From unknown Thu Sep 11 18:07:20 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#46856] [PATCH] gnu: Python 2: Fix CVE-2021-3177. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 01 Mar 2021 19:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 46856 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 46856@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161462873212055 (code B ref -1); Mon, 01 Mar 2021 19:59:02 +0000 Received: (at submit) by debbugs.gnu.org; 1 Mar 2021 19:58:52 +0000 Received: from localhost ([127.0.0.1]:50903 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGogp-00038I-4A for submit@debbugs.gnu.org; Mon, 01 Mar 2021 14:58:52 -0500 Received: from lists.gnu.org ([209.51.188.17]:44146) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGogn-000385-3f for submit@debbugs.gnu.org; Mon, 01 Mar 2021 14:58:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52988) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGogl-0007KR-Qp for guix-patches@gnu.org; Mon, 01 Mar 2021 14:58:44 -0500 Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:40215) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGogi-0004jm-A2 for guix-patches@gnu.org; Mon, 01 Mar 2021 14:58:43 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 4E3A733E; Mon, 1 Mar 2021 14:58:37 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 01 Mar 2021 14:58:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=WmfAzSNCKJIEg9XTelPWDzy tVHXmoyuV7Kw8VDuubrs=; b=W5KH8U4YUQLprJA39QDsa7zmp0QRVbUhHkeTnrh 6dPkhi0/faWQ6Q5b7i3DgENXgPHxXijMm0opoDR5GcKtX79VML6qL9PyBLimmmAs A1jBhcro2q9qcJG+5JvFGBE6Kl47wyt9RAZK+/P6Qy2vKZKaikQZYRG9ga0F9hol kpt8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=WmfAzSNCKJIEg9XTe lPWDzytVHXmoyuV7Kw8VDuubrs=; b=CpxJNumNfDX9xn3QqEHb/hVMhJQBs0JHE tBCW0G4jVyck+CUYIMZmaRihW4Nam19LAkaRKEug/yIE5cwObUargQ/zuDjd/cgh j5pL/MqHCEQNp0fd0Z9YDCNAzLscv1bNVrUOpaoIUq6GwuZE17ZjuSmQI2BWbbO8 u3JVdov0IibbseAt4j7JJQz3wSBjReRcoPI0l+eD+z9G4ajL1GA26vOSyI2eN2H7 s5hJpBBUi+wAhYsEgShRy/WXHsf+w0/M1PHTFLxY5HUeEBV5spleq30SI3qmsWN0 /h/6Qd3/20IhuwHvDqGWTBdwTdy8AJmeH6cevGK0Bn69FA+XHpEzQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrleekgddufeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi rdhnrghmvgeqnecuggftrfgrthhtvghrnhepvdeluddujeejhfekjeelfeeutdevffffgf ettddvtedvgfeugefhfeegvedukeeunecuffhomhgrihhnpehmihhtrhgvrdhorhhgpdgu vggsihgrnhdrohhrghenucfkphepuddttddruddurdduieelrdduudeknecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgr rhhirdhnrghmvg X-ME-Proxy: Received: from jasmine.lan (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id 9C56C24005C for ; Mon, 1 Mar 2021 14:58:36 -0500 (EST) From: Leo Famulari Date: Mon, 1 Mar 2021 14:58:22 -0500 Message-Id: <49e369d3ead3a8df01195470b9c2bb993a16e607.1614628700.git.leo@famulari.name> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=64.147.123.19; envelope-from=leo@famulari.name; helo=wout3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) * gnu/packages/patches/python-2.7-CVE-2021-3177.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-2.7)[replacement]: New field. (python-2.7/fixed): New variable. --- gnu/local.mk | 1 + .../patches/python-2.7-CVE-2021-3177.patch | 157 ++++++++++++++++++ gnu/packages/python.scm | 9 + 3 files changed, 167 insertions(+) create mode 100644 gnu/packages/patches/python-2.7-CVE-2021-3177.patch diff --git a/gnu/local.mk b/gnu/local.mk index 0954158d4c..0f8fb20e83 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1518,6 +1518,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-2.7-search-paths.patch \ %D%/packages/patches/python-2.7-site-prefixes.patch \ %D%/packages/patches/python-2.7-source-date-epoch.patch \ + %D%/packages/patches/python-2.7-CVE-2021-3177.patch \ %D%/packages/patches/python-3-arm-alignment.patch \ %D%/packages/patches/python-3-deterministic-build-info.patch \ %D%/packages/patches/python-3-search-paths.patch \ diff --git a/gnu/packages/patches/python-2.7-CVE-2021-3177.patch b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch new file mode 100644 index 0000000000..9f2032ad4a --- /dev/null +++ b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch @@ -0,0 +1,157 @@ +Fix CVE-2021-3177 for Python 2.7: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 + +Patch copied from Debian: + +https://salsa.debian.org/cpython-team/python2/-/blob/e54f3303884f1362f3311ec36f070b40603dd76e/debian/patches/CVE-2021-3177.diff + +bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs. +--- a/Lib/ctypes/test/test_parameters.py ++++ b/Lib/ctypes/test/test_parameters.py +@@ -206,6 +206,49 @@ class SimpleTypesTestCase(unittest.TestC + with self.assertRaises(ZeroDivisionError): + WorseStruct().