debian/0000775000000000000000000000000012524713612007173 5ustar debian/control0000664000000000000000000000623212524713612010601 0ustar Source: python-dbusmock Section: python Priority: optional Build-Depends: debhelper (>= 9), dh-python, python-all, python-setuptools, python3-all, python3-setuptools Build-Depends-Indep: upower, python-nose, python-dbus, python-gi, python3-nose, python3-dbus, python3-gi, gir1.2-glib-2.0 (>= 1.32), dbus-x11, libnotify-bin Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Python Modules Team Uploaders: Martin Pitt Vcs-Browser: http://anonscm.debian.org/viewvc/python-modules/packages/python-dbusmock/trunk/ Vcs-Svn: svn://anonscm.debian.org/python-modules/packages/python-dbusmock/trunk/ Standards-Version: 3.9.5 X-Python-Version: >= 2.7 X-Python3-Version: >= 3.2 Homepage: https://gitorious.org/python-dbusmock XS-Testsuite: autopkgtest Package: python-dbusmock Architecture: all Depends: ${python:Depends}, python-dbus, python-gi, gir1.2-glib-2.0 (>= 1.32), dbus-x11, ${misc:Depends} Description: mock D-Bus objects for tests (Python 2) With python-dbusmock you can easily create mock objects on D-Bus. This is useful for writing tests for software which talks to D-Bus services such as upower, systemd, ConsoleKit, gnome-session or others, and it is hard (or impossible without root privileges) to set the state of the real services to what you expect in your tests. . Mock objects look like the real API (or at least the parts that you actually need), but they do not actually do anything (or only some action that you specify yourself). You can configure their state, behaviour and responses as you like in your test, without making any assumptions about the real system status. . You can use this with any programming language, as you can run the mocker as a normal program. The actual setup of the mock (adding objects, methods, properties, etc.) all happen via D-Bus methods on the org.freedesktop.DBus.Mock interface. You just don't have the convenience D-Bus launch API that way. Package: python3-dbusmock Architecture: all Depends: ${python3:Depends}, python3-dbus, python3-gi, gir1.2-glib-2.0 (>= 1.32), dbus-x11, ${misc:Depends} Description: mock D-Bus objects for tests (Python 3) With python-dbusmock you can easily create mock objects on D-Bus. This is useful for writing tests for software which talks to D-Bus services such as upower, systemd, ConsoleKit, gnome-session or others, and it is hard (or impossible without root privileges) to set the state of the real services to what you expect in your tests. . Mock objects look like the real API (or at least the parts that you actually need), but they do not actually do anything (or only some action that you specify yourself). You can configure their state, behaviour and responses as you like in your test, without making any assumptions about the real system status. . You can use this with any programming language, as you can run the mocker as a normal program. The actual setup of the mock (adding objects, methods, properties, etc.) all happen via D-Bus methods on the org.freedesktop.DBus.Mock interface. You just don't have the convenience D-Bus launch API that way. debian/changelog0000664000000000000000000001201612524713612011045 0ustar python-dbusmock (0.10.1-1ubuntu1) trusty-security; urgency=medium * SECURITY FIX: When loading a template from an arbitrary file through the AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() Python method, don't create or use Python's *.pyc cached files. By tricking a user into loading a template from a world-writable directory like /tmp, an attacker could run arbitrary code with the user's privileges by putting a crafted .pyc file into that directory. Note that this is highly unlikely to actually appear in practice as custom dbusmock templates are usually shipped in project directories, not directly in world-writable directories. (LP: #1453815, CVE-2015-1326) -- Martin Pitt Tue, 12 May 2015 13:26:28 +0200 python-dbusmock (0.10.1-1) unstable; urgency=medium * New upstream release. * Drop ofono-scripts build dependency, it's not in Ubuntu main yet. ofono template will be tested in autopkgtest. * Update