python3: patch CVE-2025-8194

Pick commit from 3.12 branch mentioned in NVD report. https://nvd.nist.gov/vuln/detail/CVE-2025-8194 (From OE-Core rev: 34f1b4877a0601d2057453c159c76a54754f229a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-08-09 22:37:21 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-08-20 07:37:19 -0700
commit: 6d83b872af7421e1e4f18c999f356855116dc238 (patch)
tree: 7e1d96591659e800508c185dbc19b4606d8fb883 /meta/recipes-devtools/python/python3
parent: 0263c3dfa4fe1b26619f028a6a1c242e7e221dbf (diff)
download: poky-6d83b872af7421e1e4f18c999f356855116dc238.tar.gz
1 files changed, 219 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3/CVE-2025-8194.patch b/meta/recipes-devtools/python/python3/CVE-2025-8194.patch
new file mode 100644
index 0000000000..b8243a67f6
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2025-8194.patch
@@ -0,0 +1,219 @@
+From c9d9f78feb1467e73fd29356c040bde1c104f29f Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 4 Aug 2025 13:45:06 +0200
+Subject: [PATCH] [3.12] gh-130577: tarfile now validates archives to ensure
+ member offsets are non-negative (GH-137027) (#137171)
+(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38)
+Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
+Co-authored-by: Gregory P. Smith <greg@krypto.org>
+CVE: CVE-2025-8194
+Upstream-Status: Backport [https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ Lib/tarfile.py                                |   3 +
+ Lib/test/test_tarfile.py                      | 156 ++++++++++++++++++
+ ...-07-23-00-35-29.gh-issue-130577.c7EITy.rst |   3 +
+ 3 files changed, 162 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
+diff --git a/Lib/tarfile.py b/Lib/tarfile.py
+index 9999a99d54..59d3f6e5cc 100755
+--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
+@@ -1615,6 +1615,9 @@ class TarInfo(object):
+         """Round up a byte count by BLOCKSIZE and return it,
+            e.g. _block(834) => 1024.
+         """
+        # Only non-negative offsets are allowed
+        if count < 0:
+            raise InvalidHeaderError("invalid offset")
+         blocks, remainder = divmod(count, BLOCKSIZE)
+         if remainder:
+             blocks += 1
+diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
+index a184ba75a8..759fa03ead 100644
+--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
+@@ -50,6 +50,7 @@ bz2name = os.path.join(TEMPDIR, "testtar.tar.bz2")
+ xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
+ tmpname = os.path.join(TEMPDIR, "tmp.tar")
+ dotlessname = os.path.join(TEMPDIR, "testtar")
+SPACE = b" "
+ 
+ sha256_regtype = (
+     "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
+@@ -4488,6 +4489,161 @@ class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase):
+         ar.extractall(self.testdir, filter='fully_trusted')
+ 
+ 
+class OffsetValidationTests(unittest.TestCase):
+    tarname = tmpname
+    invalid_posix_header = (
+        # name: 100 bytes
+        tarfile.NUL * tarfile.LENGTH_NAME
+        # mode, space, null terminator: 8 bytes
+        + b"000755" + SPACE + tarfile.NUL
+        # uid, space, null terminator: 8 bytes
+        + b"000001" + SPACE + tarfile.NUL
+        # gid, space, null terminator: 8 bytes
+        + b"000001" + SPACE + tarfile.NUL
+        # size, space: 12 bytes
+        + b"\xff" * 11 + SPACE
+        # mtime, space: 12 bytes
+        + tarfile.NUL * 11 + SPACE
+        # chksum: 8 bytes
+        + b"0011407" + tarfile.NUL
+        # type: 1 byte
+        + tarfile.REGTYPE
+        # linkname: 100 bytes
+        + tarfile.NUL * tarfile.LENGTH_LINK
+        # magic: 6 bytes, version: 2 bytes
+        + tarfile.POSIX_MAGIC
+        # uname: 32 bytes
+        + tarfile.NUL * 32
+        # gname: 32 bytes
+        + tarfile.NUL * 32
+        # devmajor, space, null terminator: 8 bytes
+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
+        # devminor, space, null terminator: 8 bytes
+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
+        # prefix: 155 bytes
+        + tarfile.NUL * tarfile.LENGTH_PREFIX
+        # padding: 12 bytes
+        + tarfile.NUL * 12
+    )
+    invalid_gnu_header = (
+        # name: 100 bytes
+        tarfile.NUL * tarfile.LENGTH_NAME
+        # mode, null terminator: 8 bytes
+        + b"0000755" + tarfile.NUL
+        # uid, null terminator: 8 bytes
+        + b"0000001" + tarfile.NUL
+        # gid, space, null terminator: 8 bytes
+        + b"0000001" + tarfile.NUL
+        # size, space: 12 bytes
+        + b"\xff" * 11 + SPACE
+        # mtime, space: 12 bytes
+        + tarfile.NUL * 11 + SPACE
+        # chksum: 8 bytes
+        + b"0011327" + tarfile.NUL
+        # type: 1 byte
+        + tarfile.REGTYPE
+        # linkname: 100 bytes
+        + tarfile.NUL * tarfile.LENGTH_LINK
+        # magic: 8 bytes
+        + tarfile.GNU_MAGIC
+        # uname: 32 bytes
+        + tarfile.NUL * 32
+        # gname: 32 bytes
+        + tarfile.NUL * 32
+        # devmajor, null terminator: 8 bytes
+        + tarfile.NUL * 8
+        # devminor, null terminator: 8 bytes
+        + tarfile.NUL * 8
+        # padding: 167 bytes
+        + tarfile.NUL * 167
+    )
+    invalid_v7_header = (
+        # name: 100 bytes
+        tarfile.NUL * tarfile.LENGTH_NAME
+        # mode, space, null terminator: 8 bytes
+        + b"000755" + SPACE + tarfile.NUL
+        # uid, space, null terminator: 8 bytes
+        + b"000001" + SPACE + tarfile.NUL
+        # gid, space, null terminator: 8 bytes
+        + b"000001" + SPACE + tarfile.NUL
+        # size, space: 12 bytes
+        + b"\xff" * 11 + SPACE
+        # mtime, space: 12 bytes
+        + tarfile.NUL * 11 + SPACE
+        # chksum: 8 bytes
+        + b"0010070" + tarfile.NUL
+        # type: 1 byte
+        + tarfile.REGTYPE
+        # linkname: 100 bytes
+        + tarfile.NUL * tarfile.LENGTH_LINK
+        # padding: 255 bytes
+        + tarfile.NUL * 255
+    )
+    valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT)
+    data_block = b"\xff" * tarfile.BLOCKSIZE
+
+    def _write_buffer(self, buffer):
+        with open(self.tarname, "wb") as f:
+            f.write(buffer)
+
+    def _get_members(self, ignore_zeros=None):
+        with open(self.tarname, "rb") as f:
+            with tarfile.open(
+                mode="r", fileobj=f, ignore_zeros=ignore_zeros
+            ) as tar:
+                return tar.getmembers()
+
+    def _assert_raises_read_error_exception(self):
+        with self.assertRaisesRegex(
+            tarfile.ReadError, "file could not be opened successfully"
+        ):
+            self._get_members()
+
+    def test_invalid_offset_header_validations(self):
+        for tar_format, invalid_header in (
+            ("posix", self.invalid_posix_header),
+            ("gnu", self.invalid_gnu_header),
+            ("v7", self.invalid_v7_header),
+        ):
+            with self.subTest(format=tar_format):
+                self._write_buffer(invalid_header)
+                self._assert_raises_read_error_exception()
+
+    def test_early_stop_at_invalid_offset_header(self):
+        buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header
+        self._write_buffer(buffer)
+        members = self._get_members()
+        self.assertEqual(len(members), 1)
+        self.assertEqual(members[0].name, "filename")
+        self.assertEqual(members[0].offset, 0)
+
+    def test_ignore_invalid_archive(self):
+        # 3 invalid headers with their respective data
+        buffer = (self.invalid_gnu_header + self.data_block) * 3
+        self._write_buffer(buffer)
+        members = self._get_members(ignore_zeros=True)
+        self.assertEqual(len(members), 0)
+
+    def test_ignore_invalid_offset_headers(self):
+        for first_block, second_block, expected_offset in (
+            (
+                (self.valid_gnu_header),
+                (self.invalid_gnu_header + self.data_block),
+                0,
+            ),
+            (
+                (self.invalid_gnu_header + self.data_block),
+                (self.valid_gnu_header),
+                1024,
+            ),
+        ):
+            self._write_buffer(first_block + second_block)
+            members = self._get_members(ignore_zeros=True)
+            self.assertEqual(len(members), 1)
+            self.assertEqual(members[0].name, "filename")
+            self.assertEqual(members[0].offset, expected_offset)
+
+
+ def setUpModule():
+     os_helper.unlink(TEMPDIR)
+     os.makedirs(TEMPDIR)
+diff --git a/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
+new file mode 100644
+index 0000000000..342cabbc86
+--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
+@@ -0,0 +1,3 @@
+:mod:`tarfile` now validates archives to ensure member offsets are
+non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
+:gh:`130577`.)
