Change-Id: I34bf7a3784407888abcd41f95dc344649c6ff046
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6421
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
... | ... |
@@ -1,25 +1,14 @@ |
1 |
-From 134cb01cda50f02725575808130b05d2d776693f Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Serhiy Storchaka <storchaka@gmail.com> |
|
3 |
-Date: Sun, 18 Mar 2018 09:55:53 +0200 |
|
4 |
-Subject: [PATCH] bpo-32056: Improve exceptions in aifc, wave and sunau. |
|
5 |
- (GH-5951) |
|
1 |
+commit 134cb01cda50f02725575808130b05d2d776693f |
|
2 |
+Author: Serhiy Storchaka <storchaka@gmail.com> |
|
3 |
+Date: Sun Mar 18 09:55:53 2018 +0200 |
|
6 | 4 |
|
7 |
- Lib/aifc.py | 4 ++ |
|
8 |
- Lib/sunau.py | 2 + |
|
9 |
- Lib/test/test_aifc.py | 35 ++++++++++-- |
|
10 |
- Lib/test/test_sunau.py | 37 +++++++++++++ |
|
11 |
- Lib/test/test_wave.py | 62 ++++++++++++++++++++++ |
|
12 |
- Lib/wave.py | 14 ++++- |
|
13 |
- .../2018-03-01-17-49-56.bpo-32056.IlpfgE.rst | 3 ++ |
|
14 |
- 7 files changed, 150 insertions(+), 7 deletions(-) |
|
15 |
- create mode 100644 Misc/NEWS.d/next/Library/2018-03-01-17-49-56.bpo-32056.IlpfgE.rst |
|
5 |
+ bpo-32056: Improve exceptions in aifc, wave and sunau. (GH-5951) |
|
16 | 6 |
|
17 | 7 |
diff --git a/Lib/aifc.py b/Lib/aifc.py |
18 |
-index 3d2dc56de198..1916e7ef8e7e 100644 |
|
8 |
+index 3d2dc56..1916e7e 100644 |
|
19 | 9 |
--- a/Lib/aifc.py |
20 | 10 |
+++ b/Lib/aifc.py |
21 |
-@@ -467,6 +467,10 @@ def _read_comm_chunk(self, chunk): |
|
11 |
+@@ -467,6 +467,10 @@ class Aifc_read: |
|
22 | 12 |
self._nframes = _read_long(chunk) |
23 | 13 |
self._sampwidth = (_read_short(chunk) + 7) // 8 |
24 | 14 |
self._framerate = int(_read_float(chunk)) |
... | ... |
@@ -31,10 +20,10 @@ index 3d2dc56de198..1916e7ef8e7e 100644 |
31 | 31 |
if self._aifc: |
32 | 32 |
#DEBUG: SGI's soundeditor produces a bad size :-( |
33 | 33 |
diff --git a/Lib/sunau.py b/Lib/sunau.py |
34 |
-index dbad3db8392d..129502b0b417 100644 |
|
34 |
+index dbad3db..129502b 100644 |
|
35 | 35 |
--- a/Lib/sunau.py |
36 | 36 |
+++ b/Lib/sunau.py |
37 |
-@@ -208,6 +208,8 @@ def initfp(self, file): |
|
37 |
+@@ -208,6 +208,8 @@ class Au_read: |
|
38 | 38 |
raise Error('unknown encoding') |
39 | 39 |
self._framerate = int(_read_u32(file)) |
40 | 40 |
self._nchannels = int(_read_u32(file)) |
... | ... |
@@ -44,10 +33,10 @@ index dbad3db8392d..129502b0b417 100644 |
44 | 44 |
if self._hdr_size > 24: |
45 | 45 |
self._info = file.read(self._hdr_size - 24) |
46 | 46 |
diff --git a/Lib/test/test_aifc.py b/Lib/test/test_aifc.py |
47 |
-index 8fd306a36592..ff52f5b6feb8 100644 |
|
47 |
+index 8fd306a..ff52f5b 100644 |
|
48 | 48 |
--- a/Lib/test/test_aifc.py |
49 | 49 |
+++ b/Lib/test/test_aifc.py |
