- Add CVE-2024-28397.patch upstream patch.

(bsc#1226660, gh#PiotrDabkowski/Js2Py#323)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Js2Py?expand=0&rev=22

CVE-2024-28397.patch

@@ -0,0 +1,13 @@
+Index: Js2Py-0.74/js2py/constructors/jsobject.py
+===================================================================
+--- Js2Py-0.74.orig/js2py/constructors/jsobject.py
++++ Js2Py-0.74/js2py/constructors/jsobject.py
+@@ -48,7 +48,7 @@ class ObjectMethods:
+             raise MakeError(
+                 'TypeError',
+                 'Object.getOwnPropertyDescriptor called on non-object')
+-        return obj.own.keys()
++        return list(obj.own.keys())
+ 
+     def create(obj):
+         if not (obj.is_object() or obj.is_null()):

python-Js2Py.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jul  1 08:39:07 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add CVE-2024-28397.patch upstream patch.
+  (bsc#1226660, gh#PiotrDabkowski/Js2Py#323)
+
 -------------------------------------------------------------------
 Mon Jul  1 08:19:03 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 

python-Js2Py.spec

@@ -30,6 +30,8 @@ Source1:        https://raw.githubusercontent.com/PiotrDabkowski/Js2Py/master/LI
 Patch0:         remove-python-six.patch
 # PATCH-FIX-UPSTREAM python312.patch gh#PiotrDabkowski/Js2Py#327
 Patch1:         python312.patch
+# PATCH-FIX-UPSTREAM CVE-2024-28397.patch gh#PiotrDabkowski/Js2Py#323
+Patch2:         CVE-2024-28397.patch
 BuildRequires:  %{python_module pyjsparser}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes