packages/numpy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!42 [sync] PR-38: revert cve-2021-34141

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @orange-snn 
Signed-off-by: @orange-snn
This commit is contained in:
openeuler-ci-bot 2022-02-23 01:57:56 +00:00 committed by Gitee
commit 2bb0012e37
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 45 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
backport-CVE-2021-34141.patch
View File

@ -1,119 +0,0 @@
From eeef9d4646103c3b1afd3085f1393f2b3f9575b2 Mon Sep 17 00:00:00 2001
From: NectDz <54990613+NectDz@users.noreply.github.com>
Date: Tue, 10 Aug 2021 18:00:35 -0500
Subject: [PATCH] DEP: Remove deprecated numeric style dtype strings (#19539)
Finishes the deprecation, and effectively closes gh-18993
* Insecure String Comparison
* Finished Deprecations
* Breaks numpy types
* Removed elements in dep_tps
* Delete Typecode Comment
* Deleted for loop
* Fixed 80 characters or more issue
* Expired Release Note
* Updated Release Note
* Update numpy/core/numerictypes.py
* Update numpy/core/tests/test_deprecations.py
Co-authored-by: Sebastian Berg <sebastian@sipsolutions.net>
---
doc/release/upcoming_changes/19539.expired.rst | 2 ++
numpy/core/src/multiarray/descriptor.c | 25 -------------------------
numpy/core/tests/test_deprecations.py | 23 -----------------------
3 files changed, 2 insertions(+), 48 deletions(-)
create mode 100644 doc/release/upcoming_changes/19539.expired.rst
diff --git a/doc/release/upcoming_changes/19539.expired.rst b/doc/release/upcoming_changes/19539.expired.rst
new file mode 100644
index 0000000..6e94f17
--- /dev/null
+++ b/doc/release/upcoming_changes/19539.expired.rst
@@ -0,0 +1,2 @@
+* Using the strings ``"Bytes0"``, ``"Datetime64"``, ``"Str0"``, ``"Uint32"``,
+ and ``"Uint64"`` as a dtype will now raise a ``TypeError``.
\ No newline at end of file
diff --git a/numpy/core/src/multiarray/descriptor.c b/numpy/core/src/multiarray/descriptor.c
index 50964da..90453e3 100644
--- a/numpy/core/src/multiarray/descriptor.c
+++ b/numpy/core/src/multiarray/descriptor.c
@@ -1640,31 +1640,6 @@ finish:
}
#endif
if (item) {
- /* Check for a deprecated Numeric-style typecode */
- if (PyBytes_Check(obj)) {
- char *type = NULL;
- Py_ssize_t len = 0;
- char *dep_tps[] = {"Bool", "Complex", "Float", "Int",
- "Object0", "String0", "Timedelta64",
- "Unicode0", "UInt", "Void0"};
- int ndep_tps = sizeof(dep_tps) / sizeof(dep_tps[0]);
- int i;
-
- if (PyBytes_AsStringAndSize(obj, &type, &len) < 0) {
- goto error;
- }
- for (i = 0; i < ndep_tps; ++i) {
- char *dep_tp = dep_tps[i];
-
- if (strncmp(type, dep_tp, strlen(dep_tp)) == 0) {
- if (DEPRECATE("Numeric-style type codes are "
- "deprecated and will result in "
- "an error in the future.") < 0) {
- goto fail;
- }
- }
- }
- }
return PyArray_DescrConverter(item, at);
}
}
diff --git a/numpy/core/tests/test_deprecations.py b/numpy/core/tests/test_deprecations.py
index 42e632e..44a3ed7 100644
--- a/numpy/core/tests/test_deprecations.py
+++ b/numpy/core/tests/test_deprecations.py
@@ -371,29 +371,6 @@ class TestBinaryReprInsufficientWidthParameterForRepresentation(_DeprecationTest
self.assert_deprecated(np.binary_repr, args=args, kwargs=kwargs)
-class TestNumericStyleTypecodes(_DeprecationTestCase):
- """
- Deprecate the old numeric-style dtypes, which are especially
- confusing for complex types, e.g. Complex32 -> complex64. When the
- deprecation cycle is complete, the check for the strings should be
- removed from PyArray_DescrConverter in descriptor.c, and the
- deprecated keys should not be added as capitalized aliases in
- _add_aliases in numerictypes.py.
- """
- def test_all_dtypes(self):
- deprecated_types = [
- 'Bool', 'Complex32', 'Complex64', 'Float16', 'Float32', 'Float64',
- 'Int8', 'Int16', 'Int32', 'Int64', 'Object0', 'Timedelta64',
- 'UInt8', 'UInt16', 'UInt32', 'UInt64', 'Void0'
- ]
- if sys.version_info[0] < 3:
- deprecated_types.extend(['Unicode0', 'String0'])
-
- for dt in deprecated_types:
- self.assert_deprecated(np.dtype, exceptions=(TypeError,),
- args=(dt,))
-
-
class TestTestDeprecated(object):
def test_assert_deprecated(self):
test_case_instance = _DeprecationTestCase()
--
1.8.3.1

