import python3.9-3.9.16-1.el9

2 years ago · eaac7ee6f9
parent a661b480a7
commit eaac7ee6f9
8 changed files with 24 additions and 364 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/Python-3.9.14.tar.xz
+SOURCES/Python-3.9.16.tar.xz
--- a/.python3.9.metadata
+++ b/.python3.9.metadata
@ -1 +1 @@
-fa48bd60aee6abf2d41aafb273ebf9fb6b790458 SOURCES/Python-3.9.14.tar.xz
+19acd6a341e4f2d7ff97c10c2eada258e9898624 SOURCES/Python-3.9.16.tar.xz
--- a/SOURCES/00382-cve-2015-20107.patch
+++ b/SOURCES/00382-cve-2015-20107.patch
@ -1,150 +0,0 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <encukou@gmail.com>
 Date: Fri, 3 Jun 2022 11:43:35 +0200
 Subject: [PATCH] 00382: CVE-2015-20107
 Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
 Upstream: https://github.com/python/cpython/issues/68966
 Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
 ---
 Doc/library/mailcap.rst                       | 12 +++++++++
 Lib/mailcap.py                                | 26 +++++++++++++++++--
 Lib/test/test_mailcap.py                      |  8 ++++--
 ...2-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |  4 +++
 4 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
 diff --git a/Doc/library/mailcap.rst b/Doc/library/mailcap.rst
 index a22b5b9c9e..7aa3380fec 100644
 --- a/Doc/library/mailcap.rst
 +++ b/Doc/library/mailcap.rst
@@ -60,6 +60,18 @@ standard.  However, mailcap files are supported on most Unix systems.
    use) to determine whether or not the mailcap line applies.  :func:`findmatch`
    will automatically check such conditions and skip the entry if the check fails.
 +   .. versionchanged:: 3.11
 +
 +      To prevent security issues with shell metacharacters (symbols that have
 +      special effects in a shell command line), ``findmatch`` will refuse
 +      to inject ASCII characters other than alphanumerics and ``@+=:,./-_``
 +      into the returned command line.
 +
 +      If a disallowed character appears in *filename*, ``findmatch`` will always
 +      return ``(None, None)`` as if no entry was found.
 +      If such a character appears elsewhere (a value in *plist* or in *MIMEtype*),
 +      ``findmatch`` will ignore all mailcap entries which use that value.
 +      A :mod:`warning <warnings>` will be raised in either case.
 .. function:: getcaps()
 diff --git a/Lib/mailcap.py b/Lib/mailcap.py
 index ae416a8e9f..444c6408b5 100644
 --- a/Lib/mailcap.py
 +++ b/Lib/mailcap.py
@@ -2,6 +2,7 @@
 import os
 import warnings
 +import re
 __all__ = ["getcaps","findmatch"]
@@ -13,6 +14,11 @@ def lineno_sort_key(entry):
     else:
         return 1, 0
 +_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
 +
 +class UnsafeMailcapInput(Warning):
 +    """Warning raised when refusing unsafe input"""
 +
 # Part 1: top-level interface.
@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]):
     entry to use.
     """
 +    if _find_unsafe(filename):
 +        msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,)
 +        warnings.warn(msg, UnsafeMailcapInput)
 +        return None, None
     entries = lookup(caps, MIMEtype, key)
     # XXX This code should somehow check for the needsterminal flag.
     for e in entries:
         if 'test' in e:
             test = subst(e['test'], filename, plist)
 +            if test is None:
 +                continue
             if test and os.system(test) != 0:
                 continue
         command = subst(e[key], MIMEtype, filename, plist)
 -        return command, e
 +        if command is not None:
 +            return command, e
     return None, None
 def lookup(caps, MIMEtype, key=None):
@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, plist=[]):
             elif c == 's':
                 res = res + filename
             elif c == 't':
 +                if _find_unsafe(MIMEtype):
 +                    msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,)
 +                    warnings.warn(msg, UnsafeMailcapInput)
 +                    return None
                 res = res + MIMEtype
             elif c == '{':
                 start = i
@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, plist=[]):
                     i = i+1
                 name = field[start:i]
                 i = i+1
 -                res = res + findparam(name, plist)
 +                param = findparam(name, plist)
 +                if _find_unsafe(param):
 +                    msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name)
 +                    warnings.warn(msg, UnsafeMailcapInput)
 +                    return None
 +                res = res + param
             # XXX To do:
             # %n == number of parts if type is multipart/*
             # %F == list of alternating type and filename for parts
 diff --git a/Lib/test/test_mailcap.py b/Lib/test/test_mailcap.py
 index c08423c670..920283d9a2 100644
 --- a/Lib/test/test_mailcap.py
 +++ b/Lib/test/test_mailcap.py
@@ -121,7 +121,8 @@ class HelperFunctionTest(unittest.TestCase):
             (["", "audio/*", "foo.txt"], ""),
             (["echo foo", "audio/*", "foo.txt"], "echo foo"),
             (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
 -            (["echo %t", "audio/*", "foo.txt"], "echo audio/*"),
 +            (["echo %t", "audio/*", "foo.txt"], None),
 +            (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
             (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
             (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
             (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3")
@@ -205,7 +206,10 @@ class FindmatchTest(unittest.TestCase):
              ('"An audio fragment"', audio_basic_entry)),
             ([c, "audio/*"],
              {"filename": fname},
 -             ("/usr/local/bin/showaudio audio/*", audio_entry)),
 +             (None, None)),
 +            ([c, "audio/wav"],
 +             {"filename": fname},
 +             ("/usr/local/bin/showaudio audio/wav", audio_entry)),
             ([c, "message/external-body"],
              {"plist": plist},
              ("showexternal /dev/null default john python.org     /tmp foo bar", message_entry))
 diff --git a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
 new file mode 100644
 index 0000000000..da81a1f699
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
@@ -0,0 +1,4 @@
 +The deprecated mailcap module now refuses to inject unsafe text (filenames,
 +MIME types, parameters) into shell commands. Instead of using such text, it
 +will warn and act as if a match was not found (or for test commands, as if
 +the test failed).
