packages/python-Flask-Cors
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 5.0.0 for fix CVE-2024-6221

Browse Source
This commit is contained in:
starlet-dx 2024-09-18 17:05:07 +08:00
parent 5a5222346b
commit cc4bee1a71
4 changed files with 9 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2024-1681.patch
View File

@ -1,24 +0,0 @@
From 6172c2000dba965fedb8e9a8a916ad56f0fb2630 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anes=20Hujevi=C4=87?= <anes1996_h@hotmail.com>
Date: Sat, 4 May 2024 21:28:47 +0200
Subject: [PATCH] Update extension.py to clean request.path before logging it
(#351)
* Update extension.py to use string format specifier for cleaning request.path
---
flask_cors/extension.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/flask_cors/extension.py b/flask_cors/extension.py
index 6f76995..6361dcc 100644
--- a/flask_cors/extension.py
+++ b/flask_cors/extension.py
@@ -193,7 +193,7 @@ def cors_after_request(resp):
normalized_path = unquote_plus(request.path)
for res_regex, res_options in resources:
if try_match(normalized_path, res_regex):
- LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
+ LOG.debug("Request to '%r' matches CORS resource '%s'. Using options: %s",
request.path, get_regexp_pattern(res_regex), res_options)
set_cors_headers(resp, res_options)
break

BIN
Flask-Cors-4.0.0.tar.gz
View File

Binary file not shown.

15
flask-cors.spec
View File

@ -1,13 +1,11 @@
%global _empty_manifest_terminate_build 0 %global _empty_manifest_terminate_build 0
Name: python-Flask-Cors Name: python-Flask-Cors
Version: 4.0.0 Version: 5.0.0
Release: 2 Release: 1
Summary: A Flask extension adding a decorator for CORS support Summary: A Flask extension adding a decorator for CORS support
License: MIT License: MIT
URL: https://github.com/corydolphin/flask-cors URL: https://github.com/corydolphin/flask-cors
Source0: https://files.pythonhosted.org/packages/c8/b0/bd7130837a921497520f62023c7ba754e441dcedf959a43e6d1fd86e5451/Flask-Cors-4.0.0.tar.gz Source0: https://files.pythonhosted.org/packages/source/F/Flask-Cors/flask_cors-%{version}.tar.gz
# https://github.com/corydolphin/flask-cors/commit/6172c2000dba965fedb8e9a8a916ad56f0fb2630
Patch0: CVE-2024-1681.patch
BuildArch: noarch BuildArch: noarch
Requires: python3-Flask Requires: python3-Flask
@ -32,7 +30,7 @@ Provides: python3-Flask-Cors-doc
A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
%prep %prep
%autosetup -n Flask-Cors-4.0.0 -p1 %autosetup -n flask_cors-%{version} -p1
%build %build
%py3_build %py3_build
@ -72,6 +70,11 @@ mv %{buildroot}/doclist.lst .
%{_docdir}/* %{_docdir}/*
%changelog %changelog
* Wed Sep 18 2024 yaoxin <yao_xin001@hoperun.com> - 5.0.0-1
- Update to 5.0.0:
* Breaking: Change default to disable private network access
This effectively resolves GHSA-hxwh-jpp2-84pm https://osv.dev/vulnerability/PYSEC-2024-71
* Tue May 28 2024 yaoxin <yao_xin001@hoperun.com> - 4.0.0-2 * Tue May 28 2024 yaoxin <yao_xin001@hoperun.com> - 4.0.0-2
- Fix CVE-2024-1681 - Fix CVE-2024-1681

BIN
flask_cors-5.0.0.tar.gz Normal file
View File

Binary file not shown.