GNU bug report logs - #46771
[PATCH] gnu: Python 3.9: Update to 3.9.2.

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Thu, 25 Feb 2021 14:41:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Greg Hogan <code <at> greghogan.com>
Cc: 46771 <at> debbugs.gnu.org
Subject: [bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2.
Date: Thu, 25 Feb 2021 14:44:12 -0500

On Thu, Feb 25, 2021 at 09:40:09AM -0500, Greg Hogan wrote:
> From 7388fdcc629074e80ad88714a22f5eb5e8e5fd35 Mon Sep 17 00:00:00 2001
> From: Greg Hogan <code <at> greghogan.com>
> Date: Wed, 24 Feb 2021 14:12:28 +0000
> Subject: [PATCH] gnu: Python 3.9: Update to 3.9.2.
> 
> * gnu/packages/python.scm (python-3.9): Update to 3.9.2.
> * gnu/packages/patches/python-3.9-CVE-2021-3177.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.

Thank you! This kind of maintenance / follow-up work is super valuable.

Pushed as 10b909a0249fd53d589890b357232db4165690f5

> ---
>  gnu/local.mk                                  |   1 -
>  .../patches/python-3.9-CVE-2021-3177.patch    | 194 ------------------
>  gnu/packages/python.scm                       |   6 +-
>  3 files changed, 3 insertions(+), 198 deletions(-)
>  delete mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 8d46cda639..8d1465158a 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -1526,7 +1526,6 @@ dist_patch_DATA = \
>    %D%/packages/patches/python-3.8-fix-tests.patch \
>    %D%/packages/patches/python-3.8-CVE-2021-3177.patch \
>    %D%/packages/patches/python-3.9-fix-tests.patch \
> -  %D%/packages/patches/python-3.9-CVE-2021-3177.patch \
>    %D%/packages/patches/python-CVE-2018-14647.patch \
>    %D%/packages/patches/python-CVE-2020-26116.patch \
>    %D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \
> diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> deleted file mode 100644
> index 155f17deca..0000000000
> --- a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> +++ /dev/null
> @@ -1,194 +0,0 @@
> -Fix CVE-2021-3177 for Python 3.9:
> -
> -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
> -
> -Patch copied from upstream source repository:
> -
> -
> https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932
> -
> -From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001
> -From: "Miss Islington (bot)"
> - <31488909+miss-islington <at> users.noreply.github.com>
> -Date: Mon, 18 Jan 2021 13:29:31 -0800
> -Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
> - formatting in ctypes param reprs. (GH-24247)
> -
> -(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
> -
> -Co-authored-by: Benjamin Peterson <benjamin <at> python.org>
> -
> -Co-authored-by: Benjamin Peterson <benjamin <at> python.org>
> ----
> - Lib/ctypes/test/test_parameters.py            | 43 ++++++++++++++++
> - .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst  |  2 +
> - Modules/_ctypes/callproc.c                    | 51 +++++++------------
> - 3 files changed, 64 insertions(+), 32 deletions(-)
> - create mode 100644
> Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -
> -diff --git a/Lib/ctypes/test/test_parameters.py
> b/Lib/ctypes/test/test_parameters.py
> -index e4c25fd880cef..531894fdec838 100644
> ---- a/Lib/ctypes/test/test_parameters.py
> -+++ b/Lib/ctypes/test/test_parameters.py
> -@@ -201,6 +201,49 @@ def __dict__(self):
> -         with self.assertRaises(ZeroDivisionError):
> -             WorseStruct().__setstate__({}, b'foo')
> -
> -+    def test_parameter_repr(self):
> -+        from ctypes import (
> -+            c_bool,
> -+            c_char,
> -+            c_wchar,
> -+            c_byte,
> -+            c_ubyte,
> -+            c_short,
> -+            c_ushort,
> -+            c_int,
> -+            c_uint,
> -+            c_long,
> -+            c_ulong,
> -+            c_longlong,
> -+            c_ulonglong,
> -+            c_float,
> -+            c_double,
> -+            c_longdouble,
> -+            c_char_p,
> -+            c_wchar_p,
> -+            c_void_p,
> -+        )
> -+        self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?'
> at 0x[A-Fa-f0-9]+>$")
> -+        self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c'
> ('a')>")
> -+        self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at
> 0x[A-Fa-f0-9]+>$")
> -+        self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
> -+        self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B'
> (98)>")
> -+        self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h'
> (511)>")
> -+        self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H'
> (511)>")
> -+        self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'
> \(20000\)>$")
> -+        self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam
> '[LI]' \(20000\)>$")
> -+        self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam
> '[li]' \(20000\)>$")
> -+        self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam
> '[LI]' \(20000\)>$")
> -+        self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam
> '[liq]' \(20000\)>$")
> -+        self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam
> '[LIQ]' \(20000\)>$")
> -+        self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f'
> (1.5)>")
> -+        self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd'
> (1.5)>")
> -+        self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd'
> (1e+300)>")
> -+        self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam
> ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
> -+        self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam
> 'z' \(0x[A-Fa-f0-9]+\)>$")
> -+        self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam
> 'Z' \(0x[A-Fa-f0-9]+\)>$")
> -+        self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P'
