4 changed files with 28 additions and 120 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v5.0.8.tar.gz
+SOURCES/v5.0.6.tar.gz
--- a/.python-configobj.metadata
+++ b/.python-configobj.metadata
@ -1 +1 @@
-af0e8f0abf4b5461a32e7e882d00bfd558c178fe SOURCES/v5.0.8.tar.gz
+b7cadbe17ff69953b3060eaf941fbd95959452be SOURCES/v5.0.6.tar.gz
--- a/SOURCES/0001-Address-CVE-2023-26112-ReDoS.patch
+++ b/SOURCES/0001-Address-CVE-2023-26112-ReDoS.patch
@ -1,51 +0,0 @@
 From a82ea8fb0338f2bd46cf627c4b763094448e6bd7 Mon Sep 17 00:00:00 2001
 From: cdcadman <mythirty@gmail.com>
 Date: Wed, 17 May 2023 03:57:08 -0700
 Subject: [PATCH] Address CVE-2023-26112 ReDoS
 ---
 src/configobj/validate.py         |  2 +-
 src/tests/test_validate_errors.py | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)
 diff --git a/src/configobj/validate.py b/src/configobj/validate.py
 index 9267a3f..98d879f 100644
 --- a/src/configobj/validate.py
 +++ b/src/configobj/validate.py
@@ -541,7 +541,7 @@ class Validator(object):
     """
     # this regex does the initial parsing of the checks
 -    _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL)
 +    _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL)
     # this regex takes apart keyword arguments
     _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$',  re.DOTALL)
 diff --git a/src/tests/test_validate_errors.py b/src/tests/test_validate_errors.py
 index 399daa8..f7d6c27 100644
 --- a/src/tests/test_validate_errors.py
 +++ b/src/tests/test_validate_errors.py
@@ -3,7 +3,7 @@ import os
 import pytest
 from configobj import ConfigObj, get_extra_values, ParseError, NestingError
 -from configobj.validate import Validator
 +from configobj.validate import Validator, VdtUnknownCheckError
 @pytest.fixture()
 def thisdir():
@@ -77,3 +77,11 @@ def test_no_parent(tmpdir, specpath):
     ini.write('[[haha]]')
     with pytest.raises(NestingError):
         conf = ConfigObj(str(ini), configspec=specpath, file_error=True)
 +
 +
 +def test_re_dos(val):
 +    value = "aaa"
 +    i = 165100
 +    attack = '\x00'*i + ')' + '('*i
 +    with pytest.raises(VdtUnknownCheckError):
 +        val.check(attack, value)
 -- 
 2.40.1
--- a/SPECS/python-configobj.spec
+++ b/SPECS/python-configobj.spec
@ -1,8 +1,8 @@
 Name:           python-configobj
-Version:        5.0.8
+Version:        5.0.6
-Release:        9%{?dist}
+Release:        25%{?dist}
 Summary:        Config file reading, writing, and validation
-License:        BSD-3-Clause
+License:        BSD
 URL:            http://configobj.readthedocs.org/
 # Moved to the github release instead of the pypi one since multiple elements (License and tests)
 # are not available using pypi. Two bugs have been filled about this:
@ -10,26 +10,25 @@ URL:            http://configobj.readthedocs.org/
 # https://github.com/DiffSK/configobj/issues/99
 # Source0:        https://pypi.python.org/packages/source/c/configobj/configobj-5.0.6.tar.gz
 Source0:        https://github.com/DiffSK/configobj/archive/v%{version}.tar.gz
 Patch1:         0001-Address-CVE-2023-26112-ReDoS.patch
 BuildArch:      noarch
-BuildRequires:  python%{python3_pkgversion}-devel
+BuildRequires:  python3-devel
-BuildRequires:  python%{python3_pkgversion}-setuptools
+BuildRequires:  python3-setuptools
-BuildRequires:  python%{python3_pkgversion}-six
+BuildRequires:  python3-six
-BuildRequires:  python%{python3_pkgversion}-pytest
+BuildRequires:  python3-pytest
 %global _description \
 ConfigObj is a simple but powerful configuration file reader and writer: an ini\
 file round tripper. Its main feature is that it is very easy to use, with a\
 straightforward programmers interface and a simple syntax for config files. 
 %description %_description
-%package     -n python%{python3_pkgversion}-configobj
+%package     -n python3-configobj
 Summary:        %{summary}
-%{?python_provide:%python_provide python%{python3_pkgversion}-configobj}
+%{?python_provide:%python_provide python3-configobj}
-Requires:       python%{python3_pkgversion}-six
+Requires:       python3-six
-%description -n python%{python3_pkgversion}-configobj %_description
+%description -n python3-configobj %_description
 %prep
-%autosetup -p1 -n configobj-%{version}
+%autosetup -n configobj-%{version}
 %build
 %py3_build
@ -38,67 +37,27 @@ Requires:       python%{python3_pkgversion}-six
 %py3_install
 %check
-export PYTHONPATH=$(pwd)/build/lib
+# this needs to be set for tests.test_configobj.test_options_deprecation
-%{__python3} src/tests/configobj_doctests.py
+export PYTHONWARNINGS=always
-%{__python3} -m configobj.validate
+%{__python3} test_configobj.py
-%pytest -c setup.cfg --color=yes
+py.test-%{python3_version} tests
-%files -n python%{python3_pkgversion}-configobj
+%files -n python3-configobj
 %doc README.md
 %license LICENSE
-%{python3_sitelib}/configobj
+%{python3_sitelib}/_version.py
-%{python3_sitelib}/validate
+%{python3_sitelib}/configobj.py
 %{python3_sitelib}/validate.py
 %{python3_sitelib}/__pycache__/*
 %{python3_sitelib}/configobj-%{version}-py%{python3_version}.egg-info
 %changelog
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.0.8-9
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.0.6-25
- Bump release for June 2024 mass rebuild
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
-* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.8-8
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.0.6-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.8-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Mon Oct 09 2023 Terje Rosten <terje.rosten@ntnu.no> - 5.0.8-6
 - Add patch to fix CVE-2023-26112
 * Sun Oct 01 2023 Terje Rosten <terje.rosten@ntnu.no> - 5.0.8-5
 - SPDX fix from Daniel P. Berrange
 * Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.8-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 5.0.8-3
 - Rebuilt for Python 3.12
 * Tue May 23 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 5.0.8-2
 - Avoid pytest-cov dependency
 * Sat Feb 04 2023 Terje Rosten <terje.rosten@ntnu.no> - 5.0.8-1
 - 5.0.8
 - Execute tests as upstream does
 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-30
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-29
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 5.0.6-28
 - Rebuilt for Python 3.11
 * Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-27
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Sun Aug 08 2021 Sam P <survient@fedoraproject.org> - 5.0.6-26
 - Change to use python3_pkgversion macro for EPEL 7 support
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 5.0.6-24
 - Rebuilt for Python 3.10
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-23
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
`@ -1 +1 @@`
	`af0e8f0abf4b5461a32e7e882d00bfd558c178fe SOURCES/v5.0.8.tar.gz`	`b7cadbe17ff69953b3060eaf941fbd95959452be SOURCES/v5.0.6.tar.gz`