From df350a3d044c25210c4855454c89c91fa7ad26ea5edad111b9ae0c6f6242d024 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 15:29:36 +0000 Subject: [PATCH] fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=142 --- CVE-2025-4516-DecodeError-handler.patch | 49 +++++++++++-------------- 1 file changed, 22 insertions(+), 27 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 76ba793..aed8b8e 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -20,19 +20,19 @@ Co-authored-by: Serhiy Storchaka --- Include/cpython/bytesobject.h | 4 Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 41 ++++++ + Lib/test/test_codeccallbacks.py | 36 +++++ Lib/test/test_codecs.py | 52 ++++++-- Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 Objects/bytesobject.c | 54 +++++--- Objects/unicodeobject.c | 61 +++++++--- Parser/string_parser.c | 26 ++-- - 8 files changed, 196 insertions(+), 57 deletions(-) + 8 files changed, 191 insertions(+), 57 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst Index: Python-3.12.10/Include/cpython/bytesobject.h =================================================================== --- Python-3.12.10.orig/Include/cpython/bytesobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-27 16:36:01.607634555 +0200 ++++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-27 17:27:08.578524794 +0200 @@ -25,6 +25,10 @@ int use_bytearray); @@ -47,7 +47,7 @@ Index: Python-3.12.10/Include/cpython/bytesobject.h Index: Python-3.12.10/Include/cpython/unicodeobject.h =================================================================== --- Python-3.12.10.orig/Include/cpython/unicodeobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-27 16:36:01.608024960 +0200 ++++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-27 17:27:08.578940632 +0200 @@ -684,6 +684,19 @@ ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape @@ -70,8 +70,8 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Py_ssize_t length, /* size of string */ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:35:57.334719437 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 17:09:28.010622211 +0200 +--- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 17:27:04.334768069 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 17:29:17.508500659 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -89,7 +89,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,44 @@ +@@ -1159,6 +1160,39 @@ for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -114,30 +114,25 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ # The warning message for invalid escape sequences seems to have an extra layer of backslash escaping. -+ # It's likely due to how PyErr_WarnFormat handles the character after the initial backslash. -+ # '\\\\z' in the regex will match '\\z' in the actual string. -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\\\\\\\z'") ++ # The warning message for invalid escape sequences dynamically escapes the backslash. ++ # Using re.escape to handle the backslash and then formatting the character directly. ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '%s'" % re.escape(r'\z')) + check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\\\\\\\\z'") -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\\\\\\\\z'") -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\\\\\\\\z'") -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") + -+ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) + # issue32583 def test_crashing_decode_handler(self): # better generating one more character to fill the extra space slot Index: Python-3.12.10/Lib/test/test_codecs.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-27 16:35:57.358417139 +0200 -+++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-27 16:36:01.609174295 +0200 +--- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-27 17:27:04.357147552 +0200 ++++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-27 17:27:08.579902284 +0200 @@ -1196,23 +1196,39 @@ check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") @@ -232,14 +227,14 @@ Index: Python-3.12.10/Lib/test/test_codecs.py Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:36:01.609723469 +0200 ++++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 17:27:08.580640093 +0200 @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. Index: Python-3.12.10/Objects/bytesobject.c =================================================================== --- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 16:36:01.610066425 +0200 ++++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 17:27:08.581189399 +0200 @@ -1048,10 +1048,11 @@ } @@ -350,7 +345,7 @@ Index: Python-3.12.10/Objects/bytesobject.c Index: Python-3.12.10/Objects/unicodeobject.c =================================================================== --- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 16:36:01.610906297 +0200 ++++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 17:27:08.583127021 +0200 @@ -6046,13 +6046,15 @@ /* --- Unicode Escape Codec ----------------------------------------------- */ @@ -472,7 +467,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c Index: Python-3.12.10/Parser/string_parser.c =================================================================== --- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Parser/string_parser.c 2025-05-27 16:36:01.611776325 +0200 ++++ Python-3.12.10/Parser/string_parser.c 2025-05-27 17:27:08.584587553 +0200 @@ -181,15 +181,18 @@ len = p - buf; s = buf;