Updated patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=427
This commit is contained in:
Git OBS Bridge
parent
5f785230b9
commit
a4d601d4ed
@ -19,9 +19,9 @@ From-PR: gh#python/cpython!123642
|
||||
Patch: CVE-2024-6232-ReDOS-backtrack-tarfile.patch
|
||||
---
|
||||
Lib/tarfile.py | 169 ++++++++--
|
||||
Lib/test/test_tarfile.py | 42 ++
|
||||
Lib/test/test_tarfile.py | 44 ++
|
||||
Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst | 2
|
||||
3 files changed, 186 insertions(+), 27 deletions(-)
|
||||
3 files changed, 187 insertions(+), 28 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst
|
||||
|
||||
--- a/Lib/tarfile.py
|
||||
@ -248,6 +248,15 @@ Patch: CVE-2024-6232-ReDOS-backtrack-tarfile.patch
|
||||
# class TarInfo
|
||||
--- a/Lib/test/test_tarfile.py
|
||||
+++ b/Lib/test/test_tarfile.py
|
||||
@@ -324,7 +324,7 @@ class CommonReadTest(ReadTest):
|
||||
def test_length_zero_header(self):
|
||||
# bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
|
||||
# with an exception
|
||||
- with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"):
|
||||
+ with self.assertRaisesRegexp(tarfile.ReadError, "file could not be opened successfully"):
|
||||
with tarfile.open(support.findfile('recursion.tar')) as tar:
|
||||
pass
|
||||
|
||||
@@ -804,6 +804,48 @@ class WriteTestBase(unittest.TestCase):
|
||||
self.assertFalse(fobj.closed)
|
||||
self.assertEqual(data, fobj.getvalue())
|
||||
@ -291,7 +300,7 @@ Patch: CVE-2024-6232-ReDOS-backtrack-tarfile.patch
|
||||
+ f.truncate()
|
||||
+ f.write(data)
|
||||
+
|
||||
+ with self.assertRaisesRegex(tarfile.ReadError, r"file could not be opened successfully"):
|
||||
+ with self.assertRaisesRegexp(tarfile.ReadError, r"file could not be opened successfully"):
|
||||
+ tarfile.open(tmpname, encoding="iso8859-1")
|
||||
+
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user