python-python-rpm-spec/avoid-DoS-on-carefully-crafted-spec-files.patch

diff --git a/pyrpm/spec.py b/pyrpm/spec.py
index 42515bf..1a290ba 100644
--- a/pyrpm/spec.py
+++ b/pyrpm/spec.py
@@ -490,7 +490,7 @@ def from_string(cls, string: str) -> "Spec":
         return spec
 
 
-def replace_macros(string: str, spec: Spec) -> str:
+def replace_macros(string: str, spec: Spec, max_attempts: int = 1000) -> str:
     """Replace all macros in given string with corresponding values.
 
     For example, a string '%{name}-%{version}.tar.gz' will be transformed to 'foo-2.0.tar.gz'.
@@ -555,9 +555,13 @@ def get_replacement_string(match: re.Match) -> str:
     # Recursively expand macros
     # Note: If macros are not defined in the spec file, this won't try to
     # expand them.
-    while True:
+    attempt = 0
+    ret = ""
+    while attempt < max_attempts:
+        attempt += 1
         ret = re.sub(_macro_pattern, get_replacement_string, string)
         if ret != string:
             string = ret
             continue
-        return ret
+        break
+    return ret
\ No newline at end of file
Accepting request 1110927 from home:mschreiner:branches:devel:languages:python - Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch with a backwards-compatible patch, written by David Anes. OBS-URL: https://build.opensuse.org/request/show/1110927 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=13 2023-09-14 07:17:59 +00:00			`diff --git a/pyrpm/spec.py b/pyrpm/spec.py`
			`index 42515bf..1a290ba 100644`
			`--- a/pyrpm/spec.py`
			`+++ b/pyrpm/spec.py`
			`@@ -490,7 +490,7 @@ def from_string(cls, string: str) -> "Spec":`
Accepting request 1110811 from home:mschreiner:branches:devel:languages:python - Add avoid-ddos-on-carefully-crafted-spec-files.patch. - This patch fixes an endless loop that could be triggered by carefully crafting a malicious RPM spec file. - Issue was reported by David Anes, who also contributed the patch. - More details on the .spec file. - Update to v0.14.1. - For a full changelog here, please check the .changes file. OBS-URL: https://build.opensuse.org/request/show/1110811 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=12 2023-09-13 07:38:28 +00:00			`return spec`


			`-def replace_macros(string: str, spec: Spec) -> str:`
			`+def replace_macros(string: str, spec: Spec, max_attempts: int = 1000) -> str:`
			`"""Replace all macros in given string with corresponding values.`

			`For example, a string '%{name}-%{version}.tar.gz' will be transformed to 'foo-2.0.tar.gz'.`
Accepting request 1110927 from home:mschreiner:branches:devel:languages:python - Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch with a backwards-compatible patch, written by David Anes. OBS-URL: https://build.opensuse.org/request/show/1110927 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=13 2023-09-14 07:17:59 +00:00			`@@ -555,9 +555,13 @@ def get_replacement_string(match: re.Match) -> str:`
			`# Recursively expand macros`
Accepting request 1110811 from home:mschreiner:branches:devel:languages:python - Add avoid-ddos-on-carefully-crafted-spec-files.patch. - This patch fixes an endless loop that could be triggered by carefully crafting a malicious RPM spec file. - Issue was reported by David Anes, who also contributed the patch. - More details on the .spec file. - Update to v0.14.1. - For a full changelog here, please check the .changes file. OBS-URL: https://build.opensuse.org/request/show/1110811 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=12 2023-09-13 07:38:28 +00:00			`# Note: If macros are not defined in the spec file, this won't try to`
			`# expand them.`
			`- while True:`
			`+ attempt = 0`
Accepting request 1110927 from home:mschreiner:branches:devel:languages:python - Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch with a backwards-compatible patch, written by David Anes. OBS-URL: https://build.opensuse.org/request/show/1110927 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=13 2023-09-14 07:17:59 +00:00			`+ ret = ""`
Accepting request 1110811 from home:mschreiner:branches:devel:languages:python - Add avoid-ddos-on-carefully-crafted-spec-files.patch. - This patch fixes an endless loop that could be triggered by carefully crafting a malicious RPM spec file. - Issue was reported by David Anes, who also contributed the patch. - More details on the .spec file. - Update to v0.14.1. - For a full changelog here, please check the .changes file. OBS-URL: https://build.opensuse.org/request/show/1110811 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=12 2023-09-13 07:38:28 +00:00			`+ while attempt < max_attempts:`
			`+ attempt += 1`
			`ret = re.sub(_macro_pattern, get_replacement_string, string)`
			`if ret != string:`
			`string = ret`
Accepting request 1110927 from home:mschreiner:branches:devel:languages:python - Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch with a backwards-compatible patch, written by David Anes. OBS-URL: https://build.opensuse.org/request/show/1110927 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=13 2023-09-14 07:17:59 +00:00			`continue`
			`- return ret`
			`+ break`
			`+ return ret`
			`\ No newline at end of file`