Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 46631) by debbugs.gnu.org; 22 Feb 2021 08:08:25 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 03:08:24 2021 Received: from localhost ([127.0.0.1]:55490 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lE6GW-0001Re-M3 for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 03:08:24 -0500 Received: from eggs.gnu.org ([209.51.188.92]:57070) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1lE6GU-0001RR-PN for 46631 <at> debbugs.gnu.org; Mon, 22 Feb 2021 03:08:23 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50104) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1lE6GP-0006Wt-Gv; Mon, 22 Feb 2021 03:08:17 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=41006 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1lE6GP-00066y-0a; Mon, 22 Feb 2021 03:08:17 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Leo Famulari <leo@HIDDEN> Subject: Re: bug#46631: Python CVE-2021-3177 References: <YDBF+l7hL3IzP185@HIDDEN> <YDBIhd+7XE90GNre@HIDDEN> <YDBMpqCk3DBJXvfU@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 4 =?utf-8?Q?Vent=C3=B4se?= an 229 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 22 Feb 2021 09:08:14 +0100 In-Reply-To: <YDBMpqCk3DBJXvfU@HIDDEN> (Leo Famulari's message of "Fri, 19 Feb 2021 18:41:26 -0500") Message-ID: <87pn0sfrtd.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46631 Cc: 46631 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hi Leo, Leo Famulari <leo@HIDDEN> skribis: > From b62969d52add462fc1b8b4bd1e0a3c4d53a39864 Mon Sep 17 00:00:00 2001 > From: Leo Famulari <leo@HIDDEN> > Date: Fri, 19 Feb 2021 18:09:57 -0500 > Subject: [PATCH] gnu: Python: Fix CVE-2021-3177. > > * gnu/packages/patches/python-3.8-CVE-2021-3177.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/python.scm (python-3.8): Define with PACKAGE/INHERIT. > [replacement]: New field. > (python-3.8/fixed): New variable. [...] > (define-public python-3.8 > - (package (inherit python-2) > + (package/inherit python-2 > (name "python") > + (replacement python-3.8/fixed) You can keep (inherit =E2=80=A6) because the effect of =E2=80=98package/inh= erit=E2=80=99 is just to preserve replacements, which is unnecessary here. Apart from that, the Guix side of things LGTM. Thanks for working on it! Ludo=E2=80=99.
bug-guix@HIDDEN:bug#46631; Package guix.
Full text available.
Received: (at 46631) by debbugs.gnu.org; 19 Feb 2021 23:41:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 19 18:41:42 2021
Received: from localhost ([127.0.0.1]:50632 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lDFOy-0001m3-Lx
for submit <at> debbugs.gnu.org; Fri, 19 Feb 2021 18:41:42 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:37625)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <leo@HIDDEN>) id 1lDFOw-0001lp-EM
for 46631 <at> debbugs.gnu.org; Fri, 19 Feb 2021 18:41:35 -0500
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
by mailout.nyi.internal (Postfix) with ESMTP id 0BA675C005E;
Fri, 19 Feb 2021 18:41:29 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
by compute3.internal (MEProxy); Fri, 19 Feb 2021 18:41:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
h=date:from:to:subject:message-id:references:mime-version
:content-type:in-reply-to; s=mesmtp; bh=/73evAj00i/oHlXzI1P7Cdgg
99jAplp67XijBF3Elb8=; b=SOa2UxcrbpJJHcqjGiNpNBrR0V3yel4M3YAAqSy0
q+mvut6U+TEZG0LVgXmX1J0lO69oynj2j4RH1UrTVypB05FkRYNWQ2doR2bOy4Js
iJoo4B3an7qbn7AgCccYKo9kOrZbMS8xIxi9kLdzw0V/IM8GmcWLl/o4htSnReJp
VkM=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=/73evA
j00i/oHlXzI1P7Cdgg99jAplp67XijBF3Elb8=; b=Tegm5gloPcQHFRNIY4kemP
kDBUvXjxkeD/YW9+3cxbn+64tStlqiMe9du2OOdhbXJ7gmPsc6HX3bbdPpOFF7Kl
/ob/gT31RIqs43cmVywSLIYabzH+kJ8nWT+bywoI9k6hSF6WlTEtgnyGOfaaHuEg
yfeISTMXOqESfuidmybfa7nNEljnw6Q3BpcIEbjBRT+uatwr/jpM2Tv0Byc1R3+M
xEeZFtXju9eOBKRk+jOu9U9lZI3CimKRITBkS6Bf2AVm3Hgvffa9zdS+tWSQKbSd
A9J5yBQJf3GsxYHByDSMmV+1NC+d3H38qqqC3nHy1b/2+wfvtQLsGIpio5GQrOHQ
==
X-ME-Sender: <xms:qEwwYCRjImq0z-5kjNhC6UVQHkG92lQL3xWgIz9D2OmvbKEZ_oa2EA>
<xme:qEwwYHyq3PpB7rUKgiD1k1OEoKp07sdtowhsle39rH2S1gn-qHHn4jrKMlOE54hec
1TeHClB9c421MlUyg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrjeejgdduvdcutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtderre
dttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghr
ihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedukeevgeetkeeltefgiedtjefgjeekff
duteehvdfhueekudelieekjeefheffteenucfkphepieelrdduvddtrdelvddrvddtkeen
ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghose
hfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:qEwwYP1W0Lps2AGZJdAXPhGRl73JOUnrZkKoxpo45_mFf5uhteYQNQ>
<xmx:qEwwYODD-5QFN219NLrEds11a4QcmhxnwOB6fvhx0zWxKgc-jXugZw>
<xmx:qEwwYLhq8a_ys07oS-OynaLPvVgq1PtMMGrouRluvI3ks2n7Hzm0Og>
<xmx:qUwwYGuOhkYuF2iUYHuP-LLPfQRuGgNX6K7FrJo_NAZJlIruAzK2UA>
Received: from localhost (ool-45785cd0.dyn.optonline.net [69.120.92.208])
by mail.messagingengine.com (Postfix) with ESMTPA id 3CB2C108005C
for <46631 <at> debbugs.gnu.org>; Fri, 19 Feb 2021 18:41:28 -0500 (EST)
Date: Fri, 19 Feb 2021 18:41:26 -0500
From: Leo Famulari <leo@HIDDEN>
To: 46631 <at> debbugs.gnu.org
Subject: Re: Python CVE-2021-3177
Message-ID: <YDBMpqCk3DBJXvfU@HIDDEN>
References: <YDBF+l7hL3IzP185@HIDDEN>
<YDBIhd+7XE90GNre@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="FYqowmleijQ73pwK"
Content-Disposition: inline
In-Reply-To: <YDBIhd+7XE90GNre@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46631
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--FYqowmleijQ73pwK
Content-Type: multipart/mixed; boundary="3NoRtp2S5MlcyUaO"
Content-Disposition: inline
--3NoRtp2S5MlcyUaO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Fri, Feb 19, 2021 at 06:23:49PM -0500, Leo Famulari wrote:
> More weirdness: When I apply the patch to the python-3.8 package (that
> is, without setting up a grafted replacement), it works. So I am
> definitely doing something wrong here.
Here is a new patch that I'm currently building. I think I had composed
the package inheritance incorrectly in my previous patch.
--3NoRtp2S5MlcyUaO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment;
filename="0001-gnu-Python-Fix-CVE-2021-3177.patch"
Content-Transfer-Encoding: quoted-printable
=46rom b62969d52add462fc1b8b4bd1e0a3c4d53a39864 Mon Sep 17 00:00:00 2001
=46rom: Leo Famulari <leo@HIDDEN>
Date: Fri, 19 Feb 2021 18:09:57 -0500
Subject: [PATCH] gnu: Python: Fix CVE-2021-3177.
* gnu/packages/patches/python-3.8-CVE-2021-3177.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-3.8): Define with PACKAGE/INHERIT.
[replacement]: New field.
(python-3.8/fixed): New variable.
---
gnu/local.mk | 1 +
.../patches/python-3.8-CVE-2021-3177.patch | 194 ++++++++++++++++++
gnu/packages/python.scm | 11 +-
3 files changed, 205 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/python-3.8-CVE-2021-3177.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 5588cda2e1..26dbcb940f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1526,6 +1526,7 @@ dist_patch_DATA =3D \
%D%/packages/patches/python-3-search-paths.patch \
%D%/packages/patches/python-3-fix-tests.patch \
%D%/packages/patches/python-3.8-fix-tests.patch \
+ %D%/packages/patches/python-3.8-CVE-2021-3177.patch \
%D%/packages/patches/python-3.9-fix-tests.patch \
%D%/packages/patches/python-3.9-CVE-2021-3177.patch \
%D%/packages/patches/python-CVE-2018-14647.patch \
diff --git a/gnu/packages/patches/python-3.8-CVE-2021-3177.patch b/gnu/pack=
ages/patches/python-3.8-CVE-2021-3177.patch
new file mode 100644
index 0000000000..01f6b52865
--- /dev/null
+++ b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch
@@ -0,0 +1,194 @@
+Fix CVE-2021-3177 for Python 3.8:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2021-3177
+
+Patch copied from upstream source repository:
+
+https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b=
7aa5b5f
+
+From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@HIDDEN>
+Date: Mon, 18 Jan 2021 13:28:52 -0800
+Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24248)
+
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+
+Co-authored-by: Benjamin Peterson <benjamin@HIDDEN>
+
+Co-authored-by: Benjamin Peterson <benjamin@HIDDEN>
+---
+ Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
+ .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
+ Modules/_ctypes/callproc.c | 51 +++++++------------
+ 3 files changed, 64 insertions(+), 32 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-4293=
8.4Zn4Mp.rst
+
+diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_par=
ameters.py
+index e4c25fd880cef..531894fdec838 100644
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -201,6 +201,49 @@ def __dict__(self):
+ with self.assertRaises(ZeroDivisionError):
+ WorseStruct().__setstate__({}, b'foo')
+=20
++ def test_parameter_repr(self):
++ from ctypes import (
++ c_bool,
++ c_char,
++ c_wchar,
++ c_byte,
++ c_ubyte,
++ c_short,
++ c_ushort,
++ c_int,
++ c_uint,
++ c_long,
++ c_ulong,
++ c_longlong,
++ c_ulonglong,
++ c_float,
++ c_double,
++ c_longdouble,
++ c_char_p,
++ c_wchar_p,
++ c_void_p,
++ )
++ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' a=
t 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>=
