packages/python-jinja2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:4b1ac6781964f2d19f3e549d6e12b2ba15434f3b
Branches Tags
packages:main
..
compare: packages:45584d7d87e4364998d0344b312dfc017b2cfb88
Branches Tags
packages:main

No commits in common. "4b1ac6781964f2d19f3e549d6e12b2ba15434f3b" and "45584d7d87e4364998d0344b312dfc017b2cfb88" have entirely different histories.
4b1ac67819 ... 45584d7d87

7 changed files with 4 additions and 530 deletions
Show Stats Expand all files Collapse all files

6
backport-CVE-2024-22195.patch
View File

@ -18,7 +18,7 @@ index 9741567..3230539 100644
"""Convert a value to lowercase.""" """Convert a value to lowercase."""
return soft_unicode(s).lower() return soft_unicode(s).lower()
+_space_re = re.compile(r"\s", re.U) +_space_re = re.compile(r"\s", flags=re.ASCII)
@evalcontextfilter @evalcontextfilter
def do_xmlattr(_eval_ctx, d, autospace=True): def do_xmlattr(_eval_ctx, d, autospace=True):
@ -51,9 +51,9 @@ index 9741567..3230539 100644
+ continue + continue
+ +
+ if _space_re.search(key) is not None: + if _space_re.search(key) is not None:
+ raise ValueError("Spaces are not allowed in attributes: {}".format(key)) + raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
+ +
+ items.append('{}="{}"'.format(escape(key), escape(value))) + items.append(f'{escape(key)}="{escape(value)}"')
+ +
+ rv = " ".join(items) + rv = " ".join(items)
if autospace and rv: if autospace and rv:

109
backport-CVE-2024-34064.patch
View File

@ -1,109 +0,0 @@
From 0668239dc6b44ef38e7a6c9f91f312fd4ca581cb Mon Sep 17 00:00:00 2001
From: David Lord <davidism@gmail.com>
Date: Thu, 2 May 2024 09:14:00 -0700
Subject: [PATCH] disallow invalid characters in keys to xmlattr filter
Reference:https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
Conflict:NA
---
Jinja2-2.11.2/CHANGES.rst | 6 ++++++
Jinja2-2.11.2/src/jinja2/filters.py | 23 ++++++++++++++++++-----
Jinja2-2.11.2/tests/test_filters.py | 11 ++++++-----
3 files changed, 30 insertions(+), 10 deletions(-)
diff --git a/Jinja2-2.11.2/CHANGES.rst b/Jinja2-2.11.2/CHANGES.rst
index 6dfe912..2c7614b 100644
--- a/Jinja2-2.11.2/CHANGES.rst
+++ b/Jinja2-2.11.2/CHANGES.rst
@@ -1,5 +1,11 @@
.. currentmodule:: jinja2
+- The ``xmlattr`` filter does not allow keys with ``/`` solidus, ``>``
+ greater-than sign, or ``=`` equals sign, in addition to disallowing spaces.
+ Regardless of any validation done by Jinja, user input should never be used
+ as keys to this filter, or must be separately validated first.
+ GHSA-h75v-3vvj-5mfj
+
Version 2.11.3
--------------
diff --git a/Jinja2-2.11.2/src/jinja2/filters.py b/Jinja2-2.11.2/src/jinja2/filters.py
index eed8d8b..92592dc 100644
--- a/Jinja2-2.11.2/src/jinja2/filters.py
+++ b/Jinja2-2.11.2/src/jinja2/filters.py
@@ -204,15 +204,24 @@ def do_lower(s):
"""Convert a value to lowercase."""
