Projects
Eulaceura:Factory
python2
_service:obs_scm:CVE-2019-9674.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:CVE-2019-9674.patch of Package python2
From 96b55a2f5a66c0c5ede04428a2dd5e12b4d53c3d Mon Sep 17 00:00:00 2001 From: JunWei Song <sungboss2004@gmail.com> Date: Wed, 11 Sep 2019 23:04:12 +0800 Subject: [PATCH] bpo-36260: Add pitfalls to zipfile module documentation (#13378) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * bpo-36260: Add pitfalls to zipfile module documentation We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file. This gave us the idea of documentation improvement. So, we moved a little bit forward :P And the doc patch can be found (pr). * fix trailing whitespace * 📜 🤖 Added by blurb_it. * Reformat text for consistency. --- Doc/library/zipfile.rst | 41 +++++++++++++++++++ .../2019-06-04-09-29-00.bpo-36260.WrGuc-.rst | 1 + 2 files changed, 42 insertions(+) create mode 100644 Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst index ba613b3..ce07f36 100644 --- a/Doc/library/zipfile.rst +++ b/Doc/library/zipfile.rst @@ -552,6 +552,47 @@ Command-line options .. cmdoption:: -t <zipfile> Test whether the zipfile is valid or not. +Decompression pitfalls +---------------------- + +The extraction in zipfile module might fail due to some pitfalls listed below. + +From file itself +~~~~~~~~~~~~~~~~ + +Decompression may fail due to incorrect password / CRC checksum / ZIP format or +unsupported compression method / decryption. + +File System limitations +~~~~~~~~~~~~~~~~~~~~~~~ + +Exceeding limitations on different file systems can cause decompression failed. +Such as allowable characters in the directory entries, length of the file name, +length of the pathname, size of a single file, and number of files, etc. + +Resources limitations +~~~~~~~~~~~~~~~~~~~~~ + +The lack of memory or disk volume would lead to decompression +failed. For example, decompression bombs (aka `ZIP bomb`_) +apply to zipfile library that can cause disk volume exhaustion. + +Interruption +~~~~~~~~~~~~ + +Interruption during the decompression, such as pressing control-C or killing the +decompression process may result in incomplete decompression of the archive. + +Default behaviors of extraction +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Not knowing the default extraction behaviors +can cause unexpected decompression results. +For example, when extracting the same archive twice, +it overwrites files without asking. + + +.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb .. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT diff --git a/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst new file mode 100644 index 0000000..9c5ed97 --- /dev/null +++ b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst @@ -0,0 +1 @@ +Add decompression pitfalls to zipfile module documentation. -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2