pool/python-Js2Py
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1184231 from devel:languages:python

Browse Source 
- Add CVE-2024-28397.patch upstream patch.
  (bsc#1226660, gh#PiotrDabkowski/Js2Py#323)
- Run tests
- Add patches:
  * remove-python-six.patch, to remove python-six dependency
  * python312.patch, to make it compatible with python312

OBS-URL: https://build.opensuse.org/request/show/1184231
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Js2Py?expand=0&rev=10
This commit is contained in:
Dominique Leuenberger 2024-07-01 09:22:19 +00:00 committed by Git OBS Bridge
commit f1f204ff3d
5 changed files with 1212 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CVE-2024-28397.patch Normal file
View File

@ -0,0 +1,13 @@
Index: Js2Py-0.74/js2py/constructors/jsobject.py
===================================================================
--- Js2Py-0.74.orig/js2py/constructors/jsobject.py
+++ Js2Py-0.74/js2py/constructors/jsobject.py
@@ -48,7 +48,7 @@ class ObjectMethods:
raise MakeError(
'TypeError',
'Object.getOwnPropertyDescriptor called on non-object')
- return obj.own.keys()
+ return list(obj.own.keys())
def create(obj):
if not (obj.is_object() or obj.is_null()):

14
python-Js2Py.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Jul 1 08:39:07 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2024-28397.patch upstream patch.
(bsc#1226660, gh#PiotrDabkowski/Js2Py#323)
-------------------------------------------------------------------
Mon Jul 1 08:19:03 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Run tests
- Add patches:
* remove-python-six.patch, to remove python-six dependency
* python312.patch, to make it compatible with python312
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 21 12:20:47 UTC 2023 - Dirk Müller <dmueller@suse.com> Fri Apr 21 12:20:47 UTC 2023 - Dirk Müller <dmueller@suse.com>

24
python-Js2Py.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package python-Js2Py # spec file for package python-Js2Py
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -16,7 +16,6 @@
# #
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%{?sle15_python_module_pythons} %{?sle15_python_module_pythons}
Name: python-Js2Py Name: python-Js2Py
Version: 0.74 Version: 0.74
@ -27,11 +26,17 @@ Group: Development/Languages/Python
URL: https://github.com/PiotrDabkowski/Js2Py URL: https://github.com/PiotrDabkowski/Js2Py
Source: https://files.pythonhosted.org/packages/source/J/Js2Py/Js2Py-%{version}.tar.gz Source: https://files.pythonhosted.org/packages/source/J/Js2Py/Js2Py-%{version}.tar.gz
Source1: https://raw.githubusercontent.com/PiotrDabkowski/Js2Py/master/LICENSE.md Source1: https://raw.githubusercontent.com/PiotrDabkowski/Js2Py/master/LICENSE.md
# PATCH-FIX-OPENSUSE remove-python-six.patch
Patch0: remove-python-six.patch
# PATCH-FIX-UPSTREAM python312.patch gh#PiotrDabkowski/Js2Py#327
Patch1: python312.patch
# PATCH-FIX-UPSTREAM CVE-2024-28397.patch gh#PiotrDabkowski/Js2Py#323
Patch2: CVE-2024-28397.patch
BuildRequires: %{python_module pyjsparser}
BuildRequires: %{python_module setuptools} BuildRequires: %{python_module setuptools}
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: python-rpm-macros BuildRequires: python-rpm-macros
Requires: python-pyjsparser Requires: python-pyjsparser
Requires: python-six
Requires: python-tzlocal Requires: python-tzlocal
BuildArch: noarch BuildArch: noarch
%python_subpackages %python_subpackages
@ -42,7 +47,7 @@ execute virtually any JavaScript code. Js2Py, basically an
implementation of the JavaScript core, is written in pure Python. implementation of the JavaScript core, is written in pure Python.
%prep %prep
%setup -q -n Js2Py-%{version} %autosetup -p1 -n Js2Py-%{version}
cp %{SOURCE1} . cp %{SOURCE1} .
%build %build
@ -52,11 +57,18 @@ cp %{SOURCE1} .
%python_install %python_install
%python_expand %fdupes %{buildroot}%{$python_sitelib} %python_expand %fdupes %{buildroot}%{$python_sitelib}
# no tests in pypi sdist and no tags in github repo (https://github.com/PiotrDabkowski/Js2Py/issues/100) %check
pushd tests
touch node_failed.txt
%{python_expand #
PYTHONPATH=%{buildroot}%{$python_sitelib} $python run.py
}
popd
%files %{python_files} %files %{python_files}
%doc README.md %doc README.md
%license LICENSE.md %license LICENSE.md
%{python_sitelib}/* %{python_sitelib}/js2py
%{python_sitelib}/Js2Py-%{version}*-info
%changelog %changelog

57
python312.patch Normal file
View File

@ -0,0 +1,57 @@
From fd7df4a91fb08060914c7b1d9e94583d18f3371b Mon Sep 17 00:00:00 2001
From: Felix Yan <felixonmars@archlinux.org>
Date: Wed, 17 Apr 2024 16:47:47 +0300
Subject: [PATCH] Fix bytecode for Python 3.12
`LOAD_ATTR` has been changed in Python 3.12 and it seems reusing the
`LOAD_GLOBAL` logic makes the simple tests passing.
I am not sure if this is correct since I'm pretty new to the code, but
maybe it's still helpful.
---
js2py/translators/translating_nodes.py | 2 +-
js2py/utils/injector.py | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
Index: Js2Py-0.74/js2py/translators/translating_nodes.py
===================================================================
--- Js2Py-0.74.orig/js2py/translators/translating_nodes.py
+++ Js2Py-0.74/js2py/translators/translating_nodes.py
@@ -538,7 +538,7 @@ def TryStatement(type, block, handler, h
if handler:
identifier = handler['param']['name']
holder = 'PyJsHolder_%s_%d' % (to_hex(identifier),
- random.randrange(1e8))
+ random.randrange(six.integer_types[-1](1e8)))
identifier = repr(identifier)
result += 'except PyJsException as PyJsTempException:\n'
# fill in except ( catch ) block and remember to recover holder variable to its previous state
Index: Js2Py-0.74/js2py/utils/injector.py
===================================================================
--- Js2Py-0.74.orig/js2py/utils/injector.py
+++ Js2Py-0.74/js2py/utils/injector.py
@@ -13,6 +13,7 @@ chr = lambda x: x
# Opcode constants used for comparison and replacecment
LOAD_FAST = opcode.opmap['LOAD_FAST']
LOAD_GLOBAL = opcode.opmap['LOAD_GLOBAL']
+LOAD_ATTR = opcode.opmap['LOAD_ATTR']
STORE_FAST = opcode.opmap['STORE_FAST']
@@ -88,6 +89,7 @@ def append_arguments(code_obj, new_local
(co_names.index(name), varnames.index(name)) for name in new_locals)
is_new_bytecode = sys.version_info >= (3, 11)
+ is_new_load_attr = sys.version_info >= (3, 12)
# Now we modify the actual bytecode
modified = []
drop_future_cache = False
@@ -106,7 +108,7 @@ def append_arguments(code_obj, new_local
# it's one of the globals that we are replacing. Either way,
# update its arg using the appropriate dict.
drop_future_cache = False
- if inst.opcode == LOAD_GLOBAL:
+ if inst.opcode == LOAD_GLOBAL or (is_new_load_attr and inst.opcode == LOAD_ATTR):
idx = inst.arg
if is_new_bytecode:
idx = idx // 2

1110
remove-python-six.patch Normal file
View File

File diff suppressed because it is too large Load Diff