Homepage: for new gitorious page. -- Martin Pitt Thu, 30 Jan 2014 15:30:17 +0100 python-dbusmock (0.10-1) unstable; urgency=medium * New upstream release. * Add "ofono-scripts | ofono" build/autopkgtest dependency, to cover the new ofono template in Ubuntu. Debian doesn't package the scripts, so the alternative will silently disable this test there. * Add "systemd-services | systemd" autopkgtest dependency to cover the new timedated template. -- Martin Pitt Wed, 18 Dec 2013 19:25:32 +0100 python-dbusmock (0.9.2-1) unstable; urgency=medium * New upstream release. -- Martin Pitt Fri, 13 Dec 2013 07:18:41 +0100 python-dbusmock (0.9.1-1) unstable; urgency=low * New upstream bug fix release. -- Martin Pitt Tue, 10 Dec 2013 11:15:31 +0100 python-dbusmock (0.9-1) unstable; urgency=low * New upstream release. -- Martin Pitt Fri, 29 Nov 2013 14:38:52 +0100 python-dbusmock (0.8-1) unstable; urgency=low * New upstream release: - Support upower 1.0 API in the upower template. Specify property DaemonVersion >= 0.99 to use it. (LP: #1245955) * Bump Standards-Version to 3.9.5, no changes necessary. -- Martin Pitt Fri, 08 Nov 2013 07:23:49 +0100 python-dbusmock (0.7.2-2) unstable; urgency=low * Build a Python 2 package. (LP: #1230141) -- Martin Pitt Wed, 25 Sep 2013 10:15:34 +0200 python-dbusmock (0.7.2-1) unstable; urgency=low * New upstream release: - Add optional "timeout" argument to DBusTestCase.wait_for_bus_object(). (LP: #1218318) - DBusTestCase.start_system_bus(): Make the fake bus look more like a real system bus by specifying a configuration file with type "system". * Move to pybuild to greatly simplify debian/rules. -- Martin Pitt Fri, 30 Aug 2013 16:47:32 +0200 python-dbusmock (0.7.1-1) unstable; urgency=low * New upstream bug fix release. -- Martin Pitt Fri, 02 Aug 2013 07:11:13 +0200 python-dbusmock (0.7-1) unstable; urgency=low * New upstream release. * Drop consolekit build and test dependency, as at some point we want to get rid of it in the archive. -- Martin Pitt Tue, 30 Jul 2013 11:08:30 +0200 python-dbusmock (0.6.2-1) unstable; urgency=low [ Martin Pitt ] * New upstream release. [ Jakub Wilk ] * Use canonical URIs for Vcs-* fields. -- Martin Pitt Thu, 13 Jun 2013 12:20:42 +0200 python-dbusmock (0.6-1) experimental; urgency=low * New upstream release. * debian/rules: Fix clean rule to not call python 2. -- Martin Pitt Wed, 20 Mar 2013 14:16:23 +0100 python-dbusmock (0.5-1) experimental; urgency=low * New upstream release. * Add policykit-1 test dependency for covering the new polkitd mock. * Bump Standards-Version to 3.9.4, no changes necessary. -- Martin Pitt Sun, 03 Feb 2013 21:49:23 +0100 python-dbusmock (0.4.0-1) experimental; urgency=low * New upstream release. -- Martin Pitt Mon, 21 Jan 2013 08:31:54 +0100 python-dbusmock (0.3.1-1) experimental; urgency=low * New upstream release. -- Martin Pitt Mon, 07 Jan 2013 08:04:58 +0100 python-dbusmock (0.3-1) experimental; urgency=low * New upstream release. * Add libnotify-bin build and test dependencies, for the new notification-daemon template test. -- Martin Pitt Wed, 19 Dec 2012 16:02:31 +0100 python-dbusmock (0.2.2-1) experimental; urgency=low * New upstream bug fix release. -- Martin Pitt Tue, 27 Nov 2012 06:14:08 +0100 python-dbusmock (0.2.1-1) experimental; urgency=low * New upstream release. * Add autopkgtest for running the upstream test suite. -- Martin Pitt Thu, 15 Nov 2012 08:13:56 +0100 python-dbusmock (0.1.3-1) experimental; urgency=low * Initial release (Closes: #692023) -- Martin Pitt Sat, 03 Nov 2012 18:07:20 +0100 debian/python-dbusmock.examples0000664000000000000000000000002012220514250014037 0ustar tests/test_*.py debian/python3-dbusmock.examples0000664000000000000000000000002012045032473014131 0ustar tests/test_*.py debian/source/0000775000000000000000000000000012045246270010472 5ustar debian/source/format0000664000000000000000000000001412045246270011700 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212045032473010366 0ustar 9 debian/python-dbusmock.install0000664000000000000000000000002112220514560013674 0ustar usr/lib/python2* debian/patches/0000775000000000000000000000000012524713612010622 5ustar