rpms/python2-setuptools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:stream-python27-2.7-rhel-8.9.0
Branches Tags
rpms:c8-stream-2.7
rpms:c8-beta-stream-2.7
rpms:stream-python27-2.7-rhel-8.10.0
rpms:stream-python27-2.7-rhel-8.9.0
rpms:c9s
rpms:c10s
rpms:c8s-stream-2.7
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-14.module_el8.10.0+3783+2756348e
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-12.module+el8.3.0+7075+8484f0d0
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-11.module+el8.1.0+3111+de3f2d8e
rpms:imports/c8s-stream-2.7/python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c
rpms:imports/c8s-stream-2.7/python2-setuptools-39.0.1-12.module+el8.3.0+7075+8484f0d0
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-12.module+el8.3.0+7075+8484f0d0
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-11.module+el8.0.0+4028+a686efca
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-11.module+el8.0.0+2961+596d0223
...
pull from: rpms:c8-stream-2.7
Branches Tags
rpms:c8-stream-2.7
rpms:c8-beta-stream-2.7
rpms:stream-python27-2.7-rhel-8.10.0
rpms:stream-python27-2.7-rhel-8.9.0
rpms:c9s
rpms:c10s
rpms:c8s-stream-2.7
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-14.module_el8.10.0+3783+2756348e
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-12.module+el8.3.0+7075+8484f0d0
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3
rpms:imports/c8-beta-stream-2.7/python2-setuptools-39.0.1-11.module+el8.1.0+3111+de3f2d8e
rpms:imports/c8s-stream-2.7/python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c
rpms:imports/c8s-stream-2.7/python2-setuptools-39.0.1-12.module+el8.3.0+7075+8484f0d0
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-12.module+el8.3.0+7075+8484f0d0
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-11.module+el8.0.0+4028+a686efca
rpms:imports/c8-stream-2.7/python2-setuptools-39.0.1-11.module+el8.0.0+2961+596d0223

No commits in common. "stream-python27-2.7-rhel-8.9.0" and "c8-stream-2.7" have entirely different histories.
stream-pyt ... c8-stream-

7 changed files with 27 additions and 93 deletions
Show Stats Expand all files Collapse all files

92
.gitignore vendored
View File

@ -1,91 +1 @@
/svn17_example.zip SOURCES/setuptools-39.0.1.zip
/svn18_example.zip
/setuptools-1.3.1.tar.gz
/setuptools-1.4.tar.gz
/setuptools-2.0.tar.gz
/setuptools-6.0.2.tar.gz
/setuptools-6.1.tar.gz
/setuptools-7.0.tar.gz
/setuptools-8.2.1.tar.gz
/setuptools-11.0.tar.gz
/setuptools-11.3.1.tar.gz
/setuptools-12.0.3.tar.gz
/setuptools-12.3.tar.gz
/setuptools-12.4.tar.gz
/setuptools-13.0.2.tar.gz
/setuptools-14.1.1.tar.gz
/setuptools-14.2.tar.gz
/setuptools-14.3.tar.gz
/setuptools-14.3.1.tar.gz
/python-setuptools-15.0-1.fc21.src.rpm
/setuptools-15.0.tar.gz
/setuptools-15.2.tar.gz
/setuptools-16.0.tar.gz
/setuptools-17.0.tar.gz
/setuptools-17.1.tar.gz
/setuptools-17.1.1.tar.gz
/setuptools-18.0.1.tar.gz
/setuptools-18.1.tar.gz
/setuptools-18.3.1.tar.gz
/setuptools-18.3.2.tar.gz
/setuptools-18.4.tar.gz
/setuptools-18.5.tar.gz
/setuptools-18.6.1.tar.gz
/setuptools-18.7.1.tar.gz
/setuptools-18.8.tar.gz
/setuptools-18.8.1.tar.gz
/setuptools-19.1.1.tar.gz
/setuptools-19.2.tar.gz
/setuptools-19.4.tar.gz
/setuptools-19.5.tar.gz
/setuptools-19.6.tar.gz
/setuptools-19.6.2.tar.gz
/setuptools-19.7.tar.gz
/setuptools-20.0.tar.gz
/setuptools-20.1.tar.gz
/setuptools-20.1.1.tar.gz
/setuptools-20.3.tar.gz
/setuptools-20.4.tar.gz
/setuptools-20.6.7.tar.gz
/setuptools-20.8.1.tar.gz
/setuptools-20.9.0.tar.gz
/setuptools-20.10.1.tar.gz
/setuptools-21.2.2.tar.gz
/setuptools-22.0.0.tar.gz
/setuptools-22.0.5.tar.gz
/setuptools-23.0.0.tar.gz
/setuptools-24.0.1.tar.gz
/setuptools-24.2.0.tar.gz
/setuptools-25.0.0.tar.gz
/setuptools-25.1.0.tar.gz
/setuptools-25.1.1.tar.gz
/setuptools-25.1.6.tar.gz
/setuptools-26.0.0.tar.gz
/setuptools-27.1.2.tar.gz
/setuptools-27.3.0.tar.gz
/setuptools-28.0.0.tar.gz
/setuptools-28.1.0.tar.gz
/setuptools-28.2.0.tar.gz
/setuptools-28.3.0.tar.gz
/setuptools-28.6.0.tar.gz
/setuptools-28.6.1.tar.gz
/setuptools-28.7.1.tar.gz
/setuptools-28.8.0.tar.gz
/setuptools-30.4.0.tar.gz
/v32.2.0.tar.gz
/setuptools-32.2.0.zip
/setuptools-32.3.0.zip
/setuptools-32.3.1.zip
/setuptools-34.1.1.zip
/setuptools-34.2.0.zip
/setuptools-34.3.0.zip
/setuptools-34.3.2.zip
/setuptools-35.0.1.zip
/setuptools-35.0.2.zip
/setuptools-36.0.1.zip
/setuptools-36.2.0.zip
/setuptools-36.5.0.zip
/setuptools-37.0.0.zip
/setuptools-38.2.5.zip
/setuptools-38.4.0.zip
/setuptools-39.0.1.zip

