- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid

CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=334
2022-11-09 19:07:01 +00:00
parent eb3f10bd75
commit 3f9f4e7cb7
7 changed files with 121 additions and 0 deletions
--- a/python-doc.spec
+++ b/python-doc.spec
@@ -133,6 +133,9 @@ Patch70:        CVE-2015-20107-mailcap-unsafe-filenames.patch
 # Coerce // to / in Lib/BaseHTTPServer.py
 Patch71:        CVE-2021-28861-double-slash-path.patch
 Patch72:        bpo34990-2038-problem-compileall.patch
+# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com
+# Avoid DoS by decoding IDNA for too long domain names
+Patch73:        CVE-2022-45061-DoS-by-IDNA-decode.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc = %{version}
 Provides:       pyth_ps = %{version}
@@ -209,6 +212,7 @@ Python, and Macintosh Module Reference in PDF format.
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
+%patch73 -p1

 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar