File cve_2021_27291.patch of Package python-Pygments

Overview Repositories Revisions Requests Users Attributes Meta

File cve_2021_27291.patch of Package python-Pygments

From 2e7e8c4a7b318f4032493773732754e418279a14 Mon Sep 17 00:00:00 2001
From: Georg Brandl <georg@python.org>
Date: Mon, 11 Jan 2021 09:46:34 +0100
Subject: [PATCH] Fix several exponential/cubic complexity regexes found by Ben
 Caller/Doyensec

Index: Pygments-2.6.1/pygments/lexers/archetype.py
===================================================================
--- Pygments-2.6.1.orig/pygments/lexers/archetype.py
+++ Pygments-2.6.1/pygments/lexers/archetype.py
@@ -58,7 +58,7 @@ class AtomsLexer(RegexLexer):
             (r'P((\d*(\.\d+)?[YyMmWwDd]){1,3}(T(\d*(\.\d+)?[HhMmSs]){,3})?|'
              r'T(\d*(\.\d+)?[HhMmSs]){,3})', Literal.Date),
             (r'[+-]?(\d+\.\d*|\.\d+|\d+)[eE][+-]?\d+', Number.Float),
-            (r'[+-]?(\d+)*\.\d+%?', Number.Float),
+            (r'[+-]?\d*\.\d+%?', Number.Float),
             (r'0x[0-9a-fA-F]+', Number.Hex),
             (r'[+-]?\d+%?', Number.Integer),
         ],
Index: Pygments-2.6.1/pygments/lexers/factor.py
===================================================================
--- Pygments-2.6.1.orig/pygments/lexers/factor.py
+++ Pygments-2.6.1/pygments/lexers/factor.py
@@ -265,7 +265,7 @@ class FactorLexer(RegexLexer):
             (r'(?:<PRIVATE|PRIVATE>)\s', Keyword.Namespace),
 
             # strings
-            (r'"""\s+(?:.|\n)*?\s+"""', String),
+            (r'"""\s(?:.|\n)*?\s"""', String),
             (r'"(?:\\\\|\\"|[^"])*"', String),
             (r'\S+"\s+(?:\\\\|\\"|[^"])*"', String),
             (r'CHAR:\s+(?:\\[\\abfnrstv]|[^\\]\S*)\s', String.Char),
@@ -322,7 +322,7 @@ class FactorLexer(RegexLexer):
         'slots': [
             (r'\s+', Text),
             (r';\s', Keyword, '#pop'),
-            (r'(\{\s+)(\S+)(\s+[^}]+\s+\}\s)',
+            (r'(\{\s+)(\S+)(\s[^}]+\s\}\s)',
              bygroups(Text, Name.Variable, Text)),
             (r'\S+', Name.Variable),
         ],
Index: Pygments-2.6.1/pygments/lexers/jvm.py
===================================================================
--- Pygments-2.6.1.orig/pygments/lexers/jvm.py
+++ Pygments-2.6.1/pygments/lexers/jvm.py
@@ -975,7 +975,6 @@ class CeylonLexer(RegexLexer):
             (r'(import)(\s+)', bygroups(Keyword.Namespace, Text), 'import'),
             (r'"(\\\\|\\"|[^"])*"', String),
             (r"'\\.'|'[^\\]'|'\\\{#[0-9a-fA-F]{4}\}'", String.Char),
-            (r'".*``.*``.*"', String.Interpol),
             (r'(\.)([a-z_]\w*)',
              bygroups(Operator, Name.Attribute)),
             (r'[a-zA-Z_]\w*:', Name.Label),
Index: Pygments-2.6.1/pygments/lexers/matlab.py
===================================================================
--- Pygments-2.6.1.orig/pygments/lexers/matlab.py
+++ Pygments-2.6.1/pygments/lexers/matlab.py
@@ -136,7 +136,7 @@ class MatlabLexer(RegexLexer):
             (r'.', Comment.Multiline),
         ],
         'deffunc': [
-            (r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)($)(.*)($)(\s*)',
+            (r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)($)(.*)($)(\s*)',
              bygroups(Whitespace, Text, Whitespace, Punctuation,
                       Whitespace, Name.Function, Punctuation, Text,
                       Punctuation, Whitespace), '#pop'),
@@ -614,7 +614,7 @@ class OctaveLexer(RegexLexer):
             (r"[^']*'", String, '#pop'),
         ],
         'deffunc': [
-            (r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)($)(.*)($)(\s*)',
+            (r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)($)(.*)($)(\s*)',
              bygroups(Whitespace, Text, Whitespace, Punctuation,
                       Whitespace, Name.Function, Punctuation, Text,
                       Punctuation, Whitespace), '#pop'),
@@ -682,7 +682,7 @@ class ScilabLexer(RegexLexer):
             (r'.', String, '#pop'),
         ],
         'deffunc': [
-            (r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)($)(.*)($)(\s*)',
+            (r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)($)(.*)($)(\s*)',
              bygroups(Whitespace, Text, Whitespace, Punctuation,
                       Whitespace, Name.Function, Punctuation, Text,
                       Punctuation, Whitespace), '#pop'),
Index: Pygments-2.6.1/pygments/lexers/objective.py
===================================================================
--- Pygments-2.6.1.orig/pygments/lexers/objective.py
+++ Pygments-2.6.1/pygments/lexers/objective.py
@@ -261,11 +261,11 @@ class LogosLexer(ObjectiveCppLexer):
              'logos_classname'),
             (r'(%hook|%group)(\s+)([a-zA-Z$_][\w$]+)',
              bygroups(Keyword, Text, Name.Class)),
-            (r'(%config)(\s*$\s*)(\w+)(\s*=\s*)(.*?)(\s*$\s*)',
+            (r'(%config)(\s*$\s*)(\w+)(\s*=)(.*?)($\s*)',
              bygroups(Keyword, Text, Name.Variable, Text, String, Text)),
             (r'(%ctor)(\s*)(\{)', bygroups(Keyword, Text, Punctuation),
              'function'),
-            (r'(%new)(\s*)($)(\s*.*?\s*)($)',
+            (r'(%new)(\s*)($)(.*?)($)',
              bygroups(Keyword, Text, Keyword, String, Keyword)),
             (r'(\s*)(%end)(\s*)', bygroups(Text, Keyword, Text)),
             inherit,
Index: Pygments-2.6.1/pygments/lexers/templates.py
===================================================================
--- Pygments-2.6.1.orig/pygments/lexers/templates.py
+++ Pygments-2.6.1/pygments/lexers/templates.py
@@ -1428,7 +1428,7 @@ class EvoqueLexer(RegexLexer):
             # see doc for handling first name arg: /directives/evoque/
             # + minor inconsistency: the "name" in e.g. $overlay{name=site_base}
             # should be using(PythonLexer), not passed out as String
-            (r'(\$)(evoque|overlay)(\{(%)?)(\s*[#\w\-"\'.]+[^=,%}]+?)?'
+            (r'(\$)(evoque|overlay)(\{(%)?)(\s*[#\w\-"\'.]+)?'
              r'(.*?)((?(4)%)\})',
              bygroups(Punctuation, Name.Builtin, Punctuation, None,
                       String, using(PythonLexer), Punctuation)),
Index: Pygments-2.6.1/pygments/lexers/varnish.py
===================================================================
--- Pygments-2.6.1.orig/pygments/lexers/varnish.py
+++ Pygments-2.6.1/pygments/lexers/varnish.py
@@ -61,7 +61,7 @@ class VCLLexer(RegexLexer):
              bygroups(Name.Attribute, Operator, Name.Variable.Global, Punctuation)),
             (r'(\.probe)(\s*=\s*)(\{)',
              bygroups(Name.Attribute, Operator, Punctuation), 'probe'),
-            (r'(\.\w+\b)(\s*=\s*)([^;]*)(\s*;)',
+            (r'(\.\w+\b)(\s*=\s*)([^;\s]*)(\s*;)',
              bygroups(Name.Attribute, Operator, using(this), Punctuation)),
             (r'\{', Punctuation, '#push'),
             (r'\}', Punctuation, '#pop'),

Places

File cve_2021_27291.patch of Package python-Pygments

Places