From b62969d52add462fc1b8b4bd1e0a3c4d53a39864 Mon Sep 17 00:00:00 2001
* gnu/packages/patches/python-3.8-CVE-2021-3177.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-3.8): Define with PACKAGE/INHERIT.
[replacement]: New field.
(python-3.8/fixed): New variable.
.../patches/python-3.8-CVE-2021-3177.patch | 194 ++++++++++++++++++
gnu/packages/python.scm | 11 +-
3 files changed, 205 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/python-3.8-CVE-2021-3177.patch
Toggle diff (244 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 5588cda2e1..26dbcb940f 100644
@@ -1526,6 +1526,7 @@ dist_patch_DATA = \
%D%/packages/patches/python-3-search-paths.patch \
%D%/packages/patches/python-3-fix-tests.patch \
%D%/packages/patches/python-3.8-fix-tests.patch \
+ %D%/packages/patches/python-3.8-CVE-2021-3177.patch \
%D%/packages/patches/python-3.9-fix-tests.patch \
%D%/packages/patches/python-3.9-CVE-2021-3177.patch \
%D%/packages/patches/python-CVE-2018-14647.patch \
diff --git a/gnu/packages/patches/python-3.8-CVE-2021-3177.patch b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch
index 0000000000..01f6b52865
+++ b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch
+Fix CVE-2021-3177 for Python 3.8:
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
+Patch copied from upstream source repository:
+https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f
+From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 18 Jan 2021 13:28:52 -0800
+Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24248)
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+Co-authored-by: Benjamin Peterson <benjamin@python.org>
+Co-authored-by: Benjamin Peterson <benjamin@python.org>
+ Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
+ .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
+ Modules/_ctypes/callproc.c | 51 +++++++------------
+ 3 files changed, 64 insertions(+), 32 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
+index e4c25fd880cef..531894fdec838 100644
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -201,6 +201,49 @@ def __dict__(self):
+ with self.assertRaises(ZeroDivisionError):
+ WorseStruct().__setstate__({}, b'foo')
++ def test_parameter_repr(self):
++ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
++ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
++ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
+ ################################################################
+ if __name__ == '__main__':
+#diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#index 0000000000000..7df65a156feab
+#+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+#+:class:`ctypes.c_longdouble` values.
+diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
+index a9b8675cd951b..de75918d49f37 100644
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
+ PyCArg_repr(PyCArgObject *self)
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.b);
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.h);
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.i);
+- sprintf(buffer, "<cparam '%c' (%ld)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
+ self->tag, self->value.l);
+- "<cparam '%c' (%I64d)>",
+- "<cparam '%c' (%lld)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
+ self->tag, self->value.q);
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.d);
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.f);
++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
++ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
+ if (is_literal_char((unsigned char)self->value.c)) {
+- sprintf(buffer, "<cparam '%c' ('%c')>",
++ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
+ self->tag, self->value.c);
+- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
++ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
+ self->tag, (unsigned char)self->value.c);
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+ Shouldn't they be replaced by the functionality of c_string
+@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
+- sprintf(buffer, "<cparam '%c' (%p)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
+ self->tag, self->value.p);
+ if (is_literal_char((unsigned char)self->tag)) {
+- sprintf(buffer, "<cparam '%c' at %p>",
++ return PyUnicode_FromFormat("<cparam '%c' at %p>",
+ (unsigned char)self->tag, (void *)self);
+- sprintf(buffer, "<cparam 0x%02x at %p>",
++ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
+ (unsigned char)self->tag, (void *)self);
+- return PyUnicode_FromString(buffer);
+ static PyMemberDef PyCArgType_members[] = {
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 730c371fda..fc28d0e3f8 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -362,8 +362,9 @@ data types.")
(properties `((superseded . ,python-2)))))
(define-public python-3.8
- (package (inherit python-2)
+ (package/inherit python-2
+ (replacement python-3.8/fixed)
@@ -521,6 +522,14 @@ data types.")
(version-major+minor version)
+(define python-3.8/fixed
+ (inherit (package-source python-3.8))
+ (patches (append (search-patches "python-3.8-CVE-2021-3177.patch")
+ (origin-patches (package-source python-3.8))))))))
(define-public python-3.9
(package (inherit python-3.8)