Merging upstream version 4.66.4:

- any optional non-boolean CLI arguments are passed through python's eval, allowing arbitrary code execution [CVE-2024-34062] (Closes: #1070372). Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-05 19:20:00 +01:00 · 2025-02-05 19:20:00 +01:00 · 10170fb64c
commit 10170fb64c
parent cc4eb343db
18 changed files with 64 additions and 52 deletions
--- a/README.rst
+++ b/README.rst
@ -766,7 +766,7 @@ Additional ``bar_format`` parameters may also be defined by overriding
        """Provides a `total_time` format parameter"""
        @property
        def format_dict(self):
-            d = super(TqdmExtraFormat, self).format_dict
+            d = super().format_dict
            total_time = d["elapsed"] * (d["total"] or 0) / max(d["n"], 1)
            d.update(total_time=self.format_interval(total_time) + " in total")
            return d
@ -982,7 +982,7 @@ custom callback take advantage of this, simply use the return value of

    class TqdmExt(std_tqdm):
        def update(self, n=1):
-            displayed = super(TqdmExt, self).update(n)
+            displayed = super().update(n)
            if displayed:
                external_callback(**self.format_dict)
            return displayed