diff --git a/Expect_ordering_NULLs_to_work.patch b/0001-Fix-sqlite-test-error.patch similarity index 35% rename from Expect_ordering_NULLs_to_work.patch rename to 0001-Fix-sqlite-test-error.patch index dc30692ce473f6f397d9dcefa9983c3e1db2145a..7f7fa36f8e7b266dcce0a278fa789adeb2f8e0e8 100644 --- a/Expect_ordering_NULLs_to_work.patch +++ b/0001-Fix-sqlite-test-error.patch @@ -1,27 +1,35 @@ -From 8b35ba54ab31aab13a34c360a31d014da1f5c809 Mon Sep 17 00:00:00 2001 -From: Nils Philippsen -Date: Thu, 17 Oct 2019 18:22:09 +0200 -Subject: [PATCH] Expect ordering NULLs to work on sqlite >= 3.30. +From 5ffab60898fe9fe9ed5c4005447c37fdb88e9ef6 Mon Sep 17 00:00:00 2001 +From: wangxiyuan +Date: Fri, 11 Feb 2022 10:11:55 +0800 +Subject: [PATCH] Fix sqlite test error -Signed-off-by: Nils Philippsen +this is a cherry pick from https://github.com/sqlalchemy/sqlalchemy/issues/4920 --- - test/requirements.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + test/requirements.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/requirements.py b/test/requirements.py -index 5906432..deb4ced 100644 +index a7b906a..c9e54c2 100644 --- a/test/requirements.py +++ b/test/requirements.py -@@ -727,7 +727,8 @@ class DefaultRequirements(SuiteRequirements): +@@ -760,7 +760,7 @@ class DefaultRequirements(SuiteRequirements): @property def nullsordering(self): """Target backends that support nulls ordering.""" - return fails_on_everything_except("postgresql", "oracle", "firebird") -+ return fails_on_everything_except("postgresql", "oracle", "firebird", -+ "sqlite >= 3.30.0") ++ return fails_on_everything_except("postgresql", "oracle", "firebird", "sqlite >= 3.30.0") @property def reflects_pk_names(self): +@@ -775,7 +775,7 @@ class DefaultRequirements(SuiteRequirements): + """target database can select an aggregate from a subquery that's + also using an aggregate""" + +- return skip_if(["mssql"]) ++ return skip_if(["mssql", "sqlite"]) + + @property + def array_type(self): -- -2.19.1 +2.33.0 diff --git a/SQLAlchemy-1.2.19.tar.gz b/SQLAlchemy-1.3.8.tar.gz similarity index 42% rename from SQLAlchemy-1.2.19.tar.gz rename to SQLAlchemy-1.3.8.tar.gz index d9128698423b8fb4fe7ece63b8ed314e7f6f7b7f..8393cb5239f56fcaaf456c99c345eba59f270cde 100644 Binary files a/SQLAlchemy-1.2.19.tar.gz and b/SQLAlchemy-1.3.8.tar.gz differ diff --git a/backport-CVE-2019-7164.patch b/backport-CVE-2019-7164.patch deleted file mode 100644 index d3f8227bde303eb0e31ada379dd9420fec7052e8..0000000000000000000000000000000000000000 --- a/backport-CVE-2019-7164.patch +++ /dev/null @@ -1,332 +0,0 @@ -From 82b4dcdeb0505f2dfcece5f76045b28b0edda03d Mon Sep 17 00:00:00 2001 -From: Mike Bayer -Date: Mon, 08 Apr 2019 22:07:35 -0400 -Subject: [PATCH] Illustrate fix for #4481 in terms of a 1.2 patch - -Release 1.2 has decided (so far) not to backport 1.3's fix for #4481 as it is -backwards-incompatible with code that relied upon the feature of automatic text -coercion in SQL statements. However, for the specific case of order_by() and -group_by(), we present a patch that backports the specific change in compiler -to have 1.3's behavior for order_by/group_by specifically. This is much more -targeted than the 0.9 version of the patch as it takes advantage 1.0's -architecture which runs all order_by() / group_by() through a label lookup that -only warns if the label can't be matched. - -For an example of an application that was actually impacted by 1.3's change -and how they had to change it, see: - -https://github.com/ctxis/CAPE/commit/be0482294f5eb30026fe97a967ee5a768d032278 - -Basically, in the uncommon case an application is actually using the text -coercion feature which was generally little-known, within the order_by() -and group_by() an error is now raised instead of a warning; the application -must instead ensure the SQL fragment is passed within a text() construct. -The above application has also been seeing a warning