File: 0001-Regex-DOS-fixes.patch

package info (click to toggle)
python-markdown2 2.3.10-1.1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 2,280 kB
  • sloc: python: 2,897; makefile: 35; sh: 6
file content (57 lines) | stat: -rw-r--r-- 2,437 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
From: Nicholas Serra <nickserra@gmail.com>
Date: Wed, 20 Jan 2021 17:23:21 -0500
Subject: [1/3] Regex DOS fixes
Origin: https://github.com/trentm/python-markdown2/commit/96dff22341489459c8cb832fdfd066a588ec23bf
Bug: https://github.com/trentm/python-markdown2/pull/387
Bug-Debian: https://bugs.debian.org/984668
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-26813

---
 lib/markdown2.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/markdown2.py b/lib/markdown2.py
index bb5260bef210..f3e41cc19d13 100755
--- a/lib/markdown2.py
+++ b/lib/markdown2.py
@@ -532,7 +532,7 @@ class Markdown(object):
 
         return tail
 
-    _emacs_oneliner_vars_pat = re.compile(r"-\*-\s*([^\r\n]*?)\s*-\*-", re.UNICODE)
+    _emacs_oneliner_vars_pat = re.compile(r"-\*-\s*(?:(\S[^\r\n]*?)([\r\n]\s*)?)?-\*-", re.UNICODE)
     # This regular expression is intended to match blocks like this:
     #    PREFIX Local Variables: SUFFIX
     #    PREFIX mode: Tcl SUFFIX
@@ -892,8 +892,8 @@ class Markdown(object):
         '''
         # First pass to define all the references
         self.regex_defns = re.compile(r'''
-            \[\#(\w+)\s* # the counter.  Open square plus hash plus a word \1
-            ([^@]*)\s*   # Some optional characters, that aren't an @. \2
+            \[\#(\w+) # the counter.  Open square plus hash plus a word \1
+            ([^@]*)   # Some optional characters, that aren't an @. \2
             @(\w+)       # the id.  Should this be normed? \3
             ([^\]]*)\]   # The rest of the text up to the terminating ] \4
             ''', re.VERBOSE)
@@ -908,7 +908,7 @@ class Markdown(object):
             if len(match.groups()) != 4:
                 continue
             counter = match.group(1)
-            text_before = match.group(2)
+            text_before = match.group(2).strip()
             ref_id = match.group(3)
             text_after = match.group(4)
             number = counters.get(counter, 1)
@@ -1926,7 +1926,7 @@ class Markdown(object):
 
     _fenced_code_block_re = re.compile(r'''
         (?:\n+|\A\n?)
-        ^```\s*?([\w+-]+)?\s*?\n    # opening fence, $1 = optional lang
+        ^```\s{0,2}([\w+-]+)?\s*?\n     # opening fence, $1 = optional lang
         (.*?)                       # $2 = code block content
         ^```[ \t]*\n                # closing fence
         ''', re.M | re.X | re.S)
-- 
2.32.0.rc0