From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id +FCxGXr+N2D6IQAA0tVLHw (envelope-from ) for ; Thu, 25 Feb 2021 19:46:02 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id sFmLFXr+N2C6MAAAbx9fmQ (envelope-from ) for ; Thu, 25 Feb 2021 19:46:02 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 804AE1FE72 for ; Thu, 25 Feb 2021 20:46:01 +0100 (CET) Received: from localhost ([::1]:51998 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFMaG-0004bY-Fc for larch@yhetil.org; Thu, 25 Feb 2021 14:46:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:34190) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFMZK-0004Ye-GP for guix-patches@gnu.org; Thu, 25 Feb 2021 14:45:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:56090) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lFMZK-00046j-9E for guix-patches@gnu.org; Thu, 25 Feb 2021 14:45:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lFMZK-0002kC-7P for guix-patches@gnu.org; Thu, 25 Feb 2021 14:45:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Feb 2021 19:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46771 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Greg Hogan Cc: 46771@debbugs.gnu.org Received: via spool by 46771-submit@debbugs.gnu.org id=B46771.161428227010482 (code B ref 46771); Thu, 25 Feb 2021 19:45:02 +0000 Received: (at 46771) by debbugs.gnu.org; 25 Feb 2021 19:44:30 +0000 Received: from localhost ([127.0.0.1]:39399 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFMYg-0002ir-3v for submit@debbugs.gnu.org; Thu, 25 Feb 2021 14:44:30 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:51427) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFMYd-0002ie-Ni for 46771@debbugs.gnu.org; Thu, 25 Feb 2021 14:44:20 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 900B55C00F3; Thu, 25 Feb 2021 14:44:14 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 25 Feb 2021 14:44:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-transfer-encoding:in-reply-to; s=mesmtp; bh=yDfbwX3mEZa1PUm4IDWTEDW6HtXqmj4gYsNKP54ABiw=; b=az3ENb948JbW v+kEOUIrB9TZA3n6frsgpHkp4SYhMOgRYv2nKPEALCJ9tmvUlFZJNkvnf2Dd4eE6 kllGf4RQAS/tVILz4c+VOcOkgh2bYhsFWXB2axA9YSoY9P9BOyN02Id23sbV4W85 KjeOo49ssN90jpRBlsyWFlkaztdYslM= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=yDfbwX3mEZa1PUm4IDWTEDW6HtXqmj4gYsNKP54AB iw=; b=Ulqzj/FPuJHO8y2tE9GWKxa8CYTUXSkmdxCl2mjzNC5sxt6IzYIbbkbIz Fs6jBZg0xmMqX8CER+oCKihKdPldu0dt79ehxSsfHCAcf/bgVxmCYmhrK+R9+UDJ A3NLcuggkRXwF2I8Mf3+ZGNRNaSX+liaQoDiCaz6eNu4cPdsm/gmJcWzrunQ9YJK oR9awbNhVBPoXsN7po00oOeHpEKd228RjbS1UfY/x6zq5gfvEHgjA9rhlDz6poQT X84V0apJqx525wNgQVBqs/txzadelTJ6/bYlzobyXnpUtVbGfOS0oRl/cNFDXPoH XciSBXt8r40gdxIbGWzfWCFPyj/Eg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrkeelgddufedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggugfgjsehtke ertddttddunecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeettefgvefhtedtjefhjeetledtfe ehvedthfelffevkeejheefgfejtdfhkeegfeenucffohhmrghinhepmhhithhrvgdrohhr ghdpghhithhhuhgsrdgtohhmpdhphihthhhonhdrohhrghenucfkphepuddttddruddurd duieelrdduudeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhf rhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id 480F71080054; Thu, 25 Feb 2021 14:44:14 -0500 (EST) Date: Thu, 25 Feb 2021 14:44:12 -0500 From: Leo Famulari Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.37 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=az3ENb94; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b="Ulqzj/FP"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 804AE1FE72 X-Spam-Score: -1.37 X-Migadu-Scanner: scn1.migadu.com X-TUID: 5H7gxTYoP89M On Thu, Feb 25, 2021 at 09:40:09AM -0500, Greg Hogan wrote: > From 7388fdcc629074e80ad88714a22f5eb5e8e5fd35 Mon Sep 17 00:00:00 2001 > From: Greg Hogan > Date: Wed, 24 Feb 2021 14:12:28 +0000 > Subject: [PATCH] gnu: Python 3.9: Update to 3.9.2. > > * gnu/packages/python.scm (python-3.9): Update to 3.9.2. > * gnu/packages/patches/python-3.9-CVE-2021-3177.patch: Delete file. > * gnu/local.mk (dist_patch_DATA): Remove it. Thank you! This kind of maintenance / follow-up work is super valuable. Pushed as 10b909a0249fd53d589890b357232db4165690f5 > --- > gnu/local.mk | 1 - > .../patches/python-3.9-CVE-2021-3177.patch | 194 ------------------ > gnu/packages/python.scm | 6 +- > 3 files changed, 3 insertions(+), 198 deletions(-) > delete mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch > > diff --git a/gnu/local.mk b/gnu/local.mk > index 8d46cda639..8d1465158a 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -1526,7 +1526,6 @@ dist_patch_DATA = \ > %D%/packages/patches/python-3.8-fix-tests.patch \ > %D%/packages/patches/python-3.8-CVE-2021-3177.patch \ > %D%/packages/patches/python-3.9-fix-tests.patch \ > - %D%/packages/patches/python-3.9-CVE-2021-3177.patch \ > %D%/packages/patches/python-CVE-2018-14647.patch \ > %D%/packages/patches/python-CVE-2020-26116.patch \ > %D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \ > diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch > b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch > deleted file mode 100644 > index 155f17deca..0000000000 > --- a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch > +++ /dev/null > @@ -1,194 +0,0 @@ > -Fix CVE-2021-3177 for Python 3.9: > - > -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 > - > -Patch copied from upstream source repository: > - > - > https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 > - > -From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001 > -From: "Miss Islington (bot)" > - <31488909+miss-islington@users.noreply.github.com> > -Date: Mon, 18 Jan 2021 13:29:31 -0800 > -Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode > - formatting in ctypes param reprs. (GH-24247) > - > -(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) > - > -Co-authored-by: Benjamin Peterson > - > -Co-authored-by: Benjamin Peterson > ---- > - Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++ > - .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + > - Modules/_ctypes/callproc.c | 51 +++++++------------ > - 3 files changed, 64 insertions(+), 32 deletions(-) > - create mode 100644 > Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst > - > -diff --git a/Lib/ctypes/test/test_parameters.py > b/Lib/ctypes/test/test_parameters.py > -index e4c25fd880cef..531894fdec838 100644 > ---- a/Lib/ctypes/test/test_parameters.py > -+++ b/Lib/ctypes/test/test_parameters.py > -@@ -201,6 +201,49 @@ def __dict__(self): > - with self.assertRaises(ZeroDivisionError): > - WorseStruct().__setstate__({}, b'foo') > - > -+ def test_parameter_repr(self): > -+ from ctypes import ( > -+ c_bool, > -+ c_char, > -+ c_wchar, > -+ c_byte, > -+ c_ubyte, > -+ c_short, > -+ c_ushort, > -+ c_int, > -+ c_uint, > -+ c_long, > -+ c_ulong, > -+ c_longlong, > -+ c_ulonglong, > -+ c_float, > -+ c_double, > -+ c_longdouble, > -+ c_char_p, > -+ c_wchar_p, > -+ c_void_p, > -+ ) > -+ self.assertRegex(repr(c_bool.from_param(True)), r"^ at 0x[A-Fa-f0-9]+>$") > -+ self.assertEqual(repr(c_char.from_param(97)), " ('a')>") > -+ self.assertRegex(repr(c_wchar.from_param('a')), r"^ 0x[A-Fa-f0-9]+>$") > -+ self.assertEqual(repr(c_byte.from_param(98)), "") > -+ self.assertEqual(repr(c_ubyte.from_param(98)), " (98)>") > -+ self.assertEqual(repr(c_short.from_param(511)), " (511)>") > -+ self.assertEqual(repr(c_ushort.from_param(511)), " (511)>") > -+ self.assertRegex(repr(c_int.from_param(20000)), r"^ \(20000\)>$") > -+ self.assertRegex(repr(c_uint.from_param(20000)), r"^ '[LI]' \(20000\)>$") > -+ self.assertRegex(repr(c_long.from_param(20000)), r"^ '[li]' \(20000\)>$") > -+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^ '[LI]' \(20000\)>$") > -+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^ '[liq]' \(20000\)>$") > -+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^ '[LIQ]' \(20000\)>$") > -+ self.assertEqual(repr(c_float.from_param(1.5)), " (1.5)>") > -+ self.assertEqual(repr(c_double.from_param(1.5)), " (1.5)>") > -+ self.assertEqual(repr(c_double.from_param(1e300)), " (1e+300)>") > -+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^ ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$") > -+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^ 'z' \(0x[A-Fa-f0-9]+\)>$") > -+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^ 