[Pkg-javascript-commits] [node-brace-expansion] 01/02: Fix regular expression denial of service

[Sruthi Chandran]

This is an automated email from the git hooks/post-receive script.

srud-guest pushed a commit to branch stretch
in repository node-brace-expansion.

commit adef8168790f25e1f3ae22d0b44aa27bbaad7742
Author: Sruthi <srud at disroot.org>
Date:   Wed Jul 26 15:53:47 2017 +0530

    Fix regular expression denial of service
---
 debian/patches/fix-regex-DoS.patch | 23 +++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 24 insertions(+)

diff --git a/debian/patches/fix-regex-DoS.patch b/debian/patches/fix-regex-DoS.patch
new file mode 100644
index 0000000..ba6895a
--- /dev/null
+++ b/debian/patches/fix-regex-DoS.patch
@@ -0,0 +1,23 @@
+From b13381281cead487cbdbfd6a69fb097ea5e456c3 Mon Sep 17 00:00:00 2001
+From: "mengyuan.ymy" <mengyuan.ymy at alibaba-inc.com>
+Date: Fri, 7 Apr 2017 10:32:55 +0800
+Subject: [PATCH] fix bug in
+ https://github.com/juliangruber/brace-expansion/issues/33
+
+---
+ index.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/index.js b/index.js
+index 955f27c..0478be8 100644
+--- a/index.js
++++ b/index.js
+@@ -106,7 +106,7 @@ function expand(str, isTop) {
+   var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
+   var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
+   var isSequence = isNumericSequence || isAlphaSequence;
+-  var isOptions = /^(.*,)+(.+)?$/.test(m.body);
++  var isOptions = m.body.indexOf(',') >= 0;
+   if (!isSequence && !isOptions) {
+     // {a},b}
+     if (m.post.match(/,.*\}/)) {
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..6aa1fae
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fix-regex-DoS.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-brace-expansion.git