about this since 1.0 -which apparently remained unattended. - -The patch includes adjustments to the tests that were testing for the -warning to now test that an exception is raised. Any distro that wants -to patch the specific CVE issue resolved in #4481 to SQLAlchemy 1.0, 1.1 -or 1.2 can use this patch. - -Change-Id: I3363b21428f1ad8797394b63197375a2e56a0bd7 -References: #4481 ---- - -diff --git a/lib/sqlalchemy/sql/compiler.py b/lib/sqlalchemy/sql/compiler.py -index 5a11ed1..4780bab 100644 ---- a/lib/sqlalchemy/sql/compiler.py -+++ b/lib/sqlalchemy/sql/compiler.py -@@ -757,12 +757,11 @@ - else: - col = with_cols[element.element] - except KeyError: -- # treat it like text() -- util.warn_limited( -- "Can't resolve label reference %r; converting to text()", -- util.ellipses_string(element.element), -+ elements._no_text_coercion( -+ element.element, -+ exc.CompileError, -+ "Can't resolve label reference for ORDER BY / GROUP BY.", - ) -- return self.process(element._text_clause) - else: - kwargs["render_label_as_label"] = col - return self.process( -diff --git a/lib/sqlalchemy/sql/elements.py b/lib/sqlalchemy/sql/elements.py -index 299fcad..ff86deb 100644 ---- a/lib/sqlalchemy/sql/elements.py -+++ b/lib/sqlalchemy/sql/elements.py -@@ -4432,6 +4432,17 @@ - ) - - -+def _no_text_coercion(element, exc_cls=exc.ArgumentError, extra=None): -+ raise exc_cls( -+ "%(extra)sTextual SQL expression %(expr)r should be " -+ "explicitly declared as text(%(expr)r)" -+ % { -+ "expr": util.ellipses_string(element), -+ "extra": "%s " % extra if extra else "", -+ } -+ ) -+ -+ - def _no_literals(element): - if hasattr(element, "__clause_element__"): - return element.__clause_element__() -diff --git a/test/orm/test_eager_relations.py b/test/orm/test_eager_relations.py -index abcb597..fc9531d 100644 ---- a/test/orm/test_eager_relations.py -+++ b/test/orm/test_eager_relations.py -@@ -32,7 +32,6 @@ - from sqlalchemy.testing import assert_raises - from sqlalchemy.testing import assert_raises_message - from sqlalchemy.testing import eq_ --from sqlalchemy.testing import expect_warnings - from sqlalchemy.testing import fixtures - from sqlalchemy.testing import in_ - from sqlalchemy.testing import is_ -@@ -343,16 +342,11 @@ - .order_by("email_address") - ) - -- with expect_warnings("Can't resolve label reference 'email_address'"): -- self.assert_compile( -- q, -- "SELECT users.id AS users_id, users.name AS users_name, " -- "addresses_1.id AS addresses_1_id, addresses_1.user_id AS " -- "addresses_1_user_id, addresses_1.email_address AS " -- "addresses_1_email_address FROM users LEFT OUTER JOIN " -- "addresses AS addresses_1 ON users.id = addresses_1.user_id " -- "ORDER BY email_address", -- ) -+ assert_raises_message( -+ sa.exc.CompileError, -+ "Can't resolve label reference for ORDER BY / GROUP BY.", -+ q.all, -+ ) - - def test_deferred_fk_col(self): - users, Dingaling, User, dingalings, Address, addresses = ( -diff --git a/test/orm/test_query.py b/test/orm/test_query.py -index 04ce8b5..0710507 100644 ---- a/test/orm/test_query.py -+++ b/test/orm/test_query.py -@@ -51,7 +51,6 @@ - from sqlalchemy.orm.util import with_parent - from sqlalchemy.sql import expression - from sqlalchemy.sql import operators --from sqlalchemy.testing import assert_warnings - from sqlalchemy.testing import AssertsCompiledSQL - from sqlalchemy.testing import fixtures - from sqlalchemy.testing import is_ -@@ -2139,18 +2138,10 @@ - ua = aliased(User) - q = s.query(ua).order_by("email_ad") - -- def go(): -- self.assert_compile( -- q, -- "SELECT (SELECT max(addresses.email_address) AS max_1 " -- "FROM addresses WHERE addresses.user_id = users_1.id) " -- "AS anon_1, users_1.id AS users_1_id, " -- "users_1.name AS users_1_name FROM users AS users_1 " -- "ORDER BY email_ad", -- ) -- -- assert_warnings( -- go, ["Can't resolve label reference 'email_ad'"], regex=True -+ assert_raises_message( -+ sa.exc.CompileError, -+ "Can't resolve label reference for ORDER BY / GROUP BY", -+ q.with_labels().statement.compile, - ) - - def test_order_by_column_labeled_prop_attr_aliased_one(self): -@@ -4143,47 +4134,33 @@ - # the queries here are again "invalid" from a SQL perspective, as the - # "name" field isn't matched up to anything. - # -- with expect_warnings("Can't resolve label reference 'name';"): -- self.assert_compile( -- s.query(User) -- .options(joinedload("addresses")) -- .order_by(desc("name")) -- .limit(1), -- "SELECT anon_1.users_id AS anon_1_users_id, " -- "anon_1.users_name AS anon_1_users_name, " -- "addresses_1.id AS addresses_1_id, " -- "addresses_1.user_id AS addresses_1_user_id, " -- "addresses_1.email_address AS addresses_1_email_address " -- "FROM (SELECT users.id AS users_id, users.name AS users_name " -- "FROM users ORDER BY users.name " -- "DESC LIMIT :param_1) AS anon_1 " -- "LEFT OUTER JOIN addresses AS addresses_1 " -- "ON anon_1.users_id = addresses_1.user_id " -- "ORDER BY name DESC, addresses_1.id", -- ) -+ q = ( -+ s.query(User) -+ .options(joinedload("addresses")) -+ .order_by(desc("name")) -+ .limit(1) -+ ) -+ assert_raises_message( -+ sa_exc.CompileError, -+ "Can't resolve label reference for ORDER BY / GROUP BY.", -+ q.with_labels().statement.compile, -+ ) - - def test_order_by_w_eager_two(self): - User = self.classes.User - s = create_session() - -- with expect_warnings("Can't resolve label reference 'name';"): -- self.assert_compile( -- s.query(User) -- .options(joinedload("addresses")) -- .order_by("name") -- .limit(1), -- "SELECT anon_1.users_id AS anon_1_users_id, " -- "anon_1.users_name AS anon_1_users_name, " -- "addresses_1.id AS addresses_1_id, " -- "addresses_1.user_id AS addresses_1_user_id, " -- "addresses_1.email_address AS addresses_1_email_address " -- "FROM (SELECT users.id AS users_id, users.name AS users_name " -- "FROM users ORDER BY users.name " -- "LIMIT :param_1) AS anon_1 " -- "LEFT OUTER JOIN addresses AS addresses_1 " -- "ON anon_1.users_id = addresses_1.user_id " -- "ORDER BY name, addresses_1.id", -- ) -+ q = ( -+ s.query(User) -+ .options(joinedload("addresses")) -+ .order_by("name") -+ .limit(1) -+ ) -+ assert_raises_message( -+ sa_exc.CompileError, -+ "Can't resolve label reference for ORDER BY / GROUP BY.", -+ q.with_labels().statement.compile, -+ ) - - def test_order_by_w_eager_three(self): - User = self.classes.User -@@ -4268,22 +4245,11 @@ - .limit(1) - .offset(0) - ) -- with expect_warnings( -- "Can't resolve label reference 'email_address desc'" -- ): -- eq_( -- [ -- ( -- User( -- id=7, -- orders=[Order(id=1), Order(id=3), Order(id=5)], -- addresses=[Address(id=1)], -- ), -- "jack@bean.com", -- ) -- ], -- result.all(), -- ) -+ assert_raises_message( -+ sa_exc.CompileError, -+ "Can't resolve label reference for ORDER BY / GROUP BY", -+ result.all, -+ ) - - - class TextWarningTest(QueryTest, AssertsCompiledSQL): -diff --git a/test/sql/test_text.py b/test/sql/test_text.py -index 317fc61..75f1d6f 100644 ---- a/test/sql/test_text.py -+++ b/test/sql/test_text.py -@@ -22,7 +22,6 @@ - from sqlalchemy.sql import table - from sqlalchemy.sql import util as sql_util - from sqlalchemy.testing import assert_raises_message --from sqlalchemy.testing import assert_warnings - from sqlalchemy.testing import AssertsCompiledSQL - from sqlalchemy.testing import eq_ - from sqlalchemy.testing import expect_warnings -@@ -633,15 +632,13 @@ - class OrderByLabelResolutionTest(fixtures.TestBase, AssertsCompiledSQL): - __dialect__ = "default" - -- def _test_warning(self, stmt, offending_clause, expected): -- with expect_warnings( -- "Can't resolve label reference %r;" % offending_clause -- ): -- self.assert_compile(stmt, expected) -+ def _test_exception(self, stmt, offending_clause): - assert_raises_message( -- exc.SAWarning, -- "Can't resolve label reference %r; converting to text" -- % offending_clause, -+ exc.CompileError, -+ r"Can't resolve label reference for ORDER BY / GROUP BY. " -+ "Textual SQL " -+ "expression %r should be explicitly " -+ r"declared as text\(%r\)" % (offending_clause, offending_clause), - stmt.compile, - ) - -@@ -691,9 +688,7 @@ - - def test_unresolvable_warning_order_by(self): - stmt = select([table1.c.myid]).order_by("foobar") -- self._test_warning( -- stmt, "foobar", "SELECT mytable.myid FROM mytable ORDER BY foobar" -- ) -+ self._test_exception(stmt, "foobar") - - def test_group_by_label(self): - stmt = select([table1.c.myid.label("foo")]).group_by("foo") -@@ -709,9 +704,7 @@ - - def test_unresolvable_warning_group_by(self): - stmt = select([table1.c.myid]).group_by("foobar") -- self._test_warning( -- stmt, "foobar", "SELECT mytable.myid FROM mytable GROUP BY foobar" -- ) -+ self._test_exception(stmt, "foobar") - - def test_asc(self): - stmt = select([table1.c.myid]).order_by(asc("name"), "description") -@@ -810,23 +803,13 @@ - .order_by("myid", "t1name", "x") - ) - -- def go(): -- # the labels here are anonymized, so label naming -- # can't catch these. -- self.assert_compile( -- s1, -- "SELECT mytable_1.myid AS mytable_1_myid, " -- "mytable_1.name AS name_1, foo(:foo_2) AS foo_1 " -- "FROM mytable AS mytable_1 ORDER BY mytable_1.myid, t1name, x", -- ) -- -- assert_warnings( -- go, -- [ -- "Can't resolve label reference 't1name'", -- "Can't resolve label reference 'x'", -- ], -- regex=True, -+ assert_raises_message( -+ exc.CompileError, -+ r"Can't resolve label reference for ORDER BY / GROUP BY. " -+ "Textual SQL " -+ "expression 't1name' should be explicitly " -+ r"declared as text\('t1name'\)", -+ s1.compile, - ) - - def test_columnadapter_non_anonymized(self): diff --git a/python-sqlalchemy.spec b/python-sqlalchemy.spec index bd1777b27a5babab7800c7d7341b0e230f8944e1..1aad64c64be99f0da8c993b7f43257fade690981 100644 --- a/python-sqlalchemy.spec +++ b/python-sqlalchemy.spec @@ -1,95 +1,106 @@ -%global __provides_exclude_from ^(%{python2_sitearch}|%{python3_sitearch})/.*\\.so$ - -Name: python-sqlalchemy -Version: 1.2.19 -Release: 3 -Summary: SQL toolkit and object relational mapper for Python +%global _empty_manifest_terminate_build 0 +Name: python-SQLAlchemy +Version: 1.3.8 +Release: 1 +Summary: Database Abstraction Library License: MIT -URL: http://www.sqlalchemy.org/ -Source0: https://files.pythonhosted.org/packages/source/S/SQLAlchemy/SQLAlchemy-%{version}.tar.gz - -Patch1: Expect_ordering_NULLs_to_work.patch -Patch2: backport-CVE-2019-7164.patch - -BuildRequires: python2-devel >= 2.6 python2-setuptools python2-mock python2-pytest -BuildRequires: python3-devel python3-setuptools python3-pytest - +URL: http://www.sqlalchemy.org +Source0: https://files.pythonhosted.org/packages/fc/49/82d64d705ced344ba458197dadab30cfa745f9650ee22260ac2b275d288c/SQLAlchemy-1.3.8.tar.gz +Patch0: 0001-Fix-sqlite-test-error.patch %description -SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, -high-level interface to SQL databases. It contains a powerful mapping layer -that users can choose to work as automatically or as manually, determining -relationships based on foreign keys or to bridge the gap between database -and domain by letting you define the join conditions explicitly. - -%package help -Summary: Help documents for SQLAlchemy -BuildArch: noarch -Provides: %{name}-doc = %{version}-%{release} -Obsoletes: %{name}-doc < %{version}-%{release} - -%description help -Help documents for SQLAlchemy. - -%package -n python2-sqlalchemy -Summary: SQL toolkit and object relational mapper for Python -%{?python_provide:%python_provide python2-sqlalchemy} - -%description -n python2-sqlalchemy -SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, -high-level interface to SQL databases. It contains a powerful mapping layer -that users can choose to work as automatically or as manually, determining -relationships based on foreign keys or to bridge the gap