* [bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2.
@ 2021-02-25 14:40 Greg Hogan
2021-02-25 19:44 ` Leo Famulari
0 siblings, 1 reply; 2+ messages in thread
From: Greg Hogan @ 2021-02-25 14:40 UTC (permalink / raw)
To: 46771
[-- Attachment #1.1: Type: text/plain, Size: 10980 bytes --]
From 7388fdcc629074e80ad88714a22f5eb5e8e5fd35 Mon Sep 17 00:00:00 2001
From: Greg Hogan <code@greghogan.com>
Date: Wed, 24 Feb 2021 14:12:28 +0000
Subject: [PATCH] gnu: Python 3.9: Update to 3.9.2.
* gnu/packages/python.scm (python-3.9): Update to 3.9.2.
* gnu/packages/patches/python-3.9-CVE-2021-3177.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
.../patches/python-3.9-CVE-2021-3177.patch | 194 ------------------
gnu/packages/python.scm | 6 +-
3 files changed, 3 insertions(+), 198 deletions(-)
delete mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 8d46cda639..8d1465158a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1526,7 +1526,6 @@ dist_patch_DATA = \
%D%/packages/patches/python-3.8-fix-tests.patch \
%D%/packages/patches/python-3.8-CVE-2021-3177.patch \
%D%/packages/patches/python-3.9-fix-tests.patch \
- %D%/packages/patches/python-3.9-CVE-2021-3177.patch \
%D%/packages/patches/python-CVE-2018-14647.patch \
%D%/packages/patches/python-CVE-2020-26116.patch \
%D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \
diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
deleted file mode 100644
index 155f17deca..0000000000
--- a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-Fix CVE-2021-3177 for Python 3.9:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
-
-Patch copied from upstream source repository:
-
-
https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932
-
-From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Mon, 18 Jan 2021 13:29:31 -0800
-Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
- formatting in ctypes param reprs. (GH-24247)
-
-(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
-
-Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
-Co-authored-by: Benjamin Peterson <benjamin@python.org>
----
- Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
- .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
- Modules/_ctypes/callproc.c | 51 +++++++------------
- 3 files changed, 64 insertions(+), 32 deletions(-)
- create mode 100644
Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-
-diff --git a/Lib/ctypes/test/test_parameters.py
b/Lib/ctypes/test/test_parameters.py
-index e4c25fd880cef..531894fdec838 100644
---- a/Lib/ctypes/test/test_parameters.py
-+++ b/Lib/ctypes/test/test_parameters.py
-@@ -201,6 +201,49 @@ def __dict__(self):
- with self.assertRaises(ZeroDivisionError):
- WorseStruct().__setstate__({}, b'foo')
-
-+ def test_parameter_repr(self):
-+ from ctypes import (
-+ c_bool,
-+ c_char,
-+ c_wchar,
-+ c_byte,
-+ c_ubyte,
-+ c_short,
-+ c_ushort,
-+ c_int,
-+ c_uint,
-+ c_long,
-+ c_ulong,
-+ c_longlong,
-+ c_ulonglong,
-+ c_float,
-+ c_double,
-+ c_longdouble,
-+ c_char_p,
-+ c_wchar_p,
-+ c_void_p,
-+ )
-+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?'
at 0x[A-Fa-f0-9]+>$")
-+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c'
('a')>")
-+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at
0x[A-Fa-f0-9]+>$")
-+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
-+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B'
(98)>")
-+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h'
(511)>")
-+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H'
(511)>")
-+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'
\(20000\)>$")
-+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam
'[LI]' \(20000\)>$")
-+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam
'[li]' \(20000\)>$")
-+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam
'[LI]' \(20000\)>$")
-+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam
'[liq]' \(20000\)>$")
-+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam
'[LIQ]' \(20000\)>$")
-+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f'
(1.5)>")
-+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd'
(1.5)>")
-+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd'
(1e+300)>")
-+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam
('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
-+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam
'z' \(0x[A-Fa-f0-9]+\)>$")
-+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam
'Z' \(0x[A-Fa-f0-9]+\)>$")
-+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P'
\(0x0*12\)>$")
-+
- ################################################################
-
- if __name__ == '__main__':
-diff --git
a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-new file mode 100644
-index 0000000000000..7df65a156feab
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-@@ -0,0 +1,2 @@
-+Avoid static buffers when computing the repr of :class:`ctypes.c_double`
and
-+:class:`ctypes.c_longdouble` values.
-diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
-index b0a36a30248f7..f2506de54498e 100644
---- a/Modules/_ctypes/callproc.c
-+++ b/Modules/_ctypes/callproc.c
-@@ -489,58 +489,47 @@ is_literal_char(unsigned char c)
- static PyObject *
- PyCArg_repr(PyCArgObject *self)
- {
-- char buffer[256];
- switch(self->tag) {
- case 'b':
- case 'B':
-- sprintf(buffer, "<cparam '%c' (%d)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
- self->tag, self->value.b);
-- break;
- case 'h':
- case 'H':
-- sprintf(buffer, "<cparam '%c' (%d)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
- self->tag, self->value.h);
-- break;
- case 'i':
- case 'I':
-- sprintf(buffer, "<cparam '%c' (%d)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
- self->tag, self->value.i);
-- break;
- case 'l':
- case 'L':
-- sprintf(buffer, "<cparam '%c' (%ld)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
- self->tag, self->value.l);
-- break;
-
- case 'q':
- case 'Q':
-- sprintf(buffer,
--#ifdef MS_WIN32
-- "<cparam '%c' (%I64d)>",
--#else
-- "<cparam '%c' (%lld)>",
--#endif
-+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
- self->tag, self->value.q);
-- break;
- case 'd':
-- sprintf(buffer, "<cparam '%c' (%f)>",
-- self->tag, self->value.d);
-- break;
-- case 'f':
-- sprintf(buffer, "<cparam '%c' (%f)>",
-- self->tag, self->value.f);
-- break;
--
-+ case 'f': {
-+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ?
self->value.f : self->value.d);
-+ if (f == NULL) {
-+ return NULL;
-+ }
-+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>",
self->tag, f);
-+ Py_DECREF(f);
-+ return result;
-+ }
- case 'c':
- if (is_literal_char((unsigned char)self->value.c)) {
-- sprintf(buffer, "<cparam '%c' ('%c')>",
-+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
- self->tag, self->value.c);
- }
- else {
-- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
-+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
- self->tag, (unsigned char)self->value.c);
- }
-- break;
-
- /* Hm, are these 'z' and 'Z' codes useful at all?
- Shouldn't they be replaced by the functionality of c_string
-@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self)
- case 'z':
- case 'Z':
- case 'P':
-- sprintf(buffer, "<cparam '%c' (%p)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
- self->tag, self->value.p);
- break;
-
- default:
- if (is_literal_char((unsigned char)self->tag)) {
-- sprintf(buffer, "<cparam '%c' at %p>",
-+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
- (unsigned char)self->tag, (void *)self);
- }
- else {
-- sprintf(buffer, "<cparam 0x%02x at %p>",
-+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
- (unsigned char)self->tag, (void *)self);
- }
-- break;
- }
-- return PyUnicode_FromString(buffer);
- }
-
- static PyMemberDef PyCArgType_members[] = {
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 5c5be0d78c..9d97050c66 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -59,6 +59,7 @@
;;; Copyright © 2018 Vagrant Cascadian <vagrant@debian.org>
;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2021 Greg Hogan <code@greghogan.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -533,19 +534,18 @@ data types.")
(define-public python-3.9
(package (inherit python-3.8)
(name "python-next")
- (version "3.9.1")
+ (version "3.9.2")
(source (origin
(method url-fetch)
(uri (string-append "https://www.python.org/ftp/python/"
version "/Python-" version ".tar.xz"))
(patches (search-patches
"python-3.9-fix-tests.patch"
- "python-3.9-CVE-2021-3177.patch"
"python-3-deterministic-build-info.patch"
"python-3-search-paths.patch"))
(sha256
(base32
- "1zq3k4ymify5ig739zyvx9s2ainvchxb1zpy139z74krr653y74r"))
+ "0z94vv5qhlwvcgc4sy9sdiqs0220s84wx3b62vslh5419z2k881w"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.30.1
[-- Attachment #1.2: Type: text/html, Size: 17041 bytes --]
[-- Attachment #2: 0001-gnu-Python-3.9-Update-to-3.9.2.patch --]
[-- Type: application/octet-stream, Size: 10706 bytes --]
From 7388fdcc629074e80ad88714a22f5eb5e8e5fd35 Mon Sep 17 00:00:00 2001
From: Greg Hogan <code@greghogan.com>
Date: Wed, 24 Feb 2021 14:12:28 +0000
Subject: [PATCH] gnu: Python 3.9: Update to 3.9.2.
