summaryrefslogtreecommitdiff
path: root/dev-python/future/files/future-0.18.2-cve-2022-40899.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/future/files/future-0.18.2-cve-2022-40899.patch')
-rw-r--r--dev-python/future/files/future-0.18.2-cve-2022-40899.patch52
1 files changed, 0 insertions, 52 deletions
diff --git a/dev-python/future/files/future-0.18.2-cve-2022-40899.patch b/dev-python/future/files/future-0.18.2-cve-2022-40899.patch
deleted file mode 100644
index c7341e0d6fdb..000000000000
--- a/dev-python/future/files/future-0.18.2-cve-2022-40899.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c91d70b34ef0402aef3e9d04364ba98509dca76f Mon Sep 17 00:00:00 2001
-From: Will Shanks <wshaos@posteo.net>
-Date: Fri, 23 Dec 2022 13:38:26 -0500
-Subject: [PATCH] Backport fix for bpo-38804
-
-The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
-expression denial of service (REDoS). The regex contained multiple
-overlapping \s* capture groups. A long sequence of spaces can trigger
-bad performance.
-
-See https://github.com/python/cpython/pull/17157 and https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
----
- src/future/backports/http/cookiejar.py | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/src/future/backports/http/cookiejar.py b/src/future/backports/http/cookiejar.py
-index af3ef415..0ad80a02 100644
---- a/src/future/backports/http/cookiejar.py
-+++ b/src/future/backports/http/cookiejar.py
-@@ -225,10 +225,14 @@ def _str2time(day, mon, yr, hr, min, sec, tz):
- (?::(\d\d))? # optional seconds
- )? # optional clock
- \s*
-- ([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+)? # timezone
-+ (?:
-+ ([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+) # timezone
-+ \s*
-+ )?
-+ (?:
-+ \(\w+\) # ASCII representation of timezone in parens.
- \s*
-- (?:\(\w+\))? # ASCII representation of timezone in parens.
-- \s*$""", re.X | re.ASCII)
-+ )?$""", re.X | re.ASCII)
- def http2time(text):
- """Returns time in seconds since epoch of time represented by a string.
-
-@@ -298,9 +302,11 @@ def http2time(text):
- (?::?(\d\d(?:\.\d*)?))? # optional seconds (and fractional)
- )? # optional clock
- \s*
-- ([-+]?\d\d?:?(:?\d\d)?
-- |Z|z)? # timezone (Z is "zero meridian", i.e. GMT)
-- \s*$""", re.X | re. ASCII)
-+ (?:
-+ ([-+]?\d\d?:?(:?\d\d)?
-+ |Z|z) # timezone (Z is "zero meridian", i.e. GMT)
-+ \s*
-+ )?$""", re.X | re. ASCII)
- def iso2time(text):
- """
- As for http2time, but parses the ISO 8601 formats:
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 08:23:35 +0000