2 changed files with 4 additions and 27 deletions
--- a/SOURCES/CVE-2024-36039.patch
+++ b/SOURCES/CVE-2024-36039.patch
@ -1,17 +0,0 @@
-diff --git a/pymysql/converters.py b/pymysql/converters.py
-index 1adac75..dbf97ca 100644
--- a/pymysql/converters.py
-+++ b/pymysql/converters.py
-@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):
- 
- 
- def escape_dict(val, charset, mapping=None):
-    n = {}
-    for k, v in val.items():
-        quoted = escape_item(v, charset, mapping)
-        n[k] = quoted
-    return n
-+    raise TypeError("dict can not be used as parameter")
- 
- 
- def escape_sequence(val, charset, mapping=None):
--- a/SPECS/python3.11-PyMySQL.spec
+++ b/SPECS/python3.11-PyMySQL.spec
@ -5,18 +5,13 @@

 Name:           python%{python3_pkgversion}-%{pypi_name}
 Version:        1.0.2
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        Pure-Python MySQL client library

 License:        MIT
 URL:            https://pypi.python.org/pypi/%{pypi_name}/
 Source0:        %pypi_source

-# Security fix for CVE-2024-36039: SQL injection if used with untrusted JSON input
-# Resolved upstream: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
-# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2282821
-Patch0:         CVE-2024-36039.patch
-
 BuildArch:      noarch


@ -38,7 +33,7 @@ and Jython.


 %prep
-%autosetup -n %{pypi_name}-%{version} -p1
+%setup -qn %{pypi_name}-%{version}
 rm -rf %{pypi_name}.egg-info
 # Remove tests files so they are not installed globally.
 rm -rf tests
@ -63,9 +58,8 @@ rm -rf tests
 %{python3_sitelib}/pymysql/

 %changelog
-* Fri May 31 2024 Charalampos Stratakis <cstratak@redhat.com> - 1.0.2-2
- Security fix for CVE-2024-36039
-Resolves: RHEL-38370
+* Wed May 24 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.0.2-1
+- Rebuilt for MSVSphere 9.2

 * Wed Nov 30 2022 Charalampos Stratakis <cstratak@redhat.com> - 1.0.2-1
 - Initial package