Fix vulnerable regex
This commit is contained in:
markeryang
parent
f6b1215326
commit
356a56ba89
25
backport-fix-vulnerable-regex.patch
Normal file
25
backport-fix-vulnerable-regex.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 254e668eef34ca21005634a2bdba9d9a74deaa26 Mon Sep 17 00:00:00 2001
|
||||
From: M00nL1ght <69127692+SCH227@users.noreply.github.com>
|
||||
Date: Tue, 30 Aug 2022 05:51:29 +0300
|
||||
Subject: [PATCH] Fix vulnerable regex
|
||||
|
||||
Implement exclusive RE searches to avoid backtracking
|
||||
---
|
||||
src/pip/_internal/models/wheel.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/pip/_internal/models/wheel.py b/src/pip/_internal/models/wheel.py
|
||||
index 35c70375539..a5dc12bdd63 100644
|
||||
--- a/src/pip/_internal/models/wheel.py
|
||||
+++ b/src/pip/_internal/models/wheel.py
|
||||
@@ -13,8 +13,8 @@ class Wheel:
|
||||
"""A wheel file"""
|
||||
|
||||
wheel_file_re = re.compile(
|
||||
- r"""^(?P<namever>(?P<name>.+?)-(?P<ver>.*?))
|
||||
- ((-(?P<build>\d[^-]*?))?-(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)
|
||||
+ r"""^(?P<namever>(?P<name>[^\s-]+?)-(?P<ver>[^\s-]*?))
|
||||
+ ((-(?P<build>\d[^-]*?))?-(?P<pyver>[^\s-]+?)-(?P<abi>[^\s-]+?)-(?P<plat>[^\s-]+?)
|
||||
\.whl|\.dist-info)$""",
|
||||
re.VERBOSE,
|
||||
)
|
||||
@ -6,7 +6,7 @@ pip is the package installer for Python. You can use pip to install packages fro
|
||||
%global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
|
||||
Name: python-%{srcname}
|
||||
Version: 21.3.1
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: A tool for installing and managing Python packages
|
||||
License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
|
||||
URL: http://www.pip-installer.org
|
||||
@ -17,6 +17,7 @@ Patch1: allow-stripping-given-prefix-from-wheel-RECORD-files.patch
|
||||
Patch2: emit-a-warning-when-running-with-root-privileges.patch
|
||||
Patch3: remove-existing-dist-only-if-path-conflicts.patch
|
||||
Patch6000: dummy-certifi.patch
|
||||
Patch6001: backport-fix-vulnerable-regex.patch
|
||||
|
||||
Source10: pip-allow-older-versions.patch
|
||||
|
||||
@ -126,6 +127,9 @@ install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pip.conf
|
||||
%{python_wheeldir}/%{python_wheelname}
|
||||
|
||||
%changelog
|
||||
* Wed Dec 13 2023 yanglongkang <yanglongkang@h-partners.com>- 21.3.1-5
|
||||
- Fix vulnerable regex
|
||||
|
||||
* Fri Sep 08 2023 zhuofeng <zhuofeng2@huawei.com> - 21.3.1-4
|
||||
- fix that pip install failed
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user