!25 convert format for CVE
Merge pull request !25 from tianwei/openEuler-20.03-LTS
This commit is contained in:
openeuler-ci-bot
Gitee
commit
8dea70d6b4
@ -1,89 +1,89 @@
|
|||||||
From 7c1b25f7c1e9381fa4b96b4fc489e4bbbe065f02 Mon Sep 17 00:00:00 2001
|
From 7c1b25f7c1e9381fa4b96b4fc489e4bbbe065f02 Mon Sep 17 00:00:00 2001
|
||||||
From: JunWei Song <sungboss2004@gmail.com>
|
From: JunWei Song <sungboss2004@gmail.com>
|
||||||
Date: Wed, 11 Sep 2019 23:04:12 +0800
|
Date: Wed, 11 Sep 2019 23:04:12 +0800
|
||||||
Subject: [PATCH] bpo-36260: Add pitfalls to zipfile module documentation
|
Subject: [PATCH] bpo-36260: Add pitfalls to zipfile module documentation
|
||||||
(#13378)
|
(#13378)
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
* bpo-36260: Add pitfalls to zipfile module documentation
|
* bpo-36260: Add pitfalls to zipfile module documentation
|
||||||
|
|
||||||
We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file.
|
We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file.
|
||||||
This gave us the idea of documentation improvement.
|
This gave us the idea of documentation improvement.
|
||||||
|
|
||||||
So, we moved a little bit forward :P
|
So, we moved a little bit forward :P
|
||||||
And the doc patch can be found (pr).
|
And the doc patch can be found (pr).
|
||||||
|
|
||||||
* fix trailing whitespace
|
* fix trailing whitespace
|
||||||
|
|
||||||
* 📜 🤖 Added by blurb_it.
|
* 📜 🤖 Added by blurb_it.
|
||||||
|
|
||||||
* Reformat text for consistency.
|
* Reformat text for consistency.
|
||||||
|
|
||||||
---
|
---
|
||||||
Doc/library/zipfile.rst | 40 +++++++++++++++++++
|
Doc/library/zipfile.rst | 40 +++++++++++++++++++
|
||||||
.../2019-06-04-09-29-00.bpo-36260.WrGuc-.rst | 1 +
|
.../2019-06-04-09-29-00.bpo-36260.WrGuc-.rst | 1 +
|
||||||
2 files changed, 41 insertions(+)
|
2 files changed, 41 insertions(+)
|
||||||
create mode 100644 Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
|
create mode 100644 Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
|
||||||
|
|
||||||
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst
|
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst
|
||||||
index 6fb03a0..6fa0a28 100644
|
index 6fb03a0..6fa0a28 100644
|
||||||
--- a/Doc/library/zipfile.rst
|
--- a/Doc/library/zipfile.rst
|
||||||
+++ b/Doc/library/zipfile.rst
|
+++ b/Doc/library/zipfile.rst
|
||||||
@@ -730,5 +730,45 @@ Command-line options
|
@@ -730,5 +730,45 @@ Command-line options
|
||||||
|
|
||||||
Test whether the zipfile is valid or not.
|
Test whether the zipfile is valid or not.
|
||||||
|
|
||||||
+Decompression pitfalls
|
+Decompression pitfalls
|
||||||
+----------------------
|
+----------------------
|
||||||
+
|
+
|
||||||
+The extraction in zipfile module might fail due to some pitfalls listed below.
|
+The extraction in zipfile module might fail due to some pitfalls listed below.
|
||||||
+
|
+
|
||||||
+From file itself
|
+From file itself
|
||||||
+~~~~~~~~~~~~~~~~
|
+~~~~~~~~~~~~~~~~
|
||||||
+
|
+
|
||||||
+Decompression may fail due to incorrect password / CRC checksum / ZIP format or
|
+Decompression may fail due to incorrect password / CRC checksum / ZIP format or
|
||||||
+unsupported compression method / decryption.
