external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
| 175 ++++++++++
external/python3/UnpackedTarball_python3.mk
| 1
2 files changed, 176 insertions(+)
New commits:
commit 3144a3907f299d4f24d43633fee49ff78a106bfe
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Feb 17 12:24:08 2021 +0100
Commit: Vasily Melenchuk <vasily.melenc...@cib.de>
CommitDate: Wed Feb 17 19:46:39 2021 +0300
python3: add patch for CVE-2021-3177
Looks like Python 3.5 is EOL, so backport the patch.
Change-Id: I9ba397b3ed7e5f4ee4f78b144d822ce260ca9fb4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111059
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git
a/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
b/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
new file mode 100644
index 000000000000..fdcc5cb65267
--- /dev/null
+++
b/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
@@ -0,0 +1,175 @@
+From 34df10a9a16b38d54421eeeaf73ec89828563be7 Mon Sep 17 00:00:00 2001
+From: Benjamin Peterson <benja...@python.org>
+Date: Mon, 18 Jan 2021 15:11:46 -0600
+Subject: [PATCH] [3.6] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24250)
+
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+
+Co-authored-by: Benjamin Peterson <benja...@python.org>
+---
+ Lib/ctypes/test/test_parameters.py | 43 +++++++++++++++
+ .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
+ Modules/_ctypes/callproc.c | 55 +++++++------------
+ 3 files changed, 66 insertions(+), 34 deletions(-)
+ create mode 100644
Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+
+diff --git a/Lib/ctypes/test/test_parameters.py
b/Lib/ctypes/test/test_parameters.py
+index e4c25fd880..531894fdec 100644
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -201,6 +201,49 @@ def __dict__(self):
+ self.assertRaises(ArgumentError, func, 99)
+
+
++ def test_parameter_repr(self):
++ from ctypes import (
++ c_bool,
++ c_char,
++ c_wchar,
++ c_byte,
++ c_ubyte,
++ c_short,
++ c_ushort,
++ c_int,
++ c_uint,
++ c_long,
++ c_ulong,
++ c_longlong,
++ c_ulonglong,
++ c_float,
++ c_double,
++ c_longdouble,
++ c_char_p,
++ c_wchar_p,
++ c_void_p,
++ )
++ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at
0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
++ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at
0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
++ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'
\(20000\)>$")
++ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]'
\(20000\)>$")
++ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]'
\(20000\)>$")
++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]'
\(20000\)>$")
++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam
'[liq]' \(20000\)>$")
++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam
'[LIQ]' \(20000\)>$")
++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd'
(1e+300)>")
++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d'
\(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z'
\(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z'
\(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P'
\(0x0*12\)>$")
++
+ ################################################################
+
+ if __name__ == '__main__':
+diff --git
a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+new file mode 100644
+index 0000000000..7df65a156f
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+@@ -0,0 +1,2 @@
++Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
++:class:`ctypes.c_longdouble` values.
+diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
+index 70e416b950..9fcf95f543 100644
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -451,54 +451,43 @@ PyCArg_dealloc(PyCArgObject *self)
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+- char buffer[256];
+ switch(self->tag) {
+ case 'b':
+ case 'B':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.b);
+- break;
+ case 'h':
+ case 'H':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.h);
+- break;
+ case 'i':
+ case 'I':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.i);
+- break;
+ case 'l':
+ case 'L':
+- sprintf(buffer, "<cparam '%c' (%ld)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
+ self->tag, self->value.l);
+- break;
+
+ #ifdef HAVE_LONG_LONG
+ case 'q':
+ case 'Q':
+- sprintf(buffer,
+-#ifdef MS_WIN32
+- "<cparam '%c' (%I64d)>",
+-#else
+- "<cparam '%c' (%qd)>",
+-#endif
++ return PyUnicode_FromFormat("<cparam '%c' (%qd)>",
+ self->tag, self->value.q);
+- break;
+ #endif
+ case 'd':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.d);
+- break;
+- case 'f':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.f);
+- break;
+-
++ case 'f': {
++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f :
self->value.d);
++ if (f == NULL) {
++ return NULL;
++ }
++ { PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>",
self->tag, f);
++ Py_DECREF(f);
++ return result; }
++ }
+ case 'c':
+- sprintf(buffer, "<cparam '%c' (%c)>",
++ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
+ self->tag, self->value.c);
+- break;
+
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+ Shouldn't they be replaced by the functionality of c_string
+@@ -507,16 +495,14 @@ PyCArg_repr(PyCArgObject *self)
+ case 'z':
+ case 'Z':
+ case 'P':
+- sprintf(buffer, "<cparam '%c' (%p)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
+ self->tag, self->value.p);
+ break;
+
+ default:
+- sprintf(buffer, "<cparam '%c' at %p>",
+- self->tag, self);
+- break;
++ return PyUnicode_FromFormat("<cparam '%c' at %p>",
++ (unsigned char)self->tag, (void *)self);
+ }
+- return PyUnicode_FromString(buffer);
+ }
+
+ static PyMemberDef PyCArgType_members[] = {
+--
+2.29.2
+
diff --git a/external/python3/UnpackedTarball_python3.mk
b/external/python3/UnpackedTarball_python3.mk
index 29d417e57833..f231b5970eaf 100644
--- a/external/python3/UnpackedTarball_python3.mk
+++ b/external/python3/UnpackedTarball_python3.mk
@@ -27,6 +27,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\
external/python3/python-3.5.tweak.strip.soabi.patch \
external/python3/darwin.patch.0 \
external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
\
+
external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
\
))
ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),)
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
