CVS commit: pkgsrc/devel/py-configobj

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/devel/py-configobj
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Sun, 22 Oct 2023 10:03:37 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Oct 22 10:03:37 UTC 2023

Modified Files:
        pkgsrc/devel/py-configobj: Makefile distinfo
Added Files:
        pkgsrc/devel/py-configobj/patches: patch-src_configobj_validate.py

Log Message:
py-configobj: fix CVE-2023-26112

Patch from Fedora.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/py-configobj/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/py-configobj/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/devel/py-configobj/patches/patch-src_configobj_validate.py

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/py-configobj/Makefile
diff -u pkgsrc/devel/py-configobj/Makefile:1.12 pkgsrc/devel/py-configobj/Makefile:1.13
--- pkgsrc/devel/py-configobj/Makefile:1.12     Tue Jan 24 19:34:58 2023
+++ pkgsrc/devel/py-configobj/Makefile  Sun Oct 22 10:03:36 2023
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2023/01/24 19:34:58 adam Exp $
+# $NetBSD: Makefile,v 1.13 2023/10/22 10:03:36 wiz Exp $
 
 DISTNAME=      configobj-5.0.8
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
+PKGREVISION=   1
 CATEGORIES=    devel python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=c/configobj/}
 

Index: pkgsrc/devel/py-configobj/distinfo
diff -u pkgsrc/devel/py-configobj/distinfo:1.5 pkgsrc/devel/py-configobj/distinfo:1.6
--- pkgsrc/devel/py-configobj/distinfo:1.5      Tue Jan 24 19:34:58 2023
+++ pkgsrc/devel/py-configobj/distinfo  Sun Oct 22 10:03:36 2023
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.5 2023/01/24 19:34:58 adam Exp $
+$NetBSD: distinfo,v 1.6 2023/10/22 10:03:36 wiz Exp $
 
 BLAKE2s (configobj-5.0.8.tar.gz) = 48bf429420fd9e365f674118e843c5f90020cae680a7aaf008b08cd3cbdbe349
 SHA512 (configobj-5.0.8.tar.gz) = 056b1be5b2c50b03af2dbbdc37d7c0b90b1ce39e0e02aa299e7e9975f0d8445fece4224da9f73ec52ca113c7fe14c91627fbb5c12dd19c78a5aebe9aac0d9b2e
 Size (configobj-5.0.8.tar.gz) = 38012 bytes
+SHA1 (patch-src_configobj_validate.py) = 2fa9f726712cb170d30ddae845e8d7febc346e27

Added files:

Index: pkgsrc/devel/py-configobj/patches/patch-src_configobj_validate.py
diff -u /dev/null pkgsrc/devel/py-configobj/patches/patch-src_configobj_validate.py:1.1
--- /dev/null   Sun Oct 22 10:03:37 2023
+++ pkgsrc/devel/py-configobj/patches/patch-src_configobj_validate.py   Sun Oct 22 10:03:37 2023
@@ -0,0 +1,17 @@
+$NetBSD: patch-src_configobj_validate.py,v 1.1 2023/10/22 10:03:37 wiz Exp $
+
+Fix CVE-2023-26112
+From Fedora:
+https://src.fedoraproject.org/rpms/python-configobj/raw/rawhide/f/0001-Address-CVE-2023-26112-ReDoS.patch
+
+--- src/configobj/validate.py.orig     2023-01-18 22:28:31.000000000 +0000
++++ src/configobj/validate.py
+@@ -541,7 +541,7 @@ class Validator(object):
+     """
+ 
+     # this regex does the initial parsing of the checks
+-    _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL)
++    _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL)
+ 
+     # this regex takes apart keyword arguments
+     _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$',  re.DOTALL)

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index