diff options
Diffstat (limited to 'poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch')
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch new file mode 100644 index 0000000000..d7fc87fec8 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch @@ -0,0 +1,49 @@ +From 9a73f2a80e5cf869d473ddcbfceaab229fb99b5e Mon Sep 17 00:00:00 2001 +From: Narpat Mali <narpat.mali@windriver.com> +Date: Mon, 28 Aug 2023 15:04:14 +0000 +Subject: [PATCH] SQL+Jinja: use a simpler regex in analyse_text + +Fixes catastrophic backtracking + +Fixes #2355 + +CVE: CVE-2022-40896 + +Upstream-Status: Backport [https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + CHANGES | 1 + + pygments/lexers/templates.py | 6 +----- + 2 files changed, 2 insertions(+), 5 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 2aa54fa..4c84fa6 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -61,6 +61,7 @@ Version 2.14.0 + * Spice: Add ``enum`` keyword and fix a bug regarding binary, + hexadecimal and octal number tokens (#2227) + * YAML: Accept colons in key names (#2277) ++ * SQL+Jinja (``analyse_text`` method): fix catastrophic backtracking [Backported] + + - Fix `make mapfiles` when Pygments is not installed in editable mode + (#2223) +diff --git a/pygments/lexers/templates.py b/pygments/lexers/templates.py +index 1fcf708..1066294 100644 +--- a/pygments/lexers/templates.py ++++ b/pygments/lexers/templates.py +@@ -2291,10 +2291,6 @@ class SqlJinjaLexer(DelegatingLexer): + if re.search(r'\{\{\s*source\(.*\)\s*\}\}', text): + rv += 0.25 + # Jinja macro +- if re.search( +- r'\{%-?\s*macro \w+\(.*\)\s*-?%\}\s+.*\s+\{%-?\s*endmacro\s*-?%\}', +- text, +- re.S, +- ): ++ if re.search(r'\{%-?\s*macro \w+\(.*\)\s*-?%\}', text): + rv += 0.15 + return rv +-- +2.40.0 |