return soft_unicode(s).lower()
-_space_re = re.compile(r"\s", re.U)
+
+# Check for characters that would move the parser state from key to value.
+# https://html.spec.whatwg.org/#attribute-name-state
+_attr_key_re = re.compile(r"[\s/>=]", flags=re.U)
@evalcontextfilter
def do_xmlattr(_eval_ctx, d, autospace=True):
"""Create an SGML/XML attribute string based on the items in a dict.
All values that are neither `none` nor `undefined` are automatically
escaped:
- If any key contains a space, this fails with a ``ValueError``. Values that
- are neither ``none`` nor ``undefined`` are automatically escaped.
+ **Values** that are neither ``none`` nor ``undefined`` are automatically
+ escaped, safely allowing untrusted user input.
+
+ User input should not be used as **keys** to this filter. If any key
+ contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
+ sign, this fails with a ``ValueError``. Regardless of this, user input
+ should never be used as keys to this filter, or must be separately validated
+ first.
.. sourcecode:: html+jinja
<ul{{ {'class': 'my_list', 'missing': none,
@@ -231,6 +240,10 @@ def do_xmlattr(_eval_ctx, d, autospace=True):
As you can see it automatically prepends a space in front of the item
if the filter returned something unless the second parameter is false.
+ .. versionchanged:: 3.1.4
+ Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
+ are not allowed.
+
.. versionchanged:: 3.1.3
Keys with spaces are not allowed.
"""
@@ -240,8 +253,8 @@ def do_xmlattr(_eval_ctx, d, autospace=True):
if value is None or isinstance(value, Undefined):
continue
- if _space_re.search(key) is not None:
- raise ValueError("Spaces are not allowed in attributes: {}".format(key))
+ if _attr_key_re.search(key) is not None:
+ raise ValueError("Invalid character in attribute name: {!r}".format(key))
items.append('{}="{}"'.format(escape(key), escape(value)))
diff --git a/Jinja2-2.11.2/tests/test_filters.py b/Jinja2-2.11.2/tests/test_filters.py
index 6e697f3..c34dd9d 100644
--- a/Jinja2-2.11.2/tests/test_filters.py
+++ b/Jinja2-2.11.2/tests/test_filters.py
@@ -440,11 +440,12 @@ class TestFilter(object):
assert 'bar="23"' in out
assert 'blub:blub="&lt;?&gt;"' in out
- def test_xmlattr_key_with_spaces(self, env):
- with pytest.raises(ValueError, match="Spaces are not allowed"):
- env.from_string(
- "{{ {'src=1 onerror=alert(1)': 'my_class'}|xmlattr }}"
- ).render()
+ @pytest.mark.parametrize("sep", ("\t", "\n", "\f", " ", "/", ">", "="))
+ def test_xmlattr_key_invalid(self, env, sep):
+ with pytest.raises(ValueError, match="Invalid character"):
+ env.from_string("{{ {key: 'my_class'}|xmlattr }}").render(
+ key="class{}onclick=alert(1)".format(sep)
+ )
def test_sort1(self, env):
tmpl = env.from_string("{{ [2, 3, 1]|sort }}|{{ [2, 3, 1]|sort(true) }}")
--
2.33.0

