diff options
author | Mingli Yu <mingli.yu@windriver.com> | 2022-03-29 16:37:25 +0800 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2022-03-30 22:16:18 +0800 |
commit | 9a69897f464432e0b6ef9b8ad5d8110d78a1162a (patch) | |
tree | 48e76fea1d043ff32df86736ef2a698457867009 | |
parent | 125c6f5770542c3b509336b92d6c45c0c955027e (diff) | |
download | openembedded-core-contrib-9a69897f464432e0b6ef9b8ad5d8110d78a1162a.tar.gz |
python3-numpy: fix CVE-2021-41496
Backport patch [1] to fix CVE-2021-41496.
[1] https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r-- | meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch | 64 | ||||
-rw-r--r-- | meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb | 1 |
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch b/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch new file mode 100644 index 0000000000..0afc79ae0d --- /dev/null +++ b/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch @@ -0,0 +1,64 @@ +From 86d81322c5c0ab67f89d64f56f6e77d4fe185910 Mon Sep 17 00:00:00 2001 +From: Warren Weckesser <warren.weckesser@gmail.com> +Date: Tue, 29 Mar 2022 15:58:00 +0800 +Subject: [PATCH] BUG: f2py: Simplify creation of an exception message. Closes + gh-19000. + +CVE: CVE-2021-41496 + +Upstream-Status: Backport [https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + numpy/f2py/src/fortranobject.c | 26 ++++++++++++-------------- + 1 file changed, 12 insertions(+), 14 deletions(-) + +diff --git a/numpy/f2py/src/fortranobject.c b/numpy/f2py/src/fortranobject.c +index 3275f90..85c9c7f 100644 +--- a/numpy/f2py/src/fortranobject.c ++++ b/numpy/f2py/src/fortranobject.c +@@ -637,14 +637,14 @@ static int check_and_fix_dimensions(const PyArrayObject* arr, + npy_intp *dims); + + static int +-count_negative_dimensions(const int rank, ++find_first_negative_dimension(const int rank, + const npy_intp *dims) { +- int i=0,r=0; +- while (i<rank) { +- if (dims[i] < 0) ++r; +- ++i; ++ for (int i = 0; i < rank; ++i) { ++ if (dims[i] < 0) { ++ return i; ++ } + } +- return r; ++ return -1; + } + + #ifdef DEBUG_COPY_ND_ARRAY +@@ -721,14 +721,12 @@ PyArrayObject* array_from_pyobj(const int type_num, + || ((intent & F2PY_OPTIONAL) && (obj==Py_None)) + ) { + /* intent(cache), optional, intent(hide) */ +- if (count_negative_dimensions(rank,dims) > 0) { +- int i; +- strcpy(mess, "failed to create intent(cache|hide)|optional array" +- "-- must have defined dimensions but got ("); +- for(i=0;i<rank;++i) +- sprintf(mess+strlen(mess),"%" NPY_INTP_FMT ",",dims[i]); +- strcat(mess, ")"); +- PyErr_SetString(PyExc_ValueError,mess); ++ int i = find_first_negative_dimension(rank, dims); ++ if (i >= 0) { ++ PyErr_Format(PyExc_ValueError, ++ "failed to create intent(cache|hide)|optional array" ++ " -- must have defined dimensions, but dims[%d] = %" ++ NPY_INTP_FMT, i, dims[i]); + return NULL; + } + arr = (PyArrayObject *) +-- +2.25.1 + diff --git a/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb b/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb index 6c3b886782..9e55e74d2c 100644 --- a/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb +++ b/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb @@ -10,6 +10,7 @@ SRCNAME = "numpy" SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${SRCNAME}-${PV}.tar.gz \ file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \ file://0001-numpy-core-Define-RISCV-32-support.patch \ + file://CVE-2021-41496.patch \ file://run-ptest \ " SRC_URI[sha256sum] = "9bf51d69ebb4ca9239e55bedc2185fe2c0ec222da0adee7ece4125414676846d" |