Accepting request 1189727 from devel:languages:python

- Add CVE-2024-39705.patch upstream patch to fix unsafe pickle usage. (CVE-2024-39705, gh#nltk/nltk#3266, bsc#1227174). - Drop CVE-2024-39705-disable-download.patch as it's not needed anymore. OBS-URL: https://build.opensuse.org/request/show/1189727 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-nltk?expand=0&rev=17
2024-07-26 14:16:05 +00:00 · 2024-07-26 14:16:05 +00:00 · 39ddb1bbb2
commit 39ddb1bbb2
parent a331f038f7 9adfbd9e5d
4 changed files with 48 additions and 107 deletions
--- a/CVE-2024-39705-disable-download.patch
+++ b/CVE-2024-39705-disable-download.patch
@ -1,104 +0,0 @@
 ---
 nltk/app/chartparser_app.py    |   13 +++++++++++++
 nltk/corpus/reader/util.py     |    2 ++
 nltk/data.py                   |    2 ++
 nltk/parse/transitionparser.py |    2 ++
 nltk/tbl/demo.py               |    4 +++-
 5 files changed, 22 insertions(+), 1 deletion(-)
 --- a/nltk/app/chartparser_app.py
 +++ b/nltk/app/chartparser_app.py
@@ -800,6 +800,10 @@ class ChartComparer:
             showerror("Error Saving Chart", f"Unable to open file: {filename!r}\n{e}")
     def load_chart_dialog(self, *args):
 +        showerror("Security Error",
 +                  "Due to gh#nltk/nltk#3266, deserializing from " +
 +                  "a pickle is forbidden.")
 +        return
         filename = askopenfilename(
             filetypes=self.CHART_FILE_TYPES, defaultextension=".pickle"
         )
@@ -811,6 +815,8 @@ class ChartComparer:
             showerror("Error Loading Chart", f"Unable to open file: {filename!r}\n{e}")
     def load_chart(self, filename):
 +        raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
 +                           "a pickle is forbidden.")
         with open(filename, "rb") as infile:
             chart = pickle.load(infile)
         name = os.path.basename(filename)
@@ -2268,6 +2274,10 @@ class ChartParserApp:
         if not filename:
             return
         try:
 +            showerror("Security Error",
 +                      "Due to gh#nltk/nltk#3266, deserializing from " +
 +                      "a pickle is forbidden.")
 +            return
             with open(filename, "rb") as infile:
                 chart = pickle.load(infile)
             self._chart = chart
@@ -2306,6 +2316,9 @@ class ChartParserApp:
             return
         try:
             if filename.endswith(".pickle"):
 +                showerror("Due to gh#nltk/nltk#3266, deserializing from " +
 +                          "a pickle is forbidden.")
 +                return
                 with open(filename, "rb") as infile:
                     grammar = pickle.load(infile)
             else:
 --- a/nltk/corpus/reader/util.py
 +++ b/nltk/corpus/reader/util.py
@@ -521,6 +521,8 @@ class PickleCorpusView(StreamBackedCorpu
     def read_block(self, stream):
         result = []
 +        raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
 +                           "a pickle is forbidden.")
         for i in range(self.BLOCK_SIZE):
             try:
                 result.append(pickle.load(stream))
 --- a/nltk/data.py
 +++ b/nltk/data.py
@@ -752,6 +752,8 @@ def load(
     if format == "raw":
         resource_val = opened_resource.read()
     elif format == "pickle":
 +        raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
 +                           "a pickle is forbidden.")
         resource_val = pickle.load(opened_resource)
     elif format == "json":
         import json
 --- a/nltk/parse/transitionparser.py
 +++ b/nltk/parse/transitionparser.py
@@ -553,6 +553,8 @@ class TransitionParser(ParserI):
         """
         result = []
         # First load the model
 +        raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
 +                           "a pickle is forbidden.")
         model = pickle.load(open(modelFile, "rb"))
         operation = Transition(self._algorithm)
 --- a/nltk/tbl/demo.py
 +++ b/nltk/tbl/demo.py
@@ -253,6 +253,8 @@ def postag(
                 )
             )
         with open(cache_baseline_tagger) as print_rules:
 +            raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
 +                               "a pickle is forbidden.")
             baseline_tagger = pickle.load(print_rules)
             print(f"Reloaded pickled tagger from {cache_baseline_tagger}")
     else:
@@ -327,7 +329,7 @@ def postag(
         with open(serialize_output) as print_rules:
             brill_tagger_reloaded = pickle.load(print_rules)
         print(f"Reloaded pickled tagger from {serialize_output}")
 -        taggedtest_reloaded = brill_tagger.tag_sents(testing_data)
 +        taggedtest_reloaded = brill_tagger_reloaded.tag_sents(testing_data)
         if taggedtest == taggedtest_reloaded:
             print("Reloaded tagger tried on test set, results identical")
         else:
--- a/CVE-2024-39705.patch
+++ b/CVE-2024-39705.patch
@ -0,0 +1,38 @@
 From a12d0a6a8cdba58d5e4e5f92ac62bb80fc26c624 Mon Sep 17 00:00:00 2001
 From: Eric Kafe <kafe.eric@gmail.com>
 Date: Tue, 23 Jul 2024 09:09:09 +0200
 Subject: [PATCH] Prevent data.load from unpickling classes or functions
 ---
 nltk/data.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
 diff --git a/nltk/data.py b/nltk/data.py
 index cc9229b0a2..fb242721c5 100644
 --- a/nltk/data.py
 +++ b/nltk/data.py
@@ -658,6 +658,15 @@ def retrieve(resource_url, filename=None, verbose=True):
 }
 +def restricted_pickle_load(string):
 +    """
 +    Prevents any class or function from loading.
 +    """
 +    from nltk.app.wordnet_app import RestrictedUnpickler
 +
 +    return RestrictedUnpickler(BytesIO(string)).load()
 +
 +
 def load(
     resource_url,
     format="auto",
@@ -751,7 +760,7 @@ def load(
     if format == "raw":
         resource_val = opened_resource.read()
     elif format == "pickle":
 -        resource_val = pickle.load(opened_resource)
 +        resource_val = restricted_pickle_load(opened_resource.read())
     elif format == "json":
         import json
--- a/python-nltk.changes
+++ b/python-nltk.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Fri Jul 26 07:14:33 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 - Add CVE-2024-39705.patch upstream patch to fix unsafe pickle usage.
  (CVE-2024-39705, gh#nltk/nltk#3266, bsc#1227174).
 - Drop CVE-2024-39705-disable-download.patch as it's not needed
  anymore.
 -------------------------------------------------------------------
 Mon Jul  1 21:02:45 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
--- a/python-nltk.spec
+++ b/python-nltk.spec
@ -63,9 +63,8 @@ Source99:       python-nltk.rpmlintrc
 Patch0:         skip-networked-test.patch
 # PATCH-FIX-UPSTREAM nltk-pr3207-py312.patch gh#nltk/nltk#3207
 Patch1:         nltk-pr3207-py312.patch
-# PATCH-FIX-UPSTREAM CVE-2024-39705-disable-download.patch bsc#1227174 mcepl@suse.com
+# PATCH-FIX-UPSTREAM CVE-2024-39705.patch bsc#1227174 gh#nltk/nltk#3290
-# this patch makes things totally awesome
+Patch2:         CVE-2024-39705.patch
 Patch2:         CVE-2024-39705-disable-download.patch
 BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}