81
backport-CVE-2024-56201.patch
View File

@ -1,81 +0,0 @@
From 56a724644b1ad9cb03745c10cca732715cdc79e9 Mon Sep 17 00:00:00 2001
From: Sigurd Spieckermann <sigurd.spieckermann@gmail.com>
Date: Fri, 26 May 2023 14:32:36 +0200
Subject: [PATCH] fix f-string syntax error in code generation
Reference:https://github.com/pallets/jinja/commit/56a724644b1ad9cb03745c10cca732715cdc79e9
---
Jinja2-2.11.2/CHANGES.rst | 3 +++
Jinja2-2.11.2/src/jinja2/compiler.py | 7 ++++++-
Jinja2-2.11.2/tests/test_compile.py | 20 ++++++++++++++++++++
3 files changed, 29 insertions(+), 1 deletion(-)
create mode 100644 Jinja2-2.11.2/tests/test_compile.py
diff --git a/Jinja2-2.11.2/CHANGES.rst b/Jinja2-2.11.2/CHANGES.rst
index 2c7614b..6ef2d3d 100644
--- a/Jinja2-2.11.2/CHANGES.rst
+++ b/Jinja2-2.11.2/CHANGES.rst
@@ -1,5 +1,8 @@
.. currentmodule:: jinja2
+- Escape template name before formatting it into error messages, to avoid
+ issues with names that contain f-string syntax.
+ :issue:`1792`, :ghsa:`gmj6-6f8f-6699`
- The ``xmlattr`` filter does not allow keys with ``/`` solidus, ``>``
greater-than sign, or ``=`` equals sign, in addition to disallowing spaces.
Regardless of any validation done by Jinja, user input should never be used
diff --git a/Jinja2-2.11.2/src/jinja2/compiler.py b/Jinja2-2.11.2/src/jinja2/compiler.py
index 63297b4..3d6e3d7 100644
--- a/Jinja2-2.11.2/src/jinja2/compiler.py
+++ b/Jinja2-2.11.2/src/jinja2/compiler.py
@@ -1034,6 +1034,11 @@ class CodeGenerator(NodeVisitor):
)
self.writeline("if %s is missing:" % frame.symbols.ref(alias))
self.indent()
+ # The position will contain the template name, and will be formatted
+ # into a string that will be compiled into an f-string. Curly braces
+ # in the name must be replaced with escapes so that they will not be
+ # executed as part of the f-string.
+ position = self.position(node).replace("{", "{{").replace("}", "}}")
self.writeline(
"%s = undefined(%r %% "
"included_template.__name__, "
@@ -1042,7 +1047,7 @@ class CodeGenerator(NodeVisitor):
frame.symbols.ref(alias),
"the template %%r (imported on %s) does "
"not export the requested name %s"
- % (self.position(node), repr(name)),
+ % (position, repr(name)),
name,
)
)
diff --git a/Jinja2-2.11.2/tests/test_compile.py b/Jinja2-2.11.2/tests/test_compile.py
new file mode 100644
index 0000000..12ce0e7
--- /dev/null
+++ b/Jinja2-2.11.2/tests/test_compile.py
@@ -0,0 +1,20 @@
+import pytest
+
+from jinja2 import UndefinedError
+from jinja2.environment import Environment
+from jinja2.loaders import DictLoader
+
+def test_undefined_import_curly_name():
+ env = Environment(
+ loader=DictLoader(
+ {
+ "{bad}": "{% from 'macro' import m %}{{ m() }}",
+ "macro": "",
+ }
+ )
+ )
+
+ # Must not raise `NameError: 'bad' is not defined`, as that would indicate
+ # that `{bad}` is being interpreted as an f-string. It must be escaped.
+ with pytest.raises(UndefinedError):
+ env.get_template("{bad}").render()
--
2.33.0

73
backport-CVE-2024-56326-2.patch
View File

@ -1,73 +0,0 @@
From 98b40f8dd96cf4f2997e7dc935d2fe7b9efd24ab Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Sun, 15 Dec 2024 07:14:04 +0800
Subject: [PATCH] fix CVE-2024-56326
---
Jinja2-2.11.2/src/jinja2/sandbox.py | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/Jinja2-2.11.2/src/jinja2/sandbox.py b/Jinja2-2.11.2/src/jinja2/sandbox.py
index 3f78075..4ddd50a 100644
--- a/Jinja2-2.11.2/src/jinja2/sandbox.py
+++ b/Jinja2-2.11.2/src/jinja2/sandbox.py
@@ -423,25 +423,24 @@ class SandboxedEnvironment(Environment):
exc=SecurityError,
)
- def wrap_str_format(self, value: t.Any) -> t.Optional[t.Callable[..., str]]:
+ def wrap_str_format(self, value):
"""If the given value is a ``str.format`` or ``str.format_map`` method,
- return a new function than handles sandboxing. This is done at access
+ return a new function that handles sandboxing. This is done at access
rather than in :meth:`call`, so that calls made without ``call`` are
also sandboxed.
"""
- if not isinstance(
- value, (types.MethodType, types.BuiltinMethodType)
- ) or value.__name__ not in ("format", "format_map"):
+ if not isinstance(value, (types.MethodType, types.BuiltinMethodType)) or value.__name__ not in ("format", "format_map"):
return None
- f_self: t.Any = value.__self__
+ f_self = value.__self__
if not isinstance(f_self, str):
return None
- str_type: t.Type[str] = type(f_self)
+ str_type = type(f_self)
is_format_map = value.__name__ == "format_map"
- formatter: SandboxedFormatter
+ formatter = None
+
if isinstance(f_self, Markup):
formatter = SandboxedEscapeFormatter(self, escape=f_self.escape)
else:
@@ -449,20 +448,20 @@ class SandboxedEnvironment(Environment):
vformat = formatter.vformat
- def wrapper(*args: t.Any, **kwargs: t.Any) -> str:
+ def wrapper(*args, **kwargs):
if is_format_map:
if kwargs:
raise TypeError("format_map() takes no keyword arguments")
if len(args) != 1:
raise TypeError(
- f"format_map() takes exactly one argument ({len(args)} given)"
+ "format_map() takes exactly one argument ({0} given)".format(len(args))
)
kwargs = args[0]
args = ()
- return str_type(vformat(f_self, args, kwargs))
+ return str_type(vformat(f_self, args, kwargs))
return update_wrapper(wrapper, value)
--
2.43.0

