python3-ipython: patch CVE-2023-24816

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-24816 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-06 08:33:26 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-08 22:03:03 +0100
commit: bbcf3d7d14dc871a651070ebc16b0d7a14761ef7 (patch)
tree: b925bc627d5a593ead5ba3d7973b206bf1a5f996 /meta-python
parent: fa7d1a059e294638c250ec299c48687215c921ab (diff)
download: meta-openembedded-bbcf3d7d14dc871a651070ebc16b0d7a14761ef7.tar.gz
2 files changed, 95 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-ipython/CVE-2023-24816.patch b/meta-python/recipes-devtools/python/python3-ipython/CVE-2023-24816.patch
new file mode 100644
index 0000000000..e5f65fbb68
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-ipython/CVE-2023-24816.patch
@@ -0,0 +1,94 @@
+From 06db417ff15192d73ddac4bf0e2f20579d47b2e0 Mon Sep 17 00:00:00 2001
+From: Konstantin Weddige <konstantin.weddige@lutrasecurity.com>
+Date: Sat, 3 Dec 2022 19:14:09 +0100
+Subject: [PATCH] Fix CVE-2023-24816 by removing legacy code.
+Remove legacy code that might trigger a CVE.
+Currently set_term_title is only called with (semi-)trusted input that
+contain the current working directory of the current IPython session. If
+an attacker can control directory names, and manage to get a user cd
+into this directory the attacker can execute arbitrary commands
+contained in the folder names.
+Example:
+    - On a windows machine where python is built without _ctypes, create
+      a folder called && echo "pwn" > pwn.txt. This can be done by for
+      example cloning a git repository.
+    - call toggled_set_term_title(True), (or have the preference to
+      true)
+    - Open IPython and cd into this directory.
+    - the folder now contain a pwn.txt, with pwn as content, despite the
+      user not asking for any code execution.
+Workaround:
+    Set the configuration option
+    c.TerminalInteractiveShell.term_title_format='IPython' (or to any
+    other fixed, safe string).
+CVE: CVE-2023-24816
+Upstream-Status: Backport [https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ IPython/__init__.py       |  2 +-
+ IPython/utils/terminal.py | 32 ++++++++------------------------
+ 2 files changed, 9 insertions(+), 25 deletions(-)
+diff --git a/IPython/__init__.py b/IPython/__init__.py
+index e12da90..20e6e48 100644
+--- a/IPython/__init__.py
+++ b/IPython/__init__.py
+@@ -62,7 +62,7 @@ __version__  = release.version
+ version_info = release.version_info
+ # list of CVEs that should have been patched in this release.
+ # this is informational and should not be relied upon.
+-__patched_cves__ = {"CVE-2022-21699"}
+__patched_cves__ = {"CVE-2022-21699", "CVE-2023-24816"}
+ 
+ 
+ def embed_kernel(module=None, local_ns=None, **kwargs):
+diff --git a/IPython/utils/terminal.py b/IPython/utils/terminal.py
+index 49fd3fe..d884799 100644
+--- a/IPython/utils/terminal.py
+++ b/IPython/utils/terminal.py
+@@ -79,30 +79,14 @@ if os.name == 'posix':
+         _set_term_title = _set_term_title_xterm
+         _restore_term_title = _restore_term_title_xterm
+ elif sys.platform == 'win32':
+-    try:
+-        import ctypes
+-
+-        SetConsoleTitleW = ctypes.windll.kernel32.SetConsoleTitleW
+-        SetConsoleTitleW.argtypes = [ctypes.c_wchar_p]
+-    
+-        def _set_term_title(title):
+-            """Set terminal title using ctypes to access the Win32 APIs."""
+-            SetConsoleTitleW(title)
+-    except ImportError:
+-        def _set_term_title(title):
+-            """Set terminal title using the 'title' command."""
+-            global ignore_termtitle
+-
+-            try:
+-                # Cannot be on network share when issuing system commands
+-                curr = os.getcwd()
+-                os.chdir("C:")
+-                ret = os.system("title " + title)
+-            finally:
+-                os.chdir(curr)
+-            if ret:
+-                # non-zero return code signals error, don't try again
+-                ignore_termtitle = True
+    import ctypes
+
+    SetConsoleTitleW = ctypes.windll.kernel32.SetConsoleTitleW
+    SetConsoleTitleW.argtypes = [ctypes.c_wchar_p]
+
+    def _set_term_title(title):
+        """Set terminal title using ctypes to access the Win32 APIs."""
+        SetConsoleTitleW(title)
+ 
+ 
+ def set_term_title(title):
diff --git a/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb b/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb
index 35af7dd4d8..197578ae41 100644
--- a/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING.rst;md5=59b20262b8663cdd094005bddf47af5f"
 PYPI_PACKAGE = "ipython"
+SRC_URI += "file://CVE-2023-24816.patch"
 SRC_URI[sha256sum] = "70e5eb132cac594a34b5f799bd252589009905f05104728aea6a403ec2519dc1"
 RDEPENDS:${PN} = "\
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-06 08:33:26 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-08 22:03:03 +0100
commit	bbcf3d7d14dc871a651070ebc16b0d7a14761ef7 (patch)
tree	b925bc627d5a593ead5ba3d7973b206bf1a5f996 /meta-python
parent	fa7d1a059e294638c250ec299c48687215c921ab (diff)
download	meta-openembedded-bbcf3d7d14dc871a651070ebc16b0d7a14761ef7.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-ipython/CVE-2023-24816.patch b/meta-python/recipes-devtools/python/python3-ipython/CVE-2023-24816.patch new file mode 100644 index 0000000000..e5f65fbb68 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-ipython/CVE-2023-24816.patch