50 |
-@@ -268,7 +268,8 @@ def test_read_no_comm_chunk(self): |
|
50 |
+@@ -268,7 +268,8 @@ class AIFCLowLevelTest(unittest.TestCase): |
|
51 | 51 |
|
52 | 52 |
def test_read_no_ssnd_chunk(self): |
53 | 53 |
b = b'FORM' + struct.pack('>L', 4) + b'AIFC' |
... | ... |
@@ -57,7 +46,7 @@ index 8fd306a36592..ff52f5b6feb8 100644 |
57 | 57 |
b += b'NONE' + struct.pack('B', 14) + b'not compressed' + b'\x00' |
58 | 58 |
with self.assertRaisesRegex(aifc.Error, 'COMM chunk and/or SSND chunk' |
59 | 59 |
' missing'): |
60 |
-@@ -276,13 +277,35 @@ def test_read_no_ssnd_chunk(self): |
|
60 |
+@@ -276,13 +277,35 @@ class AIFCLowLevelTest(unittest.TestCase): |
|
61 | 61 |
|
62 | 62 |
def test_read_wrong_compression_type(self): |
63 | 63 |
b = b'FORM' + struct.pack('>L', 4) + b'AIFC' |
... | ... |
@@ -95,7 +84,7 @@ index 8fd306a36592..ff52f5b6feb8 100644 |
95 | 95 |
b += b'SSND' + struct.pack('>L', 8) + b'\x00' * 8 |
96 | 96 |
b += b'MARK' + struct.pack('>LhB', 3, 1, 1) |
97 | 97 |
with self.assertWarns(UserWarning) as cm: |
98 |
-@@ -293,7 +316,8 @@ def test_read_wrong_marks(self): |
|
98 |
+@@ -293,7 +316,8 @@ class AIFCLowLevelTest(unittest.TestCase): |
|
99 | 99 |
|
100 | 100 |
def test_read_comm_kludge_compname_even(self): |
101 | 101 |
b = b'FORM' + struct.pack('>L', 4) + b'AIFC' |
... | ... |
@@ -105,7 +94,7 @@ index 8fd306a36592..ff52f5b6feb8 100644 |
105 | 105 |
b += b'NONE' + struct.pack('B', 4) + b'even' + b'\x00' |
106 | 106 |
b += b'SSND' + struct.pack('>L', 8) + b'\x00' * 8 |
107 | 107 |
with self.assertWarns(UserWarning) as cm: |
108 |
-@@ -303,7 +327,8 @@ def test_read_comm_kludge_compname_even(self): |
|
108 |
+@@ -303,7 +327,8 @@ class AIFCLowLevelTest(unittest.TestCase): |
|
109 | 109 |
|
110 | 110 |
def test_read_comm_kludge_compname_odd(self): |
111 | 111 |
b = b'FORM' + struct.pack('>L', 4) + b'AIFC' |
... | ... |
@@ -115,65 +104,11 @@ index 8fd306a36592..ff52f5b6feb8 100644 |
115 | 115 |
b += b'NONE' + struct.pack('B', 3) + b'odd' |
116 | 116 |
b += b'SSND' + struct.pack('>L', 8) + b'\x00' * 8 |
117 | 117 |
with self.assertWarns(UserWarning) as cm: |
118 |
-diff --git a/Lib/test/test_sunau.py b/Lib/test/test_sunau.py |
|
119 |
-index 966224b1df5a..470a1007b4d4 100644 |
|
120 |
-+++ b/Lib/test/test_sunau.py |
|
121 |
-@@ -1,6 +1,8 @@ |
|
122 |
- import unittest |
|
123 |
- from test import audiotests |
|
124 |
- from audioop import byteswap |
|
125 |
-+import io |
|
126 |
-+import struct |
|
127 |
- import sys |
|
128 |
- import sunau |
|
129 |
- |
|
130 |
-@@ -121,5 +123,40 @@ class SunauMiscTests(audiotests.AudioMiscTests, unittest.TestCase): |
|
131 |
- module = sunau |
|
132 |
- |
|
133 |
- |
|
134 |
-+class SunauLowLevelTest(unittest.TestCase): |
|
135 |
-+ |
|
136 |
-+ def test_read_bad_magic_number(self): |
|
137 |
-+ b = b'SPA' |
|
138 |
-+ with self.assertRaises(EOFError): |
|
139 |
-+ sunau.open(io.BytesIO(b)) |
|
140 |
-+ b = b'SPAM' |
|
141 |
-+ with self.assertRaisesRegex(sunau.Error, 'bad magic number'): |
|
142 |
-+ sunau.open(io.BytesIO(b)) |
|
143 |
-+ |
|
144 |
-+ def test_read_too_small_header(self): |
|
145 |
-+ b = struct.pack('>LLLLL', sunau.AUDIO_FILE_MAGIC, 20, 0, |
|
146 |
-+ sunau.AUDIO_FILE_ENCODING_LINEAR_8, 11025) |
|
147 |
-+ with self.assertRaisesRegex(sunau.Error, 'header size too small'): |
|
148 |
-+ sunau.open(io.BytesIO(b)) |
|
149 |
-+ |
|
150 |
-+ def test_read_too_large_header(self): |
|
151 |
-+ b = struct.pack('>LLLLLL', sunau.AUDIO_FILE_MAGIC, 124, 0, |
|
152 |
-+ sunau.AUDIO_FILE_ENCODING_LINEAR_8, 11025, 1) |
|
153 |
-+ b += b'\0' * 100 |
|
154 |
-+ with self.assertRaisesRegex(sunau.Error, 'header size ridiculously large'): |
|
155 |
-+ sunau.open(io.BytesIO(b)) |
|
156 |
-+ |
|
157 |
-+ def test_read_wrong_encoding(self): |
|
158 |
-+ b = struct.pack('>LLLLLL', sunau.AUDIO_FILE_MAGIC, 24, 0, 0, 11025, 1) |
|
159 |
-+ with self.assertRaisesRegex(sunau.Error, r'encoding not \(yet\) supported'): |
|
160 |
-+ sunau.open(io.BytesIO(b)) |
|
161 |
-+ |
|
162 |
-+ def test_read_wrong_number_of_channels(self): |
|
163 |
-+ b = struct.pack('>LLLLLL', sunau.AUDIO_FILE_MAGIC, 24, 0, |
|
164 |
-+ sunau.AUDIO_FILE_ENCODING_LINEAR_8, 11025, 0) |
|
165 |
-+ with self.assertRaisesRegex(sunau.Error, 'bad # of channels'): |
|
166 |
-+ sunau.open(io.BytesIO(b)) |
|
167 |
-+ |
|
168 |
-+ |
|
169 |
- if __name__ == "__main__": |
|
170 |
- unittest.main() |
|
171 | 118 |
diff --git a/Lib/test/test_wave.py b/Lib/test/test_wave.py |
172 |
-index c5d2e02450ef..8a42f8e47105 100644 |
|
119 |
+index c5d2e02..8a42f8e4 100644 |
|
173 | 120 |
--- a/Lib/test/test_wave.py |
174 | 121 |
+++ b/Lib/test/test_wave.py |
175 |
-@@ -2,6 +2,8 @@ |
|
122 |
+@@ -2,6 +2,8 @@ import unittest |
|
176 | 123 |
from test import audiotests |
177 | 124 |
from test import support |
178 | 125 |
from audioop import byteswap |
... | ... |
@@ -182,7 +117,7 @@ index c5d2e02450ef..8a42f8e47105 100644 |
182 | 182 |
import sys |
183 | 183 |
import wave |
184 | 184 |
|
185 |
-@@ -111,5 +113,65 @@ def test__all__(self): |
|
185 |
+@@ -111,5 +113,65 @@ class MiscTestCase(audiotests.AudioMiscTests, unittest.TestCase): |
|
186 | 186 |
support.check__all__(self, wave, blacklist=blacklist) |
187 | 187 |
|
188 | 188 |
|
... | ... |
@@ -249,10 +184,10 @@ index c5d2e02450ef..8a42f8e47105 100644 |
249 | 249 |
if __name__ == '__main__': |
250 | 250 |
unittest.main() |
251 | 251 |
diff --git a/Lib/wave.py b/Lib/wave.py |
252 |
-index cf94d5af72b4..f155879a9a76 100644 |
|
252 |
+index cf94d5a..f155879 100644 |
|
253 | 253 |
--- a/Lib/wave.py |
254 | 254 |
+++ b/Lib/wave.py |
255 |
-@@ -253,12 +253,22 @@ def readframes(self, nframes): |
|
255 |
+@@ -253,12 +253,22 @@ class Wave_read: |
|
256 | 256 |
# |
257 | 257 |
|
258 | 258 |
def _read_fmt_chunk(self, chunk): |
... | ... |
@@ -279,10 +214,61 @@ index cf94d5af72b4..f155879a9a76 100644 |
279 | 279 |
self._compname = 'not compressed' |
280 | 280 |
diff --git a/Misc/NEWS.d/next/Library/2018-03-01-17-49-56.bpo-32056.IlpfgE.rst b/Misc/NEWS.d/next/Library/2018-03-01-17-49-56.bpo-32056.IlpfgE.rst |
281 | 281 |
new file mode 100644 |
282 |
-index 000000000000..421aa3767794 |
|
282 |
+index 0000000..421aa37 |
|
283 | 283 |
--- /dev/null |
284 | 284 |
+++ b/Misc/NEWS.d/next/Library/2018-03-01-17-49-56.bpo-32056.IlpfgE.rst |
285 | 285 |
@@ -0,0 +1,3 @@ |
286 | 286 |
+Improved exceptions raised for invalid number of channels and sample width |
287 | 287 |
+when read an audio file in modules :mod:`aifc`, :mod:`wave` and |
288 | 288 |
+:mod:`sunau`. |
289 |
+--- a/Lib/test/test_sunau.py 2018-12-31 18:42:22.647732415 +0530 |
|
290 |
+@@ -1,6 +1,8 @@ |
|
291 |
+ import unittest |
|
292 |
+ from test import audiotests |
|
293 |
+ from audioop import byteswap |
|
294 |
++import io |
|
295 |
++import struct |
|
296 |
+ import sys |
|
297 |
+ import sunau |
|
298 |
+ |
|
299 |
+@@ -116,6 +118,39 @@ class SunauULAWTest(SunauTest, unittest. |
|
300 |
+ if sys.byteorder != 'big': |
|
301 |
+ frames = byteswap(frames, 2) |
|
302 |
+ |
|
303 |
++class SunauLowLevelTest(unittest.TestCase): |
|
304 |
++ def test_read_bad_magic_number(self): |
|
305 |
++ b = b'SPA' |
|
306 |
++ with self.assertRaises(EOFError): |
|
307 |
++ sunau.open(io.BytesIO(b)) |
|
308 |
++ b = b'SPAM' |
|
309 |
++ with self.assertRaisesRegex(sunau.Error, 'bad magic number'): |
|
310 |
++ sunau.open(io.BytesIO(b)) |
|
311 |
++ |
|
312 |
++ def test_read_too_small_header(self): |
|
313 |
++ b = struct.pack('>LLLLL', sunau.AUDIO_FILE_MAGIC, 20, 0, |
|
314 |
++ sunau.AUDIO_FILE_ENCODING_LINEAR_8, 11025) |
|
315 |
++ with self.assertRaisesRegex(sunau.Error, 'header size too small'): |
|
316 |
++ sunau.open(io.BytesIO(b)) |
|
317 |
++ |
|
318 |
++ def test_read_too_large_header(self): |
|
319 |
++ b = struct.pack('>LLLLLL', sunau.AUDIO_FILE_MAGIC, 124, 0, |
|
320 |
++ sunau.AUDIO_FILE_ENCODING_LINEAR_8, 11025, 1) |
|
321 |
++ b += b'\0' * 100 |
|
322 |
++ with self.assertRaisesRegex(sunau.Error, 'header size ridiculously large'): |
|
323 |
++ sunau.open(io.BytesIO(b)) |
|
324 |
++ |
|
325 |
++ def test_read_wrong_encoding(self): |
|
326 |
++ b = struct.pack('>LLLLLL', sunau.AUDIO_FILE_MAGIC, 24, 0, 0, 11025, 1) |
