!103 [sync] PR-100: Fix CVE-2024-27351

From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia

CVE-2023-41164.patch

@@ -0,0 +1,83 @@
+From 6f030b1149bd8fa4ba90452e77cb3edc095ce54e Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Tue, 22 Aug 2023 08:53:03 +0200
+Subject: [PATCH] [3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in
+ django.utils.encoding.uri_to_iri().
+
+Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
+
+Origin: https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
+
+Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
+---
+ django/utils/encoding.py           |  6 ++++--
+ docs/releases/3.2.21.txt           |  7 ++++++-
+ tests/utils_tests/test_encoding.py | 21 ++++++++++++++++++++-
+ 3 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/django/utils/encoding.py b/django/utils/encoding.py
+index e1ebacef4705..c5c4463b1c22 100644
+--- a/django/utils/encoding.py
++++ b/django/utils/encoding.py
+@@ -229,6 +229,7 @@ def repercent_broken_unicode(path):
+     repercent-encode any octet produced that is not part of a strictly legal
+     UTF-8 octet sequence.
+     """
++    changed_parts = []
+     while True:
+         try:
+             path.decode()
+@@ -236,9 +237,10 @@ def repercent_broken_unicode(path):
+             # CVE-2019-14235: A recursion shouldn't be used since the exception
+             # handling uses massive amounts of memory
+             repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
+-            path = path[:e.start] + repercent.encode() + path[e.end:]
++            changed_parts.append(path[:e.start] + repercent.encode())
++            path = path[e.end:]
+         else:
+-            return path
++            return b"".join(changed_parts) + path
+ 
+ 
+ def filepath_to_uri(path):
+diff --git a/tests/utils_tests/test_encoding.py b/tests/utils_tests/test_encoding.py
+index 36f2d8665f3c..42779050cb3a 100644
+--- a/tests/utils_tests/test_encoding.py
++++ b/tests/utils_tests/test_encoding.py
+@@ -1,9 +1,10 @@
+ import datetime
++import inspect
+ import sys
+ import unittest
+ from pathlib import Path
+ from unittest import mock
+-from urllib.parse import quote_plus
++from urllib.parse import quote, quote_plus
+ 
+ from django.test import SimpleTestCase
+ from django.utils.encoding import (
+@@ -101,6 +102,24 @@ def test_repercent_broken_unicode_recursion_error(self):
+         except RecursionError:
+             self.fail('Unexpected RecursionError raised.')
+ 
++    def test_repercent_broken_unicode_small_fragments(self):
++        data = b"test\xfctest\xfctest\xfc"
++        decoded_paths = []
++
++        def mock_quote(*args, **kwargs):
++            # The second frame is the call to repercent_broken_unicode().
++            decoded_paths.append(inspect.currentframe().f_back.f_locals["path"])
++            return quote(*args, **kwargs)
++
++        with mock.patch("django.utils.encoding.quote", mock_quote):
++            self.assertEqual(repercent_broken_unicode(data), b"test%FCtest%FCtest%FC")
++
++        # decode() is called on smaller fragment of the path each time.
++        self.assertEqual(
++            decoded_paths,
++            [b"test\xfctest\xfctest\xfc", b"test\xfctest\xfc", b"test\xfc"],
++        )
++
+ 
+ class TestRFC3987IEncodingUtils(unittest.TestCase):
+

