From fcdf01d6dbe64fc708132c373f96ffbf9c27a523 Mon Sep 17 00:00:00 2001 From: sidelau Date: Thu, 20 Jul 2023 16:10:41 +0800 Subject: [PATCH 1/2] repair CVE-2022-45061 --- Lib/encodings/idna.py | 32 ++++++++++++++--------------- Lib/test/test_codecs.py | 6 ++++++ debian/changelog | 11 ++++++++++ user | 45 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 user diff --git a/Lib/encodings/idna.py b/Lib/encodings/idna.py index ea40585..15adce5 100644 --- a/Lib/encodings/idna.py +++ b/Lib/encodings/idna.py @@ -39,23 +39,21 @@ def nameprep(label): # Check bidi RandAL = [stringprep.in_table_d1(x) for x in label] - for c in RandAL: - if c: - # There is a RandAL char in the string. Must perform further - # tests: - # 1) The characters in section 5.8 MUST be prohibited. - # This is table C.8, which was already checked - # 2) If a string contains any RandALCat character, the string - # MUST NOT contain any LCat character. - if any(stringprep.in_table_d2(x) for x in label): - raise UnicodeError("Violation of BIDI requirement 2") - - # 3) If a string contains any RandALCat character, a - # RandALCat character MUST be the first character of the - # string, and a RandALCat character MUST be the last - # character of the string. - if not RandAL[0] or not RandAL[-1]: - raise UnicodeError("Violation of BIDI requirement 3") + if any(RandAL): + # There is a RandAL char in the string. Must perform further + # tests: + # 1) The characters in section 5.8 MUST be prohibited. + # This is table C.8, which was already checked + # 2) If a string contains any RandALCat character, the string + # MUST NOT contain any LCat character. + if any(stringprep.in_table_d2(x) for x in label): + raise UnicodeError("Violation of BIDI requirement 2") + # 3) If a string contains any RandALCat character, a + # RandALCat character MUST be the first character of the + # string, and a RandALCat character MUST be the last + # character of the string. + if not RandAL[0] or not RandAL[-1]: + raise UnicodeError("Violation of BIDI requirement 3") return label diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py index a9c43d9..0b7283a 100644 --- a/Lib/test/test_codecs.py +++ b/Lib/test/test_codecs.py @@ -1534,6 +1534,12 @@ class IDNACodecTest(unittest.TestCase): self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org") self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.") + def test_builtin_decode_length_limit(self): + with self.assertRaisesRegex(UnicodeError, "too long"): + (b"xn--016c"+b"a"*1100).decode("idna") + with self.assertRaisesRegex(UnicodeError, "too long"): + (b"xn--016c"+b"a"*70).decode("idna") + def test_stream(self): r = codecs.getreader("idna")(io.BytesIO(b"abc")) r.read(3) diff --git a/debian/changelog b/debian/changelog index 7eb085c..aa344fb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +python3.10 (3.10.7-ok6) yangtze; urgency=medium + * Repair: CVE-2022-45061 + * Modify: - Lib/encodings/idna.py + - Lib/test/test_codecs.py + + + + + + -- sidelau Thu, 20 Jul 2023 16:04:01 -0800 + python3.10 (3.10.7-ok5) yangtze; urgency=medium * Rebuild for openkylin. diff --git a/user b/user new file mode 100644 index 0000000..ca1e945 --- /dev/null +++ b/user @@ -0,0 +1,45 @@ +error: wrong number of arguments, should be from 1 to 2 +usage: git config [] + +Config file location + --global use global config file + --system use system config file + --local use repository config file + --worktree use per-worktree config file + -f, --file use given config file + --blob read config from given blob object + +Action + --get get value: name [value-pattern] + --get-all get all values: key [value-pattern] + --get-regexp get values for regexp: name-regex [value-pattern] + --get-urlmatch get value specific for the URL: section[.var] URL + --replace-all replace all matching variables: name value [value-pattern] + --add add a new variable: name value + --unset remove a variable: name [value-pattern] + --unset-all remove all matches: name [value-pattern] + --rename-section rename section: old-name new-name + --remove-section remove a section: name + -l, --list list all + --fixed-value use string equality when comparing values to 'value-pattern' + -e, --edit open an editor + --get-color find the color configured: slot [default] + --get-colorbool find the color setting: slot [stdout-is-tty] + +Type + -t, --type value is given this type + --bool value is "true" or "false" + --int value is decimal number + --bool-or-int value is --bool or --int + --bool-or-str value is --bool or string + --path value is a path (file or directory name) + --expiry-date value is an expiry date + +Other + -z, --null terminate values with NUL byte + --name-only show variable names only + --includes respect include directives on lookup + --show-origin show origin of config (file, standard input, blob, command line) + --show-scope show scope of config (worktree, local, global, system, command) + --default with --get, use default value when missing entry + -- Gitee From 22f08e84118c7fca31f35d87df3db77c850db024 Mon Sep 17 00:00:00 2001 From: sidelau Date: Thu, 27 Jul 2023 16:00:44 +0800 Subject: [PATCH 2/2] * Modify: - Lib/encodings/idna.py - Lib/test/test_codecs.py --- debian/changelog | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/debian/changelog b/debian/changelog index aa344fb..7eb085c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,3 @@ -python3.10 (3.10.7-ok6) yangtze; urgency=medium - * Repair: CVE-2022-45061 - * Modify: - Lib/encodings/idna.py - - Lib/test/test_codecs.py - - - - - - -- sidelau Thu, 20 Jul 2023 16:04:01 -0800 - python3.10 (3.10.7-ok5) yangtze; urgency=medium * Rebuild for openkylin. -- Gitee