")
++ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at=
0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>=
")
++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511=
)>")
++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (51=
1)>")
++ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'=
\(20000\)>$")
++ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]=
' \(20000\)>$")
++ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]=
' \(20000\)>$")
++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI=
]' \(20000\)>$")
++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '=
[liq]' \(20000\)>$")
++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam =
'[LIQ]' \(20000\)>$")
++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5=
)>")
++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.=
5)>")
++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (=
1e+300)>")
++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam (=
'd' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z=
' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z=
' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' =
\(0x0*12\)>$")
++
+ ################################################################
+=20
+ if __name__ =3D=3D '__main__':
+#diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4=
Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#new file mode 100644
+#index 0000000000000..7df65a156feab
+#--- /dev/null
+#+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#@@ -0,0 +1,2 @@
+#+Avoid static buffers when computing the repr of :class:`ctypes.c_double`=
and
+#+:class:`ctypes.c_longdouble` values.
+diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
+index a9b8675cd951b..de75918d49f37 100644
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+- char buffer[256];
+ switch(self->tag) {
+ case 'b':
+ case 'B':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.b);
+- break;
+ case 'h':
+ case 'H':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.h);
+- break;
+ case 'i':
+ case 'I':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.i);
+- break;
+ case 'l':
+ case 'L':
+- sprintf(buffer, "<cparam '%c' (%ld)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
+ self->tag, self->value.l);
+- break;
+=20
+ case 'q':
+ case 'Q':
+- sprintf(buffer,
+-#ifdef MS_WIN32
+- "<cparam '%c' (%I64d)>",
+-#else
+- "<cparam '%c' (%lld)>",
+-#endif
++ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
+ self->tag, self->value.q);
+- break;
+ case 'd':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.d);
+- break;
+- case 'f':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.f);
+- break;
+-
++ case 'f': {
++ PyObject *f =3D PyFloat_FromDouble((self->tag =3D=3D 'f') ? self-=
>value.f : self->value.d);
++ if (f =3D=3D NULL) {
++ return NULL;
++ }
++ PyObject *result =3D PyUnicode_FromFormat("<cparam '%c' (%R)>", s=
elf->tag, f);
++ Py_DECREF(f);
++ return result;
++ }
+ case 'c':
+ if (is_literal_char((unsigned char)self->value.c)) {
+- sprintf(buffer, "<cparam '%c' ('%c')>",
++ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
+ self->tag, self->value.c);
+ }
+ else {
+- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
++ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
+ self->tag, (unsigned char)self->value.c);
+ }
+- break;
+=20
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+ Shouldn't they be replaced by the functionality of c_string
+@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
+ case 'z':
+ case 'Z':
+ case 'P':
+- sprintf(buffer, "<cparam '%c' (%p)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
+ self->tag, self->value.p);
+ break;
+=20
+ default:
+ if (is_literal_char((unsigned char)self->tag)) {
+- sprintf(buffer, "<cparam '%c' at %p>",
++ return PyUnicode_FromFormat("<cparam '%c' at %p>",
+ (unsigned char)self->tag, (void *)self);
+ }
+ else {
+- sprintf(buffer, "<cparam 0x%02x at %p>",
++ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
+ (unsigned char)self->tag, (void *)self);
+ }
+- break;
+ }
+- return PyUnicode_FromString(buffer);
+ }
+=20
+ static PyMemberDef PyCArgType_members[] =3D {
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 730c371fda..fc28d0e3f8 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -362,8 +362,9 @@ data types.")
(properties `((superseded . ,python-2)))))
=20
(define-public python-3.8
- (package (inherit python-2)
+ (package/inherit python-2
(name "python")
+ (replacement python-3.8/fixed)
(version "3.8.2")
(source (origin
(method url-fetch)
@@ -521,6 +522,14 @@ data types.")
(version-major+minor version)
"/site-packages"))))))))
=20
+(define python-3.8/fixed
+ (package
+ (inherit python-3.8)
+ (source (origin
+ (inherit (package-source python-3.8))
+ (patches (append (search-patches "python-3.8-CVE-2021-3177.p=
atch")
+ (origin-patches (package-source python-3.8)=
)))))))
+
(define-public python-3.9
(package (inherit python-3.8)
(name "python-next")
--=20
2.30.1
--3NoRtp2S5MlcyUaO--
--FYqowmleijQ73pwK
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmAwTKYACgkQJkb6MLrK
fwimUhAAlX8e0kgBeeWDRR0Sqyq5lLQx3nzQnZf48cIYb6VMgGa3J9jFE+JtlY/N
yaJBJ0OtVd0yct9g5CQCjcjIdbW0MP4nqHNo/Qn0H8fNxehZvw7SZkUEiK90ZIE0
ZKIS2cSY8XtJUirPiQFLMgUl4nJ2y7nKXLTVRrauwmvfVocWlXdz74lUv7yO3YEI
MU3f6GTMoN9AOqBlIYaA2IhDGjKWHBHHWPvpOwG/0wixPPI33hzuFIecD4rzX0Fq
lngTlo/AwAo1MOSislEP17OkETSOfFURN3p5S8mP83+JQ9atp9BLGYq6FenaN8db
JrB+R/3G4NelbsiS2LDDmfOQdvnvLNXILxOI+vJG2jMEm0JC+IODbGVJc15445SG
X836RLlUoOp7PelER5TnUNKPJPrODFly3gM6hARlFaRQt1W7Yu0IBEnds9DeOCW4
zrX1stVGj4XSRkGYJNLgAGBV2XnHoHcoU1VNyRt90PWiO89UpbL5CnEV0zTIYWS8
wtZ4gKVVr/H5HB97zAWLQJlKlnm1FlPOZg4FO1PUiEfXZNPbk7MPAi0amIYeM2PA
thKi9fumJ/r/P5cepCcEzsKTce27EOEBVaF9mw+BYhbq9ZguGMqJzgOLxQvSiJOt
0qnqnNPNAUnjZAZiX7xYff5GZ2kXKfGi+rjFehySVd+qnMboRCY=
=mqC7
-----END PGP SIGNATURE-----
--FYqowmleijQ73pwK--
bug-guix@HIDDEN:bug#46631; Package guix.
Full text available.Received: (at 46631) by debbugs.gnu.org; 19 Feb 2021 23:23:59 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 19 18:23:59 2021 Received: from localhost ([127.0.0.1]:50612 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lDF7v-0001Lx-0O for submit <at> debbugs.gnu.org; Fri, 19 Feb 2021 18:23:59 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:58101) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1lDF7t-0001Lk-7T for 46631 <at> debbugs.gnu.org; Fri, 19 Feb 2021 18:23:57 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id E72DF5C00F8; Fri, 19 Feb 2021 18:23:51 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Fri, 19 Feb 2021 18:23:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=qoAeZDQTL2Dc2NI4T/tDLABR /W48Klt2UjGGyn2SJC4=; b=MhZxTdS2N+/C/D/uXd5/CLZ4ryHHIqSA3QDrXGI1 0YVk9uqaqLNVp1vg/KOtZ1fN5hkknjUFsdRhpbscgHb56yLlMH1DMGaCm+AwrQYN HewT5L0gmc+7dOMnVycbXqCCIY/L+QOiXVhX7taltEz4WXbPTRcQ5TZJezap1n+o Rbo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=qoAeZD QTL2Dc2NI4T/tDLABR/W48Klt2UjGGyn2SJC4=; b=nHMcWKXtCC4U1B6PBiFKBA RpGK3xjGETq5cBNlJkL5nlOL1WOUA1QNbEYnEqarS4yeyh0vBOP2Rj8LYEgyAHEL WZY2+J3YGaoH1fm55NBEUGT/K5x5WV78Me+Nu95Lmou/vANGPvH4VgojomgmcBfG j0k3bweIKbRj4RGmZvpMXzAEVAgupa2IUavUhvLBvyber3DEZdCgQyQOF5fuC0eK FJc8wSbcjexp2hXa0n6lpkUaAxb1lXFHMUPqJe9Q3Iep31L3zpCvshlW4uvNPoZf Yd0ukPqoVNR+KFxfMXEpQQ6XbOwA1v2ZQvWw9jUUUiu3GVUKGdApc3aAvLl5GPkQ == X-ME-Sender: <xms:h0gwYLZg_GKmLujbBnDfznA3OlcJz_R2tgLeBCllB1I_-uumw8sWYA> <xme:h0gwYKbNFigTTwcGJqrdIdfoIaApctUaIulbIxNSZKjYiFbalKFxRM1G4SJAqt9Gl 6GBx6YufVN9_YoJWw> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrjeejgddtkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehttdertd dttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghr ihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeeukeektdffvddtudegjeegtdevhfeufe eivdejiedtieegtdevjedvjeehffevgfenucfkphepieelrdduvddtrdelvddrvddtkeen ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghose hfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: <xmx:h0gwYN8L4Q6D8XZI3q-jgyNHHth4jDnJNGN-Mx4jS-o7HZfX9AqOOg> <xmx:h0gwYBrU8x56SWsEpIOyUA_tKZu1qhLY9iHONBAym1ZoXrZ6iaGYug> <xmx:h0gwYGpvnI5jybksGzBLGLQ_AFkAUrT5mleBg1gSUXks1GKIL6V2FQ> <xmx:h0gwYD3sNxN0lz1AGbZzVLkjs8z7aHfUbXu0QMi2h0dQNKqi1cYuLw> Received: from localhost (ool-45785cd0.dyn.optonline.net [69.120.92.208]) by mail.messagingengine.com (Postfix) with ESMTPA id 1C38B240062 for <46631 <at> debbugs.gnu.org>; Fri, 19 Feb 2021 18:23:51 -0500 (EST) Date: Fri, 19 Feb 2021 18:23:49 -0500 From: Leo Famulari <leo@HIDDEN> To: 46631 <at> debbugs.gnu.org Subject: Re: Python CVE-2021-3177 Message-ID: <YDBIhd+7XE90GNre@HIDDEN> References: <YDBF+l7hL3IzP185@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <YDBF+l7hL3IzP185@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46631 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) On Fri, Feb 19, 2021 at 06:12:58PM -0500, Leo Famulari wrote: > But, we use Python 3.8 for everything, and my patch (attached) fails to > apply for some reason. It does work when I apply the new bug fix patch > "by hand" onto the Guix source code for our current python-3.8 package. More weirdness: When I apply the patch to the python-3.8 package (that is, without setting up a grafted replacement), it works. So I am definitely doing something wrong here.
bug-guix@HIDDEN:bug#46631; Package guix.
Full text available.
Received: (at 46631) by debbugs.gnu.org; 19 Feb 2021 23:13:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 19 18:13:15 2021
Received: from localhost ([127.0.0.1]:50600 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lDExS-00015X-Bj
for submit <at> debbugs.gnu.org; Fri, 19 Feb 2021 18:13:15 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:41195)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <leo@HIDDEN>) id 1lDExO-000151-GR
for 46631 <at> debbugs.gnu.org; Fri, 19 Feb 2021 18:13:09 -0500
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
by mailout.nyi.internal (Postfix) with ESMTP id 7F8655C00C3;
Fri, 19 Feb 2021 18:13:00 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
by compute3.internal (MEProxy); Fri, 19 Feb 2021 18:13:00 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
h=date:from:to:subject:message-id:mime-version:content-type; s=
mesmtp; bh=2lOgx7UgEp86JOay2r39emB8w+E3d8i/q8qD2ljJlgY=; b=jmTVo
MGByTF/Sjj5XYZ9pjXrOhktp+6Yy7xs/NSotxwf1ePas7qeZiQNpYPV831w6dgbk
bXXZyz6mt4JJngW+2InbJb5Ikmk6qCKwyvMrTRCAWdOdw0CRGAIiqY85OxzX+B2u
p/8fMi1meT/Egb9rPFXrTrxtKgSH0EXPuQTfhQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:message-id
:mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
:x-me-sender:x-sasl-enc; s=fm2; bh=2lOgx7UgEp86JOay2r39emB8w+E3d
8i/q8qD2ljJlgY=; b=Hu94rLijc++4U+BjiL8fCJHumbbalZasJYBCmwO/hSRPn
+GbZeFPgupaEGdX1c/GMjBWrRYLEZ2iMUrFIDnfyM7O1KrctOvp6A1DrwFh+gBcu
2LeSHHyeR+RjMA2SZwBm9RoOcVtYZPdAUrFd6uZ7nAUeYZ5WwPKQsacDxWJhAIGL
TItpd3UypEWpt6MqakqRATvjN1SJnH13R+SE/QLzaFUF43V7BPGOZNuDQDwcFZJl
NN4dNz3pusErORLsrVUJf5ySaFCPEVX1mkXVEvbEige6Vq8fyxD/ewyEq2MJbEOT
lWgzQKVTjFQqdegDYjyibGOUcir/gXRQ+q9Zw76QQ==
X-ME-Sender: <xms:_EUwYHA3fnPIYU2owLx_3QMUxhN6EtFRpIaSD_rQW3a4XHnohkTR4Q>
<xme:_EUwYPil7kmyVYKJoQOw-ndO-pt06D5adFpTbbCd4C2B0Ws280FmtaELn_Ayo4mOT
XqCjWTs_UDj7zLQVg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrjeejgddtiecutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehmtderredttd
dvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdr
nhgrmhgvqeenucggtffrrghtthgvrhhnpeelleefvdffudeiueeihfeiiedvgeekheejie
evhfeiteejfeefhfeglefhfffgieenucfkphepieelrdduvddtrdelvddrvddtkeenucev
lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrg
hmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:_EUwYL_7zly7Ngvoca9SVtbiOhla2ZNDlOiYsRKjGwrjSqYerOSy_g>
<xmx:_EUwYL-_h9FIW12zr75p7C20zIQei1fd-EcHaN-q-7jd0WsHM5K73w>
<xmx:_EUwYEAr0VRHfGpaw8nFxGLyK8lnHimth3Wetu9eilCYkJdJAy2ooQ>
<xmx:_EUwYAq-3nVvkLCcji3EgISJv9MTeTNRDPV2j7oKqhVYFoS3TiB59g>
Received: from localhost (ool-45785cd0.dyn.optonline.net [69.120.92.208])
by mail.messagingengine.com (Postfix) with ESMTPA id 5B3EA108005C
for <46631 <at> debbugs.gnu.org>; Fri, 19 Feb 2021 18:13:00 -0500 (EST)
Date: Fri, 19 Feb 2021 18:12:58 -0500
From: Leo Famulari <leo@HIDDEN>
To: 46631 <at> debbugs.gnu.org
Subject: Re: Python CVE-2021-3177
Message-ID: <YDBF+l7hL3IzP185@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="/YZKjQU8EkpL8FB1"
Content-Disposition: inline
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46631