* gnu/packages/python.scm (python-3.9): Update to 3.9.2.
* gnu/packages/patches/python-3.9-CVE-2021-3177.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
.../patches/python-3.9-CVE-2021-3177.patch | 194 ------------------
gnu/packages/python.scm | 6 +-
3 files changed, 3 insertions(+), 198 deletions(-)
delete mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 8d46cda639..8d1465158a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1526,7 +1526,6 @@ dist_patch_DATA = \
%D%/packages/patches/python-3.8-fix-tests.patch \
%D%/packages/patches/python-3.8-CVE-2021-3177.patch \
%D%/packages/patches/python-3.9-fix-tests.patch \
- %D%/packages/patches/python-3.9-CVE-2021-3177.patch \
%D%/packages/patches/python-CVE-2018-14647.patch \
%D%/packages/patches/python-CVE-2020-26116.patch \
%D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \
diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
deleted file mode 100644
index 155f17deca..0000000000
--- a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-Fix CVE-2021-3177 for Python 3.9:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
-
-Patch copied from upstream source repository:
-
-https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932
-
-From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Mon, 18 Jan 2021 13:29:31 -0800
-Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
- formatting in ctypes param reprs. (GH-24247)
-
-(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
-
-Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
-Co-authored-by: Benjamin Peterson <benjamin@python.org>
----
- Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
- .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
- Modules/_ctypes/callproc.c | 51 +++++++------------
- 3 files changed, 64 insertions(+), 32 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-
-diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
-index e4c25fd880cef..531894fdec838 100644
---- a/Lib/ctypes/test/test_parameters.py
-+++ b/Lib/ctypes/test/test_parameters.py
-@@ -201,6 +201,49 @@ def __dict__(self):
- with self.assertRaises(ZeroDivisionError):
- WorseStruct().__setstate__({}, b'foo')
-
-+ def test_parameter_repr(self):
-+ from ctypes import (
-+ c_bool,
-+ c_char,
-+ c_wchar,
-+ c_byte,
-+ c_ubyte,
-+ c_short,
-+ c_ushort,
-+ c_int,
-+ c_uint,
-+ c_long,
-+ c_ulong,
-+ c_longlong,
-+ c_ulonglong,
-+ c_float,
-+ c_double,
-+ c_longdouble,
-+ c_char_p,
-+ c_wchar_p,
-+ c_void_p,
-+ )
-+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
-+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
-+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
-+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
-+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
-+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
-+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
-+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
-+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
-+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
-+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
-+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
-+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
-+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
-+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
-+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
-+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
-+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
-+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
-+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
-+
- ################################################################
-
- if __name__ == '__main__':
-diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-new file mode 100644
-index 0000000000000..7df65a156feab
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-@@ -0,0 +1,2 @@
-+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
-+:class:`ctypes.c_longdouble` values.
-diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
-index b0a36a30248f7..f2506de54498e 100644
---- a/Modules/_ctypes/callproc.c
-+++ b/Modules/_ctypes/callproc.c
-@@ -489,58 +489,47 @@ is_literal_char(unsigned char c)
- static PyObject *
- PyCArg_repr(PyCArgObject *self)
- {
-- char buffer[256];
- switch(self->tag) {
- case 'b':
- case 'B':
-- sprintf(buffer, "<cparam '%c' (%d)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
- self->tag, self->value.b);
-- break;
- case 'h':
- case 'H':
-- sprintf(buffer, "<cparam '%c' (%d)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
- self->tag, self->value.h);
-- break;
- case 'i':
- case 'I':
-- sprintf(buffer, "<cparam '%c' (%d)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
- self->tag, self->value.i);
-- break;
- case 'l':
- case 'L':
-- sprintf(buffer, "<cparam '%c' (%ld)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
- self->tag, self->value.l);
-- break;
-
- case 'q':
- case 'Q':
-- sprintf(buffer,
--#ifdef MS_WIN32
-- "<cparam '%c' (%I64d)>",
--#else
-- "<cparam '%c' (%lld)>",
--#endif
-+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
- self->tag, self->value.q);
-- break;
- case 'd':
-- sprintf(buffer, "<cparam '%c' (%f)>",
-- self->tag, self->value.d);
-- break;
-- case 'f':
-- sprintf(buffer, "<cparam '%c' (%f)>",
-- self->tag, self->value.f);
-- break;
--
-+ case 'f': {
-+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
-+ if (f == NULL) {
-+ return NULL;
-+ }
-+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
-+ Py_DECREF(f);
-+ return result;
-+ }
- case 'c':
- if (is_literal_char((unsigned char)self->value.c)) {
-- sprintf(buffer, "<cparam '%c' ('%c')>",
-+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
- self->tag, self->value.c);
- }
- else {
-- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
-+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
- self->tag, (unsigned char)self->value.c);
- }
-- break;
-
- /* Hm, are these 'z' and 'Z' codes useful at all?
- Shouldn't they be replaced by the functionality of c_string
-@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self)
- case 'z':
- case 'Z':
- case 'P':
-- sprintf(buffer, "<cparam '%c' (%p)>",
-+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
- self->tag, self->value.p);
- break;
-
- default:
- if (is_literal_char((unsigned char)self->tag)) {
-- sprintf(buffer, "<cparam '%c' at %p>",
-+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
- (unsigned char)self->tag, (void *)self);
- }
- else {
-- sprintf(buffer, "<cparam 0x%02x at %p>",
-+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
- (unsigned char)self->tag, (void *)self);
- }
-- break;
- }
-- return PyUnicode_FromString(buffer);
- }
-
- static PyMemberDef PyCArgType_members[] = {
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 5c5be0d78c..9d97050c66 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -59,6 +59,7 @@
;;; Copyright © 2018 Vagrant Cascadian <vagrant@debian.org>
;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2021 Greg Hogan <code@greghogan.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -533,19 +534,18 @@ data types.")
(define-public python-3.9
(package (inherit python-3.8)
(name "python-next")
- (version "3.9.1")
+ (version "3.9.2")
(source (origin
(method url-fetch)
(uri (string-append "https://www.python.org/ftp/python/"
version "/Python-" version ".tar.xz"))
(patches (search-patches
"python-3.9-fix-tests.patch"
- "python-3.9-CVE-2021-3177.patch"
"python-3-deterministic-build-info.patch"
"python-3-search-paths.patch"))
(sha256
(base32
- "1zq3k4ymify5ig739zyvx9s2ainvchxb1zpy139z74krr653y74r"))
+ "0z94vv5qhlwvcgc4sy9sdiqs0220s84wx3b62vslh5419z2k881w"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.30.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2.
2021-02-25 14:40 [bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2 Greg Hogan
@ 2021-02-25 19:44 ` Leo Famulari
0 siblings, 0 replies; 2+ messages in thread
From: Leo Famulari @ 2021-02-25 19:44 UTC (permalink / raw)
To: Greg Hogan; +Cc: 46771
On Thu, Feb 25, 2021 at 09:40:09AM -0500, Greg Hogan wrote:
> From 7388fdcc629074e80ad88714a22f5eb5e8e5fd35 Mon Sep 17 00:00:00 2001
> From: Greg Hogan <code@greghogan.com>
> Date: Wed, 24 Feb 2021 14:12:28 +0000
> Subject: [PATCH] gnu: Python 3.9: Update to 3.9.2.
>
> * gnu/packages/python.scm (python-3.9): Update to 3.9.2.
> * gnu/packages/patches/python-3.9-CVE-2021-3177.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.
Thank you! This kind of maintenance / follow-up work is super valuable.