|
+unsupported compression method / decryption.
|
||||||
+
|
+
|
||||||
+File System limitations
|
+File System limitations
|
||||||
+~~~~~~~~~~~~~~~~~~~~~~~
|
+~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
+
|
+
|
||||||
+Exceeding limitations on different file systems can cause decompression failed.
|
+Exceeding limitations on different file systems can cause decompression failed.
|
||||||
+Such as allowable characters in the directory entries, length of the file name,
|
+Such as allowable characters in the directory entries, length of the file name,
|
||||||
+length of the pathname, size of a single file, and number of files, etc.
|
+length of the pathname, size of a single file, and number of files, etc.
|
||||||
+
|
+
|
||||||
+Resources limitations
|
+Resources limitations
|
||||||
+~~~~~~~~~~~~~~~~~~~~~
|
+~~~~~~~~~~~~~~~~~~~~~
|
||||||
+
|
+
|
||||||
+The lack of memory or disk volume would lead to decompression
|
+The lack of memory or disk volume would lead to decompression
|
||||||
+failed. For example, decompression bombs (aka `ZIP bomb`_)
|
+failed. For example, decompression bombs (aka `ZIP bomb`_)
|
||||||
+apply to zipfile library that can cause disk volume exhaustion.
|
+apply to zipfile library that can cause disk volume exhaustion.
|
||||||
+
|
+
|
||||||
+Interruption
|
+Interruption
|
||||||
+~~~~~~~~~~~~
|
+~~~~~~~~~~~~
|
||||||
+
|
+
|
||||||
+Interruption during the decompression, such as pressing control-C or killing the
|
+Interruption during the decompression, such as pressing control-C or killing the
|
||||||
+decompression process may result in incomplete decompression of the archive.
|
+decompression process may result in incomplete decompression of the archive.
|
||||||
+
|
+
|
||||||
+Default behaviors of extraction
|
+Default behaviors of extraction
|
||||||
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
+
|
+
|
||||||
+Not knowing the default extraction behaviors
|
+Not knowing the default extraction behaviors
|
||||||
+can cause unexpected decompression results.
|
+can cause unexpected decompression results.
|
||||||
+For example, when extracting the same archive twice,
|
+For example, when extracting the same archive twice,
|
||||||
+it overwrites files without asking.
|
+it overwrites files without asking.
|
||||||
+
|
+
|
||||||
|
|
||||||
+.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb
|
+.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb
|
||||||
.. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
|
.. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
|
||||||
diff --git a/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
|
diff --git a/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..9276516
|
index 0000000..9276516
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
|
+++ b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
|
||||||
@@ -0,0 +1 @@
|
@@ -0,0 +1 @@
|
||||||
+Add decompression pitfalls to zipfile module documentation.
|
+Add decompression pitfalls to zipfile module documentation.
|
||||||
\ No newline at end of file
|
\ No newline at end of file
|
||||||
--
|
--
|
||||||
2.23.0
|
2.23.0
|
||||||
|
|||||||
@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
|
|||||||
URL: https://www.python.org/
|
URL: https://www.python.org/
|
||||||
|
|
||||||
Version: 3.7.9
|
Version: 3.7.9
|
||||||
Release: 1
|
Release: 2
|
||||||
License: Python
|
License: Python
|
||||||
|
|
||||||
%global branchversion 3.7
|
%global branchversion 3.7
|
||||||
@ -797,6 +797,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 2 2020 tianwei<tianwei12@huawei.com> - 3.7.9-2
|
||||||
|
- Type:NA
|
||||||
|
- ID:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:convert format for CVE
|
||||||
|
|
||||||
* Mon Aug 31 2020 shixuantong<shixuantong@huawei.com> - 3.7.9-1
|
* Mon Aug 31 2020 shixuantong<shixuantong@huawei.com> - 3.7.9-1
|
||||||
- Type:NA
|
- Type:NA
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user