python-interpreters/python39
SHA256
7
0
Fork 0
forked from pool/python39
Code Pull Requests Activity

- Add CVE-2024-6232-cookies-quad-complex.patch to avoid quadratic

Browse Source 
complexity in parsing "-quoted cookie values with backslashes
  (bsc#1229596, CVE-2024-6232).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=199
This commit is contained in:
Matej Cepl
2024-09-05 13:45:40 +00:00
committed by Git OBS Bridge
parent 52ba2746e2
commit 1955425d20
3 changed files with 136 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python39.spec
View File

@@ -208,6 +208,9 @@ Patch49: CVE-2024-8088-inf-loop-zipfile_Path.patch
# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com
# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227)
Patch50: gh120226-fix-sendfile-test-kernel-610.patch
# PATCH-FIX-UPSTREAM CVE-2024-6232-cookies-quad-complex.patch bsc#1229596 mcepl@suse.com
# avoid quadratic complexity in parsing "-quoted cookie values with backslashes
Patch51: CVE-2024-6232-cookies-quad-complex.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -479,6 +482,7 @@ other applications.
%patch -p1 -P 48
%patch -p1 -P 49
%patch -p1 -P 50
%patch -p1 -P 51
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac