rpm/python38
SHA256
1
0
Fork 0
forked from pool/python38
Code Pull Requests Activity

- Update to 3.8.8:

Browse Source 
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
    the repr of ctypes.c_double and ctypes.c_longdouble
    values. This issue was assigned CVE-2021-3177.
  - bpo#42967 (bso#1182379): Fix web cache poisoning
    vulnerability by defaulting the query args separator to &,
    and allowing the user to choose a custom separator. This
    issue was assigned CVE-2021-23336.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=53
This commit is contained in:
Matej Cepl 2021-02-19 16:53:23 +00:00 committed by Git OBS Bridge
parent 93edfc4871
commit c36a6fcb46
9 changed files with 34 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
View File

@ -1,176 +0,0 @@
From 34df10a9a16b38d54421eeeaf73ec89828563be7 Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@python.org>
Date: Mon, 18 Jan 2021 15:11:46 -0600
Subject: [PATCH] [3.6] closes bpo-42938: Replace snprintf with Python unicode
formatting in ctypes param reprs. (GH-24250)
(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
---
Lib/ctypes/test/test_parameters.py | 43 +++++++++++++++
.../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
Modules/_ctypes/callproc.c | 55 +++++++------------
3 files changed, 66 insertions(+), 34 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
--- a/Lib/ctypes/test/test_parameters.py
+++ b/Lib/ctypes/test/test_parameters.py
@@ -201,6 +201,49 @@ class SimpleTypesTestCase(unittest.TestC
with self.assertRaises(ZeroDivisionError):
WorseStruct().__setstate__({}, b'foo')
+ def test_parameter_repr(self):
+ from ctypes import (
+ c_bool,
+ c_char,
+ c_wchar,
+ c_byte,
+ c_ubyte,
+ c_short,
+ c_ushort,
+ c_int,
+ c_uint,
+ c_long,
+ c_ulong,
+ c_longlong,
+ c_ulonglong,
+ c_float,
+ c_double,
+ c_longdouble,
+ c_char_p,
+ c_wchar_p,
+ c_void_p,
+ )
+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
+
################################################################
if __name__ == '__main__':
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
@@ -0,0 +1,2 @@
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+:class:`ctypes.c_longdouble` values.
--- a/Modules/_ctypes/callproc.c
+++ b/Modules/_ctypes/callproc.c
@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
static PyObject *
PyCArg_repr(PyCArgObject *self)
{
- char buffer[256];
switch(self->tag) {
case 'b':
case 'B':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.b);
- break;
case 'h':
case 'H':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.h);
- break;
case 'i':
case 'I':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.i);
- break;
case 'l':
case 'L':
- sprintf(buffer, "<cparam '%c' (%ld)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
self->tag, self->value.l);
- break;
case 'q':
case 'Q':
- sprintf(buffer,
-#ifdef MS_WIN32
- "<cparam '%c' (%I64d)>",
-#else
- "<cparam '%c' (%lld)>",
-#endif
+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
self->tag, self->value.q);
- break;
case 'd':
- sprintf(buffer, "<cparam '%c' (%f)>",
- self->tag, self->value.d);
- break;
- case 'f':
- sprintf(buffer, "<cparam '%c' (%f)>",
- self->tag, self->value.f);
- break;
-
+ case 'f': {
+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
+ if (f == NULL) {
+ return NULL;
+ }
+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
+ Py_DECREF(f);
+ return result;
+ }
case 'c':
if (is_literal_char((unsigned char)self->value.c)) {
- sprintf(buffer, "<cparam '%c' ('%c')>",
+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
self->tag, self->value.c);
}
else {
- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
self->tag, (unsigned char)self->value.c);
}
- break;
/* Hm, are these 'z' and 'Z' codes useful at all?
Shouldn't they be replaced by the functionality of c_string
@@ -544,22 +533,19 @@ PyCArg_repr(PyCArgObject *self)
case 'z':
case 'Z':
case 'P':
- sprintf(buffer, "<cparam '%c' (%p)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
self->tag, self->value.p);
- break;
default:
if (is_literal_char((unsigned char)self->tag)) {
- sprintf(buffer, "<cparam '%c' at %p>",
+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
(unsigned char)self->tag, (void *)self);
}
else {
- sprintf(buffer, "<cparam 0x%02x at %p>",
+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
(unsigned char)self->tag, (void *)self);
}
- break;
}
- return PyUnicode_FromString(buffer);
}
static PyMemberDef PyCArgType_members[] = {

3
Python-3.8.7.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ddcc1df16bb5b87aa42ec5d20a5b902f2d088caa269b28e01590f97a798ec50a
size 18261096