--- a/SOURCES/00391-cve-2022-42919.patch
+++ b/SOURCES/00391-cve-2022-42919.patch
@ -1,64 +0,0 @@
 From 85178d5849a4d9b5b46e7b91b1ebad7425139b44 Mon Sep 17 00:00:00 2001
 From: "Gregory P. Smith" <greg@krypto.org>
 Date: Thu, 20 Oct 2022 15:30:09 -0700
 Subject: [PATCH] gh-97514: Don't use Linux abstract sockets for
 multiprocessing (GH-98501)
 Linux abstract sockets are insecure as they lack any form of filesystem
 permissions so their use allows anyone on the system to inject code into
 the process.
 This removes the default preference for abstract sockets in
 multiprocessing introduced in Python 3.9+ via
 https://github.com/python/cpython/pull/18866 while fixing
 https://github.com/python/cpython/issues/84031.
 Explicit use of an abstract socket by a user now generates a
 RuntimeWarning.  If we choose to keep this warning, it should be
 backported to the 3.7 and 3.8 branches.
 (cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
 Co-authored-by: Gregory P. Smith <greg@krypto.org>
 ---
 Lib/multiprocessing/connection.py                 |  5 -----
 .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++++++++++++++
 2 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
 diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
 index 510e4b5aba44..8e2facf92a94 100644
 --- a/Lib/multiprocessing/connection.py
 +++ b/Lib/multiprocessing/connection.py
@@ -73,11 +73,6 @@ def arbitrary_address(family):
     if family == 'AF_INET':
         return ('localhost', 0)
     elif family == 'AF_UNIX':
 -        # Prefer abstract sockets if possible to avoid problems with the address
 -        # size.  When coding portable applications, some implementations have
 -        # sun_path as short as 92 bytes in the sockaddr_un struct.
 -        if util.abstract_sockets_supported:
 -            return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
         return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
     elif family == 'AF_PIPE':
         return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
 diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
 new file mode 100644
 index 000000000000..02d95b570520
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
@@ -0,0 +1,15 @@
 +On Linux the :mod:`multiprocessing` module returns to using filesystem backed
 +unix domain sockets for communication with the *forkserver* process instead of
 +the Linux abstract socket namespace.  Only code that chooses to use the
 +:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected.
 +
 +Abstract sockets have no permissions and could allow any user on the system in
 +the same `network namespace
 +<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the
 +whole system) to inject code into the multiprocessing *forkserver* process.
 +This was a potential privilege escalation. Filesystem based socket permissions
 +restrict this to the *forkserver* process user as was the default in Python 3.8
 +and earlier.
 +
 +This prevents Linux `CVE-2022-42919
 +<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.
--- a/SOURCES/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
+++ b/SOURCES/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
@ -1,94 +0,0 @@
 From c09dba57cfbbf74273ce44b1f48f71b46806605c Mon Sep 17 00:00:00 2001
 From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
 Date: Thu, 10 Nov 2022 07:57:41 -0800
 Subject: [PATCH] [3.9] gh-98433: Fix quadratic time idna decoding. (GH-99092)
 (GH-99222) (#99230)
 There was an unnecessary quadratic loop in idna decoding. This restores
 the behavior to linear.