@@ -0,0 +1,94 @@
		1	From 06db417ff15192d73ddac4bf0e2f20579d47b2e0 Mon Sep 17 00:00:00 2001
		2	From: Konstantin Weddige <konstantin.weddige@lutrasecurity.com>
		3	Date: Sat, 3 Dec 2022 19:14:09 +0100
		4	Subject: [PATCH] Fix CVE-2023-24816 by removing legacy code.
		5
		6	Remove legacy code that might trigger a CVE.
		7
		8	Currently set_term_title is only called with (semi-)trusted input that
		9	contain the current working directory of the current IPython session. If
		10	an attacker can control directory names, and manage to get a user cd
		11	into this directory the attacker can execute arbitrary commands
		12	contained in the folder names.
		13
		14	Example:
		15
		16	- On a windows machine where python is built without _ctypes, create
		17	a folder called && echo "pwn" > pwn.txt. This can be done by for
		18	example cloning a git repository.
		19	- call toggled_set_term_title(True), (or have the preference to
		20	true)
		21	- Open IPython and cd into this directory.
		22	- the folder now contain a pwn.txt, with pwn as content, despite the
		23	user not asking for any code execution.
		24
		25	Workaround:
		26
		27	Set the configuration option
		28	c.TerminalInteractiveShell.term_title_format='IPython' (or to any
		29	other fixed, safe string).
		30
		31	CVE: CVE-2023-24816
		32	Upstream-Status: Backport [https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f]
		33	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		34	---
		35	IPython/__init__.py \| 2 +-
		36	IPython/utils/terminal.py \| 32 ++++++++------------------------
		37	2 files changed, 9 insertions(+), 25 deletions(-)
		38
		39	diff --git a/IPython/__init__.py b/IPython/__init__.py
		40	index e12da90..20e6e48 100644
		41	--- a/IPython/__init__.py
		42	+++ b/IPython/__init__.py
		43	@@ -62,7 +62,7 @@ __version__ = release.version
		44	version_info = release.version_info
		45	# list of CVEs that should have been patched in this release.
		46	# this is informational and should not be relied upon.
		47	-__patched_cves__ = {"CVE-2022-21699"}
		48	+__patched_cves__ = {"CVE-2022-21699", "CVE-2023-24816"}
		49
		50
		51	def embed_kernel(module=None, local_ns=None, **kwargs):
		52	diff --git a/IPython/utils/terminal.py b/IPython/utils/terminal.py
		53	index 49fd3fe..d884799 100644
		54	--- a/IPython/utils/terminal.py
		55	+++ b/IPython/utils/terminal.py
		56	@@ -79,30 +79,14 @@ if os.name == 'posix':
		57	_set_term_title = _set_term_title_xterm
		58	_restore_term_title = _restore_term_title_xterm
		59	elif sys.platform == 'win32':
		60	- try:
		61	- import ctypes
		62	-
		63	- SetConsoleTitleW = ctypes.windll.kernel32.SetConsoleTitleW
		64	- SetConsoleTitleW.argtypes = [ctypes.c_wchar_p]
		65	-
		66	- def _set_term_title(title):
		67	- """Set terminal title using ctypes to access the Win32 APIs."""
		68	- SetConsoleTitleW(title)
		69	- except ImportError:
		70	- def _set_term_title(title):
		71	- """Set terminal title using the 'title' command."""
		72	- global ignore_termtitle
		73	-
		74	- try:
		75	- # Cannot be on network share when issuing system commands
		76	- curr = os.getcwd()
		77	- os.chdir("C:")
		78	- ret = os.system("title " + title)
		79	- finally:
		80	- os.chdir(curr)
		81	- if ret:
		82	- # non-zero return code signals error, don't try again
		83	- ignore_termtitle = True
		84	+ import ctypes
		85	+
		86	+ SetConsoleTitleW = ctypes.windll.kernel32.SetConsoleTitleW
		87	+ SetConsoleTitleW.argtypes = [ctypes.c_wchar_p]
		88	+
		89	+ def _set_term_title(title):
		90	+ """Set terminal title using ctypes to access the Win32 APIs."""
		91	+ SetConsoleTitleW(title)
		92
		93
		94	def set_term_title(title):


diff --git a/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb b/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb index 35af7dd4d8..197578ae41 100644 --- a/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb +++ b/meta-python/recipes-devtools/python/python3-ipython_8.2.0.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING.rst;md5=59b20262b8663cdd094005bddf47af5f"
6		6
7	PYPI_PACKAGE = "ipython"	7	PYPI_PACKAGE = "ipython"
8		8
		9	SRC_URI += "file://CVE-2023-24816.patch"
9	SRC_URI[sha256sum] = "70e5eb132cac594a34b5f799bd252589009905f05104728aea6a403ec2519dc1"	10	SRC_URI[sha256sum] = "70e5eb132cac594a34b5f799bd252589009905f05104728aea6a403ec2519dc1"
10		11
11	RDEPENDS:${PN} = "\	12	RDEPENDS:${PN} = "\