2 files changed, 121 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch b/meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch
new file mode 100644
index 0000000000..66690e74b4
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch
@@ -0,0 +1,119 @@
+From 925760291d6efec64fda6e9dd1fd9cfbd5be068c Mon Sep 17 00:00:00 2001
+From: Mike Bayer <mike_mp@zzzcomputing.com>
+Date: Mon, 29 Aug 2022 12:28:52 -0400
+Subject: [PATCH] fix tag regexp to match quoted groups correctly
+Fixed issue in lexer where the regexp used to match tags would not
+correctly interpret quoted sections individually. While this parsing issue
+still produced the same expected tag structure later on, the mis-handling
+of quoted sections was also subject to a regexp crash if a tag had a large
+number of quotes within its quoted sections.
+Fixes: #366
+Change-Id: I74e0d71ff7f419970711a7cd51adcf1bb90a44c0
+Upstream-Status: Backport [https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c]
+Signed-off-by: <narpat.mali@windriver.com>
+---
+ doc/build/unreleased/366.rst |  9 +++++++++
+ mako/lexer.py                | 12 ++++++++----
+ test/test_lexer.py           | 21 +++++++++++++++++----
+ 3 files changed, 34 insertions(+), 8 deletions(-)
+ create mode 100644 doc/build/unreleased/366.rst
+--- /dev/null
+++ Mako-1.1.6/doc/build/unreleased/366.rst
+@@ -0,0 +1,9 @@
+.. change::
+    :tags: bug, lexer
+    :tickets: 366
+
+    Fixed issue in lexer where the regexp used to match tags would not
+    correctly interpret quoted sections individually. While this parsing issue
+    still produced the same expected tag structure later on, the mis-handling
+    of quoted sections was also subject to a regexp crash if a tag had a large
+    number of quotes within its quoted sections.
+\ No newline at end of file
+--- Mako-1.1.6.orig/mako/lexer.py
+++ Mako-1.1.6/mako/lexer.py
+@@ -295,20 +295,24 @@ class Lexer(object):
+         return self.template
+ 
+     def match_tag_start(self):
+-        match = self.match(
+-            r"""
+        reg = r"""
+             \<%     # opening tag
+ 
+             ([\w\.\:]+)   # keyword
+ 
+-            ((?:\s+\w+|\s*=\s*|".*?"|'.*?')*)  # attrname, = \
+            ((?:\s+\w+|\s*=\s*|"[^"]*?"|'[^']*?'|\s*,\s*)*)  # attrname, = \
+                                                #        sign, string expression
+                                               # comma is for backwards compat
+                                               # identified in #366
+ 
+             \s*     # more whitespace
+ 
+             (/)?>   # closing
+ 
+-            """,
+        """
+
+        match = self.match(
+            reg,
+             re.I | re.S | re.X,
+         )
+ 
+--- Mako-1.1.6.orig/test/test_lexer.py
+++ Mako-1.1.6/test/test_lexer.py
+@@ -1,5 +1,7 @@
+ import re
+ 
+import pytest
+
+ from mako import compat
+ from mako import exceptions
+ from mako import parsetree
+@@ -146,6 +148,10 @@ class LexerTest(TemplateTest):
+         """
+         self.assertRaises(exceptions.CompileException, Lexer(template).parse)
+ 
+    def test_tag_many_quotes(self):
+        template = "<%0" + '"' * 3000
+        assert_raises(exceptions.SyntaxException, Lexer(template).parse)
+
+     def test_unmatched_tag(self):
+         template = """
+         <%namespace name="bar">
+@@ -432,9 +438,16 @@ class LexerTest(TemplateTest):
+             ),
+         )
+ 
+-    def test_pagetag(self):
+-        template = """
+-            <%page cached="True", args="a, b"/>
+    @pytest.mark.parametrize("comma,numchars", [(",", 48), ("", 47)])
+    def test_pagetag(self, comma, numchars):
+        # note that the comma here looks like:
+        # <%page cached="True", args="a, b"/>
+        # that's what this test has looked like for decades, however, the
+        # comma there is not actually the right syntax.  When issue #366
+        # was fixed, the reg was altered to accommodate for this comma to allow
+        # backwards compat
+        template = f"""
+            <%page cached="True"{comma} args="a, b"/>
+ 
+             some template
+         """
+@@ -453,7 +466,7 @@ class LexerTest(TemplateTest):
+ 
+             some template
+         """,
+-                        (2, 48),
+                        (2, numchars),
+                     ),
+                 ],
+             ),
diff --git a/meta/recipes-devtools/python/python3-mako_1.1.6.bb b/meta/recipes-devtools/python/python3-mako_1.1.6.bb
index 71e5d96ba1..4e4f33f5dc 100644
--- a/meta/recipes-devtools/python/python3-mako_1.1.6.bb
+++ b/meta/recipes-devtools/python/python3-mako_1.1.6.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=943eb67718222db21d44a4ef1836675f"
 PYPI_PACKAGE = "Mako"
+SRC_URI += "file://CVE-2022-40023.patch"
 inherit pypi python_setuptools_build_meta
 SRC_URI[sha256sum] = "4e9e345a41924a954251b95b4b28e14a301145b544901332e658907a7464b6b2"

diff --git a/meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch b/meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch new file mode 100644 index 0000000000..66690e74b4 --- /dev/null +++ b/meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch
@@ -0,0 +1,119 @@
		1	From 925760291d6efec64fda6e9dd1fd9cfbd5be068c Mon Sep 17 00:00:00 2001
		2	From: Mike Bayer <mike_mp@zzzcomputing.com>
		3	Date: Mon, 29 Aug 2022 12:28:52 -0400
		4	Subject: [PATCH] fix tag regexp to match quoted groups correctly
		5
		6	Fixed issue in lexer where the regexp used to match tags would not
		7	correctly interpret quoted sections individually. While this parsing issue
		8	still produced the same expected tag structure later on, the mis-handling
		9	of quoted sections was also subject to a regexp crash if a tag had a large
		10	number of quotes within its quoted sections.
