forked from pool/python-nltk
Accepting request 1189727 from devel:languages:python
- Add CVE-2024-39705.patch upstream patch to fix unsafe pickle usage. (CVE-2024-39705, gh#nltk/nltk#3266, bsc#1227174). - Drop CVE-2024-39705-disable-download.patch as it's not needed anymore. OBS-URL: https://build.opensuse.org/request/show/1189727 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-nltk?expand=0&rev=17
This commit is contained in:
commit
39ddb1bbb2
@ -1,104 +0,0 @@
|
||||
---
|
||||
nltk/app/chartparser_app.py | 13 +++++++++++++
|
||||
nltk/corpus/reader/util.py | 2 ++
|
||||
nltk/data.py | 2 ++
|
||||
nltk/parse/transitionparser.py | 2 ++
|
||||
nltk/tbl/demo.py | 4 +++-
|
||||
5 files changed, 22 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/nltk/app/chartparser_app.py
|
||||
+++ b/nltk/app/chartparser_app.py
|
||||
@@ -800,6 +800,10 @@ class ChartComparer:
|
||||
showerror("Error Saving Chart", f"Unable to open file: {filename!r}\n{e}")
|
||||
|
||||
def load_chart_dialog(self, *args):
|
||||
+ showerror("Security Error",
|
||||
+ "Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
+ return
|
||||
filename = askopenfilename(
|
||||
filetypes=self.CHART_FILE_TYPES, defaultextension=".pickle"
|
||||
)
|
||||
@@ -811,6 +815,8 @@ class ChartComparer:
|
||||
showerror("Error Loading Chart", f"Unable to open file: {filename!r}\n{e}")
|
||||
|
||||
def load_chart(self, filename):
|
||||
+ raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
with open(filename, "rb") as infile:
|
||||
chart = pickle.load(infile)
|
||||
name = os.path.basename(filename)
|
||||
@@ -2268,6 +2274,10 @@ class ChartParserApp:
|
||||
if not filename:
|
||||
return
|
||||
try:
|
||||
+ showerror("Security Error",
|
||||
+ "Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
+ return
|
||||
with open(filename, "rb") as infile:
|
||||
chart = pickle.load(infile)
|
||||
self._chart = chart
|
||||
@@ -2306,6 +2316,9 @@ class ChartParserApp:
|
||||
return
|
||||
try:
|
||||
if filename.endswith(".pickle"):
|
||||
+ showerror("Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
+ return
|
||||
with open(filename, "rb") as infile:
|
||||
grammar = pickle.load(infile)
|
||||
else:
|
||||
--- a/nltk/corpus/reader/util.py
|
||||
+++ b/nltk/corpus/reader/util.py
|
||||
@@ -521,6 +521,8 @@ class PickleCorpusView(StreamBackedCorpu
|
||||
|
||||
def read_block(self, stream):
|
||||
result = []
|
||||
+ raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
for i in range(self.BLOCK_SIZE):
|
||||
try:
|
||||
result.append(pickle.load(stream))
|
||||
--- a/nltk/data.py
|
||||
+++ b/nltk/data.py
|
||||
@@ -752,6 +752,8 @@ def load(
|
||||
if format == "raw":
|
||||
resource_val = opened_resource.read()
|
||||
elif format == "pickle":
|
||||
+ raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
resource_val = pickle.load(opened_resource)
|
||||
elif format == "json":
|
||||
import json
|
||||
--- a/nltk/parse/transitionparser.py
|
||||
+++ b/nltk/parse/transitionparser.py
|
||||
@@ -553,6 +553,8 @@ class TransitionParser(ParserI):
|
||||
"""
|
||||
result = []
|
||||
# First load the model
|
||||
+ raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
model = pickle.load(open(modelFile, "rb"))
|
||||
operation = Transition(self._algorithm)
|
||||
|
||||
--- a/nltk/tbl/demo.py
|
||||
+++ b/nltk/tbl/demo.py
|
||||
@@ -253,6 +253,8 @@ def postag(
|
||||
)
|
||||
)
|
||||
with open(cache_baseline_tagger) as print_rules:
|
||||
+ raise RuntimeError("Due to gh#nltk/nltk#3266, deserializing from " +
|
||||
+ "a pickle is forbidden.")
