diff options
author | Mingli Yu <mingli.yu@windriver.com> | 2022-03-29 16:37:25 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-03 20:49:03 +0100 |
commit | 32eb0d2eb1b7b453c0585a4c02ef05a6c78ca23c (patch) | |
tree | 617942c070b9dcbfa226b240362ce0e87caa688e | |
parent | 9fc229578cc213be4cbb8bcebed653bd03cda244 (diff) | |
download | poky-32eb0d2eb1b7b453c0585a4c02ef05a6c78ca23c.tar.gz |
python3-numpy: fix CVE-2021-41496
Backport patch [1] to fix CVE-2021-41496.
[1] https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2
(From OE-Core rev: 9a69897f464432e0b6ef9b8ad5d8110d78a1162a)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch | 64 | ||||
-rw-r--r-- | meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb | 1 |
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch b/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch new file mode 100644 index 0000000000..0afc79ae0d --- /dev/null +++ b/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From 86d81322c5c0ab67f89d64f56f6e77d4fe185910 Mon Sep 17 00:00:00 2001 | ||
2 | From: Warren Weckesser <warren.weckesser@gmail.com> | ||
3 | Date: Tue, 29 Mar 2022 15:58:00 +0800 | ||
4 | Subject: [PATCH] BUG: f2py: Simplify creation of an exception message. Closes | ||
5 | gh-19000. | ||
6 | |||
7 | CVE: CVE-2021-41496 | ||
8 | |||
9 | Upstream-Status: Backport [https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2] | ||
10 | |||
11 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
12 | --- | ||
13 | numpy/f2py/src/fortranobject.c | 26 ++++++++++++-------------- | ||
14 | 1 file changed, 12 insertions(+), 14 deletions(-) | ||
15 | |||
16 | diff --git a/numpy/f2py/src/fortranobject.c b/numpy/f2py/src/fortranobject.c | ||
17 | index 3275f90..85c9c7f 100644 | ||
18 | --- a/numpy/f2py/src/fortranobject.c | ||
19 | +++ b/numpy/f2py/src/fortranobject.c | ||
20 | @@ -637,14 +637,14 @@ static int check_and_fix_dimensions(const PyArrayObject* arr, | ||
21 | npy_intp *dims); | ||
22 | |||
23 | static int | ||
24 | -count_negative_dimensions(const int rank, | ||
25 | +find_first_negative_dimension(const int rank, | ||
26 | const npy_intp *dims) { | ||
27 | - int i=0,r=0; | ||
28 | - while (i<rank) { | ||
29 | - if (dims[i] < 0) ++r; | ||
30 | - ++i; | ||
31 | + for (int i = 0; i < rank; ++i) { | ||
32 | + if (dims[i] < 0) { | ||
33 | + return i; | ||
34 | + } | ||
35 | } | ||
36 | - return r; | ||
37 | + return -1; | ||
38 | } | ||
39 | |||
40 | #ifdef DEBUG_COPY_ND_ARRAY | ||
41 | @@ -721,14 +721,12 @@ PyArrayObject* array_from_pyobj(const int type_num, | ||
42 | || ((intent & F2PY_OPTIONAL) && (obj==Py_None)) | ||
43 | ) { | ||
44 | /* intent(cache), optional, intent(hide) */ | ||
45 | - if (count_negative_dimensions(rank,dims) > 0) { | ||
46 | - int i; | ||
47 | - strcpy(mess, "failed to create intent(cache|hide)|optional array" | ||
48 | - "-- must have defined dimensions but got ("); | ||
49 | - for(i=0;i<rank;++i) | ||
50 | - sprintf(mess+strlen(mess),"%" NPY_INTP_FMT ",",dims[i]); | ||
51 | - strcat(mess, ")"); | ||
52 | - PyErr_SetString(PyExc_ValueError,mess); | ||
53 | + int i = find_first_negative_dimension(rank, dims); | ||
54 | + if (i >= 0) { | ||
55 | + PyErr_Format(PyExc_ValueError, | ||
56 | + "failed to create intent(cache|hide)|optional array" | ||
57 | + " -- must have defined dimensions, but dims[%d] = %" | ||
58 | + NPY_INTP_FMT, i, dims[i]); | ||
59 | return NULL; | ||
60 | } | ||
61 | arr = (PyArrayObject *) | ||
62 | -- | ||
63 | 2.25.1 | ||
64 | |||
diff --git a/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb b/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb index 6c3b886782..9e55e74d2c 100644 --- a/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb +++ b/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb | |||
@@ -10,6 +10,7 @@ SRCNAME = "numpy" | |||
10 | SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${SRCNAME}-${PV}.tar.gz \ | 10 | SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${SRCNAME}-${PV}.tar.gz \ |
11 | file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \ | 11 | file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \ |
12 | file://0001-numpy-core-Define-RISCV-32-support.patch \ | 12 | file://0001-numpy-core-Define-RISCV-32-support.patch \ |
13 | file://CVE-2021-41496.patch \ | ||
13 | file://run-ptest \ | 14 | file://run-ptest \ |
14 | " | 15 | " |
15 | SRC_URI[sha256sum] = "9bf51d69ebb4ca9239e55bedc2185fe2c0ec222da0adee7ece4125414676846d" | 16 | SRC_URI[sha256sum] = "9bf51d69ebb4ca9239e55bedc2185fe2c0ec222da0adee7ece4125414676846d" |