-
Notifications
You must be signed in to change notification settings - Fork 567
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8268020
commit a25790a
Showing
2 changed files
with
62 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| From 5bab005747120011816817aaf2174ab46d0c72c9 Mon Sep 17 00:00:00 2001 | ||
| From: Kanishk-Bansal <[email protected]> | ||
| Date: Wed, 12 Feb 2025 10:20:59 +0000 | ||
| Subject: [PATCH] Fix CVE-2024-22195 | ||
| Backport of https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23 | ||
|
|
||
| --- | ||
| deps/v8/third_party/jinja2/filters.py | 24 +++++++++++++++++------- | ||
| 1 file changed, 17 insertions(+), 7 deletions(-) | ||
|
|
||
| diff --git a/deps/v8/third_party/jinja2/filters.py b/deps/v8/third_party/jinja2/filters.py | ||
| index 74b108dc..46347251 100644 | ||
| --- a/deps/v8/third_party/jinja2/filters.py | ||
| +++ b/deps/v8/third_party/jinja2/filters.py | ||
| @@ -204,12 +204,15 @@ def do_lower(s): | ||
| """Convert a value to lowercase.""" | ||
| return soft_unicode(s).lower() | ||
|
|
||
| +_space_re = re.compile(r"\s", flags=re.ASCII) | ||
| + | ||
|
|
||
| @evalcontextfilter | ||
| def do_xmlattr(_eval_ctx, d, autospace=True): | ||
| """Create an SGML/XML attribute string based on the items in a dict. | ||
| - All values that are neither `none` nor `undefined` are automatically | ||
| - escaped: | ||
| + | ||
| + If any key contains a space, this fails with a ``ValueError``. Values that | ||
| + are neither ``none`` nor ``undefined`` are automatically escaped. | ||
|
|
||
| .. sourcecode:: html+jinja | ||
|
|
||
| @@ -228,12 +231,19 @@ def do_xmlattr(_eval_ctx, d, autospace=True): | ||
|
|
||
| As you can see it automatically prepends a space in front of the item | ||
| if the filter returned something unless the second parameter is false. | ||
| + | ||
| + .. versionchanged:: 3.1.3 | ||
| + Keys with spaces are not allowed. | ||
| """ | ||
| - rv = u" ".join( | ||
| - u'%s="%s"' % (escape(key), escape(value)) | ||
| - for key, value in iteritems(d) | ||
| - if value is not None and not isinstance(value, Undefined) | ||
| - ) | ||
| + items = [] | ||
| + for key, value in d.items(): | ||
| + if value is None or isinstance(value, Undefined): | ||
| + continue | ||
| + if _space_re.search(key) is not None: | ||
| + raise ValueError(f"Spaces are not allowed in attributes: '{key}'") | ||
| + items.append(f'{escape(key)}="{escape(value)}"') | ||
| + rv = " ".join(items) | ||
| + | ||
| if autospace and rv: | ||
| rv = u" " + rv | ||
| if _eval_ctx.autoescape: | ||
| -- | ||
| 2.45.2 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,6 +21,7 @@ Patch1: CVE-2024-21538.patch | |
| Patch2: CVE-2025-22150.patch | ||
| Patch3: CVE-2025-23085.patch | ||
| Patch4: CVE-2024-22020.patch | ||
| Patch5: CVE-2024-22195.patch | ||
| BuildRequires: brotli-devel | ||
| BuildRequires: coreutils >= 8.22 | ||
| BuildRequires: gcc | ||
|
|
@@ -122,7 +123,7 @@ make cctest | |
|
|
||
| %changelog | ||
| * Tue Feb 11 2025 Kanishk Bansal <[email protected]> - 18.20.3-3 | ||
| - Patch CVE-2025-22150, CVE-2025-23085, CVE-2024-22020 | ||
| - Patch CVE-2025-22150, CVE-2025-23085, CVE-2024-22020, CVE-2024-22195 | ||
|
|
||
| * Tue Nov 19 2024 Bala <[email protected]> - 18.20.3-2 | ||
| - Patch CVE-2024-21538 | ||
|
|
||