packages/python-Flask-Cors
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!7 [sync] PR-6: Fix CVE-2024-1681

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
This commit is contained in:
openeuler-ci-bot 2024-06-07 01:50:18 +00:00 committed by Gitee
commit 5a5222346b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2024-1681.patch Normal file
View File

@ -0,0 +1,24 @@
From 6172c2000dba965fedb8e9a8a916ad56f0fb2630 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anes=20Hujevi=C4=87?= <anes1996_h@hotmail.com>
Date: Sat, 4 May 2024 21:28:47 +0200
Subject: [PATCH] Update extension.py to clean request.path before logging it
(#351)
* Update extension.py to use string format specifier for cleaning request.path
---
flask_cors/extension.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/flask_cors/extension.py b/flask_cors/extension.py
index 6f76995..6361dcc 100644
--- a/flask_cors/extension.py
+++ b/flask_cors/extension.py
@@ -193,7 +193,7 @@ def cors_after_request(resp):
normalized_path = unquote_plus(request.path)
for res_regex, res_options in resources:
if try_match(normalized_path, res_regex):
- LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
+ LOG.debug("Request to '%r' matches CORS resource '%s'. Using options: %s",
request.path, get_regexp_pattern(res_regex), res_options)
set_cors_headers(resp, res_options)
break

9
flask-cors.spec
View File

@ -1,11 +1,13 @@
%global _empty_manifest_terminate_build 0 %global _empty_manifest_terminate_build 0
Name: python-Flask-Cors Name: python-Flask-Cors
Version: 4.0.0 Version: 4.0.0
Release: 1 Release: 2
Summary: A Flask extension adding a decorator for CORS support Summary: A Flask extension adding a decorator for CORS support
License: MIT License: MIT
URL: https://github.com/corydolphin/flask-cors URL: https://github.com/corydolphin/flask-cors
Source0: https://files.pythonhosted.org/packages/c8/b0/bd7130837a921497520f62023c7ba754e441dcedf959a43e6d1fd86e5451/Flask-Cors-4.0.0.tar.gz Source0: https://files.pythonhosted.org/packages/c8/b0/bd7130837a921497520f62023c7ba754e441dcedf959a43e6d1fd86e5451/Flask-Cors-4.0.0.tar.gz
# https://github.com/corydolphin/flask-cors/commit/6172c2000dba965fedb8e9a8a916ad56f0fb2630
Patch0: CVE-2024-1681.patch
BuildArch: noarch BuildArch: noarch
Requires: python3-Flask Requires: python3-Flask
@ -30,7 +32,7 @@ Provides: python3-Flask-Cors-doc
A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
%prep %prep
%autosetup -n Flask-Cors-4.0.0 %autosetup -n Flask-Cors-4.0.0 -p1
%build %build
%py3_build %py3_build
@ -70,6 +72,9 @@ mv %{buildroot}/doclist.lst .
%{_docdir}/* %{_docdir}/*
%changelog %changelog
* Tue May 28 2024 yaoxin <yao_xin001@hoperun.com> - 4.0.0-2
- Fix CVE-2024-1681
* Tue Jul 11 2023 chenzixuan <chenzixuan@kylinos.cn> - 4.0.0-1 * Tue Jul 11 2023 chenzixuan <chenzixuan@kylinos.cn> - 4.0.0-1
- upgrade to 4.0.0 - upgrade to 4.0.0