mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
python3-tqdm: patch CVE-2024-34062
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-34062 Pick the patch mentioned by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,64 @@
|
|||||||
|
From 35f8daf26d28950aa44a763f19a13c6ee133ff6c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Casper da Costa-Luis <tqdm@cdcl.ml>
|
||||||
|
Date: Wed, 1 May 2024 14:56:01 +0100
|
||||||
|
Subject: [PATCH] cli: eval safety
|
||||||
|
|
||||||
|
- fixes GHSA-g7vv-2v7x-gj9p
|
||||||
|
|
||||||
|
CVE: CVE-2024-34062
|
||||||
|
Upstream-Status: Backport [https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
tqdm/cli.py | 33 ++++++++++++++++++++++-----------
|
||||||
|
1 file changed, 22 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tqdm/cli.py b/tqdm/cli.py
|
||||||
|
index 3ed25fb..e4f587b 100644
|
||||||
|
--- a/tqdm/cli.py
|
||||||
|
+++ b/tqdm/cli.py
|
||||||
|
@@ -21,23 +21,34 @@ def cast(val, typ):
|
||||||
|
return cast(val, t)
|
||||||
|
except TqdmTypeError:
|
||||||
|
pass
|
||||||
|
- raise TqdmTypeError(val + ' : ' + typ)
|
||||||
|
+ raise TqdmTypeError(f"{val} : {typ}")
|
||||||
|
|
||||||
|
# sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
|
||||||
|
if typ == 'bool':
|
||||||
|
if (val == 'True') or (val == ''):
|
||||||
|
return True
|
||||||
|
- elif val == 'False':
|
||||||
|
+ if val == 'False':
|
||||||
|
return False
|
||||||
|
- else:
|
||||||
|
- raise TqdmTypeError(val + ' : ' + typ)
|
||||||
|
- try:
|
||||||
|
- return eval(typ + '("' + val + '")')
|
||||||
|
- except Exception:
|
||||||
|
- if typ == 'chr':
|
||||||
|
- return chr(ord(eval('"' + val + '"'))).encode()
|
||||||
|
- else:
|
||||||
|
- raise TqdmTypeError(val + ' : ' + typ)
|
||||||
|
+ raise TqdmTypeError(val + ' : ' + typ)
|
||||||
|
+ if typ == 'chr':
|
||||||
|
+ if len(val) == 1:
|
||||||
|
+ return val.encode()
|
||||||
|
+ if re.match(r"^\\\w+$", val):
|
||||||
|
+ return eval(f'"{val}"').encode()
|
||||||
|
+ raise TqdmTypeError(f"{val} : {typ}")
|
||||||
|
+ if typ == 'str':
|
||||||
|
+ return val
|
||||||
|
+ if typ == 'int':
|
||||||
|
+ try:
|
||||||
|
+ return int(val)
|
||||||
|
+ except ValueError as exc:
|
||||||
|
+ raise TqdmTypeError(f"{val} : {typ}") from exc
|
||||||
|
+ if typ == 'float':
|
||||||
|
+ try:
|
||||||
|
+ return float(val)
|
||||||
|
+ except ValueError as exc:
|
||||||
|
+ raise TqdmTypeError(f"{val} : {typ}") from exc
|
||||||
|
+ raise TqdmTypeError(f"{val} : {typ}")
|
||||||
|
|
||||||
|
|
||||||
|
def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,
|
||||||
@@ -5,6 +5,7 @@ SECTION = "devel/python"
|
|||||||
LICENSE = "MIT & MPL-2.0"
|
LICENSE = "MIT & MPL-2.0"
|
||||||
LIC_FILES_CHKSUM = "file://LICENCE;md5=1672e2674934fd93a31c09cf17f34100"
|
LIC_FILES_CHKSUM = "file://LICENCE;md5=1672e2674934fd93a31c09cf17f34100"
|
||||||
|
|
||||||
|
SRC_URI += "file://CVE-2024-34062.patch"
|
||||||
SRC_URI[sha256sum] = "40be55d30e200777a307a7585aee69e4eabb46b4ec6a4b4a5f2d9f11e7d5408d"
|
SRC_URI[sha256sum] = "40be55d30e200777a307a7585aee69e4eabb46b4ec6a4b4a5f2d9f11e7d5408d"
|
||||||
|
|
||||||
inherit pypi python_setuptools_build_meta
|
inherit pypi python_setuptools_build_meta
|
||||||
|
|||||||
Reference in New Issue
Block a user