|
||||
baseline_tagger = pickle.load(print_rules)
|
||||
print(f"Reloaded pickled tagger from {cache_baseline_tagger}")
|
||||
else:
|
||||
@@ -327,7 +329,7 @@ def postag(
|
||||
with open(serialize_output) as print_rules:
|
||||
brill_tagger_reloaded = pickle.load(print_rules)
|
||||
print(f"Reloaded pickled tagger from {serialize_output}")
|
||||
- taggedtest_reloaded = brill_tagger.tag_sents(testing_data)
|
||||
+ taggedtest_reloaded = brill_tagger_reloaded.tag_sents(testing_data)
|
||||
if taggedtest == taggedtest_reloaded:
|
||||
print("Reloaded tagger tried on test set, results identical")
|
||||
else:
|
38
CVE-2024-39705.patch
Normal file
38
CVE-2024-39705.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From a12d0a6a8cdba58d5e4e5f92ac62bb80fc26c624 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Kafe <kafe.eric@gmail.com>
|
||||
Date: Tue, 23 Jul 2024 09:09:09 +0200
|
||||
Subject: [PATCH] Prevent data.load from unpickling classes or functions
|
||||
|
||||
---
|
||||
nltk/data.py | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/nltk/data.py b/nltk/data.py
|
||||
index cc9229b0a2..fb242721c5 100644
|
||||
--- a/nltk/data.py
|
||||
+++ b/nltk/data.py
|
||||
@@ -658,6 +658,15 @@ def retrieve(resource_url, filename=None, verbose=True):
|
||||
}
|
||||
|
||||
|
||||
+def restricted_pickle_load(string):
|
||||
+ """
|
||||
+ Prevents any class or function from loading.
|
||||
+ """
|
||||
+ from nltk.app.wordnet_app import RestrictedUnpickler
|
||||
+
|
||||
+ return RestrictedUnpickler(BytesIO(string)).load()
|
||||
+
|
||||
+
|
||||
def load(
|
||||
resource_url,
|
||||
format="auto",
|
||||
@@ -751,7 +760,7 @@ def load(
|
||||
if format == "raw":
|
||||
resource_val = opened_resource.read()
|
||||
elif format == "pickle":
|
||||
- resource_val = pickle.load(opened_resource)
|
||||
+ resource_val = restricted_pickle_load(opened_resource.read())
|
||||
elif format == "json":
|
||||
import json
|
||||
|
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 26 07:14:33 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
- Add CVE-2024-39705.patch upstream patch to fix unsafe pickle usage.
|
||||
(CVE-2024-39705, gh#nltk/nltk#3266, bsc#1227174).
|
||||
- Drop CVE-2024-39705-disable-download.patch as it's not needed
|
||||
anymore.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 1 21:02:45 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
|
@ -63,9 +63,8 @@ Source99: python-nltk.rpmlintrc
|
||||
Patch0: skip-networked-test.patch
|
||||
# PATCH-FIX-UPSTREAM nltk-pr3207-py312.patch gh#nltk/nltk#3207
|
||||
Patch1: nltk-pr3207-py312.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2024-39705-disable-download.patch bsc#1227174 mcepl@suse.com
|
||||
# this patch makes things totally awesome
|
||||
Patch2: CVE-2024-39705-disable-download.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2024-39705.patch bsc#1227174 gh#nltk/nltk#3290
|
||||
Patch2: CVE-2024-39705.patch
|
||||
BuildRequires: %{python_module base >= 3.7}
|
||||
BuildRequires: %{python_module pip}
|
||||
BuildRequires: %{python_module setuptools}
|
||||
|
Loading…
Reference in New Issue
Block a user