CVE-2023-43665.patch

@@ -0,0 +1,168 @@
+From ccdade1a0262537868d7ca64374de3d957ca50c5 Mon Sep 17 00:00:00 2001
+From: Natalia <124304+nessita@users.noreply.github.com>
+Date: Tue, 19 Sep 2023 09:51:48 -0300
+Subject: [PATCH] [3.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in
+ django.utils.text.Truncator when truncating HTML text.
+
+Thanks Wenchao Li of Alibaba Group for the report.
+
+Origin:
+https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
+---
+ django/utils/text.py            | 18 ++++++++++++++++-
+ docs/ref/templates/builtins.txt | 20 +++++++++++++++++++
+ tests/utils_tests/test_text.py  | 35 ++++++++++++++++++++++++---------
+ 3 files changed, 63 insertions(+), 10 deletions(-)
+
+diff --git a/django/utils/text.py b/django/utils/text.py
+index baa44f2..83e258f 100644
+--- a/django/utils/text.py
++++ b/django/utils/text.py
+@@ -60,7 +60,14 @@ def wrap(text, width):
+ class Truncator(SimpleLazyObject):
+     """
+     An object used to truncate text, either by characters or words.
++
++    When truncating HTML text (either chars or words), input will be limited to
++    at most `MAX_LENGTH_HTML` characters.
+     """
++
++    # 5 million characters are approximately 4000 text pages or 3 web pages.
++    MAX_LENGTH_HTML = 5_000_000
++
+     def __init__(self, text):
+         super().__init__(lambda: str(text))
+ 
+@@ -157,6 +164,11 @@ class Truncator(SimpleLazyObject):
+         if words and length <= 0:
+             return ''
+ 
++        size_limited = False
++        if len(text) > self.MAX_LENGTH_HTML:
++            text = text[: self.MAX_LENGTH_HTML]
++            size_limited = True
++
+         html4_singlets = (
+             'br', 'col', 'link', 'base', 'img',
+             'param', 'area', 'hr', 'input'
+@@ -206,10 +218,14 @@ class Truncator(SimpleLazyObject):
+                 # Add it to the start of the open tags list
+                 open_tags.insert(0, tagname)
+ 
++        truncate_text = self.add_truncation_text("", truncate)
++
+         if current_len <= length:
++            if size_limited and truncate_text:
++                text += truncate_text
+             return text
++
+         out = text[:end_text_pos]
+-        truncate_text = self.add_truncation_text('', truncate)
+         if truncate_text:
+             out += truncate_text
+         # Close any tags still open
+diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
+index 22509a2..a6fd971 100644
+--- a/docs/ref/templates/builtins.txt
++++ b/docs/ref/templates/builtins.txt
+@@ -2348,6 +2348,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
+ 
+ Newlines in the HTML content will be preserved.
+ 
++.. admonition:: Size of input string
++
++    Processing large, potentially malformed HTML strings can be
++    resource-intensive and impact service performance. ``truncatechars_html``
++    limits input to the first five million characters.
++
++.. versionchanged:: 3.2.22
++
++    In older versions, strings over five million characters were processed.
++
+ .. templatefilter:: truncatewords
+ 
+ ``truncatewords``
+@@ -2386,6 +2396,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
+ 
+ Newlines in the HTML content will be preserved.
+ 
++.. admonition:: Size of input string
++
++    Processing large, potentially malformed HTML strings can be
