!35 [sync] PR-27: Fix CVE-2024-36039

From: @openeuler-sync-bot 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530

CVE-2024-36039.patch

@@ -0,0 +1,28 @@
+From 521e40050cb386a499f68f483fefd144c493053c Mon Sep 17 00:00:00 2001
+From: Inada Naoki <songofacandy@gmail.com>
+Date: Sat, 18 May 2024 11:33:30 +0900
+Subject: [PATCH] forbid dict parameter
+
+Origin: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
+
+---
+ pymysql/converters.py | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/pymysql/converters.py b/pymysql/converters.py
+index 1adac752..dbf97ca7 100644
+--- a/pymysql/converters.py
++++ b/pymysql/converters.py
+@@ -28,11 +28,7 @@ def escape_item(val, charset, mapping=None):
+     return val
+
+ def escape_dict(val, charset, mapping=None):
+-    n = {}
+-    for k, v in val.items():
+-        quoted = escape_item(v, charset, mapping)
+-        n[k] = quoted
+-    return n
++    raise TypeError("dict can not be used as parameter")
+
+ def escape_sequence(val, charset, mapping=None):
+     n = []

python-PyMySQL.spec

@@ -1,10 +1,11 @@
 Name:           python-PyMySQL
 Version:        0.9.3
-Release:        3
+Release:        4
 Summary:        Pure Python MySQL Client
 License:        MIT
 URL:            https://pypi.python.org/pypi/PyMySQL/
 Source0:        https://files.pythonhosted.org/packages/source/P/PyMySQL/PyMySQL-%{version}.tar.gz
+Patch0:         CVE-2024-36039.patch
 
 BuildRequires:  python3-cryptography python3-devel python3-setuptools
 
@@ -40,6 +41,9 @@ Most public APIs are compatible with mysqlclient and MySQLdb.
 
 
 %changelog
+* Fri May 24 2024 wangkai <13474090681@163.com> - 0.9.3-4
+- Fix CVE-2024-36039
+
 * Wed Aug 25 2021 OpenStack_SIG <openstack@openeuler.org> - 0.9.3-3
 - Revert the version to 0.9.3, because python3-aiomysql depends on the python-PyMySQL vertion ranging form 0.9 to 0.9.3