packages/python-ldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-46823

Browse Source
This commit is contained in:
zhouwenpei 2022-07-26 16:22:03 +08:00
parent b8ab598678
commit 1a07ecdfc5
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backport-CVE-2021-46823.patch Normal file
View File

@ -0,0 +1,22 @@
From faa011b41f7141121546045925d809d54e70f5fd Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 15 Oct 2021 15:21:37 +0100
Subject: [PATCH] Fix ReDoS in regex.
---
Lib/ldap/schema/tokenizer.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Lib/ldap/schema/tokenizer.py b/Lib/ldap/schema/tokenizer.py
index 69823f2b..623b86d5 100644
--- a/Lib/ldap/schema/tokenizer.py
+++ b/Lib/ldap/schema/tokenizer.py
@@ -13,7 +13,7 @@
r"|" # or
r"([^'$()\s]+)" # string of length >= 1 without '$() or whitespace
r"|" # or
- r"('(?:[^'\\]|\\\\|\\.)*?'(?!\w))"
+ r"('(?:[^'\\]|\\.)*'(?!\w))"
# any string or empty string surrounded by unescaped
# single quotes except if right quote is succeeded by
# alphanumeric char

12
python-ldap.spec
View File

@ -1,7 +1,7 @@
%define debug_package %{nil} %define debug_package %{nil}
Name: python-ldap Name: python-ldap
Version: 3.3.1 Version: 3.3.1
Release: 2 Release: 3
Summary: An object-oriented API to access LDAP directory servers Summary: An object-oriented API to access LDAP directory servers
License: Python License: Python
URL: http://python-ldap.org/ URL: http://python-ldap.org/
@ -10,6 +10,8 @@ Source0: https://files.pythonhosted.org/packages/source/p/%{name}/%{name}-%{vers
BuildRequires: gcc openldap-devel BuildRequires: gcc openldap-devel
BuildRequires: python3-devel python3-setuptools BuildRequires: python3-devel python3-setuptools
Patch0: backport-CVE-2021-46823.patch
%description %description
python-ldap provides an object-oriented API for working with LDAP within\ python-ldap provides an object-oriented API for working with LDAP within\
Python programs. It allows access to LDAP directory servers by wrapping the\ Python programs. It allows access to LDAP directory servers by wrapping the\
@ -35,7 +37,7 @@ OpenLDAP 2.x libraries, and contains modules for other LDAP-related tasks\
%package_help %package_help
%prep %prep
%autosetup -n %{name}-%{version} %autosetup -p1 -n %{name}-%{version}
find . -name '*.py' | xargs sed -i '1s|^#!/usr/bin/env python|#!%{__python3}|' find . -name '*.py' | xargs sed -i '1s|^#!/usr/bin/env python|#!%{__python3}|'
sed -i 's,-Werror,-Wignore,g' tox.ini sed -i 's,-Werror,-Wignore,g' tox.ini
%build %build
@ -56,6 +58,12 @@ sed -i 's,-Werror,-Wignore,g' tox.ini
%doc CHANGES README TODO Demo %doc CHANGES README TODO Demo
%changelog %changelog
* Tue Jul 26 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 3.3.1-3
- Type:CVE
- Id:CVE-2021-46823
- SUG:NA
- DESC:fix CVE-2021-46823
* Fri Mar 04 2022 zhaoshuang <zhaoshuang@uniontech.com> - 3.3.1-2 * Fri Mar 04 2022 zhaoshuang <zhaoshuang@uniontech.com> - 3.3.1-2
- remove some unnecessary buildrequires - remove some unnecessary buildrequires