> \(0x0*12\)>$")
> -+
> - ################################################################
> -
> - if __name__ == '__main__':
> -diff --git
> a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -new file mode 100644
> -index 0000000000000..7df65a156feab
> ---- /dev/null
> -+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -@@ -0,0 +1,2 @@
> -+Avoid static buffers when computing the repr of :class:`ctypes.c_double`
> and
> -+:class:`ctypes.c_longdouble` values.
> -diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
> -index b0a36a30248f7..f2506de54498e 100644
> ---- a/Modules/_ctypes/callproc.c
> -+++ b/Modules/_ctypes/callproc.c
> -@@ -489,58 +489,47 @@ is_literal_char(unsigned char c)
> - static PyObject *
> - PyCArg_repr(PyCArgObject *self)
> - {
> --    char buffer[256];
> -     switch(self->tag) {
> -     case 'b':
> -     case 'B':
> --        sprintf(buffer, "<cparam '%c' (%d)>",
> -+        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> -             self->tag, self->value.b);
> --        break;
> -     case 'h':
> -     case 'H':
> --        sprintf(buffer, "<cparam '%c' (%d)>",
> -+        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> -             self->tag, self->value.h);
> --        break;
> -     case 'i':
> -     case 'I':
> --        sprintf(buffer, "<cparam '%c' (%d)>",
> -+        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> -             self->tag, self->value.i);
> --        break;
> -     case 'l':
> -     case 'L':
> --        sprintf(buffer, "<cparam '%c' (%ld)>",
> -+        return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
> -             self->tag, self->value.l);
> --        break;
> -
> -     case 'q':
> -     case 'Q':
> --        sprintf(buffer,
> --#ifdef MS_WIN32
> --            "<cparam '%c' (%I64d)>",
> --#else
> --            "<cparam '%c' (%lld)>",
> --#endif
> -+        return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
> -             self->tag, self->value.q);
> --        break;
> -     case 'd':
> --        sprintf(buffer, "<cparam '%c' (%f)>",
> --            self->tag, self->value.d);
> --        break;
> --    case 'f':
> --        sprintf(buffer, "<cparam '%c' (%f)>",
> --            self->tag, self->value.f);
> --        break;
> --
> -+    case 'f': {
> -+        PyObject *f = PyFloat_FromDouble((self->tag == 'f') ?
> self->value.f : self->value.d);
> -+        if (f == NULL) {
> -+            return NULL;
> -+        }
> -+        PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>",
> self->tag, f);
> -+        Py_DECREF(f);
> -+        return result;
> -+    }
> -     case 'c':
> -         if (is_literal_char((unsigned char)self->value.c)) {
> --            sprintf(buffer, "<cparam '%c' ('%c')>",
> -+            return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
> -                 self->tag, self->value.c);
> -         }
> -         else {
> --            sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
> -+            return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
> -                 self->tag, (unsigned char)self->value.c);
> -         }
> --        break;
> -
> - /* Hm, are these 'z' and 'Z' codes useful at all?
> -    Shouldn't they be replaced by the functionality of c_string
> -@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self)
> -     case 'z':
> -     case 'Z':
> -     case 'P':
> --        sprintf(buffer, "<cparam '%c' (%p)>",
> -+        return PyUnicode_FromFormat("<cparam '%c' (%p)>",
> -             self->tag, self->value.p);
> -         break;
> -
> -     default:
> -         if (is_literal_char((unsigned char)self->tag)) {
> --            sprintf(buffer, "<cparam '%c' at %p>",
> -+            return PyUnicode_FromFormat("<cparam '%c' at %p>",
> -                 (unsigned char)self->tag, (void *)self);
> -         }
> -         else {
> --            sprintf(buffer, "<cparam 0x%02x at %p>",
> -+            return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
> -                 (unsigned char)self->tag, (void *)self);
> -         }
> --        break;
> -     }
> --    return PyUnicode_FromString(buffer);
> - }
> -
> - static PyMemberDef PyCArgType_members[] = {
> diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
> index 5c5be0d78c..9d97050c66 100644
> --- a/gnu/packages/python.scm
> +++ b/gnu/packages/python.scm
> @@ -59,6 +59,7 @@
>  ;;; Copyright © 2018 Vagrant Cascadian <vagrant <at> debian.org>
>  ;;; Copyright © 2019 Tanguy Le Carrour <tanguy <at> bioneland.org>
>  ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke <at> gnu.org>
> +;;; Copyright © 2021 Greg Hogan <code <at> greghogan.com>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -533,19 +534,18 @@ data types.")
>  (define-public python-3.9
>    (package (inherit python-3.8)
>      (name "python-next")
> -    (version "3.9.1")
> +    (version "3.9.2")
>      (source (origin
>                (method url-fetch)
>                (uri (string-append "https://www.python.org/ftp/python/"
>                                    version "/Python-" version ".tar.xz"))
>                (patches (search-patches
>                          "python-3.9-fix-tests.patch"
> -                        "python-3.9-CVE-2021-3177.patch"
>                          "python-3-deterministic-build-info.patch"
>                          "python-3-search-paths.patch"))
>                (sha256
>                 (base32
> -                "1zq3k4ymify5ig739zyvx9s2ainvchxb1zpy139z74krr653y74r"))
> +                "0z94vv5qhlwvcgc4sy9sdiqs0220s84wx3b62vslh5419z2k881w"))
>                (modules '((guix build utils)))
>                (snippet
>                 '(begin
> -- 
> 2.30.1
This bug report was last modified 4 years and 146 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.