import python3.12-PyMySQL-1.1.0-3.el9

i9c-beta changed/i9c-beta/python3.12-PyMySQL-1.1.0-3.el9
MSVSphere Packaging Team 1 month ago
parent b5c490bc5e
commit ba24651ebb
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

@ -0,0 +1,17 @@
diff --git a/pymysql/converters.py b/pymysql/converters.py
index 1adac75..dbf97ca 100644
--- a/pymysql/converters.py
+++ b/pymysql/converters.py
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):
def escape_dict(val, charset, mapping=None):
- n = {}
- for k, v in val.items():
- quoted = escape_item(v, charset, mapping)
- n[k] = quoted
- return n
+ raise TypeError("dict can not be used as parameter")
def escape_sequence(val, charset, mapping=None):

@ -5,7 +5,7 @@
Name: python%{python3_pkgversion}-%{pypi_name} Name: python%{python3_pkgversion}-%{pypi_name}
Version: 1.1.0 Version: 1.1.0
Release: 2%{?dist} Release: 3%{?dist}
Summary: Pure-Python MySQL client library Summary: Pure-Python MySQL client library
License: MIT License: MIT
@ -13,6 +13,11 @@ URL: https://pypi.python.org/pypi/%{pypi_name}/
Source0: %pypi_source Source0: %pypi_source
Source1: setup.py Source1: setup.py
# Security fix for CVE-2024-36039: SQL injection if used with untrusted JSON input
# Resolved upstream: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2282821
Patch0: CVE-2024-36039.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-devel
@ -35,7 +40,7 @@ and Jython.
%prep %prep
%setup -qn %{pypi_name}-%{version} %autosetup -n %{pypi_name}-%{version} -p1
rm -rf %{pypi_name}.egg-info rm -rf %{pypi_name}.egg-info
# Remove tests files so they are not installed globally. # Remove tests files so they are not installed globally.
rm -rf tests rm -rf tests
@ -62,6 +67,10 @@ cp %{SOURCE1} .
%{python3_sitelib}/pymysql/ %{python3_sitelib}/pymysql/
%changelog %changelog
* Fri May 31 2024 Charalampos Stratakis <cstratak@redhat.com> - 1.1.0-3
- Security fix for CVE-2024-36039
Resolves: RHEL-38371
* Thu Mar 28 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.1.0-2 * Thu Mar 28 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.1.0-2
- Rebuilt for MSVSphere 9.4 beta - Rebuilt for MSVSphere 9.4 beta

Loading…
Cancel
Save