From 55cc549f6b69a3190af311ddff7abe50304acd4e Mon Sep 17 00:00:00 2001
From: zhouwenpei <zhouwenpei050@chinasoftinc.com>
Date: Tue, 26 Jul 2022 16:16:11 +0800
Subject: [PATCH] fix CVE-2021-46823

---
 backport-CVE-2021-46823.patch | 22 ++++++++++++++++++++++
 python-ldap.spec              |  9 ++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-46823.patch

diff --git a/backport-CVE-2021-46823.patch b/backport-CVE-2021-46823.patch
new file mode 100644
index 0000000..6aa5ea2
--- /dev/null
+++ b/backport-CVE-2021-46823.patch
@@ -0,0 +1,22 @@
+From faa011b41f7141121546045925d809d54e70f5fd Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Fri, 15 Oct 2021 15:21:37 +0100
+Subject: [PATCH] Fix ReDoS in regex.
+
+---
+ Lib/ldap/schema/tokenizer.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Lib/ldap/schema/tokenizer.py b/Lib/ldap/schema/tokenizer.py
+index 69823f2b..623b86d5 100644
+--- a/Lib/ldap/schema/tokenizer.py
++++ b/Lib/ldap/schema/tokenizer.py
+@@ -13,7 +13,7 @@
+     r"|"              # or
+     r"([^'$()\s]+)"   # string of length >= 1 without '$() or whitespace
+     r"|"              # or
+-    r"('(?:[^'\\]|\\\\|\\.)*?'(?!\w))"
++    r"('(?:[^'\\]|\\.)*'(?!\w))"
+                       # any string or empty string surrounded by unescaped
+                       # single quotes except if right quote is succeeded by
+                       # alphanumeric char
diff --git a/python-ldap.spec b/python-ldap.spec
index 33f191f..dabb4a4 100644
--- a/python-ldap.spec
+++ b/python-ldap.spec
@@ -1,12 +1,13 @@
 Name:		python-ldap	
 Version:	3.3.1
-Release:	3
+Release:	4
 Summary:	An object-oriented API to access LDAP directory servers
 License:	Python-2.0
 URL:		http://python-ldap.org/
 Source0:	https://files.pythonhosted.org/packages/source/p/%{name}/%{name}-%{version}.tar.gz
 
 Patch0:         Handle-unknown-LDAP-result-code.patch
+Patch1:		backport-CVE-2021-46823.patch
 
 BuildRequires:	gcc openldap-devel openssl-devel cyrus-sasl-devel
 BuildRequires:  python3-devel python3-setuptools openldap-servers
@@ -57,6 +58,12 @@ sed -i 's,-Werror,-Wignore,g' tox.ini
 %doc CHANGES README TODO Demo
 
 %changelog
+* Tue Jul 26 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 3.3.1-4
+- Type:CVE
+- Id:CVE-2021-46823
+- SUG:NA
+- DESC:fix CVE-2021-46823
+
 * Fri May 06 2022 xingxing <xingxing9@h-partners.com> - 3.3.1-3
 - Type:bugfix
 - Id:NA
-- 
Gitee