diff --git a/CVE-2021-32838.patch b/CVE-2021-32838.patch new file mode 100644 index 0000000000000000000000000000000000000000..4c41c54355396f638607a795b6887c945ce24c4c --- /dev/null +++ b/CVE-2021-32838.patch @@ -0,0 +1,22 @@ +From bab31e085f355dd73858fd3715f7ed71849656da Mon Sep 17 00:00:00 2001 +From: ziirish +Date: Wed, 1 Sep 2021 21:53:02 +0200 +Subject: [PATCH] optimize email regex (credits: @kevinbackhouse, fix: #372) + +--- + flask_restx/inputs.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/flask_restx/inputs.py b/flask_restx/inputs.py +index b05532f3..9c76d8a0 100644 +--- a/flask_restx/inputs.py ++++ b/flask_restx/inputs.py +@@ -48,7 +48,7 @@ def my_type(value): + + + email_regex = re.compile( +- r"^" "(?P[^@]*[^@.])" r"@" r"(?P[^@]+(?:\.[^@]+)*)" r"$", ++ r"^" "(?P[^@]*[^@.])" r"@" r"(?P[^@\.]+(?:\.[^@\.]+)*)" r"$", + re.IGNORECASE, + ) + diff --git a/python-flask-restx.spec b/python-flask-restx.spec index e3a91f3d6633ce3094fa613f7a71ca554b5a88d5..a1b4f3ba4fc054fb64f4aaeb94e322044b4ec5c7 100644 --- a/python-flask-restx.spec +++ b/python-flask-restx.spec @@ -1,11 +1,12 @@ %global _empty_manifest_terminate_build 0 Name: python-flask-restx Version: 0.2.0 -Release: 1 +Release: 2 Summary: Fully featured framework for fast, easy and documented API development with Flask License: BSD-3-Clause URL: https://github.com/python-restx/flask-restx Source0: https://files.pythonhosted.org/packages/5f/6e/f71db883f6228e09e7e8c7bf5f1068c0a853db992bcaebd105005b70c959/flask-restx-%{version}.tar.gz +Patch1: CVE-2021-32838.patch BuildArch: noarch Requires: python3-aniso8601 @@ -73,5 +74,8 @@ mv %{buildroot}/doclist.lst . %{_pkgdocdir} %changelog +* Sat Oct 9 2021 liwu - 0.2.0-2 +* Fix CVE-2021-32838 + * Mon Jun 22 2020 Python_Bot - Package Spec generated