packages/python-bottle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!10 Fix CVE-2022-31799

Browse Source 
From: @starlet-dx 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2022-06-14 03:09:31 +00:00 committed by Gitee
commit e98bacd864
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2022-31799.patch Normal file
View File

@ -0,0 +1,40 @@
From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <marc@gsites.de>
Date: Thu, 26 May 2022 14:49:32 +0200
Subject: [PATCH] Gracefully handle errors during early request binding.
---
bottle.py | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/bottle.py b/bottle.py
index 04ccf7da..035f99ec 100644
--- a/bottle.py
+++ b/bottle.py
@@ -848,17 +848,19 @@ def default_error_handler(self, res):
return tob(template(ERROR_PAGE_TEMPLATE, e=res))
def _handle(self, environ):
- path = environ['bottle.raw_path'] = environ['PATH_INFO']
- if py3k:
- try:
- environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
- except UnicodeError:
- return HTTPError(400, 'Invalid path string. Expected UTF-8')
-
try:
+
environ['bottle.app'] = self
request.bind(environ)
response.bind()
+
+ path = environ['bottle.raw_path'] = environ['PATH_INFO']
+ if py3k:
+ try:
+ environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+ except UnicodeError:
+ return HTTPError(400, 'Invalid path string. Expected UTF-8')
+
try:
self.trigger_hook('before_request')
route, args = self.router.match(environ)

7
python-bottle.spec
View File

@ -1,6 +1,6 @@
Name: python-bottle Name: python-bottle
Version: 0.12.13 Version: 0.12.13
Release: 10 Release: 11
Summary: WSGI micro web-framework for Python. Summary: WSGI micro web-framework for Python.
License: MIT License: MIT
URL: https://github.com/bottlepy/bottle URL: https://github.com/bottlepy/bottle
@ -8,6 +8,8 @@ Source0: https://github.com/bottlepy/bottle/archive/%{version}/bottle-%{v
Patch0000: CVE-2020-28473.patch Patch0000: CVE-2020-28473.patch
#https://github.com/bottlepy/bottle/commit/eff4960d941b51629f8378b1bd9498ed2aec92c7 #https://github.com/bottlepy/bottle/commit/eff4960d941b51629f8378b1bd9498ed2aec92c7
Patch0001: Fix-Python-3.7-collections.abc-DeprecationWarning.patch Patch0001: Fix-Python-3.7-collections.abc-DeprecationWarning.patch
#https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
Patch0002: CVE-2022-31799.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: python3-devel python3-setuptools BuildRequires: python3-devel python3-setuptools
@ -46,6 +48,9 @@ sed -i '/^#!/d' bottle.py
%exclude %{_bindir}/bottle.py %exclude %{_bindir}/bottle.py
%changelog %changelog
* Tue Jun 14 2022 yaoxin <yaoxin30@h-partners.com> - 0.12.13-11
- Fix CVE-2022-31799
* Thu Mar 31 2022 xu_ping <xuping33@huawei.com> - 0.12.13-10 * Thu Mar 31 2022 xu_ping <xuping33@huawei.com> - 0.12.13-10
- Fix Python 3.7 collections.abc DeprecationWarning - Fix Python 3.7 collections.abc DeprecationWarning