Sisyphus repository
Last update: 1 october 2023 | SRPMs: 18631 | Visits: 37048561
en ru br
ALT Linux repos
S:2.7.18-alt11
5.0: 2.5.4-alt5
4.1: 2.5.4-alt0.M41.1
4.0: 2.4.5-alt0.M40.1
3.0: 2.4.1-alt5

Group :: Development/Python
RPM: python

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

Patch: python-2.7.18-fc-cve-2020-27619.patch
Download


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Wed, 19 May 2021 15:20:30 +0200
Subject: [PATCH] 00355-CVE-2020-27619.patch
00355 #
No longer call eval() on content received via HTTP in the CJK codec tests
Backported from the python3 branches upstream: https://bugs.python.org/issue41944
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1889886
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Florian Bruhin <me@the-compiler.org>
---
 Lib/test/multibytecodec_support.py | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)
diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py
index 5b2329b6d84..53b5d64d453 100644
--- a/Lib/test/multibytecodec_support.py
+++ b/Lib/test/multibytecodec_support.py
@@ -279,30 +279,22 @@ class TestBase_Mapping(unittest.TestCase):
             self._test_mapping_file_plain()
 
     def _test_mapping_file_plain(self):
-        _unichr = lambda c: eval("u'\\U%08x'" % int(c, 16))
-        unichrs = lambda s: u''.join(_unichr(c) for c in s.split('+'))
+        def unichrs(s):
+            return ''.join(unichr(int(x, 16)) for x in s.split('+'))
         urt_wa = {}
 
         with self.open_mapping_file() as f:
             for line in f:
                 if not line:
                     break
-                data = line.split('#')[0].strip().split()
+                data = line.split('#')[0].split()
                 if len(data) != 2:
                     continue
 
-                csetval = eval(data[0])
-                if csetval <= 0x7F:
-                    csetch = chr(csetval & 0xff)
-                elif csetval >= 0x1000000:
-                    csetch = chr(csetval >> 24) + chr((csetval >> 16) & 0xff) + \
-                             chr((csetval >> 8) & 0xff) + chr(csetval & 0xff)
-                elif csetval >= 0x10000:
-                    csetch = chr(csetval >> 16) + \
-                             chr((csetval >> 8) & 0xff) + chr(csetval & 0xff)
-                elif csetval >= 0x100:
-                    csetch = chr(csetval >> 8) + chr(csetval & 0xff)
-                else:
+                if data[0][:2] != '0x':
+                    self.fail("Invalid line: {!r}".format(line))
+                csetch = bytes.fromhex(data[0][2:])
+                if len(csetch) == 1 and 0x80 <= csetch[0]:
                     continue
 
                 unich = unichrs(data[1])
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin