From 92066f3fb3d6c72874da8d0efffe986682438fc9 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Fri, 9 May 2025 10:06:08 +0800
Subject: [PATCH] Fix CVE-2025-32873

(cherry picked from commit 97f56e17d550c32bedd01e9e8963207f4b4c2f23)
---
 CVE-2025-32873.patch | 85 ++++++++++++++++++++++++++++++++++++++++++++
 python-django.spec   |  6 +++-
 2 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-32873.patch

diff --git a/CVE-2025-32873.patch b/CVE-2025-32873.patch
new file mode 100644
index 0000000..71a6707
--- /dev/null
+++ b/CVE-2025-32873.patch
@@ -0,0 +1,85 @@
+From 9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c Mon Sep 17 00:00:00 2001
+From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
+Date: Tue, 8 Apr 2025 16:30:17 +0200
+Subject: [PATCH] [4.2.x] Fixed CVE-2025-32873 -- Mitigated potential DoS in
+ strip_tags().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thanks to Elias Myllymäki for the report, and Shai Berger and Jake
+Howard for the reviews.
+
+Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
+
+Backport of 9f3419b519799d69f2aba70b9d25abe2e70d03e0 from main.
+
+Origin: https://github.com/django/django/commit/9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c
+---
+ django/utils/html.py           |  6 ++++++
+ tests/utils_tests/test_html.py | 15 ++++++++++++++-
+ 2 files changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/django/utils/html.py b/django/utils/html.py
+index a3a7238..84c37d1 100644
+--- a/django/utils/html.py
++++ b/django/utils/html.py
+@@ -17,6 +17,9 @@ from django.utils.text import normalize_newlines
+ MAX_URL_LENGTH = 2048
+ MAX_STRIP_TAGS_DEPTH = 50
+ 
++# HTML tag that opens but has no closing ">" after 1k+ chars.
++long_open_tag_without_closing_re = _lazy_re_compile(r"<[a-zA-Z][^>]{1000,}")
++
+ 
+ @keep_lazy(SafeString)
+ def escape(text):
+@@ -175,6 +178,9 @@ def _strip_once(value):
+ def strip_tags(value):
+     """Return the given HTML with all tags stripped."""
+     value = str(value)
++    for long_open_tag in long_open_tag_without_closing_re.finditer(value):
++        if long_open_tag.group().count("<") >= MAX_STRIP_TAGS_DEPTH:
++            raise SuspiciousOperation
+     # Note: in typical case this loop executes _strip_once twice (the second
+     # execution does not remove any more tags).
+     strip_tags_depth = 0
+diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
+index 579bb2a..25168e2 100644
+--- a/tests/utils_tests/test_html.py
++++ b/tests/utils_tests/test_html.py
+@@ -115,17 +115,30 @@ class TestUtilsHtml(SimpleTestCase):
+             ("><!" + ("&" * 16000) + "D", "><!" + ("&" * 16000) + "D"),
+             ("X<<<<br>br>br>br>X", "XX"),
+             ("<" * 50 + "a>" * 50, ""),
++            (">" + "<a" * 500 + "a", ">" + "<a" * 500 + "a"),
++            ("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
++            ("<" + "a" * 1_002, "<" + "a" * 1_002),
+         )
+         for value, output in items:
+             with self.subTest(value=value, output=output):
+                 self.check_output(strip_tags, value, output)
+                 self.check_output(strip_tags, lazystr(value), output)
+ 
+-    def test_strip_tags_suspicious_operation(self):
++    def test_strip_tags_suspicious_operation_max_depth(self):
+         value = "<" * 51 + "a>" * 51, "<a>"
+         with self.assertRaises(SuspiciousOperation):
+             strip_tags(value)
+ 
++    def test_strip_tags_suspicious_operation_large_open_tags(self):
++        items = [
++            ">" + "<a" * 501,
++            "<a" * 50 + "a" * 950,
++        ]
++        for value in items:
++            with self.subTest(value=value):
++                with self.assertRaises(SuspiciousOperation):
++                    strip_tags(value)
++
+     def test_strip_tags_files(self):
+         # Test with more lengthy content (also catching performance regressions)
+         for filename in ("strip_tags1.html", "strip_tags2.txt"):
+-- 
+2.49.0
+
diff --git a/python-django.spec b/python-django.spec
index 7b21117..6af94bc 100644
--- a/python-django.spec
+++ b/python-django.spec
@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-django
 Version:	4.2.15
-Release:	5
+Release:	6
 Summary:	A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
 License:	Apache-2.0 and Python-2.0 and BSD-3-Clause
 URL:		https://www.djangoproject.com/
@@ -12,6 +12,7 @@ Patch2:		CVE-2024-53907.patch
 Patch3:		CVE-2024-53908.patch
 Patch4:		CVE-2024-56374.patch
 Patch5:		backport-CVE-2025-26699.patch 
+Patch6:		CVE-2025-32873.patch
 
 BuildArch:	noarch
 %description
@@ -78,6 +79,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Fri May 09 2025 yaoxin <1024769339@qq.com> - 4.2.15-6
+- Fix CVE-2025-32873
+
 * Mon Mar 10 2025 changtao <changtao@kylinos.cn> - 4.2.15-5
 - Type:CVE
 - CVE:CVE-2025-26699
-- 
Gitee