helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

python3-ldap: patch CVE-2025-61912

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61912

Pick the patch that's mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-01-13 07:35:45 +01:00
parent 3a9a13832b
commit 6d01018250
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61912.patch Normal file
View File

@ -0,0 +1,42 @@
From b80ba3e3b41859bfc79830b726e95e457502ca00 Mon Sep 17 00:00:00 2001
From: Simon Pichugin <simon.pichugin@gmail.com>
Date: Fri, 10 Oct 2025 10:46:45 -0700
Subject: [PATCH] Merge commit from fork
Update tests to expect \00 and verify RFC-compliant escaping
CVE: CVE-2025-61912
Upstream-Status: Backport [https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
Lib/ldap/dn.py | 3 ++-
Tests/t_ldap_dn.py | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py
index a9d9684..8d40673 100644
--- a/Lib/ldap/dn.py
+++ b/Lib/ldap/dn.py
@@ -26,7 +26,8 @@ def escape_dn_chars(s):
s = s.replace('>' ,'\\>')
s = s.replace(';' ,'\\;')
s = s.replace('=' ,'\\=')
- s = s.replace('\000' ,'\\\000')
+ # RFC 4514 requires NULL (U+0000) to be escaped as hex pair "\00"
+ s = s.replace('\x00' ,'\\00')
if s[-1]==' ':
s = ''.join((s[:-1],'\\ '))
if s[0]=='#' or s[0]==' ':
diff --git a/Tests/t_ldap_dn.py b/Tests/t_ldap_dn.py
index 86d3640..7c04777 100644
--- a/Tests/t_ldap_dn.py
+++ b/Tests/t_ldap_dn.py
@@ -49,7 +49,7 @@ class TestDN(unittest.TestCase):
self.assertEqual(ldap.dn.escape_dn_chars(' '), '\\ ')
self.assertEqual(ldap.dn.escape_dn_chars(' '), '\\ \\ ')
self.assertEqual(ldap.dn.escape_dn_chars('foobar '), 'foobar\\ ')
- self.assertEqual(ldap.dn.escape_dn_chars('f+o>o,b<a;r="\00"'), 'f\\+o\\>o\\,b\\<a\\;r\\=\\"\\\x00\\"')
+ self.assertEqual(ldap.dn.escape_dn_chars('f+o>o,b<a;r="\00"'), r'f\+o\>o\,b\<a\;r\=\"\00\"')
self.assertEqual(ldap.dn.escape_dn_chars('foo\\,bar'), 'foo\\\\\\,bar')
def test_str2dn(self):

3
meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
View File

@ -13,7 +13,8 @@ PYPI_PACKAGE = "python-ldap"
inherit pypi setuptools3
SRC_URI += "file://CVE-2025-61911.patch"
SRC_URI += "file://CVE-2025-61911.patch \
file://CVE-2025-61912.patch"
SRC_URI[sha256sum] = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12"
do_configure:prepend() {