++    resource-intensive and impact service performance. ``truncatewords_html``
++    limits input to the first five million characters.
++
++.. versionchanged:: 3.2.22
++
++    In older versions, strings over five million characters were processed.
++
+ .. templatefilter:: unordered_list
+ 
+ ``unordered_list``
+diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py
+index d2a94fc..0a6f0bc 100644
+--- a/tests/utils_tests/test_text.py
++++ b/tests/utils_tests/test_text.py
+@@ -1,5 +1,6 @@
+ import json
+ import sys
++from unittest.mock import patch
+ 
+ from django.core.exceptions import SuspiciousFileOperation
+ from django.test import SimpleTestCase, ignore_warnings
+@@ -90,11 +91,17 @@ class TestUtilsText(SimpleTestCase):
+         # lazy strings are handled correctly
+         self.assertEqual(text.Truncator(lazystr('The quick brown fox')).chars(10), 'The quick…')
+ 
+-    def test_truncate_chars_html(self):
++    @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
++    def test_truncate_chars_html_size_limit(self):
++        max_len = text.Truncator.MAX_LENGTH_HTML
++        bigger_len = text.Truncator.MAX_LENGTH_HTML + 1
++        valid_html = "<p>Joel is a slug</p>"  # 14 chars
+         perf_test_values = [
+-            (('</a' + '\t' * 50000) + '//>', None),
+-            ('&' * 50000, '&' * 9 + '…'),
+-            ('_X<<<<<<<<<<<>', None),
++            ("</a" + "\t" * (max_len - 6) + "//>", None),
++            ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * 6 + "…"),
++            ("&" * bigger_len, "&" * 9 + "…"),
++            ("_X<<<<<<<<<<<>", None),
++            (valid_html * bigger_len, "<p>Joel is a…</p>"),  # 10 chars
+         ]
+         for value, expected in perf_test_values:
+             with self.subTest(value=value):
+@@ -152,15 +159,25 @@ class TestUtilsText(SimpleTestCase):
+         truncator = text.Truncator('<p>I &lt;3 python, what about you?</p>')
+         self.assertEqual('<p>I &lt;3 python,…</p>', truncator.words(3, html=True))
+ 
++    @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
++    def test_truncate_words_html_size_limit(self):
++        max_len = text.Truncator.MAX_LENGTH_HTML
++        bigger_len = text.Truncator.MAX_LENGTH_HTML + 1
++        valid_html = "<p>Joel is a slug</p>"  # 4 words
+         perf_test_values = [
+-            ('</a' + '\t' * 50000) + '//>',
+-            '&' * 50000,
+-            '_X<<<<<<<<<<<>',
++            ("</a" + "\t" * (max_len - 6) + "//>", None),
++            ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * (max_len - 3) + "…"),
++            ("&" * max_len, None),  # no change
++            ("&" * bigger_len, "&" * max_len + "…"),
++            ("_X<<<<<<<<<<<>", None),
++            (valid_html * bigger_len, valid_html * 12 + "<p>Joel is…</p>"),  # 50 words
+         ]
+-        for value in perf_test_values:
++        for value, expected in perf_test_values:
+             with self.subTest(value=value):
+                 truncator = text.Truncator(value)
+-                self.assertEqual(value, truncator.words(50, html=True))
++                self.assertEqual(
++                    expected if expected else value, truncator.words(50, html=True)
++                )
+ 
+     def test_wrap(self):
+         digits = '1234 67 9'
+-- 
+2.30.0
+