author	Peter Marko <peter.marko@siemens.com>	2025-08-09 22:37:21 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-08-20 07:37:19 -0700
commit	6d83b872af7421e1e4f18c999f356855116dc238 (patch)
tree	7e1d96591659e800508c185dbc19b4606d8fb883 /meta/recipes-devtools/python/python3
parent	0263c3dfa4fe1b26619f028a6a1c242e7e221dbf (diff)
download	poky-6d83b872af7421e1e4f18c999f356855116dc238.tar.gz

diff --git a/meta/recipes-devtools/python/python3/CVE-2025-8194.patch b/meta/recipes-devtools/python/python3/CVE-2025-8194.patch new file mode 100644 index 0000000000..b8243a67f6 --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2025-8194.patch
@@ -0,0 +1,219 @@
	1	From c9d9f78feb1467e73fd29356c040bde1c104f29f Mon Sep 17 00:00:00 2001
	2	From: "Miss Islington (bot)"
	3	<31488909+miss-islington@users.noreply.github.com>
	4	Date: Mon, 4 Aug 2025 13:45:06 +0200
	5	Subject: [PATCH] [3.12] gh-130577: tarfile now validates archives to ensure
	6	member offsets are non-negative (GH-137027) (#137171)
	7
	8	(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38)
	9
	10	Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
	11	Co-authored-by: Gregory P. Smith <greg@krypto.org>
	12
	13	CVE: CVE-2025-8194
	14	Upstream-Status: Backport [https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f]
	15	Signed-off-by: Peter Marko <peter.marko@siemens.com>
	16	---
	17	Lib/tarfile.py \| 3 +
	18	Lib/test/test_tarfile.py \| 156 ++++++++++++++++++
	19	...-07-23-00-35-29.gh-issue-130577.c7EITy.rst \| 3 +
	20	3 files changed, 162 insertions(+)
	21	create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
	22
	23	diff --git a/Lib/tarfile.py b/Lib/tarfile.py
	24	index 9999a99d54..59d3f6e5cc 100755
	25	--- a/Lib/tarfile.py
	26	+++ b/Lib/tarfile.py
	27	@@ -1615,6 +1615,9 @@ class TarInfo(object):
	28	"""Round up a byte count by BLOCKSIZE and return it,
	29	e.g. _block(834) => 1024.
