packages/python-tqdm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:81aa3692ce2246430e5687ec8f3de0e4c7816493
Branches Tags
packages:main
..
compare: packages:6eaf81702f64bebb40cc64cdac83d3acee77093a
Branches Tags
packages:main

No commits in common. "81aa3692ce2246430e5687ec8f3de0e4c7816493" and "6eaf81702f64bebb40cc64cdac83d3acee77093a" have entirely different histories.
81aa3692ce ... 6eaf81702f

4 changed files with 7 additions and 85 deletions
Show Stats Expand all files Collapse all files

60
CVE-2024-34062.patch
View File

@ -1,60 +0,0 @@
From b53348c73080b4edeb30b4823d1fa0d8d2c06721 Mon Sep 17 00:00:00 2001
From: Casper da Costa-Luis <tqdm@cdcl.ml>
Date: Wed, 1 May 2024 14:56:01 +0100
Subject: [PATCH] cli: eval safety
- fixes GHSA-g7vv-2v7x-gj9p
---
tqdm/cli.py | 33 ++++++++++++++++++++++-----------
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/tqdm/cli.py b/tqdm/cli.py
index 1223d4977..7284f28d5 100644
--- a/tqdm/cli.py
+++ b/tqdm/cli.py
@@ -21,23 +21,34 @@ def cast(val, typ):
return cast(val, t)
except TqdmTypeError:
pass
- raise TqdmTypeError(val + ' : ' + typ)
+ raise TqdmTypeError(f"{val} : {typ}")
# sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
if typ == 'bool':
if (val == 'True') or (val == ''):
return True
- elif val == 'False':
+ if val == 'False':
return False
- else:
- raise TqdmTypeError(val + ' : ' + typ)
- try:
- return eval(typ + '("' + val + '")')
- except Exception:
- if typ == 'chr':
- return chr(ord(eval('"' + val + '"'))).encode()
- else:
- raise TqdmTypeError(val + ' : ' + typ)
+ raise TqdmTypeError(val + ' : ' + typ)
+ if typ == 'chr':
+ if len(val) == 1:
+ return val.encode()
+ if re.match(r"^\\\w+$", val):
+ return eval(f'"{val}"').encode()
+ raise TqdmTypeError(f"{val} : {typ}")
+ if typ == 'str':
+ return val
+ if typ == 'int':
+ try:
+ return int(val)
+ except ValueError as exc:
+ raise TqdmTypeError(f"{val} : {typ}") from exc
+ if typ == 'float':
+ try:
+ return float(val)
+ except ValueError as exc:
+ raise TqdmTypeError(f"{val} : {typ}") from exc
+ raise TqdmTypeError(f"{val} : {typ}")
def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,

32
python-tqdm.spec
View File

@ -1,17 +1,14 @@
%global debug_package %{nil} %global debug_package %{nil}
Name: python-tqdm Name: python-tqdm
Version: 4.66.2 Version: 4.64.0
Release: 2 Release: 1
Summary: A Fast and Extensible Progress Bar for Python and CLI Summary: A Fast and Extensible Progress Bar for Python and CLI
License: MPL-2.0 and MIT License: MPLv2.0 and MIT
URL: https://github.com/tqdm/tqdm URL: https://github.com/tqdm/tqdm
Source0: https://files.pythonhosted.org/packages/source/t/tqdm/tqdm-%{version}.tar.gz Source0: https://files.pythonhosted.org/packages/98/2a/838de32e09bd511cf69fe4ae13ffc748ac143449bfc24bb3fd172d53a84f/tqdm-4.64.0.tar.gz
# https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721
Patch0: CVE-2024-34062.patch
BuildRequires: python3-devel python3-setuptools gcc python3-toml python3-setuptools_scm BuildRequires: python3-devel python3-setuptools gcc python3-toml python3-setuptools_scm
BuildRequires: python3-pip python3-hatchling python3-hatch-vcs python3-wheel
%description %description
tqdm derives from the Arabic word taqaddum which can mean "progress". Instantly tqdm derives from the Arabic word taqaddum which can mean "progress". Instantly
@ -34,10 +31,10 @@ tqdm(interable), and you are done!
%autosetup -n tqdm-%{version} -p1 %autosetup -n tqdm-%{version} -p1
%build %build
%pyproject_build %py3_build
%install %install
%pyproject_install %py3_install
mkdir -p %{buildroot}%{_mandir}/man1/ mkdir -p %{buildroot}%{_mandir}/man1/
mv -v %{buildroot}%{python3_sitelib}/tqdm/tqdm.1 %{buildroot}%{_mandir}/man1/ mv -v %{buildroot}%{python3_sitelib}/tqdm/tqdm.1 %{buildroot}%{_mandir}/man1/
@ -47,7 +44,7 @@ mv -v %{buildroot}%{python3_sitelib}/tqdm/tqdm.1 %{buildroot}%{_mandir}/man1/
%doc README.rst examples %doc README.rst examples
%license LICENCE %license LICENCE
%{_bindir}/tqdm %{_bindir}/tqdm
%{python3_sitelib}/tqdm-*.dist-info/ %{python3_sitelib}/tqdm-*.egg-info/
%{python3_sitelib}/tqdm/ %{python3_sitelib}/tqdm/
%files help %files help
@ -55,21 +52,6 @@ mv -v %{buildroot}%{python3_sitelib}/tqdm/tqdm.1 %{buildroot}%{_mandir}/man1/
%{_mandir}/man1/tqdm.1* %{_mandir}/man1/tqdm.1*
%changelog %changelog
* Mon May 06 2024 yaoxin <yao_xin001@hoperun.com> - 4.66.2-2
- Fix CVE-2024-34062
* Sat Feb 17 2024 xu_ping <707078654@qq.com> - 4.66.2-1
- Upgrade package to version 4.66.2
* Thu Apr 6 2023 liyanan <thistleslyn@163.com> - 4.65.0-1
- Upgrade package to version 4.65.0
* Fri Dec 09 2022 liukuo <liukuo@kylinos.cn> - 4.64.1-2
- License compliance rectification
* Wed Dec 07 2022 chendexi <chendexi@kylinos.cn> - 4.64.1-1
- Upgrade package to version 4.64.1
* Wed Aug 3 2022 kkz <zhaoshuang@uniontech.com> - 4.64.0-1 * Wed Aug 3 2022 kkz <zhaoshuang@uniontech.com> - 4.64.0-1
- Update to 4.64.0 - Update to 4.64.0

BIN
tqdm-4.64.0.tar.gz Normal file
View File

Binary file not shown.

BIN
tqdm-4.66.2.tar.gz
View File

Binary file not shown.