Pushed as 10b909a0249fd53d589890b357232db4165690f5
> ---
> gnu/local.mk | 1 -
> .../patches/python-3.9-CVE-2021-3177.patch | 194 ------------------
> gnu/packages/python.scm | 6 +-
> 3 files changed, 3 insertions(+), 198 deletions(-)
> delete mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 8d46cda639..8d1465158a 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -1526,7 +1526,6 @@ dist_patch_DATA = \
> %D%/packages/patches/python-3.8-fix-tests.patch \
> %D%/packages/patches/python-3.8-CVE-2021-3177.patch \
> %D%/packages/patches/python-3.9-fix-tests.patch \
> - %D%/packages/patches/python-3.9-CVE-2021-3177.patch \
> %D%/packages/patches/python-CVE-2018-14647.patch \
> %D%/packages/patches/python-CVE-2020-26116.patch \
> %D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \
> diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> deleted file mode 100644
> index 155f17deca..0000000000
> --- a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> +++ /dev/null
> @@ -1,194 +0,0 @@
> -Fix CVE-2021-3177 for Python 3.9:
> -
> -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
> -
> -Patch copied from upstream source repository:
> -
> -
> https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932
> -
> -From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001
> -From: "Miss Islington (bot)"
> - <31488909+miss-islington@users.noreply.github.com>
> -Date: Mon, 18 Jan 2021 13:29:31 -0800
> -Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
> - formatting in ctypes param reprs. (GH-24247)
> -
> -(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
> -
> -Co-authored-by: Benjamin Peterson <benjamin@python.org>
> -
> -Co-authored-by: Benjamin Peterson <benjamin@python.org>
> ----
> - Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
> - .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
> - Modules/_ctypes/callproc.c | 51 +++++++------------
> - 3 files changed, 64 insertions(+), 32 deletions(-)
> - create mode 100644
> Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -
> -diff --git a/Lib/ctypes/test/test_parameters.py
> b/Lib/ctypes/test/test_parameters.py
> -index e4c25fd880cef..531894fdec838 100644
> ---- a/Lib/ctypes/test/test_parameters.py
> -+++ b/Lib/ctypes/test/test_parameters.py
> -@@ -201,6 +201,49 @@ def __dict__(self):
> - with self.assertRaises(ZeroDivisionError):
> - WorseStruct().__setstate__({}, b'foo')
> -
> -+ def test_parameter_repr(self):
> -+ from ctypes import (
> -+ c_bool,
> -+ c_char,
> -+ c_wchar,
> -+ c_byte,
> -+ c_ubyte,
> -+ c_short,
> -+ c_ushort,
> -+ c_int,
> -+ c_uint,
> -+ c_long,
> -+ c_ulong,
> -+ c_longlong,
> -+ c_ulonglong,
> -+ c_float,
> -+ c_double,
> -+ c_longdouble,
> -+ c_char_p,
> -+ c_wchar_p,
> -+ c_void_p,
> -+ )
> -+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?'
> at 0x[A-Fa-f0-9]+>$")
> -+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c'
> ('a')>")
> -+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at
> 0x[A-Fa-f0-9]+>$")
> -+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
> -+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B'
> (98)>")
> -+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h'
> (511)>")
> -+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H'
> (511)>")
> -+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'
> \(20000\)>$")
> -+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam
> '[LI]' \(20000\)>$")
> -+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam
> '[li]' \(20000\)>$")
> -+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam
> '[LI]' \(20000\)>$")
> -+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam
> '[liq]' \(20000\)>$")
> -+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam
> '[LIQ]' \(20000\)>$")
> -+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f'
> (1.5)>")
> -+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd'
> (1.5)>")
> -+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd'
> (1e+300)>")
> -+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam
> ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
> -+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam
> 'z' \(0x[A-Fa-f0-9]+\)>$")
> -+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam
> 'Z' \(0x[A-Fa-f0-9]+\)>$")
> -+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P'
> \(0x0*12\)>$")
> -+
> - ################################################################
> -
> - if __name__ == '__main__':
> -diff --git
> a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -new file mode 100644
> -index 0000000000000..7df65a156feab
> ---- /dev/null
> -+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -@@ -0,0 +1,2 @@
> -+Avoid static buffers when computing the repr of :class:`ctypes.c_double`
> and
> -+:class:`ctypes.c_longdouble` values.