	30	"""
	31	+ # Only non-negative offsets are allowed
	32	+ if count < 0:
	33	+ raise InvalidHeaderError("invalid offset")
	34	blocks, remainder = divmod(count, BLOCKSIZE)
	35	if remainder:
	36	blocks += 1
	37	diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
	38	index a184ba75a8..759fa03ead 100644
	39	--- a/Lib/test/test_tarfile.py
	40	+++ b/Lib/test/test_tarfile.py
	41	@@ -50,6 +50,7 @@ bz2name = os.path.join(TEMPDIR, "testtar.tar.bz2")
	42	xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
	43	tmpname = os.path.join(TEMPDIR, "tmp.tar")
	44	dotlessname = os.path.join(TEMPDIR, "testtar")
	45	+SPACE = b" "
	46
	47	sha256_regtype = (
	48	"e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
	49	@@ -4488,6 +4489,161 @@ class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase):
	50	ar.extractall(self.testdir, filter='fully_trusted')
	51
	52
	53	+class OffsetValidationTests(unittest.TestCase):
	54	+ tarname = tmpname
	55	+ invalid_posix_header = (
	56	+ # name: 100 bytes
	57	+ tarfile.NUL * tarfile.LENGTH_NAME
	58	+ # mode, space, null terminator: 8 bytes
	59	+ + b"000755" + SPACE + tarfile.NUL
	60	+ # uid, space, null terminator: 8 bytes
	61	+ + b"000001" + SPACE + tarfile.NUL
	62	+ # gid, space, null terminator: 8 bytes
	63	+ + b"000001" + SPACE + tarfile.NUL
	64	+ # size, space: 12 bytes
	65	+ + b"\xff" * 11 + SPACE
	66	+ # mtime, space: 12 bytes
	67	+ + tarfile.NUL * 11 + SPACE
	68	+ # chksum: 8 bytes
	69	+ + b"0011407" + tarfile.NUL
	70	+ # type: 1 byte
	71	+ + tarfile.REGTYPE
	72	+ # linkname: 100 bytes
	73	+ + tarfile.NUL * tarfile.LENGTH_LINK
	74	+ # magic: 6 bytes, version: 2 bytes
	75	+ + tarfile.POSIX_MAGIC
	76	+ # uname: 32 bytes
	77	+ + tarfile.NUL * 32
	78	+ # gname: 32 bytes
	79	+ + tarfile.NUL * 32
	80	+ # devmajor, space, null terminator: 8 bytes
	81	+ + tarfile.NUL * 6 + SPACE + tarfile.NUL
	82	+ # devminor, space, null terminator: 8 bytes
	83	+ + tarfile.NUL * 6 + SPACE + tarfile.NUL
	84	+ # prefix: 155 bytes
	85	+ + tarfile.NUL * tarfile.LENGTH_PREFIX
	86	+ # padding: 12 bytes
	87	+ + tarfile.NUL * 12
	88	+ )
	89	+ invalid_gnu_header = (
	90	+ # name: 100 bytes
	91	+ tarfile.NUL * tarfile.LENGTH_NAME
	92	+ # mode, null terminator: 8 bytes
	93	+ + b"0000755" + tarfile.NUL
	94	+ # uid, null terminator: 8 bytes
	95	+ + b"0000001" + tarfile.NUL
	96	+ # gid, space, null terminator: 8 bytes
	97	+ + b"0000001" + tarfile.NUL
	98	+ # size, space: 12 bytes
	99	+ + b"\xff" * 11 + SPACE
	100	+ # mtime, space: 12 bytes
	101	+ + tarfile.NUL * 11 + SPACE
	102	+ # chksum: 8 bytes
	103	+ + b"0011327" + tarfile.NUL
	104	+ # type: 1 byte
	105	+ + tarfile.REGTYPE
	106	+ # linkname: 100 bytes
	107	+ + tarfile.NUL * tarfile.LENGTH_LINK
	108	+ # magic: 8 bytes
	109	+ + tarfile.GNU_MAGIC
	110	+ # uname: 32 bytes
	111	+ + tarfile.NUL * 32
	112	+ # gname: 32 bytes
	113	+ + tarfile.NUL * 32
	114	+ # devmajor, null terminator: 8 bytes
	115	+ + tarfile.NUL * 8
	116	+ # devminor, null terminator: 8 bytes
	117	+ + tarfile.NUL * 8
	118	+ # padding: 167 bytes
	119	+ + tarfile.NUL * 167
	120	+ )
	121	+ invalid_v7_header = (
	122	+ # name: 100 bytes
	123	+ tarfile.NUL * tarfile.LENGTH_NAME
	124	+ # mode, space, null terminator: 8 bytes
	125	+ + b"000755" + SPACE + tarfile.NUL
	126	+ # uid, space, null terminator: 8 bytes
