diff --git a/CVE-2024-34062.patch b/CVE-2024-34062.patch deleted file mode 100644 index 54c208054f6b74f26b8865427de2afbfe4d27b4d..0000000000000000000000000000000000000000 --- a/CVE-2024-34062.patch +++ /dev/null @@ -1,60 +0,0 @@ -From b53348c73080b4edeb30b4823d1fa0d8d2c06721 Mon Sep 17 00:00:00 2001 -From: Casper da Costa-Luis -Date: Wed, 1 May 2024 14:56:01 +0100 -Subject: [PATCH] cli: eval safety - -- fixes GHSA-g7vv-2v7x-gj9p ---- - tqdm/cli.py | 33 ++++++++++++++++++++++----------- - 1 file changed, 22 insertions(+), 11 deletions(-) - -diff --git a/tqdm/cli.py b/tqdm/cli.py -index 1223d4977..7284f28d5 100644 ---- a/tqdm/cli.py -+++ b/tqdm/cli.py -@@ -21,23 +21,34 @@ def cast(val, typ): - return cast(val, t) - except TqdmTypeError: - pass -- raise TqdmTypeError(val + ' : ' + typ) -+ raise TqdmTypeError(f"{val} : {typ}") - - # sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n') - if typ == 'bool': - if (val == 'True') or (val == ''): - return True -- elif val == 'False': -+ if val == 'False': - return False -- else: -- raise TqdmTypeError(val + ' : ' + typ) -- try: -- return eval(typ + '("' + val + '")') -- except Exception: -- if typ == 'chr': -- return chr(ord(eval('"' + val + '"'))).encode() -- else: -- raise TqdmTypeError(val + ' : ' + typ) -+ raise TqdmTypeError(val + ' : ' + typ) -+ if typ == 'chr': -+ if len(val) == 1: -+ return val.encode() -+ if re.match(r"^\\\w+$", val): -+ return eval(f'"{val}"').encode() -+ raise TqdmTypeError(f"{val} : {typ}") -+ if typ == 'str': -+ return val -+ if typ == 'int': -+ try: -+ return int(val) -+ except ValueError as exc: -+ raise TqdmTypeError(f"{val} : {typ}") from exc -+ if typ == 'float': -+ try: -+ return float(val) -+ except ValueError as exc: -+ raise TqdmTypeError(f"{val} : {typ}") from exc -+ raise TqdmTypeError(f"{val} : {typ}") - - - def posix_pipe(fin, fout, delim=b'\\n', buf_size=256, diff --git a/python-tqdm.spec b/python-tqdm.spec index 56a5800bd197b94c3ba07605334ec4d45599888a..615e4e9bd542ff6338ed64e2b76509ee18d8df29 100644 --- a/python-tqdm.spec +++ b/python-tqdm.spec @@ -1,14 +1,12 @@ %global debug_package %{nil} Name: python-tqdm -Version: 4.66.2 -Release: 2 +Version: 4.66.4 +Release: 1 Summary: A Fast and Extensible Progress Bar for Python and CLI License: MPL-2.0 and MIT URL: https://github.com/tqdm/tqdm Source0: https://files.pythonhosted.org/packages/source/t/tqdm/tqdm-%{version}.tar.gz -# https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721 -Patch0: CVE-2024-34062.patch BuildRequires: python3-devel python3-setuptools gcc python3-toml python3-setuptools_scm BuildRequires: python3-pip python3-hatchling python3-hatch-vcs python3-wheel @@ -55,6 +53,11 @@ mv -v %{buildroot}%{python3_sitelib}/tqdm/tqdm.1 %{buildroot}%{_mandir}/man1/ %{_mandir}/man1/tqdm.1* %changelog +* Sat May 11 2024 dongjiao - 4.66.4-1 +- Upgrade package to version 4.66.4 + - rich: fix completion + - minor framework updates & code tidy + * Mon May 06 2024 yaoxin - 4.66.2-2 - Fix CVE-2024-34062 diff --git a/tqdm-4.66.2.tar.gz b/tqdm-4.66.2.tar.gz deleted file mode 100644 index 1e09960708457b7a0f0a58d747bebff9c541091c..0000000000000000000000000000000000000000 Binary files a/tqdm-4.66.2.tar.gz and /dev/null differ diff --git a/tqdm-4.66.4.tar.gz b/tqdm-4.66.4.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..e3e913052cecc02c3a7f9d980601d3f9ea595a0c Binary files /dev/null and b/tqdm-4.66.4.tar.gz differ