diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-05 09:32:00 +0100 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-08 22:03:03 +0100 |
| commit | 2e557033bddcd52d5bee404d3cc9cf692fd94887 (patch) | |
| tree | 248e32dea12a4280b1da793d846655ed39d20d59 /meta-python | |
| parent | cc53827cc3f8df8daf0931edc8be2ac17c678e3e (diff) | |
| download | meta-openembedded-2e557033bddcd52d5bee404d3cc9cf692fd94887.tar.gz | |
python3-configobj: patch CVE-2023-26112
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112
Pick the patch that resolves the issue referenced in the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-python')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch | 25 | ||||
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-configobj_5.0.6.bb | 3 |
2 files changed, 27 insertions, 1 deletions
diff --git a/meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch b/meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch new file mode 100644 index 0000000000..35d8ea77cf --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | From 76dd27ec0dbde6c852f412390ac4e2cfefa8af76 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: cdcadman <mythirty@gmail.com> | ||
| 3 | Date: Wed, 17 May 2023 03:57:08 -0700 | ||
| 4 | Subject: [PATCH] Address CVE-2023-26112 ReDoS | ||
| 5 | |||
| 6 | CVE: CVE-2023-26112 | ||
| 7 | Upstream-Status: Backport [https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5] | ||
| 8 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 9 | --- | ||
| 10 | validate.py | 2 +- | ||
| 11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 12 | |||
| 13 | diff --git a/validate.py b/validate.py | ||
| 14 | index b7a964c..af76898 100644 | ||
| 15 | --- a/validate.py | ||
| 16 | +++ b/validate.py | ||
| 17 | @@ -542,7 +542,7 @@ class Validator(object): | ||
| 18 | """ | ||
| 19 | |||
| 20 | # this regex does the initial parsing of the checks | ||
| 21 | - _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL) | ||
| 22 | + _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL) | ||
| 23 | |||
| 24 | # this regex takes apart keyword arguments | ||
| 25 | _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$', re.DOTALL) | ||
diff --git a/meta-python/recipes-devtools/python/python3-configobj_5.0.6.bb b/meta-python/recipes-devtools/python/python3-configobj_5.0.6.bb index 1125a6389d..589ad6f1d9 100644 --- a/meta-python/recipes-devtools/python/python3-configobj_5.0.6.bb +++ b/meta-python/recipes-devtools/python/python3-configobj_5.0.6.bb | |||
| @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://configobj.py;md5=a7c3968dd866dfd23e91e125b669ab21" | |||
| 6 | PYPI_PACKAGE = "configobj" | 6 | PYPI_PACKAGE = "configobj" |
| 7 | SRC_URI[sha256sum] = "a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902" | 7 | SRC_URI[sha256sum] = "a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902" |
| 8 | 8 | ||
| 9 | SRC_URI += "file://0001-Switch-from-using-distutils-to-setuptools.patch" | 9 | SRC_URI += "file://0001-Switch-from-using-distutils-to-setuptools.patch \ |
| 10 | file://CVE-2023-26112.patch" | ||
| 10 | 11 | ||
| 11 | inherit pypi setuptools3 | 12 | inherit pypi setuptools3 |