FIx patches

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=426
2024-09-20 21:10:45 +00:00 · 2024-09-20 21:10:45 +00:00 · 5f785230b9
commit 5f785230b9
parent 2db1a650e2
1 changed files with 11 additions and 10 deletions
--- a/CVE-2019-20907_tarfile-inf-loop.patch
+++ b/CVE-2019-20907_tarfile-inf-loop.patch
@ -6,13 +6,14 @@ Subject: [PATCH 1/4] bpo-39017 Fix infinite loop in the tarfile module
 Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop
 ---
 Lib/tarfile.py                                                    |    2 ++
- Lib/test/test_tarfile.py |   5 +++++
- 3 files changed, 7 insertions(+)
+ Lib/test/test_tarfile.py                                          |    8 ++++++++
+ Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst |    1 +
+ 3 files changed, 11 insertions(+)
 create mode 100644 Lib/test/recursion.tar

 --- a/Lib/tarfile.py
 +++ b/Lib/tarfile.py
-@@ -1226,6 +1226,8 @@ class TarInfo(object):
+@@ -1400,6 +1400,8 @@ class TarInfo(object):
 
             length, keyword = match.groups()
             length = int(length)
@ -20,12 +21,12 @@ Add a check for length = 0 in the _proc_pax function to avoid running into an in
 +                raise InvalidHeaderError("invalid header")
             value = buf[match.end(2) + 1:match.start(1) + length - 1]
 
-             # Normally, we could just use "utf-8" as the encoding and "strict"
+             keyword = keyword.decode("utf8")
 --- a/Lib/test/test_tarfile.py
 +++ b/Lib/test/test_tarfile.py
-@@ -297,6 +297,14 @@ class Bz2ListTest(Bz2Test, ListTest):
- class LzmaListTest(LzmaTest, ListTest):
-     pass
+@@ -321,6 +321,14 @@ class CommonReadTest(ReadTest):
+                 with self.assertRaisesRegexp(tarfile.ReadError, "unexpected end of data"):
+                     tar.extractfile(t).read()
 
 +    def test_length_zero_header(self):
 +        # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
@ -36,8 +37,8 @@ Add a check for length = 0 in the _proc_pax function to avoid running into an in
 +
 +
 
- class CommonReadTest(ReadTest):
- 
+ class MiscReadTest(CommonReadTest):
+     taropen = tarfile.TarFile.taropen
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
@@ -0,0 +1 @@