CVE-2023-46695.patch

@@ -0,0 +1,62 @@
+From f9a7fb8466a7ba4857eaf930099b5258f3eafb2b Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Date: Tue, 17 Oct 2023 11:48:32 +0200
+Subject: [PATCH] [3.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in
+ UsernameField on Windows.
+
+Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
+---
+ django/contrib/auth/forms.py   | 10 +++++++++-
+ tests/auth_tests/test_forms.py |  8 +++++++-
+ 2 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
+index 20d8922..fb7cfda 100644
+--- a/django/contrib/auth/forms.py
++++ b/django/contrib/auth/forms.py
+@@ -62,7 +62,15 @@ class ReadOnlyPasswordHashField(forms.Field):
+ 
+ class UsernameField(forms.CharField):
+     def to_python(self, value):
+-        return unicodedata.normalize('NFKC', super().to_python(value))
++        value = super().to_python(value)
++        if self.max_length is not None and len(value) > self.max_length:
++            # Normalization can increase the string length (e.g.
++            # "ff" -> "ff", "½" -> "1⁄2") but cannot reduce it, so there is no
++            # point in normalizing invalid data. Moreover, Unicode
++            # normalization is very slow on Windows and can be a DoS attack
++            # vector.
++            return value
++        return unicodedata.normalize("NFKC", value)
+ 
+     def widget_attrs(self, widget):
+         return {
+diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
+index 7a731be..c0e1975 100644
+--- a/tests/auth_tests/test_forms.py
++++ b/tests/auth_tests/test_forms.py
+@@ -5,7 +5,7 @@ from unittest import mock
+ from django.contrib.auth.forms import (
+     AdminPasswordChangeForm, AuthenticationForm, PasswordChangeForm,
+     PasswordResetForm, ReadOnlyPasswordHashField, ReadOnlyPasswordHashWidget,
+-    SetPasswordForm, UserChangeForm, UserCreationForm,
++    SetPasswordForm, UserChangeForm, UserCreationForm, UsernameField,
+ )
+ from django.contrib.auth.models import User
+ from django.contrib.auth.signals import user_login_failed
+@@ -132,6 +132,12 @@ class UserCreationFormTest(TestDataMixin, TestCase):
+         self.assertNotEqual(user.username, ohm_username)
+         self.assertEqual(user.username, 'testΩ')  # U+03A9 GREEK CAPITAL LETTER OMEGA
+ 
++    def test_invalid_username_no_normalize(self):
++        field = UsernameField(max_length=254)
++        # Usernames are not normalized if they are too long.
++        self.assertEqual(field.to_python("½" * 255), "½" * 255)
++        self.assertEqual(field.to_python("ff" * 254), "ff" * 254)
++
+     def test_duplicate_normalized_unicode(self):
+         """
+         To prevent almost identical usernames, visually identical but differing
+-- 
+2.30.0
+

