1 files changed, 81 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch
new file mode 100644
index 0000000000..1cd99df8b2
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch
@@ -0,0 +1,81 @@
+From fc76660f589ac07e45e9cd34ccb8087aeb11904b Mon Sep 17 00:00:00 2001
+From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
+Date: Fri, 12 Jul 2024 11:38:34 +0200
+Subject: [PATCH] [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory
+ consumption in floatformat.
+Thanks Elias Myllymäki for the report.
+Co-authored-by: Shai Berger <shai@platonix.com>
+CVE: CVE-2024-41989
+Upstream-Status: Backport [https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ django/template/defaultfilters.py               | 13 +++++++++++++
+ .../filter_tests/test_floatformat.py            | 17 +++++++++++++++++
+ 2 files changed, 30 insertions(+)
+diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
+index a1d77f5..4884852 100644
+--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
+@@ -135,6 +135,19 @@ def floatformat(text, arg=-1):
+     except ValueError:
+         return input_val
+    _, digits, exponent = d.as_tuple()
+    try:
+        number_of_digits_and_exponent_sum = len(digits) + abs(exponent)
+    except TypeError:
+        # Exponent values can be "F", "n", "N".
+        number_of_digits_and_exponent_sum = 0
+
+    # Values with more than 200 digits, or with a large exponent, are returned "as is"
+    # to avoid high memory consumption and potential denial-of-service attacks.
+    # The cut-off of 200 is consistent with django.utils.numberformat.floatformat().
+    if number_of_digits_and_exponent_sum > 200:
+        return input_val
+
+     try:
+         m = int(d) - d
+     except (ValueError, OverflowError, InvalidOperation):
+diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
+index cfc3eaf..bd0a998 100644
+--- a/tests/template_tests/filter_tests/test_floatformat.py
+++ b/tests/template_tests/filter_tests/test_floatformat.py
+@@ -55,6 +55,7 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(1.5e-15, 20), '0.00000000000000150000')
+         self.assertEqual(floatformat(1.5e-15, -20), '0.00000000000000150000')
+         self.assertEqual(floatformat(1.00000000000000015, 16), '1.0000000000000002')
+        self.assertEqual(floatformat("1e199"), "1" + "0" * 199)
+     def test_zero_values(self):
+         self.assertEqual(floatformat(0, 6), '0.000000')
+@@ -68,6 +69,22 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(pos_inf), 'inf')
+         self.assertEqual(floatformat(neg_inf), '-inf')
+         self.assertEqual(floatformat(pos_inf / pos_inf), 'nan')
+        self.assertEqual(floatformat("inf"), "inf")
+        self.assertEqual(floatformat("NaN"), "NaN")
+
+    def test_too_many_digits_to_render(self):
+        cases = [
+            "1e200",
+            "1E200",
+            "1E10000000000000000",
+            "-1E10000000000000000",
+            "1e10000000000000000",
+            "-1e10000000000000000",
+            "1" + "0" * 1_000_000,
+        ]
+        for value in cases:
+            with self.subTest(value=value):
+                self.assertEqual(floatformat(value), value)
+     def test_float_dunder_method(self):
+         class FloatWrapper:
+--
+2.40.0

diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch new file mode 100644 index 0000000000..1cd99df8b2 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch
@@ -0,0 +1,81 @@
	1	From fc76660f589ac07e45e9cd34ccb8087aeb11904b Mon Sep 17 00:00:00 2001
	2	From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
	3	Date: Fri, 12 Jul 2024 11:38:34 +0200
	4	Subject: [PATCH] [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory
	5	consumption in floatformat.
	6
	7	Thanks Elias Myllymäki for the report.
	8
	9	Co-authored-by: Shai Berger <shai@platonix.com>
	10
	11	CVE: CVE-2024-41989
	12
	13	Upstream-Status: Backport [https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b]
	14
	15	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	16	---
	17	django/template/defaultfilters.py \| 13 +++++++++++++
	18	.../filter_tests/test_floatformat.py \| 17 +++++++++++++++++
	19	2 files changed, 30 insertions(+)
	20
	21	diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
	22	index a1d77f5..4884852 100644
	23	--- a/django/template/defaultfilters.py
	24	+++ b/django/template/defaultfilters.py
	25	@@ -135,6 +135,19 @@ def floatformat(text, arg=-1):
	26	except ValueError:
	27	return input_val
	28
	29	+ _, digits, exponent = d.as_tuple()
	30	+ try:
	31	+ number_of_digits_and_exponent_sum = len(digits) + abs(exponent)
	32	+ except TypeError:
	33	+ # Exponent values can be "F", "n", "N".
	34	+ number_of_digits_and_exponent_sum = 0
	35	+
	36	+ # Values with more than 200 digits, or with a large exponent, are returned "as is"
	37	+ # to avoid high memory consumption and potential denial-of-service attacks.
	38	+ # The cut-off of 200 is consistent with django.utils.numberformat.floatformat().
	39	+ if number_of_digits_and_exponent_sum > 200:
	40	+ return input_val
	41	+
	42	try:
	43	m = int(d) - d
	44	except (ValueError, OverflowError, InvalidOperation):
	45	diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
	46	index cfc3eaf..bd0a998 100644
	47	--- a/tests/template_tests/filter_tests/test_floatformat.py
	48	+++ b/tests/template_tests/filter_tests/test_floatformat.py
	49	@@ -55,6 +55,7 @@ class FunctionTests(SimpleTestCase):
	50	self.assertEqual(floatformat(1.5e-15, 20), '0.00000000000000150000')
	51	self.assertEqual(floatformat(1.5e-15, -20), '0.00000000000000150000')
	52	self.assertEqual(floatformat(1.00000000000000015, 16), '1.0000000000000002')
	53	+ self.assertEqual(floatformat("1e199"), "1" + "0" * 199)
	54
	55	def test_zero_values(self):
	56	self.assertEqual(floatformat(0, 6), '0.000000')
	57	@@ -68,6 +69,22 @@ class FunctionTests(SimpleTestCase):
	58	self.assertEqual(floatformat(pos_inf), 'inf')
	59	self.assertEqual(floatformat(neg_inf), '-inf')
	60	self.assertEqual(floatformat(pos_inf / pos_inf), 'nan')
	61	+ self.assertEqual(floatformat("inf"), "inf")
	62	+ self.assertEqual(floatformat("NaN"), "NaN")
	63	+
	64	+ def test_too_many_digits_to_render(self):
	65	+ cases = [
	66	+ "1e200",
	67	+ "1E200",
	68	+ "1E10000000000000000",
	69	+ "-1E10000000000000000",
	70	+ "1e10000000000000000",
	71	+ "-1e10000000000000000",
	72	+ "1" + "0" * 1_000_000,
	73	+ ]
	74	+ for value in cases:
	75	+ with self.subTest(value=value):
	76	+ self.assertEqual(floatformat(value), value)
	77
	78	def test_float_dunder_method(self):
	79	class FloatWrapper:
	80	--
	81	2.40.0