From 94dbb7477387b14ff954f3176e57c275d706c37f Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <kbkanishk975@gmail.com>
Date: Thu, 6 Feb 2025 19:22:16 +0000
Subject: [PATCH 1/3] Patch CVE-2024-34062 for python-tqdm

---
 SPECS/python-tqdm/CVE-2024-34062.patch | 62 ++++++++++++++++++++++++++
 SPECS/python-tqdm/python-tqdm.spec     |  9 ++--
 2 files changed, 68 insertions(+), 3 deletions(-)
 create mode 100644 SPECS/python-tqdm/CVE-2024-34062.patch

diff --git a/SPECS/python-tqdm/CVE-2024-34062.patch b/SPECS/python-tqdm/CVE-2024-34062.patch
new file mode 100644
index 00000000000..32a4cade737
--- /dev/null
+++ b/SPECS/python-tqdm/CVE-2024-34062.patch
@@ -0,0 +1,62 @@
+From 16eed9fc5bdc5e6de477a5329a3e6bd13548554a Mon Sep 17 00:00:00 2001
+From: Kanishk Bansal <kbkanishk975@gmail.com>
+Date: Thu, 6 Feb 2025 19:06:45 +0000
+Subject: [PATCH] Address CVE-2024-34062
+
+---
+ tqdm/cli.py | 33 ++++++++++++++++++++++-----------
+ 1 file changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/tqdm/cli.py b/tqdm/cli.py
+index 1223d49..7284f28 100644
+--- a/tqdm/cli.py
++++ b/tqdm/cli.py
+@@ -21,23 +21,34 @@ def cast(val, typ):
+                 return cast(val, t)
+             except TqdmTypeError:
+                 pass
+-        raise TqdmTypeError(val + ' : ' + typ)
++        raise TqdmTypeError(f"{val} : {typ}")
+ 
+     # sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
+     if typ == 'bool':
+         if (val == 'True') or (val == ''):
+             return True
+-        elif val == 'False':
++        if val == 'False':
+             return False
+-        else:
+-            raise TqdmTypeError(val + ' : ' + typ)
+-    try:
+-        return eval(typ + '("' + val + '")')
+-    except Exception:
+-        if typ == 'chr':
+-            return chr(ord(eval('"' + val + '"'))).encode()
+-        else:
+-            raise TqdmTypeError(val + ' : ' + typ)
++        raise TqdmTypeError(val + ' : ' + typ)
++    if typ == 'chr':
++        if len(val) == 1:
++            return val.encode()
++        if re.match(r"^\\\w+$", val):
++            return eval(f'"{val}"').encode()
++        raise TqdmTypeError(f"{val} : {typ}")
++    if typ == 'str':
++        return val
++    if typ == 'int':
++        try:
++            return int(val)
++        except ValueError as exc:
++            raise TqdmTypeError(f"{val} : {typ}") from exc
++    if typ == 'float':
++        try:
++            return float(val)
++        except ValueError as exc:
++            raise TqdmTypeError(f"{val} : {typ}") from exc
++    raise TqdmTypeError(f"{val} : {typ}")
+ 
+ 
+ def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,
+-- 
+2.43.0
+
diff --git a/SPECS/python-tqdm/python-tqdm.spec b/SPECS/python-tqdm/python-tqdm.spec
index 23bbc2006a4..72c972f6577 100644
--- a/SPECS/python-tqdm/python-tqdm.spec
+++ b/SPECS/python-tqdm/python-tqdm.spec
@@ -7,14 +7,14 @@ with "tqdm(iterable)", and you are done!
 Summary:        Fast, Extensible Progress Meter
 Name:           python-%{srcname}
 Version:        4.66.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MPLv2.0 AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/tqdm/tqdm
 Source0:        %{pypi_source}
 BuildArch:      noarch
-
+Patch0:         CVE-2024-34062.patch
 %description %{_description}
 
 %package -n python3-%{srcname}
@@ -40,7 +40,7 @@ Python 3 version.
 
 %prep
 export SETUPTOOLS_SCM_PRETEND_VERSION=%{version}
-%autosetup -n %{srcname}-%{version}
+%autosetup -p0 -n %{srcname}-%{version}
 chmod -x tqdm/completion.sh
 
 # https://github.com/tqdm/tqdm/pull/1292
@@ -90,6 +90,9 @@ pip3 install iniconfig \
 
 
 %changelog
+* Fri Feb 07 2025 Kanishk Bansal <kanbansal@microsoft.com> - 4.66.2-2
+- Patch CVE-2024-34062
+
 * Tue Mar 26 2024 Henry Li <lihl@microsoft.com> - 4.66.2-1
 - Upgrade version to v4.66.2
 - Modify Source0

From 8103785248be86a90dc50f5ad8933839e65c534f Mon Sep 17 00:00:00 2001
From: Kanishk-Bansal <kbkanishk975@gmail.com>
Date: Thu, 6 Feb 2025 20:36:24 +0000
Subject: [PATCH 2/3] Fix SPEC

---
 SPECS/python-tqdm/python-tqdm.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SPECS/python-tqdm/python-tqdm.spec b/SPECS/python-tqdm/python-tqdm.spec
index 72c972f6577..225624da876 100644
--- a/SPECS/python-tqdm/python-tqdm.spec
+++ b/SPECS/python-tqdm/python-tqdm.spec
@@ -40,7 +40,7 @@ Python 3 version.
 
 %prep
 export SETUPTOOLS_SCM_PRETEND_VERSION=%{version}
-%autosetup -p0 -n %{srcname}-%{version}
+%autosetup -p1 -n %{srcname}-%{version}
 chmod -x tqdm/completion.sh
 
 # https://github.com/tqdm/tqdm/pull/1292

From d18ce824564a3676c740712787bab22f3e3b12a2 Mon Sep 17 00:00:00 2001
From: Kanishk-Bansal <kbkanishk975@gmail.com>
Date: Wed, 12 Feb 2025 11:22:02 +0000
Subject: [PATCH 3/3] add ref to patch

---
 SPECS/python-tqdm/CVE-2024-34062.patch | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SPECS/python-tqdm/CVE-2024-34062.patch b/SPECS/python-tqdm/CVE-2024-34062.patch
index 32a4cade737..6d98c0dc550 100644
--- a/SPECS/python-tqdm/CVE-2024-34062.patch
+++ b/SPECS/python-tqdm/CVE-2024-34062.patch
@@ -2,6 +2,7 @@ From 16eed9fc5bdc5e6de477a5329a3e6bd13548554a Mon Sep 17 00:00:00 2001
 From: Kanishk Bansal <kbkanishk975@gmail.com>
 Date: Thu, 6 Feb 2025 19:06:45 +0000
 Subject: [PATCH] Address CVE-2024-34062
+Upstream Patch Reference https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316
 
 ---
  tqdm/cli.py | 33 ++++++++++++++++++++++-----------