From 62bffaadfe7f7f4b9c78e082d8d823d20ba3faaa82a2c65635e2a7cf31ebf063 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 14 Sep 2023 07:17:59 +0000 Subject: [PATCH] Accepting request 1110927 from home:mschreiner:branches:devel:languages:python - Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch with a backwards-compatible patch, written by David Anes. OBS-URL: https://build.opensuse.org/request/show/1110927 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=13 --- ...-DoS-on-carefully-crafted-spec-files.patch | 24 ++++++++++--------- python-python-rpm-spec.changes | 8 ++++++- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/avoid-DoS-on-carefully-crafted-spec-files.patch b/avoid-DoS-on-carefully-crafted-spec-files.patch index 257250e..7e6e1d7 100644 --- a/avoid-DoS-on-carefully-crafted-spec-files.patch +++ b/avoid-DoS-on-carefully-crafted-spec-files.patch @@ -1,8 +1,8 @@ -Index: python-rpm-spec-0.14.1/pyrpm/spec.py -=================================================================== ---- python-rpm-spec-0.14.1.orig/pyrpm/spec.py -+++ python-rpm-spec-0.14.1/pyrpm/spec.py -@@ -490,7 +490,7 @@ class Spec: +diff --git a/pyrpm/spec.py b/pyrpm/spec.py +index 42515bf..1a290ba 100644 +--- a/pyrpm/spec.py ++++ b/pyrpm/spec.py +@@ -490,7 +490,7 @@ def from_string(cls, string: str) -> "Spec": return spec @@ -11,18 +11,20 @@ Index: python-rpm-spec-0.14.1/pyrpm/spec.py """Replace all macros in given string with corresponding values. For example, a string '%{name}-%{version}.tar.gz' will be transformed to 'foo-2.0.tar.gz'. -@@ -552,10 +552,12 @@ def replace_macros(string: str, spec: Sp - - return match.string[match.start() : match.end()] - -- # Recursively expand macros -+ # Recursively expand macros, respecting the limit imposed by 'max_attempts' +@@ -555,9 +555,13 @@ def get_replacement_string(match: re.Match) -> str: + # Recursively expand macros # Note: If macros are not defined in the spec file, this won't try to # expand them. - while True: + attempt = 0 ++ ret = "" + while attempt < max_attempts: + attempt += 1 ret = re.sub(_macro_pattern, get_replacement_string, string) if ret != string: string = ret + continue +- return ret ++ break ++ return ret +\ No newline at end of file diff --git a/python-python-rpm-spec.changes b/python-python-rpm-spec.changes index 7757491..60c96c5 100644 --- a/python-python-rpm-spec.changes +++ b/python-python-rpm-spec.changes @@ -1,7 +1,13 @@ +------------------------------------------------------------------- +Wed Sep 13 15:17:43 UTC 2023 - Martin Schreiner + +- Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch + with a backwards-compatible patch, written by David Anes. + ------------------------------------------------------------------- Wed Sep 13 06:08:44 UTC 2023 - Martin Schreiner -- Add avoid-ddos-on-carefully-crafted-spec-files.patch. +- Add avoid-DoS-on-carefully-crafted-spec-files.patch. - Update to v0.14.1: - Changes from v0.14.1: - Fix replace_macro's behavior with user-defined conditional