mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-05 16:28:43 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Narpat Mali	7b65658ede	python3-pygments: fix for CVE-2022-40896 A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. The CVE issue is fixed by these 3 different commits in different version: 1. Improve the Smithy metadata matcher (These changes are already available as part of current python3-pygments_2.14.0 version): `dd52102c38` (2.14.0) 2. SQL+Jinja: use a simpler regex in analyse_text: `97eb3d5ec7` (2.15.0) 3. Improve Java properties lexer (#2404): `fdf182a7af` (2.15.1) References: https://nvd.nist.gov/vuln/detail/CVE-2022-40896 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ (From OE-Core rev: 5a02307af5e593be864423a9f3ab309703d61dbf) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-09-04 04:13:24 -10:00
Wang Mingyu	80a7809e24	python3-pygments: upgrade 2.13.0 -> 2.14.0 Changelog: ========== - Added lexers: * Arturo (#2259) * GAP session (#2211) * Fift (#2249) * func (#2232) * Jsonnet (#2239) * Minecraft schema (#2276) * MIPS (#2228) * Phix (#2222) * Portugol (#2300) * TL-b (#2247) * World of Warcraft TOC format (#2244, #2245) * Wren (#2271) - Updated lexers: * Abap: Update keywords (#2281) * Alloy: Update for Alloy 6 (#1963) * C family (C, C++ and many others): - Fix an issue where a chunk would be wrongly recognized as a function definition due to braces in comments (#2210) - Improve parantheses handling for function definitions (#2207, #2208) * C#: Fix number and operator recognition (#2256, #2257) * CSound: Updated builtins (#2268) * F#: Add ".fsx" file extension (#2282) * gas (GNU assembler): recognize braces as punctuation (#2230) * HTTP: Add 'CONNECT' keyword (#2242) * Inform 6: Fix lexing of properties and doubles (#2214) * INI: Allow comments that are not their own line (#2217, #2161) * Java properties: Fix issue with whitespace-delimited keys, support comments starting with '!' and escapes, no longer support undocumented ';' and '//' comments (#2241) * LilyPond: Improve heuristics, add "\maxima" duration (#2283) * LLVM: Add opaque pointer type (#2269) * Macaulay2: Update keywords (#2305) * Minecraft-related lexers (SNB and Minecraft function) moved to "pygments.lexers.minecraft" (#2276) * Nim: General improvements (#1970) * Nix: Fix single quotes inside indented strings (#2289) * Objective J: Fix catastrophic backtracking (#2225) * NASM: Add support for SSE/AVX/AVX-512 registers as well as 'rel' and 'abs' address operators (#2212) * Powershell: - Add "local:" keyword (#2254) - Allow continuations without markers (#2262, #2263) * Solidity: Add boolean operators (#2292) * Spice: Add "enum" keyword and fix a bug regarding binary, hexadecimal and octal number tokens (#2227) * YAML: Accept colons in key names (#2277) - Fix 'make mapfiles' when Pygments is not installed in editable mode (#2223) - Support more filetypes and compression types in 'autopygmentize' (#2219) - Merge consecutive tokens in Autohotkey, Clay (#2248) - Add ".nasm" as a recognized file type for NASM (#2280) - Add "Spec.hs" as a recognized file type for "HSpec" (#2308) - Add ".pyi" (for typing stub files) as a recognized file type for Python (#2331) - The HTML lexer no longer emits empty spans for whitespace (#2304) - Fix "IRCFormatter" inserting linenumbers incorrectly (#2270) (From OE-Core rev: 5ef9d667776b8078169f8b940da8cd1da1df9f22) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-16 10:42:07 +00:00

Narpat Mali

7b65658ede

python3-pygments: fix for CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.

The CVE issue is fixed by these 3 different commits in different version:
1. Improve the Smithy metadata matcher (These changes are already available as part
   of current python3-pygments_2.14.0 version):
dd52102c38 (2.14.0)
2. SQL+Jinja: use a simpler regex in analyse_text:
97eb3d5ec7 (2.15.0)
3. Improve Java properties lexer (#2404):
fdf182a7af (2.15.1)

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-40896
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/

(From OE-Core rev: 5a02307af5e593be864423a9f3ab309703d61dbf)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-09-04 04:13:24 -10:00

Wang Mingyu

80a7809e24

python3-pygments: upgrade 2.13.0 -> 2.14.0

Changelog:
==========
- Added lexers:

  * Arturo (#2259)
  * GAP session (#2211)
  * Fift (#2249)
  * func (#2232)
  * Jsonnet (#2239)
  * Minecraft schema (#2276)
  * MIPS (#2228)
  * Phix (#2222)
  * Portugol (#2300)
  * TL-b (#2247)
  * World of Warcraft TOC format (#2244, #2245)
  * Wren (#2271)

- Updated lexers:

  * Abap: Update keywords (#2281)
  * Alloy: Update for Alloy 6 (#1963)
  * C family (C, C++ and many others):

    - Fix an issue where a chunk would be wrongly recognized as a function
      definition due to braces in comments (#2210)
    - Improve parantheses handling for function definitions (#2207, #2208)

  * C#: Fix number and operator recognition (#2256, #2257)
  * CSound: Updated builtins (#2268)
  * F#: Add ".fsx" file extension (#2282)
  * gas (GNU assembler): recognize braces as punctuation (#2230)
  * HTTP: Add 'CONNECT' keyword (#2242)
  * Inform 6: Fix lexing of properties and doubles (#2214)
  * INI: Allow comments that are not their own line (#2217, #2161)
  * Java properties: Fix issue with whitespace-delimited keys, support
    comments starting with '!' and escapes, no longer support undocumented
    ';' and '//' comments (#2241)
  * LilyPond: Improve heuristics, add "\maxima" duration (#2283)
  * LLVM: Add opaque pointer type (#2269)
  * Macaulay2: Update keywords (#2305)
  * Minecraft-related lexers (SNB and Minecraft function) moved to
    "pygments.lexers.minecraft" (#2276)
  * Nim: General improvements (#1970)
  * Nix: Fix single quotes inside indented strings (#2289)
  * Objective J: Fix catastrophic backtracking (#2225)
  * NASM: Add support for SSE/AVX/AVX-512 registers as well as 'rel'
    and 'abs' address operators (#2212)
  * Powershell:

    - Add "local:" keyword (#2254)
    - Allow continuations without markers (#2262, #2263)

  * Solidity: Add boolean operators (#2292)
  * Spice: Add "enum" keyword and fix a bug regarding binary,
    hexadecimal and octal number tokens (#2227)
  * YAML: Accept colons in key names (#2277)

- Fix 'make mapfiles' when Pygments is not installed in editable mode
  (#2223)

- Support more filetypes and compression types in 'autopygmentize' (#2219)
- Merge consecutive tokens in Autohotkey, Clay (#2248)
- Add ".nasm" as a recognized file type for NASM (#2280)
- Add "*Spec.hs" as a recognized file type for "HSpec" (#2308)
- Add "*.pyi" (for typing stub files) as a recognized file type for
  Python (#2331)
- The HTML lexer no longer emits empty spans for whitespace (#2304)
- Fix "IRCFormatter" inserting linenumbers incorrectly (#2270)

(From OE-Core rev: 5ef9d667776b8078169f8b940da8cd1da1df9f22)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2023-01-16 10:42:07 +00:00

2 Commits