debian/patches/series0000664000000000000000000000007712524713612012043 0ustar git-SECURITY-FIX-Prevent-code-execution-through-crafted-.patch debian/patches/git-SECURITY-FIX-Prevent-code-execution-through-crafted-.patch0000664000000000000000000000534612524713612024022 0ustar From: Martin Pitt Date: Mon, 11 May 2015 16:00:10 +0200 Subject: SECURITY FIX: Prevent code execution through crafted pyc files When loading a template from an arbitrary file through the AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() Python method, don't create or use Python's *.pyc cached files.By tricking a user into loading a template from a world-writable directory like /tmp, an attacker could run arbitrary code with the user's privileges by putting a crafted .pyc file into that directory. Note that this is highly unlikely to actually appear in practice as custom dbusmock templates are usually shipped in project directories, not directly in world-writable directories. Thanks to Simon McVittie for discovering this! LP: #1453815 CVE-2015-1326 --- dbusmock/mockobject.py | 13 +++++-------- tests/test_api.py | 10 ++++++++++ 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/dbusmock/mockobject.py b/dbusmock/mockobject.py index 0228070..6d35608 100644 --- a/dbusmock/mockobject.py +++ b/dbusmock/mockobject.py @@ -17,6 +17,7 @@ import time import sys import types import importlib +import imp from xml.etree import ElementTree # we do not use this ourselves, but mock methods often want to use this @@ -40,14 +41,10 @@ if sys.version_info[0] >= 3: def load_module(name): if os.path.exists(name) and os.path.splitext(name)[1] == '.py': - sys.path.insert(0, os.path.dirname(os.path.abspath(name))) - try: - m = os.path.splitext(os.path.basename(name))[0] - module = importlib.import_module(m) - finally: - sys.path.pop(0) - - return module + mod = imp.new_module(os.path.splitext(os.path.basename(name))[0]) + with open(name) as f: + exec(f.read(), mod.__dict__, mod.__dict__) + return mod return importlib.import_module('dbusmock.templates.' + name) diff --git a/tests/test_api.py b/tests/test_api.py index 57f0a62..7b8c126 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -582,6 +582,16 @@ def load(mock, parameters): self.addCleanup(p_mock.terminate) self.addCleanup(p_mock.stdout.close) + # ensure that we don't use/write any .pyc files, they are dangerous + # in a world-writable directory like /tmp + self.assertFalse(os.path.exists(my_template.name + 'c')) + try: + from importlib.util import cache_from_source + self.assertFalse(os.path.exists(cache_from_source(my_template.name))) + except ImportError: + # python < 3.4 + pass + self.assertEqual(dbus_ultimate.Answer(), 42) # should appear in introspection debian/copyright0000664000000000000000000000120412045032473011120 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Contact: Martin Pitt Source: https://launchpad.net/python-dbusmock/+download Files: * Copyright: Copyright (C) 2012 Canonical Ltd. License: GPL-3+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. . On Debian systems, the complete text of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL-3'. debian/watch0000664000000000000000000000013712045032473010222 0ustar version=3 http://launchpad.net/python-dbusmock/+download .*/python-dbusmock-([0-9.]+)\.tar\.gz debian/python-dbusmock.docs0000664000000000000000000000001312220514236013157 0ustar README.rst debian/python3-dbusmock.docs0000664000000000000000000000001312045032473013245 0ustar README.rst debian/tests/0000775000000000000000000000000012254364225010337 5ustar debian/tests/control0000664000000000000000000000020312254363270011734 0ustar Tests: upstream Depends: @, upower, network-manager, ofono-scripts | ofono, libnotify-bin, policykit-1, systemd-services | systemd debian/tests/upstream0000775000000000000000000000010012051111573012103 0ustar #!/bin/sh set -e cd tests for f in *.py; do python3 $f done debian/rules0000775000000000000000000000016712220514774010260 0ustar #!/usr/bin/make -f %: dh "$@" --with python2,python3 --buildsystem=pybuild override_dh_compress: dh_compress -X.py debian/python3-dbusmock.install0000664000000000000000000000002112045032473013762 0ustar usr/lib/python3*