packages/python-mako
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync by 22.03-lts-sp1

Browse Source 
(cherry picked from commit 7bd409e4ac89cc0e0a8bad3afd0d86675d1575fd)
This commit is contained in:
hongjinghao 2022-12-24 15:25:56 +08:00 committed by openeuler-sync-bot
parent 6c2f573584
commit c433a4fc14
2 changed files with 50 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2022-40023.patch Normal file
View File

@ -0,0 +1,33 @@
diff -urN mako/lexer.py mako.new/lexer.py
--- mako/lexer.py 2021-01-15 02:28:51.000000000 +0800
+++ mako.new/lexer.py 2022-09-22 11:19:51.277358075 +0800
@@ -295,20 +295,24 @@
return self.template
def match_tag_start(self):
- match = self.match(
- r"""
+ reg = r"""
\<% # opening tag
([\w\.\:]+) # keyword
- ((?:\s+\w+|\s*=\s*|".*?"|'.*?')*) # attrname, = \
- # sign, string expression
+ ((?:\s+\w+|\s*=\s*|"[^"]*?"|'[^']*?'|\s*,\s*)*) # attrname, = \
+ # sign, string expression
+ # comma is for backwards compat
+ # identified in #366
\s* # more whitespace
(/)?> # closing
- """,
+ """
+
+ match = self.match(
+ reg,
re.I | re.S | re.X,
)

21
python-mako.spec
View File

@ -1,15 +1,19 @@
%bcond_with test
Name: python-mako Name: python-mako
Version: 1.1.4 Version: 1.1.4
Release: 2 Release: 5
Summary: Mako template library for Python Summary: Mako template library for Python
License: MIT License: MIT
Group: Development/Languages Group: Development/Languages
URL: http://www.makotemplates.org/ URL: http://www.makotemplates.org/
Source0: https://files.pythonhosted.org/packages/source/M/Mako/Mako-%{version}.tar.gz Source0: https://files.pythonhosted.org/packages/source/M/Mako/Mako-%{version}.tar.gz
Patch0:CVE-2022-40023.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: python3-devel python3-pytest python3-setuptools BuildRequires: python3-devel python3-setuptools
BuildRequires: python3-markupsafe python3-mock BuildRequires: python3-markupsafe python3-mock
BuildRequires: python3-pytest
%description %description
Python-mako is a template library for Python. It provides a familiar, non-XML Python-mako is a template library for Python. It provides a familiar, non-XML
@ -35,7 +39,7 @@ Requires: python3-mako = %{version}-%{release}
Help file of Mako library for Python in text and HTML formats. Help file of Mako library for Python in text and HTML formats.
%prep %prep
%autosetup -n Mako-%{version} %autosetup -n Mako-%{version} -p0
%build %build
%py3_build %py3_build
@ -58,9 +62,18 @@ rm -rf doc/build
%doc doc %doc doc
%changelog %changelog
* Fri Jan 07 2022 tianwei <tianwei12@huawei.com> 1.1.4-2 * Thu Sep 22 2022 dillon chen <dillon.chen@gmail.com> 1.1.4-5
- CVE-2022-40023
* Wed Mar 30 2022 wangjiang <wangjiang37@h-partners.com> 1.1.4-4
- remove python-nose build required - remove python-nose build required
* Wed Feb 23 2022 yuanxin <yuanxin24@h-partners.com> - 1.1.4-3
- enable %check
* Sat Nov 27 2021 shixuantong <shixuantong@huawei.com> - 1.1.4-2
- disable %check
* Thu Jul 15 2021 huangtianhua <huangtianhua@huawei.com> 1.1.4-1 * Thu Jul 15 2021 huangtianhua <huangtianhua@huawei.com> 1.1.4-1
- Upgrade to 1.1.4 to support OpenStack-W - Upgrade to 1.1.4 to support OpenStack-W