summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch')
-rw-r--r--poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch
new file mode 100644
index 0000000000..d7fc87fec8
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch
@@ -0,0 +1,49 @@
+From 9a73f2a80e5cf869d473ddcbfceaab229fb99b5e Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Mon, 28 Aug 2023 15:04:14 +0000
+Subject: [PATCH] SQL+Jinja: use a simpler regex in analyse_text
+
+Fixes catastrophic backtracking
+
+Fixes #2355
+
+CVE: CVE-2022-40896
+
+Upstream-Status: Backport [https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGES | 1 +
+ pygments/lexers/templates.py | 6 +-----
+ 2 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 2aa54fa..4c84fa6 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -61,6 +61,7 @@ Version 2.14.0
+ * Spice: Add ``enum`` keyword and fix a bug regarding binary,
+ hexadecimal and octal number tokens (#2227)
+ * YAML: Accept colons in key names (#2277)
++ * SQL+Jinja (``analyse_text`` method): fix catastrophic backtracking [Backported]
+
+ - Fix `make mapfiles` when Pygments is not installed in editable mode
+ (#2223)
+diff --git a/pygments/lexers/templates.py b/pygments/lexers/templates.py
+index 1fcf708..1066294 100644
+--- a/pygments/lexers/templates.py
++++ b/pygments/lexers/templates.py
+@@ -2291,10 +2291,6 @@ class SqlJinjaLexer(DelegatingLexer):
+ if re.search(r'\{\{\s*source\(.*\)\s*\}\}', text):
+ rv += 0.25
+ # Jinja macro
+- if re.search(
+- r'\{%-?\s*macro \w+\(.*\)\s*-?%\}\s+.*\s+\{%-?\s*endmacro\s*-?%\}',
+- text,
+- re.S,
+- ):
++ if re.search(r'\{%-?\s*macro \w+\(.*\)\s*-?%\}', text):
+ rv += 0.15
+ return rv
+--
+2.40.0
generated by cgit v1.2.3 (git 2.39.0) at 2024-05-19 20:55:29 +0300