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--/YZKjQU8EkpL8FB1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I pushed a fix for Python 3.9 in commit
f08c7cb0c75e7d5305c82d6a4af68ddf74fb08b1.
But, we use Python 3.8 for everything, and my patch (attached) fails to
apply for some reason. It does work when I apply the new bug fix patch
"by hand" onto the Guix source code for our current python-3.8 package.
--/YZKjQU8EkpL8FB1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment;
filename="0001-gnu-Python-Fix-CVE-2021-3177.patch"
From 3cc80457d26c725da61307755716db18ff88d28e Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@HIDDEN>
Date: Fri, 19 Feb 2021 18:09:57 -0500
Subject: [PATCH] gnu: Python: Fix CVE-2021-3177.
* gnu/packages/patches/python-3.8-CVE-2021-3177.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-3.8)[replacement]: New field.
(python-3.8/fixed): New variable.
---
gnu/local.mk | 1 +
.../patches/python-3.8-CVE-2021-3177.patch | 194 ++++++++++++++++++
gnu/packages/python.scm | 8 +
3 files changed, 203 insertions(+)
create mode 100644 gnu/packages/patches/python-3.8-CVE-2021-3177.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 5588cda2e1..26dbcb940f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1526,6 +1526,7 @@ dist_patch_DATA = \
%D%/packages/patches/python-3-search-paths.patch \
%D%/packages/patches/python-3-fix-tests.patch \
%D%/packages/patches/python-3.8-fix-tests.patch \
+ %D%/packages/patches/python-3.8-CVE-2021-3177.patch \
%D%/packages/patches/python-3.9-fix-tests.patch \
%D%/packages/patches/python-3.9-CVE-2021-3177.patch \
%D%/packages/patches/python-CVE-2018-14647.patch \
diff --git a/gnu/packages/patches/python-3.8-CVE-2021-3177.patch b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch
new file mode 100644
index 0000000000..01f6b52865
--- /dev/null
+++ b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch
@@ -0,0 +1,194 @@
+Fix CVE-2021-3177 for Python 3.8:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
+
+Patch copied from upstream source repository:
+
+https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f
+
+From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@HIDDEN>
+Date: Mon, 18 Jan 2021 13:28:52 -0800
+Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24248)
+
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+
+Co-authored-by: Benjamin Peterson <benjamin@HIDDEN>
+
+Co-authored-by: Benjamin Peterson <benjamin@HIDDEN>
+---
+ Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
+ .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
+ Modules/_ctypes/callproc.c | 51 +++++++------------
+ 3 files changed, 64 insertions(+), 32 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+
+diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
+index e4c25fd880cef..531894fdec838 100644
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -201,6 +201,49 @@ def __dict__(self):
+ with self.assertRaises(ZeroDivisionError):
+ WorseStruct().__setstate__({}, b'foo')
+
++ def test_parameter_repr(self):
++ from ctypes import (
++ c_bool,
++ c_char,
++ c_wchar,
++ c_byte,
++ c_ubyte,
++ c_short,
++ c_ushort,
++ c_int,
++ c_uint,
++ c_long,
++ c_ulong,
++ c_longlong,
++ c_ulonglong,
++ c_float,
++ c_double,
++ c_longdouble,
++ c_char_p,
++ c_wchar_p,
++ c_void_p,
++ )
++ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
++ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
++ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
++
+ ################################################################
+
+ if __name__ == '__main__':
+#diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#new file mode 100644
+#index 0000000000000..7df65a156feab
+#--- /dev/null
+#+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#@@ -0,0 +1,2 @@
+#+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+#+:class:`ctypes.c_longdouble` values.
+diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
+index a9b8675cd951b..de75918d49f37 100644
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+- char buffer[256];
+ switch(self->tag) {
+ case 'b':
+ case 'B':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.b);
+- break;
+ case 'h':
+ case 'H':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.h);
+- break;
+ case 'i':
+ case 'I':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.i);
+- break;
+ case 'l':
+ case 'L':
+- sprintf(buffer, "<cparam '%c' (%ld)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
+ self->tag, self->value.l);
+- break;
+
+ case 'q':
+ case 'Q':
+- sprintf(buffer,
+-#ifdef MS_WIN32
+- "<cparam '%c' (%I64d)>",
+-#else
+- "<cparam '%c' (%lld)>",
+-#endif
++ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
+ self->tag, self->value.q);
+- break;
+ case 'd':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.d);
+- break;
+- case 'f':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.f);
+- break;
+-
++ case 'f': {
++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
++ if (f == NULL) {
++ return NULL;
++ }
++ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
++ Py_DECREF(f);
++ return result;
++ }
+ case 'c':
+ if (is_literal_char((unsigned char)self->value.c)) {
+- sprintf(buffer, "<cparam '%c' ('%c')>",
++ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
+ self->tag, self->value.c);
+ }
+ else {
+- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
++ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
+ self->tag, (unsigned char)self->value.c);
+ }
+- break;
+
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+ Shouldn't they be replaced by the functionality of c_string
+@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
+ case 'z':
+ case 'Z':
+ case 'P':
+- sprintf(buffer, "<cparam '%c' (%p)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
+ self->tag, self->value.p);
+ break;
+
+ default:
+ if (is_literal_char((unsigned char)self->tag)) {
+- sprintf(buffer, "<cparam '%c' at %p>",
++ return PyUnicode_FromFormat("<cparam '%c' at %p>",
+ (unsigned char)self->tag, (void *)self);
+ }
+ else {
+- sprintf(buffer, "<cparam 0x%02x at %p>",
++ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
+ (unsigned char)self->tag, (void *)self);
+ }
+- break;
+ }
+- return PyUnicode_FromString(buffer);
+ }
+
+ static PyMemberDef PyCArgType_members[] = {
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 730c371fda..bcf1bfd706 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -364,6 +364,7 @@ data types.")
(define-public python-3.8
(package (inherit python-2)
(name "python")
+ (replacement python-3.8/fixed)
(version "3.8.2")
(source (origin
(method url-fetch)
@@ -521,6 +522,13 @@ data types.")
(version-major+minor version)
"/site-packages"))))))))
+(define-public python-3.8/fixed
+ (package/inherit python-3.8
+ (source (origin
+ (inherit (package-source python-3.8))
+ (patches (append (search-patches "python-3.8-CVE-2021-3177.patch")
+ (origin-patches (package-source python-3.8))))))))
+
(define-public python-3.9
(package (inherit python-3.8)
(name "python-next")
--
2.30.1
--/YZKjQU8EkpL8FB1--
bug-guix@HIDDEN:bug#46631; Package guix.
Full text available.Received: (at 46631) by debbugs.gnu.org; 19 Feb 2021 15:35:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 19 10:35:36 2021 Received: from localhost ([127.0.0.1]:50182 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lD7oe-0006wd-8t for submit <at> debbugs.gnu.org; Fri, 19 Feb 2021 10:35:36 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1lD7ob-0006wN-L8 for 46631 <at> debbugs.gnu.org; Fri, 19 Feb 2021 10:35:34 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50729) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1lD7oW-0006ga-Ce; Fri, 19 Feb 2021 10:35:28 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=49944 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1lD7oV-0004pC-H3; Fri, 19 Feb 2021 10:35:27 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Leo Famulari <leo@HIDDEN> Subject: Re: bug#46631: Python CVE-2021-3177 References: <YC8uvtnvGyXcCno1@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 1 =?utf-8?Q?Vent=C3=B4se?= an 229 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 19 Feb 2021 16:35:26 +0100 In-Reply-To: <YC8uvtnvGyXcCno1@HIDDEN> (Leo Famulari's message of "Thu, 18 Feb 2021 22:21:34 -0500") Message-ID: <87h7m8kr41.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46631 Cc: 46631 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hi, Leo Famulari <leo@HIDDEN> skribis: > I assume that Python is considered to be "graft-able". Can anyone > confirm? Yes, I think so. Ludo=E2=80=99.
