MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-27 12:01:38 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2236de2bd3
meta-openembedded/meta-python/recipes-devtools/python/python3-tqdm/CVE-2024-34062.patch
Gyorgy Sarvari 2236de2bd3 python3-tqdm: patch CVE-2024-34062 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-34062

Pick the patch mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-08 22:03:03 +01:00

65 lines
2.1 KiB
Diff
Raw Blame History

From 35f8daf26d28950aa44a763f19a13c6ee133ff6c Mon Sep 17 00:00:00 2001
From: Casper da Costa-Luis <tqdm@cdcl.ml>
Date: Wed, 1 May 2024 14:56:01 +0100
Subject: [PATCH] cli: eval safety
- fixes GHSA-g7vv-2v7x-gj9p
CVE: CVE-2024-34062
Upstream-Status: Backport [https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
tqdm/cli.py | 33 ++++++++++++++++++++++-----------
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/tqdm/cli.py b/tqdm/cli.py
index 3ed25fb..e4f587b 100644
--- a/tqdm/cli.py
+++ b/tqdm/cli.py
@@ -21,23 +21,34 @@ def cast(val, typ):
return cast(val, t)
except TqdmTypeError:
pass
- raise TqdmTypeError(val + ' : ' + typ)
+ raise TqdmTypeError(f"{val} : {typ}")
# sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
if typ == 'bool':
if (val == 'True') or (val == ''):
return True
- elif val == 'False':
+ if val == 'False':
return False
- else:
- raise TqdmTypeError(val + ' : ' + typ)
- try:
- return eval(typ + '("' + val + '")')
- except Exception:
- if typ == 'chr':
- return chr(ord(eval('"' + val + '"'))).encode()
- else:
- raise TqdmTypeError(val + ' : ' + typ)
+ raise TqdmTypeError(val + ' : ' + typ)
+ if typ == 'chr':
+ if len(val) == 1:
+ return val.encode()
+ if re.match(r"^\\\w+$", val):
+ return eval(f'"{val}"').encode()
+ raise TqdmTypeError(f"{val} : {typ}")
+ if typ == 'str':
+ return val
+ if typ == 'int':
+ try:
+ return int(val)
+ except ValueError as exc:
+ raise TqdmTypeError(f"{val} : {typ}") from exc
+ if typ == 'float':
+ try:
+ return float(val)
+ except ValueError as exc:
+ raise TqdmTypeError(f"{val} : {typ}") from exc
+ raise TqdmTypeError(f"{val} : {typ}")
def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,
Reference in New Issue View Git Blame Copy Permalink