python3: fix CVE-2020-27619

(From OE-Core rev: 001ee91818642ddac7c1b8e5236baa5c4c542b72) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Lee Chee Yang <chee.yang.lee@intel.com> 2020-11-19 19:00:34 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-11-24 13:17:59 +0000
commit: 9c5ec3fd7b65cebe2b570cfc0638a0e0c6f09230 (patch)
tree: 7c815bbb3fe75a460cd232de3bfcd6e244a377f1
parent: 17d7d64ebe0cba430849ba434fc49923e3d4cb59 (diff)
download: poky-9c5ec3fd7b65cebe2b570cfc0638a0e0c6f09230.tar.gz
2 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/meta/recipes-devtools/python/python3/CVE-2020-27619.patch
new file mode 100644
index 0000000000..bafa1cb999
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2020-27619.patch
@@ -0,0 +1,70 @@
+From 6c6c256df3636ff6f6136820afaefa5a10a3ac33 Mon Sep 17 00:00:00 2001
+From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com>
+Date: Tue, 6 Oct 2020 05:38:54 -0700
+Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP
+ in the CJK codec tests (GH-22566) (GH-22577)
+(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8)
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+Upstream-Status: Backport [https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33]
+CVE: CVE-2020-27619
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ Lib/test/multibytecodec_support.py            | 22 +++++++------------
+ .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst  |  1 +
+ 2 files changed, 9 insertions(+), 14 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py
+index cca8af67d6d1d..f76c0153f5ecf 100644
+--- a/Lib/test/multibytecodec_support.py
+++ b/Lib/test/multibytecodec_support.py
+@@ -305,29 +305,23 @@ def test_mapping_file(self):
+             self._test_mapping_file_plain()
+ 
+     def _test_mapping_file_plain(self):
+-        unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+'))))
+        def unichrs(s):
+            return ''.join(chr(int(x, 16)) for x in s.split('+'))
+
+         urt_wa = {}
+ 
+         with self.open_mapping_file() as f:
+             for line in f:
+                 if not line:
+                     break
+-                data = line.split('#')[0].strip().split()
+                data = line.split('#')[0].split()
+                 if len(data) != 2:
+                     continue
+ 
+-                csetval = eval(data[0])
+-                if csetval <= 0x7F:
+-                    csetch = bytes([csetval & 0xff])
+-                elif csetval >= 0x1000000:
+-                    csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff),
+-                                    ((csetval >> 8) & 0xff), (csetval & 0xff)])
+-                elif csetval >= 0x10000:
+-                    csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff),
+-                                    (csetval & 0xff)])
+-                elif csetval >= 0x100:
+-                    csetch = bytes([(csetval >> 8), (csetval & 0xff)])
+-                else:
+                if data[0][:2] != '0x':
+                    self.fail(f"Invalid line: {line!r}")
+                csetch = bytes.fromhex(data[0][2:])
+                if len(csetch) == 1 and 0x80 <= csetch[0]:
+                     continue
+ 
+                 unich = unichrs(data[1])
+diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+new file mode 100644
+index 0000000000000..4f9782f1c85af
+--- /dev/null
+++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+@@ -0,0 +1 @@
+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.2.bb
index 5f7901dbf2..1d0b4cdb77 100644
--- a/meta/recipes-devtools/python/python3_3.8.2.bb
+++ b/meta/recipes-devtools/python/python3_3.8.2.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
           file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \
           file://CVE-2020-14422.patch \
           file://CVE-2020-26116.patch \
+           file://CVE-2020-27619.patch \
           "
 SRC_URI_append_class-native = " \
author	Lee Chee Yang <chee.yang.lee@intel.com>	2020-11-19 19:00:34 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-24 13:17:59 +0000
commit	9c5ec3fd7b65cebe2b570cfc0638a0e0c6f09230 (patch)
tree	7c815bbb3fe75a460cd232de3bfcd6e244a377f1
parent	17d7d64ebe0cba430849ba434fc49923e3d4cb59 (diff)
download	poky-9c5ec3fd7b65cebe2b570cfc0638a0e0c6f09230.tar.gz

diff --git a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/meta/recipes-devtools/python/python3/CVE-2020-27619.patch new file mode 100644 index 0000000000..bafa1cb999 --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2020-27619.patch
@@ -0,0 +1,70 @@
		1	From 6c6c256df3636ff6f6136820afaefa5a10a3ac33 Mon Sep 17 00:00:00 2001
		2	From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com>
		3	Date: Tue, 6 Oct 2020 05:38:54 -0700
		4	Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP
		5	in the CJK codec tests (GH-22566) (GH-22577)
		6
		7	(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8)
		8
		9	Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
		10
		11	Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
		12
		13	Upstream-Status: Backport [https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33]
		14	CVE: CVE-2020-27619
		15	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
		16	---
		17	Lib/test/multibytecodec_support.py \| 22 +++++++------------
		18	.../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst \| 1 +
		19	2 files changed, 9 insertions(+), 14 deletions(-)
		20	create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
		21
		22	diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py
		23	index cca8af67d6d1d..f76c0153f5ecf 100644
		24	--- a/Lib/test/multibytecodec_support.py
		25	+++ b/Lib/test/multibytecodec_support.py
		26	@@ -305,29 +305,23 @@ def test_mapping_file(self):
		27	self._test_mapping_file_plain()
		28
		29	def _test_mapping_file_plain(self):
		30	- unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+'))))
		31	+ def unichrs(s):
		32	+ return ''.join(chr(int(x, 16)) for x in s.split('+'))
		33	+
		34	urt_wa = {}
		35
		36	with self.open_mapping_file() as f:
		37	for line in f:
		38	if not line:
		39	break
		40	- data = line.split('#')[0].strip().split()
		41	+ data = line.split('#')[0].split()
		42	if len(data) != 2:
		43	continue
		44
		45	- csetval = eval(data[0])
		46	- if csetval <= 0x7F:
		47	- csetch = bytes([csetval & 0xff])
		48	- elif csetval >= 0x1000000:
		49	- csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff),
		50	- ((csetval >> 8) & 0xff), (csetval & 0xff)])
		51	- elif csetval >= 0x10000:
		52	- csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff),
		53	- (csetval & 0xff)])
		54	- elif csetval >= 0x100:
		55	- csetch = bytes([(csetval >> 8), (csetval & 0xff)])
		56	- else:
		57	+ if data[0][:2] != '0x':
		58	+ self.fail(f"Invalid line: {line!r}")
		59	+ csetch = bytes.fromhex(data[0][2:])
		60	+ if len(csetch) == 1 and 0x80 <= csetch[0]:
		61	continue
		62
		63	unich = unichrs(data[1])
		64	diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
		65	new file mode 100644
		66	index 0000000000000..4f9782f1c85af
		67	--- /dev/null
		68	+++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
		69	@@ -0,0 +1 @@
		70	+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.


diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.2.bb index 5f7901dbf2..1d0b4cdb77 100644 --- a/meta/recipes-devtools/python/python3_3.8.2.bb +++ b/meta/recipes-devtools/python/python3_3.8.2.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
35	file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \	35	file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \
36	file://CVE-2020-14422.patch \	36	file://CVE-2020-14422.patch \
37	file://CVE-2020-26116.patch \	37	file://CVE-2020-26116.patch \
		38	file://CVE-2020-27619.patch \
38	"	39	"
39		40
40	SRC_URI_append_class-native = " \	41	SRC_URI_append_class-native = " \