__setstate__({}, b'foo') + ++ def test_parameter_repr(self): ++ from ctypes import ( ++ c_bool, ++ c_char, ++ c_wchar, ++ c_byte, ++ c_ubyte, ++ c_short, ++ c_ushort, ++ c_int, ++ c_uint, ++ c_long, ++ c_ulong, ++ c_longlong, ++ c_ulonglong, ++ c_float, ++ c_double, ++ c_longdouble, ++ c_char_p, ++ c_wchar_p, ++ c_void_p, ++ ) ++ self.assertRegexpMatches(repr(c_bool.from_param(True)), r"^$") ++ self.assertEqual(repr(c_char.from_param('a')), "") ++ self.assertRegexpMatches(repr(c_wchar.from_param('a')), r"^$") ++ self.assertEqual(repr(c_byte.from_param(98)), "") ++ self.assertEqual(repr(c_ubyte.from_param(98)), "") ++ self.assertEqual(repr(c_short.from_param(511)), "") ++ self.assertEqual(repr(c_ushort.from_param(511)), "") ++ self.assertRegexpMatches(repr(c_int.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_uint.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_long.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_ulong.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_longlong.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_ulonglong.from_param(20000)), r"^$") ++ self.assertEqual(repr(c_float.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1e300)), "") ++ self.assertRegexpMatches(repr(c_longdouble.from_param(1.5)), r"^$") ++ self.assertRegexpMatches(repr(c_char_p.from_param(b'hihi')), "^$") ++ self.assertRegexpMatches(repr(c_wchar_p.from_param('hihi')), "^$") ++ self.assertRegexpMatches(repr(c_void_p.from_param(0x12)), r"^$") ++ + ################################################################ + + if __name__ == '__main__': +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -460,50 +460,53 @@ PyCArg_dealloc(PyCArgObject *self) + static PyObject * + PyCArg_repr(PyCArgObject *self) + { +- char buffer[256]; + switch(self->tag) { + case 'b': + case 'B': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.b); +- break; + case 'h': + case 'H': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.h); +- break; + case 'i': + case 'I': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.i); +- break; + case 'l': + case 'L': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.l); +- break; + + #ifdef HAVE_LONG_LONG + case 'q': + case 'Q': +- sprintf(buffer, +- "", ++ return PyString_FromFormat("", + self->tag, self->value.q); +- break; + #endif + case 'd': +- sprintf(buffer, "", +- self->tag, self->value.d); +- break; +- case 'f': +- sprintf(buffer, "", +- self->tag, self->value.f); +- break; ++ case 'f': { ++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); ++ if (f == NULL) { ++ return NULL; ++ } ++ PyObject *r = PyObject_Repr(f); ++ Py_DECREF(f); ++ if (r == NULL) { ++ return NULL; ++ } ++ char *value = PyString_AsString(r); ++ if (value == NULL) { ++ return NULL; ++ } ++ PyObject *result = PyString_FromFormat("", self->tag, value); ++ Py_DECREF(r); ++ return result; ++ } + + case 'c': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.c); +- break; + + /* Hm, are these 'z' and 'Z' codes useful at all? + Shouldn't they be replaced by the functionality of c_string +@@ -512,16 +515,13 @@ PyCArg_repr(PyCArgObject *self) + case 'z': + case 'Z': + case 'P': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.p); +- break; + + default: +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self); +- break; + } +- return PyString_FromString(buffer); + } + + static PyMemberDef PyCArgType_members[] = { diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 9d97050c66..e05c91b3d0 