mirror of
https://git.yoctoproject.org/poky
synced 2026-02-07 17:26:36 +01:00
d3f1ae99a7
import patch from ubuntu setuptools_45.2.0-1ubuntu0.1 . (From OE-Core rev: a939696d7c70c42e404ec30a9d75e5ea4f742c78) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
From 43a9c9bfa6aa626ec2a22540bea28d2ca77964be Mon Sep 17 00:00:00 2001
|
|
From: "Jason R. Coombs" <jaraco@jaraco.com>
|
|
Date: Fri, 4 Nov 2022 13:47:53 -0400
|
|
Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes
|
|
#3659.
|
|
|
|
CVE: CVE-2022-40897
|
|
Upstream-Status: Backport [
|
|
Upstream : https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
|
|
Import from Ubuntu: http://archive.ubuntu.com/ubuntu/pool/main/s/setuptools/setuptools_45.2.0-1ubuntu0.1.debian.tar.xz
|
|
]
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
|
|
|
|
---
|
|
setuptools/package_index.py | 2 +-
|
|
setuptools/tests/test_packageindex.py | 1 -
|
|
2 files changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
--- setuptools-45.2.0.orig/setuptools/package_index.py
|
|
+++ setuptools-45.2.0/setuptools/package_index.py
|
|
@@ -215,7 +215,7 @@ def unique_values(func):
|
|
return wrapper
|
|
|
|
|
|
-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
|
|
+REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
|
|
# this line is here to fix emacs' cruddy broken syntax highlighting
|
|
|
|
|