CVE-2024-24680.patch

@@ -0,0 +1,204 @@
+From c1171ffbd570db90ca206c30f8e2b9f691243820 Mon Sep 17 00:00:00 2001
+From: Adam Johnson <me@adamj.eu>
+Date: Mon, 22 Jan 2024 13:21:13 +0000
+Subject: [PATCH] [3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in
+ intcomma template filter.
+
+Thanks Seokchan Yoon for the report.
+
+Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
+Co-authored-by: Shai Berger <shai@platonix.com>
+---
+ .../contrib/humanize/templatetags/humanize.py |  13 +-
+ tests/humanize_tests/tests.py                 | 140 ++++++++++++++++--
+ 2 files changed, 135 insertions(+), 18 deletions(-)
+
+diff --git a/django/contrib/humanize/templatetags/humanize.py b/django/contrib/humanize/templatetags/humanize.py
+index 753a0d9..238aaf2 100644
+--- a/django/contrib/humanize/templatetags/humanize.py
++++ b/django/contrib/humanize/templatetags/humanize.py
+@@ -70,12 +70,13 @@ def intcomma(value, use_l10n=True):
+             return intcomma(value, False)
+         else:
+             return number_format(value, use_l10n=True, force_grouping=True)
+-    orig = str(value)
+-    new = re.sub(r"^(-?\d+)(\d{3})", r'\g<1>,\g<2>', orig)
+-    if orig == new:
+-        return new
+-    else:
+-        return intcomma(new, use_l10n)
++    result = str(value)
++    match = re.match(r"-?\d+", result)
++    if match:
++        prefix = match[0]
++        prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1]
++        result = prefix_with_commas + result[len(prefix) :]
++    return result
+ 
+ 
+ # A tuple of standard large number to their converters
+diff --git a/tests/humanize_tests/tests.py b/tests/humanize_tests/tests.py
+index a0d16bb..3c22787 100644
+--- a/tests/humanize_tests/tests.py
++++ b/tests/humanize_tests/tests.py
+@@ -66,28 +66,144 @@ class HumanizeTests(SimpleTestCase):
+ 
+     def test_intcomma(self):
+         test_list = (
+-            100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000',
+-            '10123', '10311', '1000000', '1234567.1234567',
+-            Decimal('1234567.1234567'), None,
++            100,
++            -100,
++            1000,
++            -1000,
++            10123,
++            -10123,
++            10311,
++            -10311,
++            1000000,
++            -1000000,
++            1234567.25,
++            -1234567.25,
++            "100",
++            "-100",
++            "1000",
++            "-1000",
++            "10123",
++            "-10123",
++            "10311",
++            "-10311",
++            "1000000",
++            "-1000000",
++            "1234567.1234567",
++            "-1234567.1234567",
++            Decimal("1234567.1234567"),
++            Decimal("-1234567.1234567"),
++            None,
++            "１２３４５６７",
++            "-１２３４５６７",
++            "１２３４５６７.１２",
++            "-１２３４５６７.１２",
++            "the quick brown fox jumped over the lazy dog",
+         )
+         result_list = (
+-            '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25',
+-            '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567',
+-            '1,234,567.1234567', None,
++            "100",
++            "-100",
++            "1,000",
++            "-1,000",
++            "10,123",
++            "-10,123",
++            "10,311",
++            "-10,311",
++            "1,000,000",
++            "-1,000,000",
++            "1,234,567.25",
++            "-1,234,567.25",
++            "100",
++            "-100",
++            "1,000",
++            "-1,000",
++            "10,123",
++            "-10,123",
++            "10,311",
++            "-10,311",
++            "1,000,000",
++            "-1,000,000",
++            "1,234,567.1234567",
++            "-1,234,567.1234567",
++            "1,234,567.1234567",
++            "-1,234,567.1234567",
++            None,
++            "1,234,567",
++            "-1,234,567",
++            "１,２３４,５６７.１２",
++            "-１,２３４,５６７.１２",
++            "the quick brown fox jumped over the lazy dog",
+         )
+         with translation.override('en'):
+             self.humanize_tester(test_list, result_list, 'intcomma')
+ 
+     def test_l10n_intcomma(self):
+         test_list = (
+-            100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000',
+-            '10123', '10311', '1000000', '1234567.1234567',
+-            Decimal('1234567.1234567'), None,
++            100,
++            -100,
++            1000,
++            -1000,
++            10123,
++            -10123,
++            10311,
++            -10311,
++            1000000,
++            -1000000,
++            1234567.25,
++            -1234567.25,
++            "100",
++            "-100",
++            "1000",
++            "-1000",
++            "10123",
++            "-10123",
++            "10311",
++            "-10311",
++            "1000000",
++            "-1000000",
++            "1234567.1234567",
++            "-1234567.1234567",
++            Decimal("1234567.1234567"),
++            -Decimal("1234567.1234567"),
++            None,
++            "１２３４５６７",
++            "-１２３４５６７",
++            "１２３４５６７.１２",
++            "-１２３４５６７.１２",
++            "the quick brown fox jumped over the lazy dog",
+         )
+         result_list = (
+-            '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25',
+-            '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567',
+-            '1,234,567.1234567', None,
++            "100",
++            "-100",
++            "1,000",
++            "-1,000",
++            "10,123",
++            "-10,123",
++            "10,311",
++            "-10,311",
++            "1,000,000",
++            "-1,000,000",
++            "1,234,567.25",
++            "-1,234,567.25",
++            "100",
++            "-100",
++            "1,000",
++            "-1,000",
++            "10,123",
++            "-10,123",
++            "10,311",
++            "-10,311",
++            "1,000,000",
++            "-1,000,000",
++            "1,234,567.1234567",
++            "-1,234,567.1234567",
++            "1,234,567.1234567",
++            "-1,234,567.1234567",
++            None,
++            "1,234,567",
++            "-1,234,567",
++            "１,２３４,５６７.１２",
++            "-１,２３４,５６７.１２",
++            "the quick brown fox jumped over the lazy dog",
+         )
+         with self.settings(USE_L10N=True, USE_THOUSAND_SEPARATOR=False):
+             with translation.override('en'):
+-- 
+2.33.0
+