59
backport-CVE-2021-41495.patch
View File

@ -55,19 +55,19 @@ Co-authored-by: Sebastian Berg <sebastian@sipsolutions.net>
---
---
numpy/core/src/multiarray/arrayobject.c | 3 +++
numpy/core/src/multiarray/arrayobject.c | 6 ++++++
numpy/core/src/multiarray/buffer.c | 6 ++++++
numpy/core/src/multiarray/ctors.c | 24 +++++++++++++++++++++++-
numpy/core/src/multiarray/descriptor.c | 27 ++++++++++++++++++++-------
numpy/core/src/multiarray/ctors.c | 23 +++++++++++++++++++++-
numpy/core/src/multiarray/descriptor.c | 30 ++++++++++++++++++++++-------
numpy/core/src/multiarray/getset.c | 13 ++++++++-----
numpy/core/src/multiarray/methods.c | 16 ++++++++++++++++
numpy/core/src/multiarray/methods.c | 16 +++++++++++++++
numpy/core/src/multiarray/nditer_constr.c | 11 +++++------
numpy/core/src/multiarray/scalarapi.c | 3 +++
numpy/core/src/multiarray/scalarapi.c | 6 ++++++
numpy/core/src/multiarray/scalartypes.c.src | 10 +++++++---
9 files changed, 91 insertions(+), 22 deletions(-)
9 files changed, 99 insertions(+), 22 deletions(-)
diff --git a/numpy/core/src/multiarray/arrayobject.c b/numpy/core/src/multiarray/arrayobject.c
index d20dd63..1d1d6c1 100644
index d20dd63..e7c1ea2 100644
--- a/numpy/core/src/multiarray/arrayobject.c
+++ b/numpy/core/src/multiarray/arrayobject.c
@@ -1023,6 +1023,9 @@ _strings_richcompare(PyArrayObject *self, PyArrayObject *other, int cmp_op,
@ -80,6 +80,16 @@ index d20dd63..1d1d6c1 100644
unicode->elsize = PyArray_DESCR(self)->elsize << 2;
new = PyArray_FromAny((PyObject *)self, unicode,
0, 0, 0, NULL);
@@ -1036,6 +1039,9 @@ _strings_richcompare(PyArrayObject *self, PyArrayObject *other, int cmp_op,
((PyArray_DESCR(other)->type_num == NPY_STRING) ||
(PyArray_ISNOTSWAPPED(self) != PyArray_ISNOTSWAPPED(other)))) {
PyArray_Descr* unicode = PyArray_DescrNew(PyArray_DESCR(self));
+ if(unicode == NULL){
+ return NULL;
+ }
if (PyArray_DESCR(other)->type_num == NPY_STRING) {
unicode->elsize = PyArray_DESCR(other)->elsize << 2;
diff --git a/numpy/core/src/multiarray/buffer.c b/numpy/core/src/multiarray/buffer.c
index d8ad802..c633778 100644
--- a/numpy/core/src/multiarray/buffer.c
@ -104,7 +114,7 @@ index d8ad802..c633778 100644
return 1;
diff --git a/numpy/core/src/multiarray/ctors.c b/numpy/core/src/multiarray/ctors.c
index e72e602..d1f7b79 100644
index e72e602..da237e2 100644
--- a/numpy/core/src/multiarray/ctors.c
+++ b/numpy/core/src/multiarray/ctors.c
@@ -928,6 +928,9 @@ PyArray_NewFromDescr_int(PyTypeObject *subtype, PyArray_Descr *descr, int nd,
@ -158,7 +168,7 @@ index e72e602..d1f7b79 100644
if (PyDataType_REFCHK(type)) {
PyErr_SetString(PyExc_ValueError,
@@ -3925,14 +3941,20 @@ NPY_NO_EXPORT PyObject *
@@ -3925,11 +3941,16 @@ NPY_NO_EXPORT PyObject *
PyArray_FromIter(PyObject *obj, PyArray_Descr *dtype, npy_intp count)
{
PyObject *value;
@ -176,12 +186,8 @@ index e72e602..d1f7b79 100644
if (iter == NULL) {
goto done;
}
+
if (PyDataType_ISUNSIZED(dtype)) {
PyErr_SetString(PyExc_ValueError,
"Must specify length when using variable-size data-type.");