16
Python-3.8.7.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAl/g2ZIACgkQsmmV4xAl
BWigoA//XACPIIS3b3qikD2t1CAmaNhkZQLUznmuvpiQolx+yHl0XEENjb9i2ZJ5
lPWwJUgea3C6qnXzBrGhrDrO/mg4ICXiQWNOF2BHDfe8OSPdMyE4DFJ/yWoElGBU
x1KylvgnJGP5DCTjCaR75kODprEWzePz2Pks3Wc4dFFchDoGHNgvdh0abj5NTdU8
RQzBBYfIrgBEWvacXzGdgtdg/PuSMWKHYq1054P+Bpa3an0yQongzeuhqtsEKurM
3ZTbo1/hJZsucgNfTFBf3SamLik16yZ4wgNulnIqENnOJ0BU20GT9FVSOp+W+0XG
Okt0S2sSuBxI+jf5kjNfnuh7Ew34/7VA/VlB6ASqCmtRt0MckEjzP8aGW3Ssb+yQ
Vdjh8sCQD+eDS6QbCs3h2G2AuStYo28UX52OrLqZRUAHQ0M/pKJs+/H0WAeb8MhV
MqWeuXyv60OYBnoTEE1i7g+FRsedpLvHdgtUy8EPa3715hIXIK+0oG73cUd1w+ba
RmxcxQMlnSqrnpdI9EAfQ0xobdcvewNP9RZsIKdLFlvk5qBb28bI2bCIFT3tq9i5
dDCN2XAHFvQb/JTYIJddBuGe2tf4z0e9VgOo3QZfpA0A07l94dmx7e89xORg2S21
HVWobZGyfCpOJ5GGzjhuQF+07AAv+cZMd8zHnhHsHzpTrCk0SyY=
=GtoI
-----END PGP SIGNATURE-----

3
Python-3.8.8.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7c664249ff77e443d6ea0e4cf0e587eae918ca3c48d081d1915fe2a1f1bcc5cc
size 18271736

16
Python-3.8.8.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmAvnWsACgkQsmmV4xAl
BWg3AxAAgyphcmlW0p0WgLASBlOIXy/vOLqihJp8v1PDQaAnWA1FdEagfoqcQXTH
LDf3Dt5snlzOu2z5LKFlWgDmCtImLbpkRBeTIDaUGJNCXPY0EgjodEBL09KfJJTl
cUtb8mmJQHxAq9IBRGBc55XO7PY8VAxc+8yMl6dzGmPStVps7zKRqhUmH33u3asV
HKhT1ENlNe4ZYs4j9wbZjZynam6OVKQ75S9wA9KE9WHMsAYs9DVWO8tGXPxRBZuA
d5Y3lx164kyz2UMju5LvlsCSdKNLQq2/Tdz1h+Lnc1yepqyq43Kt4rhyDZ6Su3LX
D3fdyHBMjL3eXj3rPwYMzFTy05y9cTN8OODv16Yd/8WhiadiyDrlF5Vwgr8pGk15
gpfiwuOyGkTfbl4HLUwM/7gb/ca/W2XTJXz+Izb+AhOFsdtNQ9F35zawvmlxGC/J
WjyordAlC0Lnjgtf/hI9oIVy0f/927hfY3KNDglYVNbrwtoREjcEBMWeEoUuYK73
LfFZms6ujvaPfTri1ygDcv+m8l6wJTOPysb7jtBWVyZr9D/Xl7PuRMvI0mflOvCq
IdFsoMm+7OKicgUjfBVkggFp7kf+Vv7nFV2WLHtJHphoSZ710Yn7ie1E0gO1pRyV
MsHbYiEu5uAVfEX/aXCjUZbgkrEchO6+4FHZy5MXsxO1gUX+ubI=
=KNuF
-----END PGP SIGNATURE-----