1
.python2-setuptools.metadata Normal file
View File

@ -0,0 +1 @@
a8af7ca9ddedd3ea046ecf72dd4dcb8592bd3fb7 SOURCES/setuptools-39.0.1.zip

13
SOURCES/CVE-2022-40897.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/setuptools/package_index.py b/setuptools/package_index.py
index 123e958..a90b810 100644
--- a/setuptools/package_index.py
+++ b/setuptools/package_index.py
@@ -215,7 +215,7 @@ def unique_values(func):
return wrapper
-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
+REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
# this line is here to fix emacs' cruddy broken syntax highlighting

0
fix-wheel-tests-compatibility.patch → SOURCES/fix-wheel-tests-compatibility.patch
View File

0
skip-internet-requiring-tests.patch → SOURCES/skip-internet-requiring-tests.patch
View File

13
python2-setuptools.spec → SPECS/python2-setuptools.spec
View File

@ -28,7 +28,7 @@
Name: python2-setuptools Name: python2-setuptools
Version: 39.0.1 Version: 39.0.1
Release: 13%{?dist} Release: 14%{?dist}
Summary: Easily build and distribute Python packages Summary: Easily build and distribute Python packages
Group: Applications/System Group: Applications/System
@ -44,6 +44,12 @@ Patch0: skip-internet-requiring-tests.patch
# Resolved upstream: https://github.com/pypa/setuptools/pull/1319/ # Resolved upstream: https://github.com/pypa/setuptools/pull/1319/
Patch1: fix-wheel-tests-compatibility.patch Patch1: fix-wheel-tests-compatibility.patch
# Security fix for CVE-2022-40897
# Regular Expression Denial of Service (ReDoS) in package_index.py
# Resolved upstream: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
# The patch is backported without test because that requires pytest.timeout.
Patch2: CVE-2022-40897.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: gcc BuildRequires: gcc
@ -111,6 +117,7 @@ rm setuptools/tests/test_integration.py
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
%build %build
%if %{with python2} %if %{with python2}
@ -200,6 +207,10 @@ PYTHONDONTWRITEBYTECODE=1 PYTHONPATH=$(pwd) py.test-%{python2_version} --ignore=
%endif #with bootstrap %endif #with bootstrap
%changelog %changelog
* Tue Oct 03 2023 Lumír Balhar <lbalhar@redhat.com> - 39.0.1-14
- Fix for CVE-2022-40897
Resolves: RHEL-9763
* Wed Jan 13 2021 Charalampos Stratakis <cstratak@redhat.com> - 39.0.1-13 * Wed Jan 13 2021 Charalampos Stratakis <cstratak@redhat.com> - 39.0.1-13
- When building for Flatpak inclusion, build in bootstrap mode - When building for Flatpak inclusion, build in bootstrap mode
Resolves: rhbz#1907597 Resolves: rhbz#1907597

1
sources
View File

@ -1 +0,0 @@
SHA512 (setuptools-39.0.1.zip) = 1f8a579b18944146ccf34c8daccdecd3595591c94fe8d43a329aca8188100b97049d0a4f5083c5c7c616b260eb379153929a2a1ed7225df88de17414d394fed1