bug-guix@HIDDEN:bug#46631; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 19 Feb 2021 03:21:43 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 18 22:21:43 2021 Received: from localhost ([127.0.0.1]:48583 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lCwMR-0001Ck-9N for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 22:21:43 -0500 Received: from lists.gnu.org ([209.51.188.17]:57416) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1lCwMP-0001Cc-NH for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 22:21:42 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:42900) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1lCwMP-0008Pi-HF for bug-guix@HIDDEN; Thu, 18 Feb 2021 22:21:41 -0500 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:42015) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1lCwMN-00071U-Jm for bug-guix@HIDDEN; Thu, 18 Feb 2021 22:21:41 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id C113EC79; Thu, 18 Feb 2021 22:21:37 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Thu, 18 Feb 2021 22:21:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:subject:message-id:mime-version:content-type; s= mesmtp; bh=p2GuoJtMRPEqWaWHvpOz5VT9yNrfY+3zCEPG9oKXJbU=; b=QURD+ X8tpFlMH98mavf6JIyv+Tmv6f4kPaOkIjXEyE2ZL/dAklyKsuX+mZ6djaOnEA1AR S6Tv+a9vkPgSR3TOZU5CxuxMz4g3rpP3GS1jZ6oqz6sbpGNciYBYGvxghwRLwc0X 5bXjXInbioztEECrWu9/A9DXSBFF1e/w7SpnB8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=p2GuoJtMRPEqWaWHvpOz5VT9yNrfY +3zCEPG9oKXJbU=; b=F29dZGCdqmx+ZO8JojJo2L2wnh7206e15O+kZl1DiEL1k asqRB2vIzL5k9pT6VOLROUXLrvYfv4sqdospJxZCvGgFn6hQuMvfm7ASTMw76Sju sHArQehyx79Y5xph0wuYUh3R4eGyf117g0cC41IuSNLGJcXG60URXYC4SCAjkGy8 fXfgB/mcTcUvu8pk/RqtwWFer6Bo/NsNR1+9cMWpLl3InhqxpyHxabPhmWZG44ww ictOFDM1HQ92DeIqnkN7FHI80yqgu5WyRrxIJf/VFKbexCQod83wSCAeF27g7Ygc BO9qGgXupFxy0GXRUSJH6YgxY9HIUtP27vELMvy8Q== X-ME-Sender: <xms:wS4vYGVsIXkm7mRGPiLYZRENMItfX24dBhoBKOWuwkE5wXlh-HMrjA> <xme:wS4vYF3tN1ItzW_uEqUDAWpwwFC1Itu06wb21lICayhoxxHbojTjWrg7QfXUM0XT1 RwrLnnZeN2xNtItKw> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrjeehgdehiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehttdertddttd dvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdr nhgrmhgvqeenucggtffrrghtthgvrhhnpeffueeuieeuieefuefgteeghfelgeefvedvtd duvedtgffffeeiteeviefgveetheenucffohhmrghinhepmhhithhrvgdrohhrghdpphih thhhohhnrdhorhhgnecukfhppeeiledruddvtddrledvrddvtdeknecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhi rdhnrghmvg X-ME-Proxy: <xmx:wS4vYD0imKG89kqQ3gIltsZhuoxu9G8nED4nEYTAeshEK2T1UtwuuA> <xmx:wS4vYI_dJl04mNwm0rXIcbY2N6ZuLN0GHV2FOVmblrUpNYNbXxSvQw> <xmx:wS4vYA1RAOF8syJ5bTmNjWF4Gnn0Fmq1OxLWi81b5i9UO7D5Z8js3Q> <xmx:wS4vYIWl_yUQHF1aWjw92TfYhsvHck1YaV9S_i-yew4Mqc9idmXtzg> Received: from localhost (ool-45785cd0.dyn.optonline.net [69.120.92.208]) by mail.messagingengine.com (Postfix) with ESMTPA id 383EF24005A for <bug-guix@HIDDEN>; Thu, 18 Feb 2021 22:21:37 -0500 (EST) Date: Thu, 18 Feb 2021 22:21:34 -0500 From: Leo Famulari <leo@HIDDEN> To: bug-guix@HIDDEN Subject: Python CVE-2021-3177 Message-ID: <YC8uvtnvGyXcCno1@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Received-SPF: pass client-ip=64.147.123.20; envelope-from=leo@HIDDEN; helo=wout4-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) Quoting from MITRE: ------ Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. ------ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 There is not yet an upstream release to fix the issue in the 3.8 series that we distribute. I believe there are patches we can cherry-pick. Can somebody find them? I assume that Python is considered to be "graft-able". Can anyone confirm? The upstream bug report: https://bugs.python.org/issue42938
Leo Famulari <leo@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#46631; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.