Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python-django-image...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:python-django-imagekit
[ Reason ]
This release fixes Bug #991650 FTBFS because of failing tests.
[ Impact ]
Anybody trying to build the package from source will get a build error.
[ Tests ]
I've checked that the package builds again after the fix.
[ Risks ]
Low risk. The patch was already tested in the unstable of the time.
There are no real code changes in the program itself, only
in one of the tests.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Minor change to tests/test_sourcegroups.py so that it works again.
[ Other info ]
I've already made the upload.
diff -Nru python-django-imagekit-4.0.2/debian/changelog
python-django-imagekit-4.0.2/debian/changelog
--- python-django-imagekit-4.0.2/debian/changelog 2020-02-23
16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/changelog 2023-12-12
23:00:00.000000000 +0100
@@ -1,3 +1,12 @@
+python-django-imagekit (4.0.2-3+deb11u1) bullseye; urgency=medium
+
+ * Team upload.
+ [ Michael Fladischer ]
+ * Add patch to avoid triggering path traversal detection in tests.
+ Closes: #991650.
+
+ -- Santiago Vila <sanv...@debian.org> Tue, 12 Dec 2023 23:00:00 +0100
+
python-django-imagekit (4.0.2-3) unstable; urgency=medium
[ Ondřej Nový ]
diff -Nru python-django-imagekit-4.0.2/debian/gbp.conf
python-django-imagekit-4.0.2/debian/gbp.conf
--- python-django-imagekit-4.0.2/debian/gbp.conf 2020-02-23
16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/gbp.conf 2023-12-12
22:53:34.000000000 +0100
@@ -1,2 +1,2 @@
[DEFAULT]
-debian-branch=debian/master
+debian-branch=debian/bullseye
diff -Nru
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
---
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
1970-01-01 01:00:00.000000000 +0100
+++
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
2023-12-12 22:55:32.000000000 +0100
@@ -0,0 +1,29 @@
+From: Michael Fladischer <fladischermich...@fladi.at>
+Date: Sun, 31 Oct 2021 20:48:19 +0000
+Subject: Set filename in tests to avoid path traversal detection (Closes:
+ #991650).
+
+---
+ tests/test_sourcegroups.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_sourcegroups.py b/tests/test_sourcegroups.py
+index c69b11f..416b964 100644
+--- a/tests/test_sourcegroups.py
++++ b/tests/test_sourcegroups.py
+@@ -23,7 +23,7 @@ def test_source_saved_signal():
+ source_group = ImageFieldSourceGroup(ImageModel, 'image')
+ receiver = make_counting_receiver(source_group)
+ source_saved.connect(receiver)
+- ImageModel.objects.create(image=File(get_image_file()))
++ ImageModel.objects.create(image=File(get_image_file(),
name='reference.png'))
+ eq_(receiver.count, 1)
+
+
+@@ -51,5 +51,5 @@ def test_abstract_model_signals():
+ source_group = ImageFieldSourceGroup(AbstractImageModel, 'original_image')
+ receiver = make_counting_receiver(source_group)
+ source_saved.connect(receiver)
+- ConcreteImageModel.objects.create(original_image=File(get_image_file()))
++ ConcreteImageModel.objects.create(original_image=File(get_image_file(),
name='reference.png'))
+ eq_(receiver.count, 1)
diff -Nru python-django-imagekit-4.0.2/debian/patches/series
python-django-imagekit-4.0.2/debian/patches/series
--- python-django-imagekit-4.0.2/debian/patches/series 2020-02-23
16:33:44.000000000 +0100
+++ python-django-imagekit-4.0.2/debian/patches/series 2023-12-12
22:55:32.000000000 +0100
@@ -2,3 +2,4 @@
0002-Disable-usage-of-nose-progressive-as-it-has-not-been.patch
0003-Disable-build-status-image-to-prevent-privacy-breach.patch
0004-Do-not-check-for-existence-if-name-is-None-Closes-95.patch
+0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch