From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id UM1JOdxMMGA/QQAA0tVLHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 19 Feb 2021 23:42:20 +0000
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id kFomNdxMMGC+IQAAB5/wlQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 19 Feb 2021 23:42:20 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 21A311C96F
	for <larch@yhetil.org>; Sat, 20 Feb 2021 00:42:18 +0100 (CET)
Received: from localhost ([::1]:43782 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1lDFPd-0001PR-66
	for larch@yhetil.org; Fri, 19 Feb 2021 18:42:17 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:60582)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lDFPP-0001Oh-Lp
 for bug-guix@gnu.org; Fri, 19 Feb 2021 18:42:04 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:39086)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lDFPN-0008Qo-VL
 for bug-guix@gnu.org; Fri, 19 Feb 2021 18:42:03 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lDFPN-0001mg-Sp
 for bug-guix@gnu.org; Fri, 19 Feb 2021 18:42:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#46631: Python CVE-2021-3177
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Fri, 19 Feb 2021 23:42:01 +0000
Resent-Message-ID: <handler.46631.B46631.16137781026832@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 46631
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 46631@debbugs.gnu.org
Received: via spool by 46631-submit@debbugs.gnu.org id=B46631.16137781026832
 (code B ref 46631); Fri, 19 Feb 2021 23:42:01 +0000
Received: (at 46631) by debbugs.gnu.org; 19 Feb 2021 23:41:42 +0000
Received: from localhost ([127.0.0.1]:50632 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lDFOy-0001m3-Lx
 for submit@debbugs.gnu.org; Fri, 19 Feb 2021 18:41:42 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:37625)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lDFOw-0001lp-EM
 for 46631@debbugs.gnu.org; Fri, 19 Feb 2021 18:41:35 -0500
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 0BA675C005E;
 Fri, 19 Feb 2021 18:41:29 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
 by compute3.internal (MEProxy); Fri, 19 Feb 2021 18:41:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=/73evAj00i/oHlXzI1P7Cdgg
 99jAplp67XijBF3Elb8=; b=SOa2UxcrbpJJHcqjGiNpNBrR0V3yel4M3YAAqSy0
 q+mvut6U+TEZG0LVgXmX1J0lO69oynj2j4RH1UrTVypB05FkRYNWQ2doR2bOy4Js
 iJoo4B3an7qbn7AgCccYKo9kOrZbMS8xIxi9kLdzw0V/IM8GmcWLl/o4htSnReJp
 VkM=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=/73evA
 j00i/oHlXzI1P7Cdgg99jAplp67XijBF3Elb8=; b=Tegm5gloPcQHFRNIY4kemP
 kDBUvXjxkeD/YW9+3cxbn+64tStlqiMe9du2OOdhbXJ7gmPsc6HX3bbdPpOFF7Kl
 /ob/gT31RIqs43cmVywSLIYabzH+kJ8nWT+bywoI9k6hSF6WlTEtgnyGOfaaHuEg
 yfeISTMXOqESfuidmybfa7nNEljnw6Q3BpcIEbjBRT+uatwr/jpM2Tv0Byc1R3+M
 xEeZFtXju9eOBKRk+jOu9U9lZI3CimKRITBkS6Bf2AVm3Hgvffa9zdS+tWSQKbSd
 A9J5yBQJf3GsxYHByDSMmV+1NC+d3H38qqqC3nHy1b/2+wfvtQLsGIpio5GQrOHQ
 ==
X-ME-Sender: <xms:qEwwYCRjImq0z-5kjNhC6UVQHkG92lQL3xWgIz9D2OmvbKEZ_oa2EA>
 <xme:qEwwYHyq3PpB7rUKgiD1k1OEoKp07sdtowhsle39rH2S1gn-qHHn4jrKMlOE54hec
 1TeHClB9c421MlUyg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrjeejgdduvdcutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtderre
 dttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghr
 ihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedukeevgeetkeeltefgiedtjefgjeekff
 duteehvdfhueekudelieekjeefheffteenucfkphepieelrdduvddtrdelvddrvddtkeen
 ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghose
 hfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:qEwwYP1W0Lps2AGZJdAXPhGRl73JOUnrZkKoxpo45_mFf5uhteYQNQ>
 <xmx:qEwwYODD-5QFN219NLrEds11a4QcmhxnwOB6fvhx0zWxKgc-jXugZw>
 <xmx:qEwwYLhq8a_ys07oS-OynaLPvVgq1PtMMGrouRluvI3ks2n7Hzm0Og>
 <xmx:qUwwYGuOhkYuF2iUYHuP-LLPfQRuGgNX6K7FrJo_NAZJlIruAzK2UA>
Received: from localhost (ool-45785cd0.dyn.optonline.net [69.120.92.208])
 by mail.messagingengine.com (Postfix) with ESMTPA id 3CB2C108005C
 for <46631@debbugs.gnu.org>; Fri, 19 Feb 2021 18:41:28 -0500 (EST)
Date: Fri, 19 Feb 2021 18:41:26 -0500
From: Leo Famulari <leo@famulari.name>
Message-ID: <YDBMpqCk3DBJXvfU@jasmine.lan>
References: <YDBF+l7hL3IzP185@jasmine.lan>
 <YDBIhd+7XE90GNre@jasmine.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="FYqowmleijQ73pwK"
Content-Disposition: inline
In-Reply-To: <YDBIhd+7XE90GNre@jasmine.lan>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -3.47
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=SOa2Uxcr;
	dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=Tegm5glo;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: 21A311C96F
X-Spam-Score: -3.47
X-Migadu-Scanner: scn1.migadu.com
X-TUID: qRU/JvhZp7zN


--FYqowmleijQ73pwK
Content-Type: multipart/mixed; boundary="3NoRtp2S5MlcyUaO"
Content-Disposition: inline


--3NoRtp2S5MlcyUaO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Feb 19, 2021 at 06:23:49PM -0500, Leo Famulari wrote:
> More weirdness: When I apply the patch to the python-3.8 package (that
> is, without setting up a grafted replacement), it works. So I am
> definitely doing something wrong here.

Here is a new patch that I'm currently building. I think I had composed
the package inheritance incorrectly in my previous patch.

--3NoRtp2S5MlcyUaO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment;
	filename="0001-gnu-Python-Fix-CVE-2021-3177.patch"
Content-Transfer-Encoding: quoted-printable

=46rom b62969d52add462fc1b8b4bd1e0a3c4d53a39864 Mon Sep 17 00:00:00 2001
=46rom: Leo Famulari <leo@famulari.name>
Date: Fri, 19 Feb 2021 18:09:57 -0500
Subject: [PATCH] gnu: Python: Fix CVE-2021-3177.

* gnu/packages/patches/python-3.8-CVE-2021-3177.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/python.scm (python-3.8): Define with PACKAGE/INHERIT.
[replacement]: New field.
(python-3.8/fixed): New variable.
---
 gnu/local.mk                                  |   1 +
 .../patches/python-3.8-CVE-2021-3177.patch    | 194 ++++++++++++++++++
 gnu/packages/python.scm                       |  11 +-
 3 files changed, 205 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/python-3.8-CVE-2021-3177.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 5588cda2e1..26dbcb940f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1526,6 +1526,7 @@ dist_patch_DATA =3D						\
   %D%/packages/patches/python-3-search-paths.patch		\
   %D%/packages/patches/python-3-fix-tests.patch			\
   %D%/packages/patches/python-3.8-fix-tests.patch		\
+  %D%/packages/patches/python-3.8-CVE-2021-3177.patch		\
   %D%/packages/patches/python-3.9-fix-tests.patch		\
   %D%/packages/patches/python-3.9-CVE-2021-3177.patch		\
   %D%/packages/patches/python-CVE-2018-14647.patch		\
diff --git a/gnu/packages/patches/python-3.8-CVE-2021-3177.patch b/gnu/pack=
ages/patches/python-3.8-CVE-2021-3177.patch
new file mode 100644
index 0000000000..01f6b52865
--- /dev/null
+++ b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch
@@ -0,0 +1,194 @@
+Fix CVE-2021-3177 for Python 3.8:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2021-3177
+
+Patch copied from upstream source repository:
+
+https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b=
7aa5b5f
+
+From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 18 Jan 2021 13:28:52 -0800
+Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24248)
+
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+
+Co-authored-by: Benjamin Peterson <benjamin@python.org>
+
+Co-authored-by: Benjamin Peterson <benjamin@python.org>
+---
+ Lib/ctypes/test/test_parameters.py            | 43 ++++++++++++++++
+ .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst  |  2 +
+ Modules/_ctypes/callproc.c                    | 51 +++++++------------
+ 3 files changed, 64 insertions(+), 32 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-4293=
8.4Zn4Mp.rst
+
+diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_par=
ameters.py
+index e4c25fd880cef..531894fdec838 100644
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -201,6 +201,49 @@ def __dict__(self):
+         with self.assertRaises(ZeroDivisionError):
+             WorseStruct().__setstate__({}, b'foo')
+=20
++    def test_parameter_repr(self):
++        from ctypes import (
++            c_bool,
++            c_char,
++            c_wchar,
++            c_byte,
++            c_ubyte,
++            c_short,
++            c_ushort,
++            c_int,
++            c_uint,
++            c_long,
++            c_ulong,
++            c_longlong,
++            c_ulonglong,
++            c_float,
++            c_double,
++            c_longdouble,
++            c_char_p,
++            c_wchar_p,
++            c_void_p,
++        )
++        self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' a=
t 0x[A-Fa-f0-9]+>$")
++        self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>=
")
++        self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at=
 0x[A-Fa-f0-9]+>$")
++        self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++        self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>=
")
++        self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511=
)>")
++        self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (51=
1)>")
++        self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'=
 \(20000\)>$")
++        self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]=
' \(20000\)>$")
++        self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]=
' \(20000\)>$")
++        self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI=
]' \(20000\)>$")
++        self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '=
[liq]' \(20000\)>$")
++        self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam =
'[LIQ]' \(20000\)>$")
++        self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5=
)>")
++        self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.=
5)>")
++        self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (=
1e+300)>")
++        self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam (=
'd' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++        self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z=
' \(0x[A-Fa-f0-9]+\)>$")
++        self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z=
' \(0x[A-Fa-f0-9]+\)>$")
++        self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' =
\(0x0*12\)>$")
++
+ ################################################################
+=20
+ if __name__ =3D=3D '__main__':
+#diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4=
Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#new file mode 100644
+#index 0000000000000..7df65a156feab
+#--- /dev/null
+#+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+#@@ -0,0 +1,2 @@
+#+Avoid static buffers when computing the repr of :class:`ctypes.c_double`=
 and
+#+:class:`ctypes.c_longdouble` values.
+diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
+index a9b8675cd951b..de75918d49f37 100644
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+-    char buffer[256];
+     switch(self->tag) {
+     case 'b':
+     case 'B':
+-        sprintf(buffer, "<cparam '%c' (%d)>",
++        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+             self->tag, self->value.b);
+-        break;
+     case 'h':
+     case 'H':
+-        sprintf(buffer, "<cparam '%c' (%d)>",
++        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+             self->tag, self->value.h);
+-        break;
+     case 'i':
+     case 'I':
+-        sprintf(buffer, "<cparam '%c' (%d)>",
++        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+             self->tag, self->value.i);
+-        break;
+     case 'l':
+     case 'L':
+-        sprintf(buffer, "<cparam '%c' (%ld)>",
++        return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
+             self->tag, self->value.l);
+-        break;
+=20
+     case 'q':
+     case 'Q':
+-        sprintf(buffer,
+-#ifdef MS_WIN32
+-            "<cparam '%c' (%I64d)>",
+-#else
+-            "<cparam '%c' (%lld)>",
+-#endif
++        return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
+             self->tag, self->value.q);
+-        break;
+     case 'd':
+-        sprintf(buffer, "<cparam '%c' (%f)>",
+-            self->tag, self->value.d);
+-        break;
+-    case 'f':
+-        sprintf(buffer, "<cparam '%c' (%f)>",
+-            self->tag, self->value.f);
+-        break;
+-
++    case 'f': {
++        PyObject *f =3D PyFloat_FromDouble((self->tag =3D=3D 'f') ? self-=
>value.f : self->value.d);
++        if (f =3D=3D NULL) {
++            return NULL;
++        }
++        PyObject *result =3D PyUnicode_FromFormat("<cparam '%c' (%R)>", s=
elf->tag, f);
++        Py_DECREF(f);
++        return result;
++    }
+     case 'c':
+         if (is_literal_char((unsigned char)self->value.c)) {
+-            sprintf(buffer, "<cparam '%c' ('%c')>",
++            return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
+                 self->tag, self->value.c);
+         }
+         else {
+-            sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
++            return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
+                 self->tag, (unsigned char)self->value.c);
+         }
+-        break;
+=20
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+    Shouldn't they be replaced by the functionality of c_string
+@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
+     case 'z':
+     case 'Z':
+     case 'P':
+-        sprintf(buffer, "<cparam '%c' (%p)>",
++        return PyUnicode_FromFormat("<cparam '%c' (%p)>",
+             self->tag, self->value.p);
+         break;
+=20
+     default:
+         if (is_literal_char((unsigned char)self->tag)) {
+-            sprintf(buffer, "<cparam '%c' at %p>",
++            return PyUnicode_FromFormat("<cparam '%c' at %p>",
+                 (unsigned char)self->tag, (void *)self);
+         }
+         else {
+-            sprintf(buffer, "<cparam 0x%02x at %p>",
++            return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
+                 (unsigned char)self->tag, (void *)self);
+         }
+-        break;
+     }
+-    return PyUnicode_FromString(buffer);
+ }
+=20
+ static PyMemberDef PyCArgType_members[] =3D {
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 730c371fda..fc28d0e3f8 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -362,8 +362,9 @@ data types.")
     (properties `((superseded . ,python-2)))))
=20
 (define-public python-3.8
-  (package (inherit python-2)
+  (package/inherit python-2
     (name "python")
+    (replacement python-3.8/fixed)
     (version "3.8.2")
     (source (origin
               (method url-fetch)
@@ -521,6 +522,14 @@ data types.")
                                         (version-major+minor version)
                                         "/site-packages"))))))))
=20
+(define python-3.8/fixed
+  (package
+    (inherit python-3.8)
+    (source (origin
+              (inherit (package-source python-3.8))
+              (patches (append (search-patches "python-3.8-CVE-2021-3177.p=
atch")
+                               (origin-patches (package-source python-3.8)=
)))))))
+
 (define-public python-3.9
   (package (inherit python-3.8)
     (name "python-next")
--=20
2.30.1


--3NoRtp2S5MlcyUaO--

--FYqowmleijQ73pwK
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmAwTKYACgkQJkb6MLrK
fwimUhAAlX8e0kgBeeWDRR0Sqyq5lLQx3nzQnZf48cIYb6VMgGa3J9jFE+JtlY/N
yaJBJ0OtVd0yct9g5CQCjcjIdbW0MP4nqHNo/Qn0H8fNxehZvw7SZkUEiK90ZIE0
ZKIS2cSY8XtJUirPiQFLMgUl4nJ2y7nKXLTVRrauwmvfVocWlXdz74lUv7yO3YEI
MU3f6GTMoN9AOqBlIYaA2IhDGjKWHBHHWPvpOwG/0wixPPI33hzuFIecD4rzX0Fq
lngTlo/AwAo1MOSislEP17OkETSOfFURN3p5S8mP83+JQ9atp9BLGYq6FenaN8db
JrB+R/3G4NelbsiS2LDDmfOQdvnvLNXILxOI+vJG2jMEm0JC+IODbGVJc15445SG
X836RLlUoOp7PelER5TnUNKPJPrODFly3gM6hARlFaRQt1W7Yu0IBEnds9DeOCW4
zrX1stVGj4XSRkGYJNLgAGBV2XnHoHcoU1VNyRt90PWiO89UpbL5CnEV0zTIYWS8
wtZ4gKVVr/H5HB97zAWLQJlKlnm1FlPOZg4FO1PUiEfXZNPbk7MPAi0amIYeM2PA
thKi9fumJ/r/P5cepCcEzsKTce27EOEBVaF9mw+BYhbq9ZguGMqJzgOLxQvSiJOt
0qnqnNPNAUnjZAZiX7xYff5GZ2kXKfGi+rjFehySVd+qnMboRCY=
=mqC7
-----END PGP SIGNATURE-----

--FYqowmleijQ73pwK--