|
327 |
++ with self.assertRaisesRegex(sunau.Error, r'encoding not \(yet\) supported'): |
|
328 |
++ sunau.open(io.BytesIO(b)) |
|
329 |
++ |
|
330 |
++ def test_read_wrong_number_of_channels(self): |
|
331 |
++ b = struct.pack('>LLLLLL', sunau.AUDIO_FILE_MAGIC, 24, 0, |
|
332 |
++ sunau.AUDIO_FILE_ENCODING_LINEAR_8, 11025, 0) |
|
333 |
++ with self.assertRaisesRegex(sunau.Error, 'bad # of channels'): |
|
334 |
++ sunau.open(io.BytesIO(b)) |
|
335 |
++ |
|
336 |
+ |
|
337 |
+ if __name__ == "__main__": |
|
338 |
+ unittest.main() |
289 | 339 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,79 @@ |
0 |
+commit f7666e828cc3d5873136473ea36ba2013d624fa1 |
|
1 |
+Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> |
|
2 |
+Date: Tue Sep 18 06:14:13 2018 -0700 |
|
3 |
+ |
|
4 |
+ bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) |
|
5 |
+ |
|
6 |
+ |
|
7 |
+ The C accelerated _elementtree module now initializes hash randomization |
|
8 |
+ salt from _Py_HashSecret instead of libexpat's default CPRNG. |
|
9 |
+ |
|
10 |
+ Signed-off-by: Christian Heimes <christian@python.org> |
|
11 |
+ |
|
12 |
+ https://bugs.python.org/issue34623 |
|
13 |
+ (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) |
|
14 |
+ |
|
15 |
+ Co-authored-by: Christian Heimes <christian@python.org> |
|
16 |
+ |
|
17 |
+diff --git a/Include/pyexpat.h b/Include/pyexpat.h |
|
18 |
+index 44259bf..07020b5 100644 |
|
19 |
+--- a/Include/pyexpat.h |
|
20 |
+@@ -3,7 +3,7 @@ |
|
21 |
+ |
|
22 |
+ /* note: you must import expat.h before importing this module! */ |
|
23 |
+ |
|
24 |
+-#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0" |
|
25 |
++#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1" |
|
26 |
+ #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI" |
|
27 |
+ |
|
28 |
+ struct PyExpat_CAPI |
|
29 |
+@@ -48,6 +48,8 @@ struct PyExpat_CAPI |
|
30 |
+ enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding); |
|
31 |
+ int (*DefaultUnknownEncodingHandler)( |
|
32 |
+ void *encodingHandlerData, const XML_Char *name, XML_Encoding *info); |
|
33 |
++ /* might be none for expat < 2.1.0 */ |
|
34 |
++ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt); |
|
35 |
+ /* always add new stuff to the end! */ |
|
36 |
+ }; |
|
37 |
+ |
|
38 |
+diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst |
|
39 |
+new file mode 100644 |
|
40 |
+index 0000000..31ad92e |
|
41 |
+--- /dev/null |
|
42 |
+@@ -0,0 +1,2 @@ |
|
43 |
++The C accelerated _elementtree module now initializes hash randomization |
|
44 |
++salt from _Py_HashSecret instead of libexpat's default CSPRNG. |
|
45 |
+diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c |
|
46 |
+index 707ab29..53f05f9 100644 |
