mirror of
https://github.com/gentoo-mirror/gentoo.git
synced 2026-01-06 02:17:34 -08:00
dev-python/js2py: revbump to 0.74-r1
These changes:
- fix CVE-2024-28397
- fix ignoring of test failures
- restrict the test feature since
multiple tests are broken
Bug: https://bugs.gentoo.org/831356
Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/37285
Signed-off-by: Maciej Barć <xgqt@gentoo.org>
This commit is contained in:
Aliaksei Urbanski
Maciej Barć
parent
cdab26dbef
commit
2a103afad6
21
dev-python/js2py/files/js2py-0.74-CVE-2024-28397.patch
Normal file
21
dev-python/js2py/files/js2py-0.74-CVE-2024-28397.patch
Normal file
@ -0,0 +1,21 @@
|
||||
# https://nvd.nist.gov/vuln/detail/CVE-2024-28397
|
||||
# https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape/blob/main/patch.txt
|
||||
# https://github.com/PiotrDabkowski/Js2Py/pull/323
|
||||
# https://github.com/Marven11/Js2Py/commit/56e244eb
|
||||
|
||||
Author: Marven11 <110723864+Marven11@users.noreply.github.com>
|
||||
Date: Fri, 1 Mar 2024 12:53:58 +0800
|
||||
|
||||
diff --git a/js2py/constructors/jsobject.py b/js2py/constructors/jsobject.py
|
||||
index c4e0ada3..b1806ea6 100644
|
||||
--- a/js2py/constructors/jsobject.py
|
||||
+++ b/js2py/constructors/jsobject.py
|
||||
@@ -49,7 +49,7 @@ def getOwnPropertyNames(obj):
|
||||
raise MakeError(
|
||||
'TypeError',
|
||||
'Object.getOwnPropertyDescriptor called on non-object')
|
||||
- return obj.own.keys()
|
||||
+ return list(obj.own.keys())
|
||||
|
||||
def create(obj):
|
||||
if not (obj.is_object() or obj.is_null()):
|
||||
@ -1,4 +1,4 @@
|
||||
# Copyright 1999-2023 Gentoo Authors
|
||||
# Copyright 1999-2024 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=8
|
||||
@ -6,18 +6,19 @@ EAPI=8
|
||||
DISTUTILS_USE_PEP517=setuptools
|
||||
PYPI_NO_NORMALIZE=1
|
||||
PYPI_PN="Js2Py"
|
||||
PYTHON_COMPAT=( python3_{9..11} )
|
||||
PYTHON_COMPAT=( python3_{10..11} )
|
||||
|
||||
inherit distutils-r1 pypi
|
||||
|
||||
DESCRIPTION="JavaScript to Python Translator & JavaScript interpreter in Python"
|
||||
HOMEPAGE="http://piter.io/projects/js2py/
|
||||
https://github.com/PiotrDabkowski/Js2Py/
|
||||
HOMEPAGE="http://piter.io/projects/js2py
|
||||
https://github.com/PiotrDabkowski/Js2Py
|
||||
https://pypi.org/project/Js2Py/"
|
||||
|
||||
LICENSE="MIT"
|
||||
SLOT="0"
|
||||
KEYWORDS="amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc x86"
|
||||
RESTRICT="test"
|
||||
|
||||
RDEPEND="
|
||||
>=dev-python/pyjsparser-2.5.1[${PYTHON_USEDEP}]
|
||||
@ -25,15 +26,20 @@ RDEPEND="
|
||||
>=dev-python/six-1.10.0[${PYTHON_USEDEP}]
|
||||
"
|
||||
|
||||
PATCHES=(
|
||||
"${FILESDIR}"/${P}-CVE-2024-28397.patch
|
||||
)
|
||||
|
||||
python_test() {
|
||||
pushd ./tests >/dev/null || die
|
||||
|
||||
# Tests require "node_failed.txt" file where the logs are kept
|
||||
if [[ -f ./node_failed.txt ]] ; then
|
||||
rm ./node_failed.txt || die
|
||||
fi
|
||||
|
||||
# run.py requires "node_failed.txt" file
|
||||
touch ./node_failed.txt || die
|
||||
|
||||
# https://bugs.gentoo.org/831356
|
||||
# make run.py return a non-zero exit code if any test failed
|
||||
echo 'sys.exit(len(FAILING))' >> ./run.py || die
|
||||
|
||||
"${EPYTHON}" ./run.py || die "tests failed with ${EPYTHON}"
|
||||
|
||||
popd >/dev/null || die
|
||||
Loading…
x
Reference in New Issue
Block a user