> -diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
> -index b0a36a30248f7..f2506de54498e 100644
> ---- a/Modules/_ctypes/callproc.c
> -+++ b/Modules/_ctypes/callproc.c
> -@@ -489,58 +489,47 @@ is_literal_char(unsigned char c)
> - static PyObject *
> - PyCArg_repr(PyCArgObject *self)
> - {
> -- char buffer[256];
> - switch(self->tag) {
> - case 'b':
> - case 'B':
> -- sprintf(buffer, "<cparam '%c' (%d)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> - self->tag, self->value.b);
> -- break;
> - case 'h':
> - case 'H':
> -- sprintf(buffer, "<cparam '%c' (%d)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> - self->tag, self->value.h);
> -- break;
> - case 'i':
> - case 'I':
> -- sprintf(buffer, "<cparam '%c' (%d)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> - self->tag, self->value.i);
> -- break;
> - case 'l':
> - case 'L':
> -- sprintf(buffer, "<cparam '%c' (%ld)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
> - self->tag, self->value.l);
> -- break;
> -
> - case 'q':
> - case 'Q':
> -- sprintf(buffer,
> --#ifdef MS_WIN32
> -- "<cparam '%c' (%I64d)>",
> --#else
> -- "<cparam '%c' (%lld)>",
> --#endif
> -+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
> - self->tag, self->value.q);
> -- break;
> - case 'd':
> -- sprintf(buffer, "<cparam '%c' (%f)>",
> -- self->tag, self->value.d);
> -- break;
> -- case 'f':
> -- sprintf(buffer, "<cparam '%c' (%f)>",
> -- self->tag, self->value.f);
> -- break;
> --
> -+ case 'f': {
> -+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ?
> self->value.f : self->value.d);
> -+ if (f == NULL) {
> -+ return NULL;
> -+ }
> -+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>",
> self->tag, f);
> -+ Py_DECREF(f);
> -+ return result;
> -+ }
> - case 'c':
> - if (is_literal_char((unsigned char)self->value.c)) {
> -- sprintf(buffer, "<cparam '%c' ('%c')>",
> -+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
> - self->tag, self->value.c);
> - }
> - else {
> -- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
> -+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
> - self->tag, (unsigned char)self->value.c);
> - }
> -- break;
> -
> - /* Hm, are these 'z' and 'Z' codes useful at all?
> - Shouldn't they be replaced by the functionality of c_string
> -@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self)
> - case 'z':
> - case 'Z':
> - case 'P':
> -- sprintf(buffer, "<cparam '%c' (%p)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
> - self->tag, self->value.p);
> - break;
> -
> - default:
> - if (is_literal_char((unsigned char)self->tag)) {
> -- sprintf(buffer, "<cparam '%c' at %p>",
> -+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
> - (unsigned char)self->tag, (void *)self);
> - }
> - else {
> -- sprintf(buffer, "<cparam 0x%02x at %p>",
> -+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
> - (unsigned char)self->tag, (void *)self);
> - }
> -- break;
> - }
> -- return PyUnicode_FromString(buffer);
> - }
> -
> - static PyMemberDef PyCArgType_members[] = {
> diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
> index 5c5be0d78c..9d97050c66 100644
> --- a/gnu/packages/python.scm
> +++ b/gnu/packages/python.scm
> @@ -59,6 +59,7 @@
> ;;; Copyright © 2018 Vagrant Cascadian <vagrant@debian.org>
> ;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
> +;;; Copyright © 2021 Greg Hogan <code@greghogan.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -533,19 +534,18 @@ data types.")
> (define-public python-3.9
> (package (inherit python-3.8)
> (name "python-next")
> - (version "3.9.1")
> + (version "3.9.2")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://www.python.org/ftp/python/"
> version "/Python-" version ".tar.xz"))
> (patches (search-patches
> "python-3.9-fix-tests.patch"
> - "python-3.9-CVE-2021-3177.patch"
> "python-3-deterministic-build-info.patch"
> "python-3-search-paths.patch"))
> (sha256
> (base32
> - "1zq3k4ymify5ig739zyvx9s2ainvchxb1zpy139z74krr653y74r"))
> + "0z94vv5qhlwvcgc4sy9sdiqs0220s84wx3b62vslh5419z2k881w"))
> (modules '((guix build utils)))
> (snippet
> '(begin
> --
> 2.30.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-02-25 19:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-25 14:40 [bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2 Greg Hogan
2021-02-25 19:44 ` Leo Famulari
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.