|
47 |
+--- a/Modules/_elementtree.c |
|
48 |
+@@ -3261,6 +3261,11 @@ _elementtree_XMLParser___init___impl(XMLParserObject *self, PyObject *html, |
|
49 |
+ PyErr_NoMemory(); |
|
50 |
+ return -1; |
|
51 |
+ } |
|
52 |
++ /* expat < 2.1.0 has no XML_SetHashSalt() */ |
|
53 |
++ if (EXPAT(SetHashSalt) != NULL) { |
|
54 |
++ EXPAT(SetHashSalt)(self->parser, |
|
55 |
++ (unsigned long)_Py_HashSecret.expat.hashsalt); |
|
56 |
++ } |
|
57 |
+ |
|
58 |
+ if (target) { |
|
59 |
+ Py_INCREF(target); |
|
60 |
+diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c |
|
61 |
+index 47c3e86..aa21d93 100644 |
|
62 |
+--- a/Modules/pyexpat.c |
|
63 |
+@@ -1887,6 +1887,11 @@ MODULE_INITFUNC(void) |
|
64 |
+ capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler; |
|
65 |
+ capi.SetEncoding = XML_SetEncoding; |
|
66 |
+ capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler; |
|
67 |
++#if XML_COMBINED_VERSION >= 20100 |
|
68 |
++ capi.SetHashSalt = XML_SetHashSalt; |
|
69 |
++#else |
|
70 |
++ capi.SetHashSalt = NULL; |
|
71 |
++#endif |
|
72 |
+ |
|
73 |
+ /* export using capsule */ |
|
74 |
+ capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL); |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: A high-level scripting language |
2 | 2 |
Name: python3 |
3 | 3 |
Version: 3.6.5 |
4 |
-Release: 2%{?dist} |
|
4 |
+Release: 3%{?dist} |
|
5 | 5 |
License: PSF |
6 | 6 |
URL: http://www.python.org/ |
7 | 7 |
Group: System Environment/Programming |
... | ... |
@@ -12,6 +12,7 @@ Source0: https://www.python.org/ftp/python/%{version}/Python-%{version}.t |
12 | 12 |
Patch0: cgi3.patch |
13 | 13 |
Patch1: python3-support-photon-platform.patch |
14 | 14 |
Patch2: python3-CVE-2017-18207.patch |
15 |
+Patch3: python3-CVE-2018-14647.patch |
|
15 | 16 |
BuildRequires: pkg-config >= 0.28 |
16 | 17 |
BuildRequires: bzip2-devel |
17 | 18 |
BuildRequires: ncurses-devel |
... | ... |
@@ -133,7 +134,9 @@ The test package contains all regression tests for Python as well as the modules |
133 | 133 |
%setup -q -n Python-%{version} |
134 | 134 |
%patch0 -p1 |
135 | 135 |
%patch1 -p1 |
136 |
-#%patch2 -p1 |
|
136 |
+%patch2 -p1 |
|
137 |
+%patch3 -p1 |
|
138 |
+ |
|
137 | 139 |
|
138 | 140 |
%build |
139 | 141 |
export OPT="${CFLAGS}" |
... | ... |
@@ -263,6 +266,8 @@ rm -rf %{buildroot}/* |
263 | 263 |
%{_libdir}/python3.6/test/* |
264 | 264 |
|
265 | 265 |
%changelog |
266 |
+* Mon Dec 31 2018 Tapas Kundu <tkundu@vmware.com> 3.6.5-3 |
|
267 |
+- Fix for CVE-2018-14647 |
|
266 | 268 |
* Thu Oct 25 2018 Sujay g <gsujay@vmware.com> 3.6.5-2 |
267 | 269 |
- Remove vulnerable Windows installers from python3-libs rpm |
268 | 270 |
* Thu Apr 19 2018 Xiaolin Li <xiaolinl@vmware.com> 3.6.5-1 |