second lexer reg memory use issue #367
Comments
|
Mike Bayer has proposed a fix for this issue in the main branch: replace "dot" with "set not containing whitespace" https://gerrit.sqlalchemy.org/c/sqlalchemy/mako/+/4091 |
rpurdie
pushed a commit
to yoctoproject/poky
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: c927983ba7af9895e550018476759dd12fa90452)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpurdie
pushed a commit
to yoctoproject/poky
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: 6e1c50a131429cb5cc7b86ea5765c85850f97446)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpurdie
pushed a commit
to yoctoproject/poky
that referenced
this issue
Nov 2, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: 49ad6f031458e1f48f24547dc88e41abc4ec41a6)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 2, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky
that referenced
this issue
Nov 2, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: a32dae12a9beeb5e9d74cd07f8595d0a4bda1850)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 24, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 49ad6f0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
daregit
pushed a commit
to daregit/yocto-combined
that referenced
this issue
May 22, 2024
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: 49ad6f031458e1f48f24547dc88e41abc4ec41a6)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The text was updated successfully, but these errors were encountered: