python3-django: implement group method for FakeMatch

This change is for python3-django_2.2.28. This patch is an extension for CVE-2024-27351.patch. The class that patch introduced wasn't completely suitable for this version of the recipe, because it was accessing a function of it that was not implemented (the upstream version that introduced this class did not use that function, it is specific to this old version). This patch adds the missing implementation to avoid errors. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-27 12:01:38 +01:00 · 2026-01-14 08:34:39 +01:00 · 2026-01-14 08:34:39 +01:00 · 2e331249b2
commit 2e331249b2
parent 4638d0ee22
2 changed files with 43 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-django/0001-implement-group-method-for-FakeMatch.patch
+++ b/meta-python/recipes-devtools/python/python3-django/0001-implement-group-method-for-FakeMatch.patch
@ -0,0 +1,42 @@
+From c78be5dd9f1772a22f3094d8c2cfe56bfb45b122 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Wed, 14 Jan 2026 00:24:12 +0100
+Subject: [PATCH] implement group method for FakeMatch
+
+FakeMatch class was introduced in a backported CVE patch for this
+recipe (CVE-2024-27351). These objects are later accessed in
+django/utils/text.py module, in Truncator._truncate_html() method.
+It is treated as a regex.search() object.
+
+This function, at the time when the upstream project introduced this
+CVE patch was using array-style access, with brackets, so it
+worked, because the FakeMatch class implements the __getitem__()
+method. However in version 2.x, it was using group() access to
+access the matches - which is not implemented for this class, making
+these accesses fail:
+
+AttributeError: 'FakeMatch' object has no attribute 'group'
+
+To avoid this issue, this patch implements this method for this class.
+
+Upstream-Status: Inappropriate [Backport-specific]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ django/utils/text.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/django/utils/text.py b/django/utils/text.py
+index e104b60..5033937 100644
+--- a/django/utils/text.py
+++ b/django/utils/text.py
+@@ -66,6 +66,9 @@ class FakeMatch:
+     def __init__(self, text, end):
+         self._text, self._end = text, end
+ 
+    def group(self, n):
+        return self[n]
+
+ 
+ # ----- End security-related performance workaround -----
+ 
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@ -35,6 +35,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://Fix-undefined-_lazy_re_compile.patch \
            file://Fix-missing-JSONField-in-django.db.mo.patch \
            file://0001-Fixed-35172-Fixed-intcomma-for-string-floats.patch \
+            file://0001-implement-group-method-for-FakeMatch.patch \
           "

 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"