!25 [sync] PR-24: fix CVE-2023-26112

From: @openeuler-sync-bot 
Reviewed-by: @swf504 
Signed-off-by: @swf504

0001-changed-1-link-in-rest-docs.patch

@@ -0,0 +1,26 @@
+From fb33cc3bc886eec21f56309346076069f0a2bcb5 Mon Sep 17 00:00:00 2001
+From: Rob Dennis <robd@services-in.xr>
+Date: Tue, 17 Jan 2023 14:35:53 -0500
+Subject: [PATCH] #225 - changed 1 link in rest docs
+
+- there's a _lot_ of references to voidspace and I felt unable to change all of them
+---
+ docs/configobj.rst | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/configobj.rst b/docs/configobj.rst
+index c4bbc18..6477b7b 100644
+--- a/docs/configobj.rst
++++ b/docs/configobj.rst
+@@ -32,7 +32,7 @@
+     The best introduction to working with ConfigObj, including the powerful configuration validation system,
+     is the article:
+     
+-    * `An Introduction to ConfigObj <http://www.voidspace.org.uk/python/articles/configobj.shtml>`_
++    * `An Introduction to ConfigObj <https://web.archive.org/web/20200503085339/http://www.voidspace.org.uk/python/articles/configobj.shtml>`_
+ 
+ 
+ Introduction
+-- 
+2.27.0
+

0002-Address-CVE-2023-26112-ReDoS.patch

@@ -0,0 +1,51 @@
+From a82ea8fb0338f2bd46cf627c4b763094448e6bd7 Mon Sep 17 00:00:00 2001
+From: cdcadman <mythirty@gmail.com>
+Date: Wed, 17 May 2023 03:57:08 -0700
+Subject: [PATCH] Address CVE-2023-26112 ReDoS
+
+---
+ src/configobj/validate.py         |  2 +-
+ src/tests/test_validate_errors.py | 10 +++++++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/validate.py b/validate.py
+index 9267a3f..98d879f 100644
+--- a/validate.py
++++ b/validate.py
+@@ -541,7 +541,7 @@ class Validator(object):
+     """
+ 
+     # this regex does the initial parsing of the checks
+-    _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL)
++    _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL)
+ 
+     # this regex takes apart keyword arguments
+     _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$',  re.DOTALL)
+diff --git a/tests/test_validate_errors.py b/tests/test_validate_errors.py
+index 399daa8..f7d6c27 100644
+--- a/tests/test_validate_errors.py
++++ b/tests/test_validate_errors.py
+@@ -3,7 +3,7 @@ import os
+ import pytest
+ 
+ from configobj import ConfigObj, get_extra_values, ParseError, NestingError
+-from validate import Validator
++from validate import Validator, VdtUnknownCheckError
+ 
+ @pytest.fixture()
+ def thisdir():
+@@ -77,3 +77,11 @@ def test_no_parent(tmpdir, specpath):
+     ini.write('[[haha]]')
+     with pytest.raises(NestingError):
+         conf = ConfigObj(str(ini), configspec=specpath, file_error=True)
++
++
++def test_re_dos(val):
++    value = "aaa"
++    i = 165100
++    attack = '\x00'*i + ')' + '('*i
++    with pytest.raises(VdtUnknownCheckError):
++        val.check(attack, value)
+-- 
+2.40.1
+

python-configobj.spec

@@ -2,13 +2,16 @@
 
 Name:    python-configobj
 Version: 5.0.6
-Release: 16
+Release: 20
 Summary: ConfigObj is a simple but powerful config file reader and writer
 License: BSD
 URL:     http://configobj.readthedocs.org/
 Source0: https://github.com/DiffSK/configobj/archive/v%{version}.tar.gz
 
-BuildRequires:python3-devel python3-pytest python3-setuptools python3-six git
+Patch0:  0001-changed-1-link-in-rest-docs.patch
+Patch1:  0002-Address-CVE-2023-26112-ReDoS.patch
+
+BuildRequires:python3-devel python3-pytest python3-setuptools python3-six 
 BuildArch:    noarch
 
 %description
@@ -38,7 +41,7 @@ Requires:  python3-six
 config file reader and writer
 
 %prep
-%autosetup -n configobj-%{version} -p1 -Sgit
+%autosetup -n configobj-%{version} -p1
 
 %build
 %py3_build
@@ -56,6 +59,18 @@ export PYTHONWARNINGS=always
 %{python3_sitelib}/*
 
 %changelog
+* Sat Sep 14 2024 Wangmian <wangmian19@h-partners.com> - 5.0.6-20
+- fix CVE-2023-26112 from fedora
+ 
+* Mon May 8 2023 Jiangtian Feng <fengjiangtian@huawei.com> - 5.0.6-19
+- update the introduction web link
+
+* Fri Oct 21 2022 liubo <liubo254@huawei.com> - 5.0.6-18
+- rebuild the version to 5.0.6-18
+
+* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 5.0.6-17
+- DESC: delete -Sgit from %autosetup, and delete BuildRequires git
+
 * Fri Oct 30 2020 yanglongkang <yanglongkang@huawei.com> - 5.0.6-16
 - remove python2 dependency