mirror of
https://anongit.gentoo.org/git/repo/gentoo.git
synced 2025-06-09 14:44:11 +02:00
2a103afad6
These changes:
- fix CVE-2024-28397
- fix ignoring of test failures
- restrict the test feature since
multiple tests are broken
Bug: https://bugs.gentoo.org/831356
Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/37285
Signed-off-by: Maciej Barć <xgqt@gentoo.org>
21 lines
849 B
Diff
21 lines
849 B
Diff
# https://nvd.nist.gov/vuln/detail/CVE-2024-28397
|
|
# https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape/blob/main/patch.txt
|
|
# https://github.com/PiotrDabkowski/Js2Py/pull/323
|
|
# https://github.com/Marven11/Js2Py/commit/56e244eb
|
|
|
|
Author: Marven11 <110723864+Marven11@users.noreply.github.com>
|
|
Date: Fri, 1 Mar 2024 12:53:58 +0800
|
|
|
|
diff --git a/js2py/constructors/jsobject.py b/js2py/constructors/jsobject.py
|
|
index c4e0ada3..b1806ea6 100644
|
|
--- a/js2py/constructors/jsobject.py
|
|
+++ b/js2py/constructors/jsobject.py
|
|
@@ -49,7 +49,7 @@ def getOwnPropertyNames(obj):
|
|
raise MakeError(
|
|
'TypeError',
|
|
'Object.getOwnPropertyDescriptor called on non-object')
|
|
- return obj.own.keys()
|
|
+ return list(obj.own.keys())
|
|
|
|
def create(obj):
|
|
if not (obj.is_object() or obj.is_null()):
|