diff --git a/CVE-2024-21503.patch b/CVE-2024-21503.patch deleted file mode 100644 index ef91aa3b3675ae2353cb5e843198b070cdb418be..0000000000000000000000000000000000000000 --- a/CVE-2024-21503.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 3ecd05252df7c043d077a8c7ecaa573465e0cc8a Mon Sep 17 00:00:00 2001 -From: Jelle Zijlstra -Date: Fri, 15 Mar 2024 12:06:12 -0700 -Subject: [PATCH ] CVE-2024-21503 -Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278) - ---- - src/black/strings.py | 18 ++++++------------ - tests/test_black.py | 11 +++++++++++ - 2 files changed, 17 insertions(+), 12 deletions(-) - -diff --git a/src/black/strings.py b/src/black/strings.py -index 0e0f968..baa8816 100644 ---- a/src/black/strings.py -+++ b/src/black/strings.py -@@ -14,7 +14,6 @@ STRING_PREFIX_CHARS: Final = "furbFURB" # All possible string prefix characters - STRING_PREFIX_RE: Final = re.compile( - r"^([" + STRING_PREFIX_CHARS + r"]*)(.*)$", re.DOTALL - ) --FIRST_NON_WHITESPACE_RE: Final = re.compile(r"\s*\t+\s*(\S)") - UNICODE_ESCAPE_RE: Final = re.compile( - r"(?P\\+)(?P" - r"(u(?P[a-fA-F0-9]{4}))" # Character with 16-bit hex value xxxx -@@ -51,18 +50,13 @@ def lines_with_leading_tabs_expanded(s: str) -> List[str]: - """ - lines = [] - for line in s.splitlines(): -- # Find the index of the first non-whitespace character after a string of -- # whitespace that includes at least one tab -- match = FIRST_NON_WHITESPACE_RE.match(line) -- if match: -- first_non_whitespace_idx = match.start(1) -- -- lines.append( -- line[:first_non_whitespace_idx].expandtabs() -- + line[first_non_whitespace_idx:] -- ) -- else: -+ stripped_line = line.lstrip() -+ if not stripped_line or stripped_line == line: - lines.append(line) -+ else: -+ prefix_length = len(line) - len(stripped_line) -+ prefix = line[:prefix_length].expandtabs() -+ lines.append(prefix + stripped_line) - if s.endswith("\n"): - lines.append("") - return lines -diff --git a/tests/test_black.py b/tests/test_black.py -index 41f87cd..1814fb7 100644 ---- a/tests/test_black.py -+++ b/tests/test_black.py -@@ -47,6 +47,7 @@ from black.debug import DebugVisitor - from black.mode import Mode, Preview - from black.output import color_diff, diff - from black.report import Report -+from black.strings import lines_with_leading_tabs_expanded - - # Import other test classes - from tests.util import ( -@@ -2054,6 +2055,16 @@ class BlackTestCase(BlackBaseTestCase): - b"Cannot use line-ranges in the pyproject.toml file." in result.stderr_bytes - ) - -+ def test_lines_with_leading_tabs_expanded(self) -> None: -+ # See CVE-2024-21503. Mostly test that this completes in a reasonable -+ # time. -+ payload = "\t" * 10_000 -+ assert lines_with_leading_tabs_expanded(payload) == [payload] -+ -+ tab = " " * 8 -+ assert lines_with_leading_tabs_expanded("\tx") == [f"{tab}x"] -+ assert lines_with_leading_tabs_expanded("\t\tx") == [f"{tab}{tab}x"] -+ assert lines_with_leading_tabs_expanded("\tx\n y") == [f"{tab}x", " y"] - - class TestCaching: - def test_get_cache_dir( --- -2.37.2.windows.2 - diff --git a/black-24.2.0.tar.gz b/black-24.2.0.tar.gz deleted file mode 100644 index 19a768ab94c8b55e13c6b8389fbbd00954dc8fbc..0000000000000000000000000000000000000000 Binary files a/black-24.2.0.tar.gz and /dev/null differ diff --git a/black-24.4.2.tar.gz b/black-24.4.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d5b616e6ae1c7275ae454b65e20150fa65a899b4 Binary files /dev/null and b/black-24.4.2.tar.gz differ diff --git a/python-black.spec b/python-black.spec index a7cb176779d0ad70dab99d1b4ab0d8fd86e2b04d..3c78c4530ed638f2c3a2711a51c520b98f568293 100644 --- a/python-black.spec +++ b/python-black.spec @@ -2,8 +2,8 @@ %global pypi_name black Name: python-%{pypi_name} -Version: 24.2.0 -Release: 2 +Version: 24.4.2 +Release: 1 Summary: The uncompromising code formatter License: MIT URL: https://github.com/psf/black @@ -11,8 +11,6 @@ Source0: %{url}/archive/%{version}/%{pypi_name}-%{version}.tar.gz BuildArch: noarch -Patch0: CVE-2024-21503.patch - BuildRequires: python3-devel # Base build requires @@ -67,6 +65,16 @@ done %{python3_sitelib}/blib2to3/* %changelog +* Sat May 11 2024 wangxiaomeng - 24.4.2-1 +- Update package to version 24.4.2 + - Fix regression where certain complex f-strings failed to parse (#4332) + - Fix bad performance on certain complex string literals (#4331) + - Add support for the new Python 3.12 f-string syntax introduced by PEP 701 (#3822) + - Fix crash involving indented dummy functions containing newlines (#4318) + - Add support for type parameter defaults, a new syntactic feature added to Python 3.13 by PEP 696 (#4327) + - Fix unwanted crashes caused by AST equivalency check (#4290) + - Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. + * Wed Apr 17 2024 yanjianqing - 24.2.0-2 - Fix CVE-2024-21503