 (cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d)
 (cherry picked from commit a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15)
 Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
 Co-authored-by: Gregory P. Smith <greg@krypto.org>
 ---
 Lib/encodings/idna.py                         | 32 +++++++++----------
 Lib/test/test_codecs.py                       |  6 ++++
 ...2-11-04-09-29-36.gh-issue-98433.l76c5G.rst |  6 ++++
 3 files changed, 27 insertions(+), 17 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
 diff --git a/Lib/encodings/idna.py b/Lib/encodings/idna.py
 index ea4058512fe3..bf98f513366b 100644
 --- a/Lib/encodings/idna.py
 +++ b/Lib/encodings/idna.py
@@ -39,23 +39,21 @@ def nameprep(label):
     # Check bidi
     RandAL = [stringprep.in_table_d1(x) for x in label]
 -    for c in RandAL:
 -        if c:
 -            # There is a RandAL char in the string. Must perform further
 -            # tests:
 -            # 1) The characters in section 5.8 MUST be prohibited.
 -            # This is table C.8, which was already checked
 -            # 2) If a string contains any RandALCat character, the string
 -            # MUST NOT contain any LCat character.
 -            if any(stringprep.in_table_d2(x) for x in label):
 -                raise UnicodeError("Violation of BIDI requirement 2")
 -
 -            # 3) If a string contains any RandALCat character, a
 -            # RandALCat character MUST be the first character of the
 -            # string, and a RandALCat character MUST be the last
 -            # character of the string.
 -            if not RandAL[0] or not RandAL[-1]:
 -                raise UnicodeError("Violation of BIDI requirement 3")
 +    if any(RandAL):
 +        # There is a RandAL char in the string. Must perform further
 +        # tests:
 +        # 1) The characters in section 5.8 MUST be prohibited.
 +        # This is table C.8, which was already checked
 +        # 2) If a string contains any RandALCat character, the string
 +        # MUST NOT contain any LCat character.
 +        if any(stringprep.in_table_d2(x) for x in label):
 +            raise UnicodeError("Violation of BIDI requirement 2")
 +        # 3) If a string contains any RandALCat character, a
 +        # RandALCat character MUST be the first character of the
 +        # string, and a RandALCat character MUST be the last
 +        # character of the string.
 +        if not RandAL[0] or not RandAL[-1]:
 +            raise UnicodeError("Violation of BIDI requirement 3")
     return label
 diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py
 index fc50e70df24b..3520cc00a1a4 100644
 --- a/Lib/test/test_codecs.py
 +++ b/Lib/test/test_codecs.py
@@ -1532,6 +1532,12 @@ def test_builtin_encode(self):
         self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org")
         self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.")
 +    def test_builtin_decode_length_limit(self):
 +        with self.assertRaisesRegex(UnicodeError, "too long"):
 +            (b"xn--016c"+b"a"*1100).decode("idna")
 +        with self.assertRaisesRegex(UnicodeError, "too long"):
 +            (b"xn--016c"+b"a"*70).decode("idna")
 +
     def test_stream(self):
         r = codecs.getreader("idna")(io.BytesIO(b"abc"))
         r.read(3)
 diff --git a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
 new file mode 100644
 index 000000000000..5185fac2e29d
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
@@ -0,0 +1,6 @@
 +The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio`
 +related name resolution functions no longer involves a quadratic algorithm.
 +This prevents a potential CPU denial of service if an out-of-spec excessive
 +length hostname involving bidirectional characters were decoded. Some protocols
 +such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker
 +to supply such a name.
--- a/SOURCES/Python-3.9.14.tar.xz.asc