between database -and domain by letting you define the join conditions explicitly. - -The python2-sqlalchemy package contains the python 2 version of the module. +SQLAlchemy The Python SQL Toolkit and Object Relational MapperIntroduction +-SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives +application developers the full power and flexibility of SQL. SQLAlchemy +provides a full suite of well known enterprise-level persistence patterns, +designed for efficient and high-performing database access, adapted into a +simple and Pythonic domain language.Major SQLAlchemy features include:An +industrial strength ORM, built from the core on the identity map, unit of work, +and data mapper patterns. These patterns allow transparent persistence of +objects using a declarative configuration system. %package -n python3-sqlalchemy -Summary: SQL toolkit and object relational mapper for Python -%{?python_provide:%python_provide python%{python3_pkgversion}-sqlalchemy} - +Summary: Database Abstraction Library +Provides: python-sqlalchemy +# Base build requires +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pbr +BuildRequires: python3-pip +BuildRequires: python3-wheel +BuildRequires: python3-pytest-xdist %description -n python3-sqlalchemy -SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, -high-level interface to SQL databases. It contains a powerful mapping layer -that users can choose to work as automatically or as manually, determining -relationships based on foreign keys or to bridge the gap between database -and domain by letting you define the join conditions explicitly. +SQLAlchemy The Python SQL Toolkit and Object Relational MapperIntroduction +-SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives +application developers the full power and flexibility of SQL. SQLAlchemy +provides a full suite of well known enterprise-level persistence patterns, +designed for efficient and high-performing database access, adapted into a +simple and Pythonic domain language.Major SQLAlchemy features include:An +industrial strength ORM, built from the core on the identity map, unit of work, +and data mapper patterns. These patterns allow transparent persistence of +objects using a declarative configuration system. -The python3-sqlalchemy package contains the python 3 version of the module. +%package help +Summary: Database Abstraction Library +Provides: python3-sqlalchemy-doc +%description help +SQLAlchemy The Python SQL Toolkit and Object Relational MapperIntroduction +-SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives +application developers the full power and flexibility of SQL. SQLAlchemy +provides a full suite of well known enterprise-level persistence patterns, +designed for efficient and high-performing database access, adapted into a +simple and Pythonic domain language.Major SQLAlchemy features include:An +industrial strength ORM, built from the core on the identity map, unit of work, +and data mapper patterns. These patterns allow transparent persistence of +objects using a declarative configuration system. %prep -%autosetup -n SQLAlchemy-%{version} -p1 +%autosetup -n SQLAlchemy-%{version} -S git %build -%py2_build - %py3_build %install -%py2_install - %py3_install -rm -rf doc/build +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . %check -PYTHONPATH=. %{__python2} -m pytest test - -PYTHONPATH=. %{__python3} -m pytest test +%{__python3} setup.py test -%files -n python2-sqlalchemy -%license LICENSE -%doc README.rst -%{python2_sitearch}/* +%files -n python3-sqlalchemy -f filelist.lst +%dir %{_libdir}/* -%files -n python3-sqlalchemy -%license LICENSE -%doc README.rst -%{python3_sitearch}/* - -%files help -%doc doc examples +%files help -f doclist.lst +%{_docdir}/* %changelog +* Wed Feb 09 2022 OpenStack_SIG - 1.3.8-1 +- Init package python3-sqlalchemy of version 1.3.8 + * Mon Feb 08 2021 shixuantong - 1.2.19-3 - fix CVE-2019-7164