Compare commits
No commits in common. "c8-beta" and "c9s" have entirely different histories.
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
||||
1
|
17
.gitignore
vendored
17
.gitignore
vendored
@ -1 +1,16 @@
|
||||
SOURCES/PyMySQL-1.1.0.tar.gz
|
||||
/PyMySQL-0.6.6.tar.gz
|
||||
/PyMySQL-0.6.7.tar.gz
|
||||
/PyMySQL-0.7.9.tar.gz
|
||||
/PyMySQL-0.7.10.tar.gz
|
||||
/PyMySQL-0.7.11.tar.gz
|
||||
/PyMySQL-0.8.0.tar.gz
|
||||
/PyMySQL-0.8.1.tar.gz
|
||||
/PyMySQL-0.9.0.tar.gz
|
||||
/PyMySQL-0.9.1.tar.gz
|
||||
/PyMySQL-0.9.2.tar.gz
|
||||
/PyMySQL-0.9.3.tar.gz
|
||||
/PyMySQL-0.10.0.tar.gz
|
||||
/PyMySQL-0.10.1.tar.gz
|
||||
/PyMySQL-1.0.2.tar.gz
|
||||
/PyMySQL-1.0.3.tar.gz
|
||||
/PyMySQL-1.1.0.tar.gz
|
||||
|
@ -1 +0,0 @@
|
||||
6d1caef3b6f1b699816a578a1033d98a436627a9 SOURCES/PyMySQL-1.1.0.tar.gz
|
17
CVE-2024-36039.patch
Normal file
17
CVE-2024-36039.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff --git a/pymysql/converters.py b/pymysql/converters.py
|
||||
index 1adac75..dbf97ca 100644
|
||||
--- a/pymysql/converters.py
|
||||
+++ b/pymysql/converters.py
|
||||
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):
|
||||
|
||||
|
||||
def escape_dict(val, charset, mapping=None):
|
||||
- n = {}
|
||||
- for k, v in val.items():
|
||||
- quoted = escape_item(v, charset, mapping)
|
||||
- n[k] = quoted
|
||||
- return n
|
||||
+ raise TypeError("dict can not be used as parameter")
|
||||
|
||||
|
||||
def escape_sequence(val, charset, mapping=None):
|
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
--- !Policy
|
||||
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
8
plan.fmf
Normal file
8
plan.fmf
Normal file
@ -0,0 +1,8 @@
|
||||
execute:
|
||||
how: tmt
|
||||
discover:
|
||||
- how: shell
|
||||
tests:
|
||||
- name: simple import
|
||||
test: python3.12 -c 'import pymysql'
|
||||
- how: fmf
|
@ -5,7 +5,7 @@
|
||||
|
||||
Name: python%{python3_pkgversion}-%{pypi_name}
|
||||
Version: 1.1.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: Pure-Python MySQL client library
|
||||
|
||||
License: MIT
|
||||
@ -13,6 +13,11 @@ URL: https://pypi.python.org/pypi/%{pypi_name}/
|
||||
Source0: %pypi_source
|
||||
Source1: setup.py
|
||||
|
||||
# Security fix for CVE-2024-36039: SQL injection if used with untrusted JSON input
|
||||
# Resolved upstream: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
|
||||
# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2282821
|
||||
Patch0: CVE-2024-36039.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python%{python3_pkgversion}-devel
|
||||
@ -35,7 +40,7 @@ and Jython.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -qn %{pypi_name}-%{version}
|
||||
%autosetup -n %{pypi_name}-%{version} -p1
|
||||
rm -rf %{pypi_name}.egg-info
|
||||
# Remove tests files so they are not installed globally.
|
||||
rm -rf tests
|
||||
@ -62,6 +67,10 @@ cp %{SOURCE1} .
|
||||
%{python3_sitelib}/pymysql/
|
||||
|
||||
%changelog
|
||||
* Fri May 31 2024 Charalampos Stratakis <cstratak@redhat.com> - 1.1.0-3
|
||||
- Security fix for CVE-2024-36039
|
||||
Resolves: RHEL-38371
|
||||
|
||||
* Tue Jan 23 2024 Miro Hrončok <mhroncok@redhat.com> - 1.1.0-2
|
||||
- Rebuilt for timestamp .pyc invalidation mode
|
||||
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
||||
SHA512 (PyMySQL-1.1.0.tar.gz) = 51dddc92e766183ab5d93717121d853415561dc81abc7ec8299a73610cae5bc22b6070006d6ea24405ab31bc1ea68be61466a3477c0f84d47435f78ffc60d31e
|
8
tests/smoke_test.fmf
Normal file
8
tests/smoke_test.fmf
Normal file
@ -0,0 +1,8 @@
|
||||
require:
|
||||
- mariadb-server
|
||||
- python3.12-PyMySQL
|
||||
|
||||
test: |
|
||||
systemctl start mariadb &&
|
||||
python3.12 smoke_test.py &&
|
||||
systemctl stop mariadb
|
12
tests/smoke_test.py
Normal file
12
tests/smoke_test.py
Normal file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/python3
|
||||
# Modified from
|
||||
# https://github.com/PyMySQL/PyMySQL/blob/v1.0.2/example.py
|
||||
|
||||
import pymysql
|
||||
connection = pymysql.connect(unix_socket="/var/lib/mysql/mysql.sock", db="mysql")
|
||||
cursor = connection.cursor()
|
||||
cursor.execute("SELECT Host,User FROM user")
|
||||
print(cursor.description)
|
||||
|
||||
cursor.close()
|
||||
connection.close()
|
Loading…
Reference in New Issue
Block a user