31
backport-CVE-2024-56326-3.patch
View File

@ -1,31 +0,0 @@
From b23759fa6498f200f7557d40264515d8cf41cb1d Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Sun, 15 Dec 2024 11:59:30 +0800
Subject: [PATCH] fix CVE-2024-56326
---
Jinja2-2.11.2/tests/test_security.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Jinja2-2.11.2/tests/test_security.py b/Jinja2-2.11.2/tests/test_security.py
index 2e2af69..0d3e60c 100644
--- a/Jinja2-2.11.2/tests/test_security.py
+++ b/Jinja2-2.11.2/tests/test_security.py
@@ -179,12 +179,12 @@ class TestStringFormat(object):
def test_safe_format_safety(self):
env = SandboxedEnvironment()
- t = env.from_string('{{ ("a{0.__class__}b{1}"|safe).format(42, "<foo>") }}')
+ t = env.from_string('{{ ("a{0}b{1}"|safe).format("", "<foo>") }}')
assert t.render() == "ab&lt;foo&gt;"
def test_safe_format_all_okay(self):
env = SandboxedEnvironment()
- t = env.from_string('{{ ("a{0.foo}b{1}"|safe).format({"foo": 42}, "<foo>") }}')
+ t = env.from_string('{{ ("a{0[foo]}b{1}"|safe).format({"foo": 42}, "<foo>") }}')
assert t.render() == "a42b&lt;foo&gt;"
--
2.43.0