CVE-2024-27351.patch

@@ -0,0 +1,122 @@
+From 072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521 Mon Sep 17 00:00:00 2001
+From: Shai Berger <shai@platonix.com>
+Date: Mon, 19 Feb 2024 13:56:37 +0100
+Subject: [PATCH] [3.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in
+ Truncator.words().
+
+Thanks Seokchan Yoon for the report.
+
+Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
+---
+ django/utils/text.py           | 57 ++++++++++++++++++++++++++++++++--
+ tests/utils_tests/test_text.py | 26 ++++++++++++++++
+ 2 files changed, 81 insertions(+), 2 deletions(-)
+
+diff --git a/django/utils/text.py b/django/utils/text.py
+index 83e258f..88da9a2 100644
+--- a/django/utils/text.py
++++ b/django/utils/text.py
+@@ -18,8 +18,61 @@ def capfirst(x):
+     return x and str(x)[0].upper() + str(x)[1:]
+ 
+ 
+-# Set up regular expressions
+-re_words = _lazy_re_compile(r'<[^>]+?>|([^<>\s]+)', re.S)
++# ----- Begin security-related performance workaround -----
++
++# We used to have, below
++#
++# re_words = _lazy_re_compile(r"<[^>]+?>|([^<>\s]+)", re.S)
++#
++# But it was shown that this regex, in the way we use it here, has some
++# catastrophic edge-case performance features. Namely, when it is applied to
++# text with only open brackets "<<<...". The class below provides the services
++# and correct answers for the use cases, but in these edge cases does it much
++# faster.
++re_notag = _lazy_re_compile(r"([^<>\s]+)", re.S)
++re_prt = _lazy_re_compile(r"<|([^<>\s]+)", re.S)
++
++
++class WordsRegex:
++    @staticmethod
++    def search(text, pos):
++        # Look for "<" or a non-tag word.
++        partial = re_prt.search(text, pos)
++        if partial is None or partial[1] is not None:
++            return partial
++
++        # "<" was found, look for a closing ">".
++        end = text.find(">", partial.end(0))
++        if end < 0:
++            # ">" cannot be found, look for a word.
++            return re_notag.search(text, pos + 1)
++        else:
++            # "<" followed by a ">" was found -- fake a match.
++            end += 1
++            return FakeMatch(text[partial.start(0): end], end)
++
++
++class FakeMatch:
++    __slots__ = ["_text", "_end"]
++
++    def end(self, group=0):
++        assert group == 0, "This specific object takes only group=0"
++        return self._end
++
++    def __getitem__(self, group):
++        if group == 1:
++            return None
++        assert group == 0, "This specific object takes only group in {0,1}"
++        return self._text
++
++    def __init__(self, text, end):
++        self._text, self._end = text, end
++
++
++# ----- End security-related performance workaround -----
++
++# Set up regular expressions.
++re_words = WordsRegex
+ re_chars = _lazy_re_compile(r'<[^>]+?>|(.)', re.S)
+ re_tag = _lazy_re_compile(r'<(/)?(\S+?)(?:(\s*/)|\s.*?)?>', re.S)
+ re_newlines = _lazy_re_compile(r'\r\n|\r')  # Used in normalize_newlines
+diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py
+index 0a6f0bc..758919c 100644
+--- a/tests/utils_tests/test_text.py
++++ b/tests/utils_tests/test_text.py
+@@ -159,6 +159,32 @@ class TestUtilsText(SimpleTestCase):
+         truncator = text.Truncator('<p>I &lt;3 python, what about you?</p>')
+         self.assertEqual('<p>I &lt;3 python,…</p>', truncator.words(3, html=True))
+ 
++        # Only open brackets.
++        test = "<" * 60_000
++        truncator = text.Truncator(test)
++        self.assertEqual(truncator.words(1, html=True), test)
++
++        # Tags with special chars in attrs.
++        truncator = text.Truncator(
++            """<i style="margin: 5%; font: *;">Hello, my dear lady!</i>"""
++        )
++        self.assertEqual(
++            """<i style="margin: 5%; font: *;">Hello, my dear…</i>""",
++            truncator.words(3, html=True),
++        )
++
++        # Tags with special non-latin chars in attrs.
++        truncator = text.Truncator("""<p data-x="א">Hello, my dear lady!</p>""")
++        self.assertEqual(
++            """<p data-x="א">Hello, my dear…</p>""",
++            truncator.words(3, html=True),
++        )
++
++        # Misplaced brackets.
++        truncator = text.Truncator("hello >< world")
++        self.assertEqual(truncator.words(1, html=True), "hello…")
++        self.assertEqual(truncator.words(2, html=True), "hello >< world")
++
+     @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000)
+     def test_truncate_words_html_size_limit(self):
+         max_len = text.Truncator.MAX_LENGTH_HTML
+-- 
+2.33.0
+

python-django.spec

@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-django
 Version:	3.2.12
-Release:	5
+Release:	10
 Summary:	A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
 License:	Apache-2.0 and Python-2.0 and BSD-3-Clause
 URL:		https://www.djangoproject.com/
@@ -14,6 +14,15 @@ Patch2:         CVE-2023-23969.patch
 Patch3:         CVE-2023-24580.patch
 Patch4:         CVE-2023-31047.patch
 Patch5:         CVE-2023-36053.patch
+Patch6:         CVE-2023-41164.patch
+# https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
+Patch7:         CVE-2023-43665.patch
+# https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
+Patch8:         CVE-2023-46695.patch
+# https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
+Patch9:         CVE-2024-24680.patch
+# https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
+Patch10:        CVE-2024-27351.patch
 
 BuildArch:	noarch
 %description
@@ -80,6 +89,21 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Tue Mar 05 2024 yaoxin <yao_xin001@hoperun.com> - 3.2.12-10
+- Fix CVE-2024-27351
+
+* Wed Feb 07 2024 yaoxin <yao_xin001@hoperun.com> - 3.2.12-9
+- Fix CVE-2024-24680
+
+* Mon Nov 06 2023 yaoxin <yao_xin001@hoperun.com> - 3.2.12-8
+- Fix CVE-2023-46695
+
+* Sun Oct 08 2023 yaoxin <yao_xin001@hoperun.com> - 3.2.12-7
+- Fix CVE-2023-43665
+
+* Thu Sep 14 2023 wangkai <13474090681@163.com> - 3.2.12-6
+- Fix CVE-2023-41164
+
 * Mon Jul 17 2023 yaoxin <yao_xin001@hoperun.com> - 3.2.12-5
 - Fix CVE-2023-36053