	127	+ + b"000001" + SPACE + tarfile.NUL
	128	+ # gid, space, null terminator: 8 bytes
	129	+ + b"000001" + SPACE + tarfile.NUL
	130	+ # size, space: 12 bytes
	131	+ + b"\xff" * 11 + SPACE
	132	+ # mtime, space: 12 bytes
	133	+ + tarfile.NUL * 11 + SPACE
	134	+ # chksum: 8 bytes
	135	+ + b"0010070" + tarfile.NUL
	136	+ # type: 1 byte
	137	+ + tarfile.REGTYPE
	138	+ # linkname: 100 bytes
	139	+ + tarfile.NUL * tarfile.LENGTH_LINK
	140	+ # padding: 255 bytes
	141	+ + tarfile.NUL * 255
	142	+ )
	143	+ valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT)
	144	+ data_block = b"\xff" * tarfile.BLOCKSIZE
	145	+
	146	+ def _write_buffer(self, buffer):
	147	+ with open(self.tarname, "wb") as f:
	148	+ f.write(buffer)
	149	+
	150	+ def _get_members(self, ignore_zeros=None):
	151	+ with open(self.tarname, "rb") as f:
	152	+ with tarfile.open(
	153	+ mode="r", fileobj=f, ignore_zeros=ignore_zeros
	154	+ ) as tar:
	155	+ return tar.getmembers()
	156	+
	157	+ def _assert_raises_read_error_exception(self):
	158	+ with self.assertRaisesRegex(
	159	+ tarfile.ReadError, "file could not be opened successfully"
	160	+ ):
	161	+ self._get_members()
	162	+
	163	+ def test_invalid_offset_header_validations(self):
	164	+ for tar_format, invalid_header in (
	165	+ ("posix", self.invalid_posix_header),
	166	+ ("gnu", self.invalid_gnu_header),
	167	+ ("v7", self.invalid_v7_header),
	168	+ ):
	169	+ with self.subTest(format=tar_format):
	170	+ self._write_buffer(invalid_header)
	171	+ self._assert_raises_read_error_exception()
	172	+
	173	+ def test_early_stop_at_invalid_offset_header(self):
	174	+ buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header
	175	+ self._write_buffer(buffer)
	176	+ members = self._get_members()
	177	+ self.assertEqual(len(members), 1)
	178	+ self.assertEqual(members[0].name, "filename")
	179	+ self.assertEqual(members[0].offset, 0)
	180	+
	181	+ def test_ignore_invalid_archive(self):
	182	+ # 3 invalid headers with their respective data
	183	+ buffer = (self.invalid_gnu_header + self.data_block) * 3
	184	+ self._write_buffer(buffer)
	185	+ members = self._get_members(ignore_zeros=True)
	186	+ self.assertEqual(len(members), 0)
	187	+
	188	+ def test_ignore_invalid_offset_headers(self):
	189	+ for first_block, second_block, expected_offset in (
	190	+ (
	191	+ (self.valid_gnu_header),
	192	+ (self.invalid_gnu_header + self.data_block),
	193	+ 0,
	194	+ ),
	195	+ (
	196	+ (self.invalid_gnu_header + self.data_block),
	197	+ (self.valid_gnu_header),
	198	+ 1024,
	199	+ ),
	200	+ ):
	201	+ self._write_buffer(first_block + second_block)
	202	+ members = self._get_members(ignore_zeros=True)
	203	+ self.assertEqual(len(members), 1)
	204	+ self.assertEqual(members[0].name, "filename")
	205	+ self.assertEqual(members[0].offset, expected_offset)
	206	+
	207	+
	208	def setUpModule():
	209	os_helper.unlink(TEMPDIR)
	210	os.makedirs(TEMPDIR)
	211	diff --git a/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
	212	new file mode 100644
	213	index 0000000000..342cabbc86
	214	--- /dev/null
	215	+++ b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
	216	@@ -0,0 +1,3 @@
	217	+:mod:`tarfile` now validates archives to ensure member offsets are
	218	+non-negative. (Contributed by Alexander Enrique Urieles Nieto in
	219	+:gh:`130577`.)