diff --git a/numpy/core/src/multiarray/descriptor.c b/numpy/core/src/multiarray/descriptor.c
index e7a4b6c..c46394b 100644
index e7a4b6c..6e5bc19 100644
--- a/numpy/core/src/multiarray/descriptor.c
+++ b/numpy/core/src/multiarray/descriptor.c
@@ -1318,6 +1318,9 @@ PyArray_DescrNewFromType(int type_num)
@ -222,7 +228,7 @@ index e7a4b6c..c46394b 100644
*/
if (!copied) {
+ PyArray_DESCR_REPLACE(conv);
+ if(conv==NULL){
+ if (conv==NULL) {
+ return NULL;
+ }
copied = NPY_TRUE;
@ -232,7 +238,17 @@ index e7a4b6c..c46394b 100644
}
if ((conv->metadata != NULL)) {
/*
@@ -3009,6 +3014,10 @@ PyArray_DescrNewByteorder(PyArray_Descr *self, char newendian)
@@ -2983,6 +2988,9 @@ PyArray_DescrNewByteorder(PyArray_Descr *self, char newendian)
char endian;
new = PyArray_DescrNew(self);
+ if (new == NULL) {
+ return NULL;
+ }
endian = new->byteorder;
if (endian != NPY_IGNORE) {
if (newendian == NPY_SWAP) {
@@ -3009,6 +3017,10 @@ PyArray_DescrNewByteorder(PyArray_Descr *self, char newendian)
int len, i;
newfields = PyDict_New();
@ -243,7 +259,7 @@ index e7a4b6c..c46394b 100644
/* make new dictionary with replaced PyArray_Descr Objects */
while (PyDict_Next(self->fields, &pos, &key, &value)) {
if NPY_TITLE_KEY(key, value) {
@@ -3045,6 +3054,10 @@ PyArray_DescrNewByteorder(PyArray_Descr *self, char newendian)
@@ -3045,6 +3057,10 @@ PyArray_DescrNewByteorder(PyArray_Descr *self, char newendian)
Py_DECREF(new->subarray->base);
new->subarray->base = PyArray_DescrNewByteorder(
self->subarray->base, newendian);
@ -354,11 +370,16 @@ index 18a2cc8..3462518 100644
"because of NPY_ITER_NBO\n");
/* Indicate that byte order or alignment needs fixing */
diff --git a/numpy/core/src/multiarray/scalarapi.c b/numpy/core/src/multiarray/scalarapi.c
index bc435d1..9a96184 100644
index bc435d1..44b3a8c 100644
--- a/numpy/core/src/multiarray/scalarapi.c
+++ b/numpy/core/src/multiarray/scalarapi.c
@@ -560,6 +560,9 @@ PyArray_DescrFromScalar(PyObject *sc)
@@ -558,8 +558,14 @@ PyArray_DescrFromScalar(PyObject *sc)
}
descr = PyArray_DescrFromTypeObject((PyObject *)Py_TYPE(sc));
+ if (descr == NULL) {
+ return NULL;
+ }
if (PyDataType_ISUNSIZED(descr)) {
PyArray_DESCR_REPLACE(descr);
+ if (descr == NULL) {

8
numpy.spec
View File

@ -2,7 +2,7 @@
Name: numpy
Version: 1.16.5
Release: 6
Release: 7
Epoch: 1
Summary: A fast multidimensional array facility for Python
@ -14,8 +14,7 @@ BuildRequires: openblas-devel
BuildRequires: lapack-devel gcc-gfortran Cython
Patch0: backport-CVE-2021-41496.patch
Patch1: backport-CVE-2021-34141.patch
Patch2: backport-CVE-2021-41495.patch
Patch1: backport-CVE-2021-41495.patch
%description
NumPy is the fundamental package for scientific computing with Python. It contains among other things:
@ -181,6 +180,9 @@ popd &> /dev/null
%{python3_sitearch}/%{name}/f2py
%changelog
* Mon Feb 21 2022 renhongxun<renhongxun@h-partners.com> - 1.16.5-7
- revert CVE-2021-34141
* Mon Feb 07 2022 renhongxun<renhongxun@h-partners.com> - 1.16.5-6
- fix CVE-2021-41495