Tree - rpms/imagefactory - src.fedoraproject.org

rpms / imagefactory

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: orphan
EPEL:: kevin
Files

Commit: e439d705dcdb1f57449c1689bba7d938d95e84e8
Blob Blame History Raw
From 6ad8f25dc9214a7236d0df8127bbc909f45e142e Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Sat, 10 Feb 2024 08:43:29 -0800
Subject: [PATCH 1/2] bottle: fix for Python 3.12, backport CVE-2022-31799 fix

This fixes bottle for the removal of imp (slightly different
in appearance from how upstream did it, as I wrote it first
without seeing the upstream commit, but the same in effect),
and backports the fix for CVE-2022-31799 .

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 imgfac/rest/bottle.py | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/imgfac/rest/bottle.py b/imgfac/rest/bottle.py
index 5887109..b706e90 100644
--- a/imgfac/rest/bottle.py
+++ b/imgfac/rest/bottle.py
@@ -35,8 +35,8 @@ if __name__ == '__main__':
     if _cmd_options.server and _cmd_options.server.startswith('gevent'):
         import gevent.monkey; gevent.monkey.patch_all()
 
-import base64, cgi, email.utils, functools, hmac, imp, itertools, mimetypes,\
-        os, re, subprocess, sys, tempfile, threading, time, warnings
+import base64, cgi, email.utils, functools, hmac, itertools, mimetypes,\
+        os, re, subprocess, sys, tempfile, threading, time, types, warnings
 
 from datetime import date as datedate, datetime, timedelta
 from tempfile import TemporaryFile
@@ -842,17 +842,19 @@ class Bottle(object):
         return tob(template(ERROR_PAGE_TEMPLATE, e=res))
 
     def _handle(self, environ):
-        path = environ['bottle.raw_path'] = environ['PATH_INFO']
-        if py3k:
-            try:
-                environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
-            except UnicodeError:
-                return HTTPError(400, 'Invalid path string. Expected UTF-8')
-
         try:
+
             environ['bottle.app'] = self
             request.bind(environ)
             response.bind()
+
+            path = environ['bottle.raw_path'] = environ['PATH_INFO']
+            if py3k:
+                try:
+                    environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+                except UnicodeError:
+                    return HTTPError(400, 'Invalid path string. Expected UTF-8')
+
             try:
                 self.trigger_hook('before_request')
                 route, args = self.router.match(environ)
@@ -1779,7 +1781,7 @@ class _ImportRedirect(object):
         ''' Create a virtual package that redirects imports (see PEP 302). '''
         self.name = name
         self.impmask = impmask
-        self.module = sys.modules.setdefault(name, imp.new_module(name))
+        self.module = sys.modules.setdefault(name, types.ModuleType(name))
         self.module.__dict__.update({'__file__': __file__, '__path__': [],
                                     '__all__': [], '__loader__': self})
         sys.meta_path.append(self)
-- 
2.43.0
rpms / imagefactory

Source Code

Files
