Matej Cepl
21d02acf4f
case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=186
31 lines
1.2 KiB
Diff
31 lines
1.2 KiB
Diff
Index: Python-3.10.5/Lib/compileall.py
|
|
===================================================================
|
|
--- Python-3.10.5.orig/Lib/compileall.py
|
|
+++ Python-3.10.5/Lib/compileall.py
|
|
@@ -96,6 +96,12 @@ def compile_dir(dir, maxlevels=None, ddi
|
|
maxlevels = sys.getrecursionlimit()
|
|
files = _walk_dir(dir, quiet=quiet, maxlevels=maxlevels)
|
|
success = True
|
|
+ # work around https://github.com/python/cpython/issues/93317
|
|
+ sys.intern('{')
|
|
+ sys.intern('{{')
|
|
+ sys.intern('}')
|
|
+ sys.intern('}}')
|
|
+
|
|
if workers != 1 and ProcessPoolExecutor is not None:
|
|
# If workers == 0, let ProcessPoolExecutor choose
|
|
workers = workers or None
|
|
Index: Python-3.10.5/Lib/distutils/util.py
|
|
===================================================================
|
|
--- Python-3.10.5.orig/Lib/distutils/util.py
|
|
+++ Python-3.10.5/Lib/distutils/util.py
|
|
@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=%
|
|
else:
|
|
from py_compile import compile
|
|
|
|
- for file in py_files:
|
|
+ for file in sorted(py_files):
|
|
if file[-3:] != ".py":
|
|
# This lets us be lazy and not filter filenames in
|
|
# the "install_lib" command.
|