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -107,6 +107,7 @@ (define-public python-2.7 (package (name "python2") + (replacement python-2.7/fixed) (version "2.7.17") (source (origin @@ -350,6 +351,14 @@ data types.") (properties '((cpe-name . "python"))) (license license:psfl))) +(define python-2.7/fixed + (package + (inherit python-2.7) + (source (origin + (inherit (package-source python-2.7)) + (patches (append (search-patches "python-2.7-CVE-2021-3177.patch") + (origin-patches (package-source python-2.7)))))))) + ;; Current 2.x version. (define-public python-2 python-2.7) -- 2.30.1 From unknown Thu Sep 11 18:07:20 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Leo Famulari Subject: bug#46856: closed (Re: [PATCH] gnu: Python 2: Fix CVE-2021-3177.) Message-ID: References: <49e369d3ead3a8df01195470b9c2bb993a16e607.1614628700.git.leo@famulari.name> X-Gnu-PR-Message: they-closed 46856 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 46856@debbugs.gnu.org Date: Tue, 02 Mar 2021 21:59:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1614722342-913-1" This is a multi-part message in MIME format... ------------=_1614722342-913-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #46856: [PATCH] gnu: Python 2: Fix CVE-2021-3177. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 46856@debbugs.gnu.org. --=20 46856: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D46856 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1614722342-913-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 46856-done) by debbugs.gnu.org; 2 Mar 2021 21:58:24 +0000 Received: from localhost ([127.0.0.1]:54433 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lHD28-0000Dw-6T for submit@debbugs.gnu.org; Tue, 02 Mar 2021 16:58:24 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:44733) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lHD26-0000Di-1a for 46856-done@debbugs.gnu.org; Tue, 02 Mar 2021 16:58:23 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 12DDD174B; Tue, 2 Mar 2021 16:58:16 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Tue, 02 Mar 2021 16:58:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:subject:message-id:mime-version:content-type; s= mesmtp; bh=+tprtEDzXI0mRN/ttlMKw+MnHAy8uJOjgsrCixtf4uU=; b=dX7AZ dE3mVJZsTg6KcKG1F/MIms9usAKpyY3+8bMrIfzo0AMQKKCT8p54AEBvbwlu/kZs q3ukPMAYPNinJs6YQLrf8jVrigtFwyeSJmTbnA2HIrYrAT7+vE+6vwhXcd6TbEcp jru/ohvCghqqS6hSObdT+aB1woKHZuQL4Rogq4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=+tprtEDzXI0mRN/ttlMKw+MnHAy8u JOjgsrCixtf4uU=; b=kK0FDMNVcGc8KiFsWGX5BgkMB+JfHYGtieunTtVD6t9LY /ivQqiu8HNBN8v4ptyzeQAG3JkpXuUFdIv8spt34aTjfj5bQtCuAj+XTenWvN6Xv O7XDbuy8WFHzNrYy+66D5vLjHNsFxLCQXNri6JG3HrwrHuiuiAA3nmYV7+YqSoED FVQh3uw26u7kPwvRvVhEHh14hx+7UNMWeL3+Iii5HkhL471ouI/txcHRWz3M1tuH hotuJ0OdFGIpkgG+QRlu2A1+Rd7lO87pc/69eWStpVWWkAmIRu/9ztkFw046R6FZ knHVbgNiFYAS/oQ0GwwpUjXIsD14OcvCcEwc2ikUA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledruddttddgudegjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehttdertd dttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghr ihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeffhedtfeeftddvueeifeduueejvdekhe ffueeijefgvdetleegheegfeehheduudenucfkphepuddttddruddurdduieelrdduudek necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvoh esfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id 700B81080059 for <46856-done@debbugs.gnu.org>; Tue, 2 Mar 2021 16:58:15 -0500 (EST) Date: Tue, 2 Mar 2021 16:58:00 -0500 From: Leo Famulari To: 46856-done@debbugs.gnu.org Subject: Re: [PATCH] gnu: Python 2: Fix CVE-2021-3177. Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46856-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Pushed as 3905580180d8f8ed1eec07baa307b4bff0d726d6 ------------=_1614722342-913-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 1 Mar 2021 19:58:52 +0000 Received: from localhost ([127.0.0.1]:50903 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGogp-00038I-4A for submit@debbugs.gnu.org; Mon, 01 Mar 2021 14:58:52 -0500 Received: from lists.gnu.org ([209.51.188.17]:44146) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lGogn-000385-3f for submit@debbugs.gnu.org; Mon, 01 Mar 2021 14:58:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52988) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGogl-0007KR-Qp for guix-patches@gnu.org; Mon, 01 Mar 2021 14:58:44 -0500 Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:40215) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGogi-0004jm-A2 for guix-patches@gnu.org; Mon, 01 Mar 2021 14:58:43 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 4E3A733E; Mon, 1 Mar 2021 14:58:37 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 01 Mar 2021 14:58:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=WmfAzSNCKJIEg9XTelPWDzy tVHXmoyuV7Kw8VDuubrs=; b=W5KH8U4YUQLprJA39QDsa7zmp0QRVbUhHkeTnrh 6dPkhi0/faWQ6Q5b7i3DgENXgPHxXijMm0opoDR5GcKtX79VML6qL9PyBLimmmAs A1jBhcro2q9qcJG+5JvFGBE6Kl47wyt9RAZK+/P6Qy2vKZKaikQZYRG9ga0F9hol kpt8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=WmfAzSNCKJIEg9XTe lPWDzytVHXmoyuV7Kw8VDuubrs=; b=CpxJNumNfDX9xn3QqEHb/hVMhJQBs0JHE tBCW0G4jVyck+CUYIMZmaRihW4Nam19LAkaRKEug/yIE5cwObUargQ/zuDjd/cgh j5pL/MqHCEQNp0fd0Z9YDCNAzLscv1bNVrUOpaoIUq6GwuZE17ZjuSmQI2BWbbO8 u3JVdov0IibbseAt4j7JJQz3wSBjReRcoPI0l+eD+z9G4ajL1GA26vOSyI2eN2H7 s5hJpBBUi+wAhYsEgShRy/WXHsf+w0/M1PHTFLxY5HUeEBV5spleq30SI3qmsWN0 /h/6Qd3/20IhuwHvDqGWTBdwTdy8AJmeH6cevGK0Bn69FA+XHpEzQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrleekgddufeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi rdhnrghmvgeqnecuggftrfgrthhtvghrnhepvdeluddujeejhfekjeelfeeutdevffffgf ettddvtedvgfeugefhfeegvedukeeunecuffhomhgrihhnpehmihhtrhgvrdhorhhgpdgu vggsihgrnhdrohhrghenucfkphepuddttddruddurdduieelrdduudeknecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgr rhhirdhnrghmvg X-ME-Proxy: Received: from jasmine.lan (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id 9C56C24005C for ; Mon, 1 Mar 2021 14:58:36 -0500 (EST) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH] gnu: Python 2: Fix CVE-2021-3177. Date: Mon, 1 Mar 2021 14:58:22 -0500 Message-Id: <49e369d3ead3a8df01195470b9c2bb993a16e607.1614628700.git.leo@famulari.name> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=64.147.123.19; envelope-from=leo@famulari.name; helo=wout3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) * gnu/packages/patches/python-2.7-CVE-2021-3177.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-2.7)[replacement]: New field. (python-2.7/fixed): New variable. --- gnu/local.mk | 1 + .../patches/python-2.7-CVE-2021-3177.patch | 157 ++++++++++++++++++ gnu/packages/python.scm | 9 + 3 files changed, 167 insertions(+) create mode 100644 gnu/packages/patches/python-2.7-CVE-2021-3177.patch diff --git a/gnu/local.mk b/gnu/local.mk index 0954158d4c..0f8fb20e83 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1518,6 +1518,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-2.7-search-paths.patch \ %D%/packages/patches/python-2.7-site-prefixes.patch \ %D%/packages/patches/python-2.7-source-date-epoch.patch \ + %D%/packages/patches/python-2.7-CVE-2021-3177.patch \ %D%/packages/patches/python-3-arm-alignment.patch \ %D%/packages/patches/python-3-deterministic-build-info.patch \ %D%/packages/patches/python-3-search-paths.patch \ diff --git a/gnu/packages/patches/python-2.7-CVE-2021-3177.patch b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch new file mode 100644 index 0000000000..9f2032ad4a --- /dev/null +++ b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch @@ -0,0 +1,157 @@ +Fix CVE-2021-3177 for Python 2.7: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 + +Patch copied from Debian: + +https://salsa.debian.org/cpython-team/python2/-/blob/e54f3303884f1362f3311ec36f070b40603dd76e/debian/patches/CVE-2021-3177.diff + +bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs. +--- a/Lib/ctypes/test/test_parameters.py ++++ b/Lib/ctypes/test/test_parameters.py +@@ -206,6 +206,49 @@ class SimpleTypesTestCase(unittest.TestC + with self.assertRaises(ZeroDivisionError): + WorseStruct().__setstate__({}, b'foo') + ++ def test_parameter_repr(self): ++ from ctypes import ( ++ c_bool, ++ c_char, ++ c_wchar, ++ c_byte, ++ c_ubyte, ++ c_short, ++ c_ushort, ++ c_int, ++ c_uint, ++ c_long, ++ c_ulong, ++ c_longlong, ++ c_ulonglong, ++ c_float, ++ c_double, ++ c_longdouble, ++ c_char_p, ++ c_wchar_p, ++ c_void_p, ++ ) ++ self.assertRegexpMatches(repr(c_bool.from_param(True)), r"^$") ++ self.assertEqual(repr(c_char.from_param('a')), "") ++ self.assertRegexpMatches(repr(c_wchar.from_param('a')), r"^$") ++ self.assertEqual(repr(c_byte.from_param(98)), "") ++ self.assertEqual(repr(c_ubyte.from_param(98)), "") ++ self.assertEqual(repr(c_short.from_param(511)), "") ++ self.assertEqual(repr(c_ushort.from_param(511)), "") ++ self.assertRegexpMatches(repr(c_int.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_uint.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_long.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_ulong.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_longlong.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_ulonglong.from_param(20000)), r"^$") ++ self.assertEqual(repr(c_float.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1e300)), "") ++ self.assertRegexpMatches(repr(c_longdouble.from_param(1.5)), r"^$") ++ self.assertRegexpMatches(repr(c_char_p.from_param(b'hihi')), "^$") ++ self.assertRegexpMatches(repr(c_wchar_p.from_param('hihi')), "^$") ++ self.assertRegexpMatches(repr(c_void_p.from_param(0x12)), r"^$") ++ + ################################################################ + + if __name__ == '__main__': +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -460,50 +460,53 @@ PyCArg_dealloc(PyCArgObject *self) + static PyObject * + PyCArg_repr(PyCArgObject *self) + { +- char buffer[256]; + switch(self->tag) { + case 'b': + case 'B': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.b); +- break; + case 'h': + case 'H': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.h); +- break; + case 'i': + case 'I': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.i); +- break; + case 'l': + case 'L': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.l); +- break; + + #ifdef HAVE_LONG_LONG + case 'q': + case 'Q': +- sprintf(buffer, +- "", ++ return PyString_FromFormat("", + self->tag, self->value.q); +- break; + #endif + case 'd': +- sprintf(buffer, "", +- self->tag, self->value.d); +- break; +- case 'f': +- sprintf(buffer, "", +- self->tag, self->value.f); +- break; ++ case 'f': { ++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); ++ if (f == NULL) { ++ return NULL; ++ } ++ PyObject *r = PyObject_Repr(f); ++ Py_DECREF(f); ++ if (r == NULL) { ++ return NULL; ++ } ++ char *value = PyString_AsString(r); ++ if (value == NULL) { ++ return NULL; ++ } ++ PyObject *result = PyString_FromFormat("", self->tag, value); ++ Py_DECREF(r); ++ return result; ++ } + + case 'c': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.c); +- break; + + /* Hm, are these 'z' and 'Z' codes useful at all? + Shouldn't they be replaced by the functionality of c_string +@@ -512,16 +515,13 @@ PyCArg_repr(PyCArgObject *self) + case 'z': + case 'Z': + case 'P': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.p); +- break; + + default: +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self); +- break; + } +- return PyString_FromString(buffer); + } + + static PyMemberDef PyCArgType_members[] = { diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 9d97050c66..e05c91b3d0 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -107,6 +107,7 @@ (define-public python-2.7 (package (name "python2") + (replacement python-2.7/fixed) (version "2.7.17") (source (origin @@ -350,6 +351,14 @@ data types.") (properties '((cpe-name . "python"))) (license license:psfl))) +(define python-2.7/fixed + (package + (inherit python-2.7) + (source (origin + (inherit (package-source python-2.7)) + (patches (append (search-patches "python-2.7-CVE-2021-3177.patch") + (origin-patches (package-source python-2.7)))))))) + ;; Current 2.x version. (define-public python-2 python-2.7) -- 2.30.1 ------------=_1614722342-913-1--