		11
		12	Fixes: #366
		13	Change-Id: I74e0d71ff7f419970711a7cd51adcf1bb90a44c0
		14
		15	Upstream-Status: Backport [https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c]
		16
		17	Signed-off-by: <narpat.mali@windriver.com>
		18
		19	---
		20	doc/build/unreleased/366.rst \| 9 +++++++++
		21	mako/lexer.py \| 12 ++++++++----
		22	test/test_lexer.py \| 21 +++++++++++++++++----
		23	3 files changed, 34 insertions(+), 8 deletions(-)
		24	create mode 100644 doc/build/unreleased/366.rst
		25
		26	--- /dev/null
		27	+++ Mako-1.1.6/doc/build/unreleased/366.rst
		28	@@ -0,0 +1,9 @@
		29	+.. change::
		30	+ :tags: bug, lexer
		31	+ :tickets: 366
		32	+
		33	+ Fixed issue in lexer where the regexp used to match tags would not
		34	+ correctly interpret quoted sections individually. While this parsing issue
		35	+ still produced the same expected tag structure later on, the mis-handling
		36	+ of quoted sections was also subject to a regexp crash if a tag had a large
		37	+ number of quotes within its quoted sections.
		38	\ No newline at end of file
		39	--- Mako-1.1.6.orig/mako/lexer.py
		40	+++ Mako-1.1.6/mako/lexer.py
		41	@@ -295,20 +295,24 @@ class Lexer(object):
		42	return self.template
		43
		44	def match_tag_start(self):
		45	- match = self.match(
		46	- r"""
		47	+ reg = r"""
		48	\<% # opening tag
		49
		50	([\w\.\:]+) # keyword
		51
		52	- ((?:\s+\w+\|\s=\s\|".?"\|'.?')*) # attrname, = \
		53	+ ((?:\s+\w+\|\s=\s\|"[^"]?"\|'[^']?'\|\s,\s)*) # attrname, = \
		54	# sign, string expression
		55	+ # comma is for backwards compat
		56	+ # identified in #366
		57
		58	\s* # more whitespace
		59
		60	(/)?> # closing
		61
		62	- """,
		63	+ """
		64	+
		65	+ match = self.match(
		66	+ reg,
		67	re.I \| re.S \| re.X,
		68	)
		69
		70	--- Mako-1.1.6.orig/test/test_lexer.py
		71	+++ Mako-1.1.6/test/test_lexer.py
		72	@@ -1,5 +1,7 @@
		73	import re
		74
		75	+import pytest
		76	+
		77	from mako import compat
		78	from mako import exceptions
		79	from mako import parsetree
		80	@@ -146,6 +148,10 @@ class LexerTest(TemplateTest):
		81	"""
		82	self.assertRaises(exceptions.CompileException, Lexer(template).parse)
		83
		84	+ def test_tag_many_quotes(self):
		85	+ template = "<%0" + '"' * 3000
		86	+ assert_raises(exceptions.SyntaxException, Lexer(template).parse)
		87	+
		88	def test_unmatched_tag(self):
		89	template = """
		90	<%namespace name="bar">
		91	@@ -432,9 +438,16 @@ class LexerTest(TemplateTest):
		92	),
		93	)
		94
		95	- def test_pagetag(self):
		96	- template = """
		97	- <%page cached="True", args="a, b"/>
		98	+ @pytest.mark.parametrize("comma,numchars", [(",", 48), ("", 47)])
		99	+ def test_pagetag(self, comma, numchars):
		100	+ # note that the comma here looks like:
		101	+ # <%page cached="True", args="a, b"/>
		102	+ # that's what this test has looked like for decades, however, the
		103	+ # comma there is not actually the right syntax. When issue #366
		104	+ # was fixed, the reg was altered to accommodate for this comma to allow
		105	+ # backwards compat
		106	+ template = f"""
		107	+ <%page cached="True"{comma} args="a, b"/>
		108
		109	some template
		110	"""
		111	@@ -453,7 +466,7 @@ class LexerTest(TemplateTest):
		112
		113	some template
		114	""",
		115	- (2, 48),
		116	+ (2, numchars),
		117	),
		118	],
		119	),


diff --git a/meta/recipes-devtools/python/python3-mako_1.1.6.bb b/meta/recipes-devtools/python/python3-mako_1.1.6.bb index 71e5d96ba1..4e4f33f5dc 100644 --- a/meta/recipes-devtools/python/python3-mako_1.1.6.bb +++ b/meta/recipes-devtools/python/python3-mako_1.1.6.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=943eb67718222db21d44a4ef1836675f"
6		6
7	PYPI_PACKAGE = "Mako"	7	PYPI_PACKAGE = "Mako"
8		8
		9	SRC_URI += "file://CVE-2022-40023.patch"
		10
9	inherit pypi python_setuptools_build_meta	11	inherit pypi python_setuptools_build_meta
10		12
11	SRC_URI[sha256sum] = "4e9e345a41924a954251b95b4b28e14a301145b544901332e658907a7464b6b2"	13	SRC_URI[sha256sum] = "4e9e345a41924a954251b95b4b28e14a301145b544901332e658907a7464b6b2"