only
in one of the tests.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Minor change to tests/test_sourcegroups.py so that it works again.

[ Other info ]
I've already made the upload.

diff -Nru python-django-imagekit-4.0.2/debian/changelog python-django-imagekit-4.0.2/debian/changelog
--- python-django-imagekit-4.0.2/debian/changelog	2020-02-23 16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/changelog	2023-12-12 23:00:00.000000000 +0100
@@ -1,3 +1,12 @@
+python-django-imagekit (4.0.2-3+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  [ Michael Fladischer ]
+  * Add patch to avoid triggering path traversal detection in tests.
+    Closes: #991650.
+
+ -- Santiago Vila <sanvila@debian.org>  Tue, 12 Dec 2023 23:00:00 +0100
+
 python-django-imagekit (4.0.2-3) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru python-django-imagekit-4.0.2/debian/gbp.conf python-django-imagekit-4.0.2/debian/gbp.conf
--- python-django-imagekit-4.0.2/debian/gbp.conf	2020-02-23 16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/gbp.conf	2023-12-12 22:53:34.000000000 +0100
@@ -1,2 +1,2 @@
 [DEFAULT]
-debian-branch=debian/master
+debian-branch=debian/bullseye
diff -Nru python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
--- python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch	1970-01-01 01:00:00.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch	2023-12-12 22:55:32.000000000 +0100
@@ -0,0 +1,29 @@
+From: Michael Fladischer <FladischerMichael@fladi.at>
+Date: Sun, 31 Oct 2021 20:48:19 +0000
+Subject: Set filename in tests to avoid path traversal detection (Closes:
+ #991650).
+
+---
+ tests/test_sourcegroups.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_sourcegroups.py b/tests/test_sourcegroups.py
+index c69b11f..416b964 100644
+--- a/tests/test_sourcegroups.py
++++ b/tests/test_sourcegroups.py
+@@ -23,7 +23,7 @@ def test_source_saved_signal():
+     source_group = ImageFieldSourceGroup(ImageModel, 'image')
+     receiver = make_counting_receiver(source_group)
+     source_saved.connect(receiver)
+-    ImageModel.objects.create(image=File(get_image_file()))
++    ImageModel.objects.create(image=File(get_image_file(), name='reference.png'))
+     eq_(receiver.count, 1)
+ 
+ 
+@@ -51,5 +51,5 @@ def test_abstract_model_signals():
+     source_group = ImageFieldSourceGroup(AbstractImageModel, 'original_image')
+     receiver = make_counting_receiver(source_group)
+     source_saved.connect(receiver)
+-    ConcreteImageModel.objects.create(original_image=File(get_image_file()))
++    ConcreteImageModel.objects.create(original_image=File(get_image_file(), name='reference.png'))
+     eq_(receiver.count, 1)
diff -Nru python-django-imagekit-4.0.2/debian/patches/series python-django-imagekit-4.0.2/debian/patches/series
--- python-django-imagekit-4.0.2/debian/patches/series	2020-02-23 16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/patches/series	2023-12-12 22:55:32.000000000 +0100
@@ -2,3 +2,4 @@
 0002-Disable-usage-of-nose-progressive-as-it-has-not-been.patch
 0003-Disable-build-status-image-to-prevent-privacy-breach.patch
 0004-Do-not-check-for-existence-if-name-is-None-Closes-95.patch
+0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch

Reply to:

Follow-Ups:
- Processed: bullseye-pu: package python-django-imagekit/4.0.2-3+deb11u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1058562: python-django-imagekit 4.0.2-3+deb11u1 flagged for acceptance
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: Processed: bullseye-pu: package python-django-imagekit/4.0.2-3+deb11u1
Next by Date: NEW changes in stable-new
Previous by thread: Processed: vlfeat 0.9.21+dfsg0-6+deb11u1 flagged for acceptance
Next by thread: Processed: bullseye-pu: package python-django-imagekit/4.0.2-3+deb11u1
Index(es):
- Date
- Thread