+++ b/SOURCES/Python-3.9.14.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmMXib8ACgkQsmmV4xAl
 BWiwtA/+LhNMVhCwNFNtDaxDLv2Pt43oX07ka9kuRau6WU0bicf4zBboQW2Ut9en
 epdnw06klvOrb2wlxU4jeWdzuq5bNlhW3rVyT2npbRfYeXqsi/i+sY9eV5SFRPAM
 eZrnCOkuWJxTy/XRQsPFbhE0bG+npoR80RpDtZ9EfjKyL2PSyOsvudKHjepcdHMi
 tCzcmHwJbakD18g268RiDZsR8q7lSQW0c3OhOPwXfFV2Xh+jS8eEEcdp2QSBq/S9
 +HIHEAYJWvAEtg9q3KMKDWOi5rd0Q6Cw4zcO8GI0HTCkNsnJmtLUJ4qTTZWOHC5t
 M8Z0hzuXI9wK23GpxWuThuaMyQCW5HX8tBVuxaHNyWuJ4T6ID0eJJP4ijLNMXv4U
 Q0MRbLYtIIagB8BsZtBnEIIsQ1k7THdJ5KAsWIjVaPe80yQWLOrmuXulJi+E4F/C
 bBKcsFXC605xg5C3AQk58QXpyLDoPtLtRVVPtVi1aqpHCLRCikHA8kqwc7JQIf7v
 p4VsfcNsYga/EF6FArdmVz8fOpQgItvhuHgMRWBZ35p/t9Ckbl7fJQB0PYfVKYWC
 F+uNahFYvJ+gH96U6MddEzZlB0AHx3gfysBrgWXvgUAqvAZ/Vq6FiOf0jhFWUtb1
 8b7sp8GSp7QzIP9U3J75sonXEAvNOA31vuKSJ2sKdxsIP9/KgZE=
 =kQup
 -----END PGP SIGNATURE-----
--- a/SOURCES/Python-3.9.16.tar.xz.asc
+++ b/SOURCES/Python-3.9.16.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmOPjAQACgkQsmmV4xAl
 BWjzjQ//TQ9AtAs3RwRfGfJigHl3TG5lfYYdzAZIwEtt6NUw8tVKriCBMSvsJDjD
 rlFX64SPWaDlTggnatU88sj1y4AtGpf517GbYKwJ1oLQjcCSIs6WSxD7CZAfb4CL
 257KMANkT/n46luovTraqhAyLXp8fVWIEoSt3+6RgNYshjv00V6+L0HoE6jkzBRV
 si6KHDUCyIydOJEtAt79w5Ze/pFxJjIlGZ6WxyRVEy77cyQKh0g4dSdQ15HZAsfr
 fvv8rOmd8VXwIMi4xaUaHMddQxNrydDldDpKR4L1Lay/nY3OvSLI1AMw0D7n/FVO
 HxgYvxwkRqHPgbDIBLoHe7nsou0621ELS+j6M7cRoqAjsSfEOwpHOBw7k4+zOoa3
 4FHvru6TmT1p2iT6GSRllp/XspAzSelJeaFWA0Rs57MQ14gtXrw5hQHyZ1NgMzZi
 TMpnj0tGHufQYn2ZQqGUIySvtH3S5eIZgZGdPETJ5k09mcRVEKcdujTbkrIcOYtC
 GoPCw+3Qe7feVZLzElnsela9bDZi3uWfZh2kVyhZPAvxXJ0VNVCLvPlCKpr0R7t5
 JJ7jMpblsA05FT6ZanbqWNFZtCHMjlkK1259oST3BMbBSHTFgY/KGJEHQTkYU3M2
 U5OSn4za47qFBTVIXQsqkLGEBU/wrxtNmerJel8YW3ZIrkoTv2E=
 =dXB5
 -----END PGP SIGNATURE-----
--- a/SPECS/python3.9.spec
+++ b/SPECS/python3.9.spec
@ -13,11 +13,11 @@ URL: https://www.python.org/
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.14
+%global general_version %{pybasever}.16
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 1%{?dist}.2
+Release: 1%{?dist}
 License: Python
@ -399,35 +399,6 @@ Patch329: 00329-fips.patch
 # a nightmare because it's basically a binary file.
 Patch353: 00353-architecture-names-upstream-downstream.patch
 # 00382 # 9e275dcdf3934b827994ecc3247d583d5bab7985
 # CVE-2015-20107
 #
 # Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
 #
 # Upstream: https://github.com/python/cpython/issues/68966
 #
 # Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
 Patch382: 00382-cve-2015-20107.patch
 # 00391 #
 # CVE-2022-42919
 #
 # Local privilege escalation via the multiprocessing forkserver start method.
 #
 # Upstream: https://github.com/python/cpython/issues/97514
 #
 # Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2138705
 Patch391: 00391-cve-2022-42919.patch
 # 00394 #
 # CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
 #
 # gh-98433: Fix quadratic time idna decoding.
 #
 # There was an unnecessary quadratic loop in idna decoding. This restores
 # the behavior to linear.
 Patch394: 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1829,13 +1800,10 @@ CheckPython optimized
 # ======================================================
 %changelog
-* Mon Jan 09 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.9.14-1.2
+* Thu Dec 08 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1
- Security fix for CVE-2022-45061
+- Update to 3.9.16
-Resolves: rhbz#2144072
+- Security fixes for CVE-2022-42919 and CVE-2022-45061
-
+Resolves: rhbz#2138705, rhbz#2144072
 * Mon Nov 07 2022 Lumír Balhar <lbalhar@redhat.com> - 3.9.14-1.1
 - Fix for CVE-2022-42919
 Resolves: rhbz#2138705
 * Wed Sep 21 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.14-1
 - Update to 3.9.14
`@ -1 +1 @@`
	`SOURCES/Python-3.9.14.tar.xz`	`SOURCES/Python-3.9.16.tar.xz`
`@ -1 +1 @@`
	`fa48bd60aee6abf2d41aafb273ebf9fb6b790458 SOURCES/Python-3.9.14.tar.xz`	`19acd6a341e4f2d7ff97c10c2eada258e9898624 SOURCES/Python-3.9.16.tar.xz`