From 31dbb4b075b4710e3adac7ac998a02aaeb2c5d3d Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 15 Oct 2021 15:21:37 +0100
Subject: [PATCH 1/2] Fix ReDoS in regex.

---
 Lib/ldap/schema/tokenizer.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Lib/ldap/schema/tokenizer.py b/Lib/ldap/schema/tokenizer.py
index 69823f2b..623b86d5 100644
--- a/Lib/ldap/schema/tokenizer.py
+++ b/Lib/ldap/schema/tokenizer.py
@@ -13,7 +13,7 @@
     r"|"              # or
     r"([^'$()\s]+)"   # string of length >= 1 without '$() or whitespace
     r"|"              # or
-    r"('(?:[^'\\]|\\\\|\\.)*?'(?!\w))"
+    r"('(?:[^'\\]|\\.)*'(?!\w))"
                       # any string or empty string surrounded by unescaped
                       # single quotes except if right quote is succeeded by
                       # alphanumeric char

From 8f80091de2dd2f33c9fb56152e7579ef782901fd Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 26 Nov 2021 15:42:22 +0100
Subject: [PATCH 2/2] Add release note

---
 CHANGES | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGES b/CHANGES
index 92d9d414..c358fa9e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,11 @@ The following undocumented functions are deprecated and scheduled for removal:
 - ``ldap.cidict.strlist_minus``
 - ``ldap.cidict.strlist_union``
 
+Security fixes:
+* Fix inefficient regular expression which allows denial-of-service attacks
+  when parsing specially-crafted LDAP schema.
+  (GHSL-2021-117)
+
 Changes:
 * On MacOS, remove option to make LDAP connections from a file descriptor
   when built with the system libldap (which lacks the underlying function,

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/python-ldap/python-ldap/pull/444.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/python-ldap/python-ldap/pull/444.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/python-ldap/python-ldap/pull/444.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/python-ldap/python-ldap/pull/444.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>