'Z' \(0x[A-Fa-f0-9]+\)>$") > -+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^ \(0x0*12\)>$") > -+ > - ################################################################ > - > - if __name__ == '__main__': > -diff --git > a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst > b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst > -new file mode 100644 > -index 0000000000000..7df65a156feab > ---- /dev/null > -+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst > -@@ -0,0 +1,2 @@ > -+Avoid static buffers when computing the repr of :class:`ctypes.c_double` > and > -+:class:`ctypes.c_longdouble` values. > -diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c > -index b0a36a30248f7..f2506de54498e 100644 > ---- a/Modules/_ctypes/callproc.c > -+++ b/Modules/_ctypes/callproc.c > -@@ -489,58 +489,47 @@ is_literal_char(unsigned char c) > - static PyObject * > - PyCArg_repr(PyCArgObject *self) > - { > -- char buffer[256]; > - switch(self->tag) { > - case 'b': > - case 'B': > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - self->tag, self->value.b); > -- break; > - case 'h': > - case 'H': > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - self->tag, self->value.h); > -- break; > - case 'i': > - case 'I': > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - self->tag, self->value.i); > -- break; > - case 'l': > - case 'L': > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - self->tag, self->value.l); > -- break; > - > - case 'q': > - case 'Q': > -- sprintf(buffer, > --#ifdef MS_WIN32 > -- "", > --#else > -- "", > --#endif > -+ return PyUnicode_FromFormat("", > - self->tag, self->value.q); > -- break; > - case 'd': > -- sprintf(buffer, "", > -- self->tag, self->value.d); > -- break; > -- case 'f': > -- sprintf(buffer, "", > -- self->tag, self->value.f); > -- break; > -- > -+ case 'f': { > -+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? > self->value.f : self->value.d); > -+ if (f == NULL) { > -+ return NULL; > -+ } > -+ PyObject *result = PyUnicode_FromFormat("", > self->tag, f); > -+ Py_DECREF(f); > -+ return result; > -+ } > - case 'c': > - if (is_literal_char((unsigned char)self->value.c)) { > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - self->tag, self->value.c); > - } > - else { > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - self->tag, (unsigned char)self->value.c); > - } > -- break; > - > - /* Hm, are these 'z' and 'Z' codes useful at all? > - Shouldn't they be replaced by the functionality of c_string > -@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self) > - case 'z': > - case 'Z': > - case 'P': > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - self->tag, self->value.p); > - break; > - > - default: > - if (is_literal_char((unsigned char)self->tag)) { > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - (unsigned char)self->tag, (void *)self); > - } > - else { > -- sprintf(buffer, "", > -+ return PyUnicode_FromFormat("", > - (unsigned char)self->tag, (void *)self); > - } > -- break; > - } > -- return PyUnicode_FromString(buffer); > - } > - > - static PyMemberDef PyCArgType_members[] = { > diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm > index 5c5be0d78c..9d97050c66 100644 > --- a/gnu/packages/python.scm > +++ b/gnu/packages/python.scm > @@ -59,6 +59,7 @@ > ;;; Copyright © 2018 Vagrant Cascadian > ;;; Copyright © 2019 Tanguy Le Carrour > ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen > +;;; Copyright © 2021 Greg Hogan > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -533,19 +534,18 @@ data types.") > (define-public python-3.9 > (package (inherit python-3.8) > (name "python-next") > - (version "3.9.1") > + (version "3.9.2") > (source (origin > (method url-fetch) > (uri (string-append "https://www.python.org/ftp/python/" > version "/Python-" version ".tar.xz")) > (patches (search-patches > "python-3.9-fix-tests.patch" > - "python-3.9-CVE-2021-3177.patch" > "python-3-deterministic-build-info.patch" > "python-3-search-paths.patch")) > (sha256 > (base32 > - "1zq3k4ymify5ig739zyvx9s2ainvchxb1zpy139z74krr653y74r")) > + "0z94vv5qhlwvcgc4sy9sdiqs0220s84wx3b62vslh5419z2k881w")) > (modules '((guix build utils))) > (snippet > '(begin > -- > 2.30.1