75
bsc1167501-invalid-alignment.patch
View File

@ -1,75 +0,0 @@
From e6f4de57ffd175870e513ffa387fa6e7eaaeaed2 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Tue, 24 Mar 2020 07:55:00 +0100
Subject: [PATCH] bpo-40052: Fix alignment issue in PyVectorcall_Function()
In file included from /usr/include/python3.8/Python.h:147:
In file included from /usr/include/python3.8/abstract.h:837:
/usr/include/python3.8/cpython/abstract.h:91:11: error: cast from 'char *' to 'vectorcallfunc *'
(aka 'struct _object *(**)(struct _object *, struct _object *const *, unsigned long, struct _object *)')
increases required alignment from 1 to 8 [-Werror,-Wcast-align]
ptr = (vectorcallfunc*)(((char *)callable) + offset);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
Include/cpython/abstract.h | 9 ++++++---
.../next/C API/2020-03-24-09-27-10.bpo-40052.27P2KG.rst | 1 +
Objects/call.c | 7 ++++++-
3 files changed, 13 insertions(+), 4 deletions(-)
create mode 100644 Misc/NEWS.d/next/C API/2020-03-24-09-27-10.bpo-40052.27P2KG.rst
--- a/Include/cpython/abstract.h
+++ b/Include/cpython/abstract.h
@@ -82,14 +82,17 @@ _PyVectorcall_Function(PyObject *callabl
{
PyTypeObject *tp = Py_TYPE(callable);
Py_ssize_t offset = tp->tp_vectorcall_offset;
- vectorcallfunc *ptr;
+ union {
+ char *data;
+ vectorcallfunc *ptr;
+ } vc;
if (!PyType_HasFeature(tp, _Py_TPFLAGS_HAVE_VECTORCALL)) {
return NULL;
}
assert(PyCallable_Check(callable));
assert(offset > 0);
- ptr = (vectorcallfunc*)(((char *)callable) + offset);
- return *ptr;
+ vc.data = (char *)callable + offset;
+ return *vc.ptr;
}
/* Call the callable object 'callable' with the "vectorcall" calling
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2020-03-24-09-27-10.bpo-40052.27P2KG.rst
@@ -0,0 +1 @@
+Fix an alignment build warning/error in function ``PyVectorcall_Function()`` publicly exposed by ``abstract.h``.
\ No newline at end of file
--- a/Objects/call.c
+++ b/Objects/call.c
@@ -173,6 +173,11 @@ _PyObject_MakeTpCall(PyObject *callable,
PyObject *
PyVectorcall_Call(PyObject *callable, PyObject *tuple, PyObject *kwargs)
{
+ union {
+ char *data;
+ vectorcallfunc *ptr;
+ } vc;
+
/* get vectorcallfunc as in _PyVectorcall_Function, but without
* the _Py_TPFLAGS_HAVE_VECTORCALL check */
Py_ssize_t offset = Py_TYPE(callable)->tp_vectorcall_offset;
@@ -181,7 +186,8 @@ PyVectorcall_Call(PyObject *callable, Py
Py_TYPE(callable)->tp_name);
return NULL;
}
- vectorcallfunc func = *(vectorcallfunc *)(((char *)callable) + offset);
+ vc.data = (char *)callable + offset;
+ vectorcallfunc func = *vc.ptr;
if (func == NULL) {
PyErr_Format(PyExc_TypeError, "'%.200s' object does not support vectorcall",
Py_TYPE(callable)->tp_name);

12
python38.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Fri Feb 19 16:40:59 UTC 2021 - Matej Cepl <mcepl@suse.com>
- Update to 3.8.8:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bso#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
-------------------------------------------------------------------
Tue Feb 9 01:37:01 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>

12
python38.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package python38
# spec file for package python38-core
#
# Copyright (c) 2021 SUSE LLC
#
@ -87,7 +87,7 @@
%bcond_without profileopt
%endif
Name: %{python_pkg_name}%{psuffix}
Version: 3.8.7
Version: 3.8.8
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@ -149,14 +149,8 @@ Patch28: bpo36302-sort-module-sources.patch
# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com
# ensurepip should honour the value of $(prefix)
Patch29: bpo-31046_ensurepip_honours_prefix.patch
# PATCH-FIX-UPSTREAM bsc1167501-invalid-alignment.patch gh#python/cpython#19133 mcepl@suse.com
# Fix wrong misalignment of pointer to vectorcallfunc
Patch31: bsc1167501-invalid-alignment.patch
# PATCH-FIX-UPSTREAM stop calling removed Sphinx function gh#python/cpython#13236
Patch32: sphinx-update-removed-function.patch
# PATCH-FIX-UPSTREAM CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126 mcepl@suse.com
# buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution
Patch33: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: gmp-devel
@ -412,9 +406,7 @@ other applications.
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac

2
subprocess-raise-timeout.patch
View File

@ -1,6 +1,6 @@
--- a/Lib/test/test_subprocess.py
+++ b/Lib/test/test_subprocess.py
@@ -1125,7 +1125,8 @@ class ProcessTestCase(BaseTestCase):
@@ -1147,7 +1147,8 @@ class ProcessTestCase(BaseTestCase):
self.assertIn("0.0001", str(c.exception)) # For coverage of __str__.
# Some heavily loaded buildbots (sparc Debian 3.x) require this much
# time to start.