aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Dombrowski <mdombro@amazon.com>2021-02-19 10:40:59 -0800
committerMichael Dombrowski <3799-MikeDombo@users.gitlab.alpinelinux.org>2021-02-19 21:37:00 +0000
commita5f663990f6172476623a4dfd398a4ded4f77ab6 (patch)
tree82f995340cba175744660594e50ba0d7f277ee92
parent2db3b0ad1da10994024eecfb8a9844eb58a81c88 (diff)
downloadaports-a5f663990f6172476623a4dfd398a4ded4f77ab6.tar.gz
aports-a5f663990f6172476623a4dfd398a4ded4f77ab6.tar.bz2
aports-a5f663990f6172476623a4dfd398a4ded4f77ab6.tar.xz
community/python2: fix CVE-2021-3177
bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs. This is a backport of https://github.com/python/cpython/pull/24239/ sourced from https://salsa.debian.org/saifelse/python2/-/commit/cac0240f5b8d8460f5e3217fd23de256109b0847
-rw-r--r--community/python2/APKBUILD8
-rw-r--r--community/python2/cve-2021-3177.patch150
2 files changed, 156 insertions, 2 deletions
diff --git a/community/python2/APKBUILD b/community/python2/APKBUILD
index 715d2813e1..cd5795b913 100644
--- a/community/python2/APKBUILD
+++ b/community/python2/APKBUILD
@@ -4,7 +4,7 @@ pkgname=python2
# the python2-tkinter's pkgver needs to be synchronized with this.
pkgver=2.7.18
_verbase=${pkgver%.*}
-pkgrel=1
+pkgrel=2
pkgdesc="A high-level scripting language"
url="https://www.python.org/"
arch="all"
@@ -16,10 +16,13 @@ makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
musl-find_library.patch
unchecked-ioctl.patch
+ cve-2021-3177.patch
"
builddir="$srcdir/Python-$pkgver"
# secfixes:
+# 2.7.18-r1:
+# - CVE-2021-3177
# 2.7.18-r0:
# - CVE-2019-18348
# 2.7.17-r0:
@@ -141,4 +144,5 @@ wininst() {
sha512sums="a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c Python-2.7.18.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch
-5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch"
+5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch
+7d6c5d85a572450fb463feea9c7a8159aa8dd0c604e69f19da6eb57108c60e37ebce41b80758f63dd01e4a22286f80665ce4d778a30fa45ad5f1d6ce074c1f81 cve-2021-3177.patch"
diff --git a/community/python2/cve-2021-3177.patch b/community/python2/cve-2021-3177.patch
new file mode 100644
index 0000000000..ca5da80e13
--- /dev/null
+++ b/community/python2/cve-2021-3177.patch
@@ -0,0 +1,150 @@
+bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs.
+--- Python-2.7.18.orig/Lib/ctypes/test/test_parameters.py
++++ Python-2.7.18/Lib/ctypes/test/test_parameters.py
+@@ -206,6 +206,49 @@
+ with self.assertRaises(ZeroDivisionError):
+ WorseStruct().__setstate__({}, b'foo')
+
++ def test_parameter_repr(self):
++ from ctypes import (
++ c_bool,
++ c_char,
++ c_wchar,
++ c_byte,
++ c_ubyte,
++ c_short,
++ c_ushort,
++ c_int,
++ c_uint,
++ c_long,
++ c_ulong,
++ c_longlong,
++ c_ulonglong,
++ c_float,
++ c_double,
++ c_longdouble,
++ c_char_p,
++ c_wchar_p,
++ c_void_p,
++ )
++ self.assertRegexpMatches(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_char.from_param('a')), "<cparam 'c' (a)>")
++ self.assertRegexpMatches(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
++ self.assertRegexpMatches(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegexpMatches(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegexpMatches(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegexpMatches(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegexpMatches(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
++ self.assertRegexpMatches(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
++ self.assertRegexpMatches(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++ self.assertRegexpMatches(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegexpMatches(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegexpMatches(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
++
+ ################################################################
+
+ if __name__ == '__main__':
+--- Python-2.7.18.orig/Modules/_ctypes/callproc.c
++++ Python-2.7.18/Modules/_ctypes/callproc.c
+@@ -460,50 +460,53 @@
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+- char buffer[256];
+ switch(self->tag) {
+ case 'b':
+ case 'B':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyString_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.b);
+- break;
+ case 'h':
+ case 'H':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyString_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.h);
+- break;
+ case 'i':
+ case 'I':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyString_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.i);
+- break;
+ case 'l':
+ case 'L':
+- sprintf(buffer, "<cparam '%c' (%ld)>",
++ return PyString_FromFormat("<cparam '%c' (%ld)>",
+ self->tag, self->value.l);
+- break;
+
+ #ifdef HAVE_LONG_LONG
+ case 'q':
+ case 'Q':
+- sprintf(buffer,
+- "<cparam '%c' (%" PY_FORMAT_LONG_LONG "d)>",
++ return PyString_FromFormat("<cparam '%c' (%" PY_FORMAT_LONG_LONG "d)>",
+ self->tag, self->value.q);
+- break;
+ #endif
+ case 'd':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.d);
+- break;
+- case 'f':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.f);
+- break;
++ case 'f': {
++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
++ if (f == NULL) {
++ return NULL;
++ }
++ PyObject *r = PyObject_Repr(f);
++ Py_DECREF(f);
++ if (r == NULL) {
++ return NULL;
++ }
++ char *value = PyString_AsString(r);
++ Py_DECREF(r);
++ if (value == NULL) {
++ return NULL;
++ }
++ return PyString_FromFormat("<cparam '%c' (%s)>",
++ self->tag, value);
++ }
+
+ case 'c':
+- sprintf(buffer, "<cparam '%c' (%c)>",
++ return PyString_FromFormat("<cparam '%c' (%c)>",
+ self->tag, self->value.c);
+- break;
+
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+ Shouldn't they be replaced by the functionality of c_string
+@@ -512,16 +515,13 @@
+ case 'z':
+ case 'Z':
+ case 'P':
+- sprintf(buffer, "<cparam '%c' (%p)>",
++ return PyString_FromFormat("<cparam '%c' (%p)>",
+ self->tag, self->value.p);
+- break;
+
+ default:
+- sprintf(buffer, "<cparam '%c' at %p>",
++ return PyString_FromFormat("<cparam '%c' at %p>",
+ self->tag, self);
+- break;
+ }
+- return PyString_FromString(buffer);
+ }
+
+ static PyMemberDef PyCArgType_members[] = {
+