157
backport-CVE-2024-56326.patch
View File

@ -1,157 +0,0 @@
From 91a972f5808973cd441f4dc06873b2f8378f30c7 Mon Sep 17 00:00:00 2001
From: Lydxn <hlyndon20@gmail.com>
Date: Mon, 23 Sep 2024 15:09:10 -0700
Subject: [PATCH] sandbox indirect calls to str.format
---
Jinja2-2.11.2/src/jinja2/sandbox.py | 72 +++++++++++++++++-----------
Jinja2-2.11.2/tests/test_security.py | 17 +++++++
2 files changed, 60 insertions(+), 29 deletions(-)
diff --git a/Jinja2-2.11.2/src/jinja2/sandbox.py b/Jinja2-2.11.2/src/jinja2/sandbox.py
index cfd7993..3f78075 100644
--- a/Jinja2-2.11.2/src/jinja2/sandbox.py
+++ b/Jinja2-2.11.2/src/jinja2/sandbox.py
@@ -6,6 +6,7 @@ import operator
import types
import warnings
from collections import deque
+from functools import update_wrapper
from string import Formatter
from markupsafe import EscapeFormatter
@@ -153,16 +154,6 @@ class _MagicFormatMapping(abc.Mapping):
return len(self._kwargs)
-def inspect_format_method(callable):
- if not isinstance(
- callable, (types.MethodType, types.BuiltinMethodType)
- ) or callable.__name__ not in ("format", "format_map"):
- return None
- obj = callable.__self__
- if isinstance(obj, string_types):
- return obj
-
-
def safe_range(*args):
"""A range that can't generate ranges with a length of more than
MAX_RANGE items.
@@ -394,6 +385,9 @@ class SandboxedEnvironment(Environment):
except AttributeError:
pass
else:
+ fmt = self.wrap_str_format(value)
+ if fmt is not None:
+ return fmt
if self.is_safe_attribute(obj, argument, value):
return value
return self.unsafe_undefined(obj, argument)
@@ -411,6 +405,9 @@ class SandboxedEnvironment(Environment):
except (TypeError, LookupError):
pass
else:
+ fmt = self.wrap_str_format(value)
+ if fmt is not None:
+ return fmt
if self.is_safe_attribute(obj, attribute, value):
return value
return self.unsafe_undefined(obj, attribute)
@@ -426,34 +423,51 @@ class SandboxedEnvironment(Environment):
exc=SecurityError,
)
- def format_string(self, s, args, kwargs, format_func=None):
- """If a format call is detected, then this is routed through this
- method so that our safety sandbox can be used for it.
+ def wrap_str_format(self, value: t.Any) -> t.Optional[t.Callable[..., str]]:
+ """If the given value is a ``str.format`` or ``str.format_map`` method,
+ return a new function than handles sandboxing. This is done at access
+ rather than in :meth:`call`, so that calls made without ``call`` are
+ also sandboxed.
"""
- if isinstance(s, Markup):
- formatter = SandboxedEscapeFormatter(self, s.escape)
+ if not isinstance(
+ value, (types.MethodType, types.BuiltinMethodType)
+ ) or value.__name__ not in ("format", "format_map"):
+ return None
+
+ f_self: t.Any = value.__self__
+
+ if not isinstance(f_self, str):
+ return None
+
+ str_type: t.Type[str] = type(f_self)
+ is_format_map = value.__name__ == "format_map"
+ formatter: SandboxedFormatter
+ if isinstance(f_self, Markup):
+ formatter = SandboxedEscapeFormatter(self, escape=f_self.escape)
else:
formatter = SandboxedFormatter(self)
- if format_func is not None and format_func.__name__ == "format_map":
- if len(args) != 1 or kwargs:
- raise TypeError(
- "format_map() takes exactly one argument %d given"
- % (len(args) + (kwargs is not None))
- )
+ vformat = formatter.vformat
+
+ def wrapper(*args: t.Any, **kwargs: t.Any) -> str:
+ if is_format_map:
+ if kwargs:
+ raise TypeError("format_map() takes no keyword arguments")
+
+ if len(args) != 1:
+ raise TypeError(
+ f"format_map() takes exactly one argument ({len(args)} given)"
+ )
+
+ kwargs = args[0]
+ args = ()
+ return str_type(vformat(f_self, args, kwargs))
- kwargs = args[0]
- args = None
- kwargs = _MagicFormatMapping(args, kwargs)
- rv = formatter.vformat(s, args, kwargs)
- return type(s)(rv)
+ return update_wrapper(wrapper, value)
def call(__self, __context, __obj, *args, **kwargs): # noqa: B902
"""Call an object from sandboxed code."""
- fmt = inspect_format_method(__obj)
- if fmt is not None:
- return __self.format_string(fmt, args, kwargs, __obj)
# the double prefixes are to avoid double keyword argument
# errors when proxying the call.
diff --git a/Jinja2-2.11.2/tests/test_security.py b/Jinja2-2.11.2/tests/test_security.py
index 7e8974c..2e2af69 100644
--- a/Jinja2-2.11.2/tests/test_security.py
+++ b/Jinja2-2.11.2/tests/test_security.py
@@ -208,3 +208,20 @@ class TestStringFormatMap(object):
'{{ ("a{x.foo}b{y}"|safe).format_map({"x":{"foo": 42}, "y":"<foo>"}) }}'
)
assert t.render() == "a42b&lt;foo&gt;"
+
+ def test_indirect_call(self):
+ def run(value, arg):
+ return value.run(arg)
+
+ env = SandboxedEnvironment()
+ env.filters["run"] = run
+ t = env.from_string(
+ """{% set
+ ns = namespace(run="{0.__call__.__builtins__[__import__]}".format)
+ %}
+ {{ ns | run(not_here) }}
+ """
+ )
+
+ with pytest.raises(SecurityError):
+ t.render()
--
2.43.0

