summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDengke Du <dengke.du@windriver.com>2017-09-01 03:37:19 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-09-02 00:52:10 +0100
commitdcebade36d4cd19189ff419d4c1d54752f8d39cb (patch)
tree9b3f9f6affaaedf44cdf6983899590e8fff53cec
parent91f9752cf1cd6a7caa34bccc4f929d243f1a51ac (diff)
downloadpoky-dcebade36d4cd19189ff419d4c1d54752f8d39cb.tar.gz
python-numpy, python3-numpy: Fix CVE-2017-12852
Backport upstream patch to fix CVE-2017-12852 (From OE-Core rev: 85bad28c553ba35df57a3f2a6fe67c520046ac74) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/python-numpy/files/0001-BUG-fix-infinite-loop-when-creating-np.pad-on-an-emp.patch45
-rw-r--r--meta/recipes-devtools/python-numpy/python-numpy_1.13.1.bb1
-rw-r--r--meta/recipes-devtools/python-numpy/python3-numpy_1.13.1.bb1
3 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python-numpy/files/0001-BUG-fix-infinite-loop-when-creating-np.pad-on-an-emp.patch b/meta/recipes-devtools/python-numpy/files/0001-BUG-fix-infinite-loop-when-creating-np.pad-on-an-emp.patch
new file mode 100644
index 0000000000..b9e585610f
--- /dev/null
+++ b/meta/recipes-devtools/python-numpy/files/0001-BUG-fix-infinite-loop-when-creating-np.pad-on-an-emp.patch
@@ -0,0 +1,45 @@
1From 4170b98e0d5864ef4db1c5704a6e9428c3be9fb8 Mon Sep 17 00:00:00 2001
2From: Iryna Shcherbina <ishcherb@redhat.com>
3Date: Thu, 24 Aug 2017 18:01:43 +0200
4Subject: [PATCH] BUG: fix infinite loop when creating np.pad on an empty array
5
6Upstream-Status: Backport [https://github.com/numpy/numpy/pull/9599/commits/6f9ea0abbd305d53f9017debab3a3a591fe0e249]
7CVE: CVE-2017-12852
8Signed-off-by: Dengke Du <dengke.du@windriver.com>
9---
10 numpy/lib/arraypad.py | 3 +++
11 numpy/lib/tests/test_arraypad.py | 4 ++++
12 2 files changed, 7 insertions(+)
13
14diff --git a/numpy/lib/arraypad.py b/numpy/lib/arraypad.py
15index 2dad99c..294a689 100644
16--- a/numpy/lib/arraypad.py
17+++ b/numpy/lib/arraypad.py
18@@ -1406,6 +1406,9 @@ def pad(array, pad_width, mode, **kwargs):
19 newmat = _append_min(newmat, pad_after, chunk_after, axis)
20
21 elif mode == 'reflect':
22+ if narray.size == 0:
23+ raise ValueError("There aren't any elements to reflect in `array`")
24+
25 for axis, (pad_before, pad_after) in enumerate(pad_width):
26 # Recursive padding along any axis where `pad_amt` is too large
27 # for indexing tricks. We can only safely pad the original axis
28diff --git a/numpy/lib/tests/test_arraypad.py b/numpy/lib/tests/test_arraypad.py
29index 056aa45..0f71d32 100644
30--- a/numpy/lib/tests/test_arraypad.py
31+++ b/numpy/lib/tests/test_arraypad.py
32@@ -1014,6 +1014,10 @@ class ValueError1(TestCase):
33 assert_raises(ValueError, pad, arr, ((-2, 3), (3, 2)),
34 **kwargs)
35
36+ def test_check_empty_array(self):
37+ assert_raises(ValueError, pad, [], 4, mode='reflect')
38+ assert_raises(ValueError, pad, np.ndarray(0), 4, mode='reflect')
39+
40
41 class ValueError2(TestCase):
42 def test_check_negative_pad_amount(self):
43--
442.8.1
45
diff --git a/meta/recipes-devtools/python-numpy/python-numpy_1.13.1.bb b/meta/recipes-devtools/python-numpy/python-numpy_1.13.1.bb
index 63821d30fa..13e8f4fa23 100644
--- a/meta/recipes-devtools/python-numpy/python-numpy_1.13.1.bb
+++ b/meta/recipes-devtools/python-numpy/python-numpy_1.13.1.bb
@@ -9,6 +9,7 @@ SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${S
9 file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \ 9 file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \
10 file://remove-build-path-in-comments.patch \ 10 file://remove-build-path-in-comments.patch \
11 file://fix_shebang_f2py.patch \ 11 file://fix_shebang_f2py.patch \
12 file://0001-BUG-fix-infinite-loop-when-creating-np.pad-on-an-emp.patch \
12 ${CONFIGFILESURI} " 13 ${CONFIGFILESURI} "
13 14
14SRC_URI[md5sum] = "6d459e4a24f5035f720dda3c57716a92" 15SRC_URI[md5sum] = "6d459e4a24f5035f720dda3c57716a92"
diff --git a/meta/recipes-devtools/python-numpy/python3-numpy_1.13.1.bb b/meta/recipes-devtools/python-numpy/python3-numpy_1.13.1.bb
index 0bf9e914f9..29874b8842 100644
--- a/meta/recipes-devtools/python-numpy/python3-numpy_1.13.1.bb
+++ b/meta/recipes-devtools/python-numpy/python3-numpy_1.13.1.bb
@@ -9,6 +9,7 @@ SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${S
9 file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \ 9 file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \
10 file://remove-build-path-in-comments.patch \ 10 file://remove-build-path-in-comments.patch \
11 file://fix_shebang_f2py.patch \ 11 file://fix_shebang_f2py.patch \
12 file://0001-BUG-fix-infinite-loop-when-creating-np.pad-on-an-emp.patch \
12 ${CONFIGFILESURI} " 13 ${CONFIGFILESURI} "
13SRC_URI[md5sum] = "6d459e4a24f5035f720dda3c57716a92" 14SRC_URI[md5sum] = "6d459e4a24f5035f720dda3c57716a92"
14SRC_URI[sha256sum] = "de020ec06f1e9ce1115a50161a38bf8d4c2525379900f9cb478cc613a1e7cd93" 15SRC_URI[sha256sum] = "de020ec06f1e9ce1115a50161a38bf8d4c2525379900f9cb478cc613a1e7cd93"