forked from pool/python-python-rpm-spec
Accepting request 1110927 from home:mschreiner:branches:devel:languages:python
- Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch with a backwards-compatible patch, written by David Anes. OBS-URL: https://build.opensuse.org/request/show/1110927 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-rpm-spec?expand=0&rev=13
This commit is contained in:
Git OBS Bridge
@@ -1,8 +1,8 @@
|
|||||||
Index: python-rpm-spec-0.14.1/pyrpm/spec.py
|
diff --git a/pyrpm/spec.py b/pyrpm/spec.py
|
||||||
===================================================================
|
index 42515bf..1a290ba 100644
|
||||||
--- python-rpm-spec-0.14.1.orig/pyrpm/spec.py
|
--- a/pyrpm/spec.py
|
||||||
+++ python-rpm-spec-0.14.1/pyrpm/spec.py
|
+++ b/pyrpm/spec.py
|
||||||
@@ -490,7 +490,7 @@ class Spec:
|
@@ -490,7 +490,7 @@ def from_string(cls, string: str) -> "Spec":
|
||||||
return spec
|
return spec
|
||||||
|
|
||||||
|
|
||||||
@@ -11,18 +11,20 @@ Index: python-rpm-spec-0.14.1/pyrpm/spec.py
|
|||||||
"""Replace all macros in given string with corresponding values.
|
"""Replace all macros in given string with corresponding values.
|
||||||
|
|
||||||
For example, a string '%{name}-%{version}.tar.gz' will be transformed to 'foo-2.0.tar.gz'.
|
For example, a string '%{name}-%{version}.tar.gz' will be transformed to 'foo-2.0.tar.gz'.
|
||||||
@@ -552,10 +552,12 @@ def replace_macros(string: str, spec: Sp
|
@@ -555,9 +555,13 @@ def get_replacement_string(match: re.Match) -> str:
|
||||||
|
# Recursively expand macros
|
||||||
return match.string[match.start() : match.end()]
|
|
||||||
|
|
||||||
- # Recursively expand macros
|
|
||||||
+ # Recursively expand macros, respecting the limit imposed by 'max_attempts'
|
|
||||||
# Note: If macros are not defined in the spec file, this won't try to
|
# Note: If macros are not defined in the spec file, this won't try to
|
||||||
# expand them.
|
# expand them.
|
||||||
- while True:
|
- while True:
|
||||||
+ attempt = 0
|
+ attempt = 0
|
||||||
|
+ ret = ""
|
||||||
+ while attempt < max_attempts:
|
+ while attempt < max_attempts:
|
||||||
+ attempt += 1
|
+ attempt += 1
|
||||||
ret = re.sub(_macro_pattern, get_replacement_string, string)
|
ret = re.sub(_macro_pattern, get_replacement_string, string)
|
||||||
if ret != string:
|
if ret != string:
|
||||||
string = ret
|
string = ret
|
||||||
|
continue
|
||||||
|
- return ret
|
||||||
|
+ break
|
||||||
|
+ return ret
|
||||||
|
\ No newline at end of file
|
||||||
|
|||||||
@@ -1,7 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 13 15:17:43 UTC 2023 - Martin Schreiner <martin.schreiner@suse.com>
|
||||||
|
|
||||||
|
- Replace the contents of avoid-DoS-on-carefully-crafted-spec-files.patch
|
||||||
|
with a backwards-compatible patch, written by David Anes.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Sep 13 06:08:44 UTC 2023 - Martin Schreiner <martin.schreiner@suse.com>
|
Wed Sep 13 06:08:44 UTC 2023 - Martin Schreiner <martin.schreiner@suse.com>
|
||||||
|
|
||||||
- Add avoid-ddos-on-carefully-crafted-spec-files.patch.
|
- Add avoid-DoS-on-carefully-crafted-spec-files.patch.
|
||||||
- Update to v0.14.1:
|
- Update to v0.14.1:
|
||||||
- Changes from v0.14.1:
|
- Changes from v0.14.1:
|
||||||
- Fix replace_macro's behavior with user-defined conditional
|
- Fix replace_macro's behavior with user-defined conditional
|
||||||
|
|||||||
Reference in New Issue
Block a user