77
python-jinja2.spec
View File

@ -2,7 +2,7 @@
Name: python-jinja2 Name: python-jinja2
Version: 2.11.2 Version: 2.11.2
Release: 9 Release: 4
Summary: A full-featured template engine for Python Summary: A full-featured template engine for Python
License: BSD License: BSD
URL: http://jinja.pocoo.org/ URL: http://jinja.pocoo.org/
@ -10,13 +10,8 @@ Source0: https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-%
Patch6000: backport-CVE-2020-28493.patch Patch6000: backport-CVE-2020-28493.patch
Patch6001: backport-CVE-2024-22195.patch Patch6001: backport-CVE-2024-22195.patch
Patch6002: backport-CVE-2024-34064.patch
Patch9000: huawei-replace-instances-of-the-older-style-tmpdir-fixture.patch Patch9000: huawei-replace-instances-of-the-older-style-tmpdir-fixture.patch
Patch9001: backport-CVE-2024-56326.patch
Patch9002: backport-CVE-2024-56326-2.patch
Patch9003: backport-CVE-2024-56326-3.patch
Patch9004: backport-CVE-2024-56201.patch
BuildArch: noarch BuildArch: noarch
@ -26,19 +21,6 @@ templating system but extends it with an expressive language that gives template
a more powerful set of tools. On top of that it adds sandboxed execution and optional a more powerful set of tools. On top of that it adds sandboxed execution and optional
automatic escaping for applications where security is important. automatic escaping for applications where security is important.
%if %{with python2}
%package -n python2-jinja2
Summary: General purpose template engine for python2
BuildRequires: python2-markupsafe python2-babel
BuildRequires: python2-pytest python2-devel python2-setuptools
Requires: python2-babel python2-markupsafe python2-setuptools
%{?python_provide:%python_provide python2-jinja2}
%description -n python2-jinja2
This package is the python2 version of python-jinja2.
%endif
%package -n python3-jinja2 %package -n python3-jinja2
Summary: General purpose template engine for python3 Summary: General purpose template engine for python3
@ -61,49 +43,22 @@ sed -i 's|\r$||g' Jinja2-%{version}/LICENSE.rst
cp -a Jinja2-%{version} python3 cp -a Jinja2-%{version} python3
%build %build
%if %{with python2}
pushd Jinja2-%{version}
%py2_build
popd
%endif
pushd python3 pushd python3
%py3_build %py3_build
popd popd
%install %install
%if %{with python2}
pushd Jinja2-%{version}
%py2_install
#valid on python above 3.6, if not removed, installation will fail
rm %{buildroot}%{python2_sitelib}/jinja2/asyncsupport.py
rm %{buildroot}%{python2_sitelib}/jinja2/asyncfilters.py
popd
%endif
pushd python3 pushd python3
%py3_install %py3_install
popd popd
%check %check
%if %{with python2}
pushd Jinja2-%{version}
PYTHONPATH=$(pwd)/src %{__python2} -m pytest tests
popd
%endif
pushd python3 pushd python3
PYTHONPATH=$(pwd)/src %{__python3} -m pytest tests PYTHONPATH=$(pwd)/src %{__python3} -m pytest tests
popd popd
%if %{with python2}
%files -n python2-jinja2
%license Jinja2-%{version}/LICENSE.rst
%{python2_sitelib}/jinja2
%{python2_sitelib}/Jinja2*-info
%endif
%files -n python3-jinja2 %files -n python3-jinja2
%license Jinja2-%{version}/LICENSE.rst %license Jinja2-%{version}/LICENSE.rst
%{python3_sitelib}/jinja2 %{python3_sitelib}/jinja2
@ -114,36 +69,6 @@ popd
%doc Jinja2-%{version}/ext Jinja2-%{version}/examples %doc Jinja2-%{version}/ext Jinja2-%{version}/examples
%changelog %changelog
* Thu Dec 26 2024 weihaohao <weihaohao2@huawei.com> - 2.11.2-9
Type:CVE
CVE:CVE-2024-56201
SUG:NA
DESC:fix CVE-2024-56201
* Wed Dec 25 2024 changtao <changtao@kylinos.cn> - 2.11.2-8
Type:CVE
CVE:CVE-2024-56326
SUG:NA
DESC:fix CVE-2024-56326
* Fri May 10 2024 weihaohao <weihaohao2@huawei.com> - 2.11.2-7
Type:CVE
CVE:CVE-2024-34064
SUG:NA
DESC:fix CVE-2024-34064
* Fri Jan 26 2024 zhuofeng <zhuofeng2@huawei.com> - 2.11.2-6
Type:bugfix
CVE:NA
SUG:NA
DESC:make the test check and adapt python2 grammer
* Thu Jan 25 2024 zhuofeng <zhuofeng2@huawei.com> - 2.11.2-5
Type:bugfix
CVE:NA
SUG:NA
DESC:add python2 and adpat python2
* Mon Jan 22 2024 weihaohao <weihaohao2@huawei.com> - 2.11.2-4 * Mon Jan 22 2024 weihaohao <weihaohao2@huawei.com> - 2.11.2-4
Type:CVE Type:CVE
CVE:CVE-2024-22195 CVE:CVE-2024-22195