From d399a5a8159f66fb62c050b066bfb0442ca8847c01aeda41781e45d9c23d9edc Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 29 May 2025 16:42:17 +0000 Subject: [PATCH] Update the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=181 --- CVE-2025-4516-DecodeError-handler.patch | 86 ++++++++++--------------- 1 file changed, 35 insertions(+), 51 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index c263eac..fc4b1d6 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -30,11 +30,9 @@ Co-authored-by: Serhiy Storchaka 8 files changed, 197 insertions(+), 56 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -Index: Python-3.11.12/Include/cpython/bytesobject.h -=================================================================== ---- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-27 16:13:11.519989563 +0200 -@@ -25,6 +25,10 @@ +--- a/Include/cpython/bytesobject.h ++++ b/Include/cpython/bytesobject.h +@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( int use_bytearray); /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ @@ -45,11 +43,9 @@ Index: Python-3.11.12/Include/cpython/bytesobject.h PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, const char *, const char **); -Index: Python-3.11.12/Include/cpython/unicodeobject.h -=================================================================== ---- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-27 16:13:11.520156067 +0200 -@@ -914,6 +914,19 @@ +--- a/Include/cpython/unicodeobject.h ++++ b/Include/cpython/unicodeobject.h +@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape chars. */ @@ -69,10 +65,8 @@ Index: Python-3.11.12/Include/cpython/unicodeobject.h PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( const char *string, /* Unicode-Escape encoded string */ Py_ssize_t length, /* size of string */ -Index: Python-3.11.12/Lib/test/test_codeccallbacks.py -=================================================================== ---- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-27 16:13:11.520378996 +0200 +--- a/Lib/test/test_codeccallbacks.py ++++ b/Lib/test/test_codeccallbacks.py @@ -1,6 +1,7 @@ import codecs import html.entities @@ -81,7 +75,7 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py import sys import unicodedata import unittest -@@ -1124,7 +1125,7 @@ +@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas text = 'abcghi'*n text.translate(charmap) @@ -90,7 +84,7 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,42 @@ +@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -133,11 +127,9 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py # issue32583 def test_crashing_decode_handler(self): # better generating one more character to fill the extra space slot -Index: Python-3.11.12/Lib/test/test_codecs.py -=================================================================== ---- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-27 16:13:11.520814977 +0200 -@@ -1198,23 +1198,39 @@ +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") check(br"[\x410]", b"[A0]") @@ -182,7 +174,7 @@ Index: Python-3.11.12/Lib/test/test_codecs.py def test_errors(self): decode = codecs.escape_decode self.assertRaises(ValueError, decode, br"\x") -@@ -2487,24 +2503,40 @@ +@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte check(br"[\x410]", "[A0]") check(br"\u20ac", "\u20ac") check(br"\U0001d120", "\U0001d120") @@ -228,18 +220,14 @@ Index: Python-3.11.12/Lib/test/test_codecs.py def test_decode_errors(self): decode = codecs.unicode_escape_decode for c, d in (b'x', 2), (b'u', 4), (b'U', 4): -Index: Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:13:11.521185394 +0200 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. -Index: Python-3.11.12/Objects/bytesobject.c -=================================================================== ---- Python-3.11.12.orig/Objects/bytesobject.c 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Objects/bytesobject.c 2025-05-27 16:13:11.521614202 +0200 -@@ -1057,10 +1057,11 @@ +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py } /* Unescape a backslash-escaped string. */ @@ -253,7 +241,7 @@ Index: Python-3.11.12/Objects/bytesobject.c { int c; char *p; -@@ -1074,7 +1075,8 @@ +@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch return NULL; writer.overallocate = 1; @@ -263,7 +251,7 @@ Index: Python-3.11.12/Objects/bytesobject.c end = s + len; while (s < end) { -@@ -1112,9 +1114,10 @@ +@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch c = (c<<3) + *s++ - '0'; } if (c > 0377) { @@ -277,7 +265,7 @@ Index: Python-3.11.12/Objects/bytesobject.c } } *p++ = c; -@@ -1155,9 +1158,10 @@ +@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch break; default: @@ -291,7 +279,7 @@ Index: Python-3.11.12/Objects/bytesobject.c } *p++ = '\\'; s--; -@@ -1171,23 +1175,39 @@ +@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch return NULL; } @@ -339,7 +327,7 @@ Index: Python-3.11.12/Objects/bytesobject.c { Py_DECREF(result); return NULL; -@@ -1196,7 +1216,7 @@ +@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -348,11 +336,9 @@ Index: Python-3.11.12/Objects/bytesobject.c { Py_DECREF(result); return NULL; -Index: Python-3.11.12/Objects/unicodeobject.c -=================================================================== ---- Python-3.11.12.orig/Objects/unicodeobject.c 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Objects/unicodeobject.c 2025-05-27 16:13:11.523098541 +0200 -@@ -6301,20 +6301,23 @@ +--- a/Objects/unicodeobject.c ++++ b/Objects/unicodeobject.c +@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; PyObject * @@ -379,7 +365,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c if (size == 0) { if (consumed) { -@@ -6402,9 +6405,12 @@ +@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c } } if (ch > 0377) { @@ -395,7 +381,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c } } WRITE_CHAR(ch); -@@ -6503,9 +6509,12 @@ +@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c goto error; default: @@ -411,7 +397,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c } WRITE_ASCII_CHAR('\\'); WRITE_CHAR(c); -@@ -6544,24 +6553,42 @@ +@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c return NULL; } @@ -462,7 +448,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c { Py_DECREF(result); return NULL; -@@ -6570,7 +6597,7 @@ +@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -471,11 +457,9 @@ Index: Python-3.11.12/Objects/unicodeobject.c { Py_DECREF(result); return NULL; -Index: Python-3.11.12/Parser/string_parser.c -=================================================================== ---- Python-3.11.12.orig/Parser/string_parser.c 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Parser/string_parser.c 2025-05-27 16:13:11.524051710 +0200 -@@ -130,12 +130,15 @@ +--- a/Parser/string_parser.c ++++ b/Parser/string_parser.c +@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars len = p - buf; s = buf; @@ -496,7 +480,7 @@ Index: Python-3.11.12/Parser/string_parser.c inside u. */ Py_XDECREF(u); Py_DECREF(v); -@@ -149,14 +152,17 @@ +@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars static PyObject * decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) {