fix CVE-2021-34131
This commit is contained in:
huangduirong
parent
5ec7858956
commit
63f131a210
144
backport-CVE-2021-34141.patch
Normal file
144
backport-CVE-2021-34141.patch
Normal file
@ -0,0 +1,144 @@
|
||||
From eeef9d4646103c3b1afd3085f1393f2b3f9575b2 Mon Sep 17 00:00:00 2001
|
||||
From: NectDz <54990613+NectDz@users.noreply.github.com>
|
||||
Date: Tue, 10 Aug 2021 18:00:35 -0500
|
||||
Subject: [PATCH] DEP: Remove deprecated numeric style dtype strings (#19539)
|
||||
|
||||
Finishes the deprecation, and effectively closes gh-18993
|
||||
|
||||
* Insecure String Comparison
|
||||
|
||||
* Finished Deprecations
|
||||
|
||||
* Breaks numpy types
|
||||
|
||||
* Removed elements in dep_tps
|
||||
|
||||
* Delete Typecode Comment
|
||||
|
||||
* Deleted for loop
|
||||
|
||||
* Fixed 80 characters or more issue
|
||||
|
||||
* Expired Release Note
|
||||
|
||||
* Updated Release Note
|
||||
|
||||
* Update numpy/core/numerictypes.py
|
||||
|
||||
* Update numpy/core/tests/test_deprecations.py
|
||||
|
||||
Co-authored-by: Sebastian Berg <sebastian@sipsolutions.net>
|
||||
---
|
||||
doc/release/upcoming_changes/19539.expired.rst | 2 ++
|
||||
numpy/core/_type_aliases.py | 9 ---------
|
||||
numpy/core/src/multiarray/descriptor.c | 16 ----------------
|
||||
numpy/core/tests/test_deprecations.py | 15 ---------------
|
||||
numpy/core/tests/test_dtype.py | 9 ++++++---
|
||||
5 files changed, 8 insertions(+), 43 deletions(-)
|
||||
create mode 100644 doc/release/upcoming_changes/19539.expired.rst
|
||||
|
||||
diff --git a/doc/release/upcoming_changes/19539.expired.rst b/doc/release/upcoming_changes/19539.expired.rst
|
||||
new file mode 100644
|
||||
index 0000000..6e94f17
|
||||
--- /dev/null
|
||||
+++ b/doc/release/upcoming_changes/19539.expired.rst
|
||||
@@ -0,0 +1,2 @@
|
||||
+* Using the strings ``"Bytes0"``, ``"Datetime64"``, ``"Str0"``, ``"Uint32"``,
|
||||
+ and ``"Uint64"`` as a dtype will now raise a ``TypeError``.
|
||||
\ No newline at end of file
|
||||
diff --git a/numpy/core/_type_aliases.py b/numpy/core/_type_aliases.py
|
||||
index 67addef..3765a0d 100644
|
||||
--- a/numpy/core/_type_aliases.py
|
||||
+++ b/numpy/core/_type_aliases.py
|
||||
@@ -115,15 +115,6 @@ def _add_aliases():
|
||||
# add forward, reverse, and string mapping to numarray
|
||||
sctypeDict[char] = info.type
|
||||
|
||||
- # Add deprecated numeric-style type aliases manually, at some point
|
||||
- # we may want to deprecate the lower case "bytes0" version as well.
|
||||
- for name in ["Bytes0", "Datetime64", "Str0", "Uint32", "Uint64"]:
|
||||
- if english_lower(name) not in allTypes:
|
||||
- # Only one of Uint32 or Uint64, aliases of `np.uintp`, was (and is) defined, note that this
|
||||
- # is not UInt32/UInt64 (capital i), which is removed.
|
||||
- continue
|
||||
- allTypes[name] = allTypes[english_lower(name)]
|
||||
- sctypeDict[name] = sctypeDict[english_lower(name)]
|
||||
|
||||
_add_aliases()
|
||||
|
||||
diff --git a/numpy/core/src/multiarray/descriptor.c b/numpy/core/src/multiarray/descriptor.c
|
||||
index 50964da..90453e3 100644
|
||||
--- a/numpy/core/src/multiarray/descriptor.c
|
||||
+++ b/numpy/core/src/multiarray/descriptor.c
|
||||
@@ -1723,22 +1723,6 @@ _convert_from_str(PyObject *obj, int align)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- /* Check for a deprecated Numeric-style typecode */
|
||||
- /* `Uint` has deliberately weird uppercasing */
|
||||
- char *dep_tps[] = {"Bytes", "Datetime64", "Str", "Uint"};
|
||||
- int ndep_tps = sizeof(dep_tps) / sizeof(dep_tps[0]);
|
||||
- for (int i = 0; i < ndep_tps; ++i) {
|
||||
- char *dep_tp = dep_tps[i];
|
||||
-
|
||||
- if (strncmp(type, dep_tp, strlen(dep_tp)) == 0) {
|
||||
- /* Deprecated 2020-06-09, NumPy 1.20 */
|
||||
- if (DEPRECATE("Numeric-style type codes are "
|
||||
- "deprecated and will result in "
|
||||
- "an error in the future.") < 0) {
|
||||
- goto fail;
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
/*
|
||||
* Probably only ever dispatches to `_convert_from_type`, but who
|
||||
* knows what users are injecting into `np.typeDict`.
|
||||
diff --git a/numpy/core/tests/test_deprecations.py b/numpy/core/tests/test_deprecations.py
|
||||
index 42e632e..44a3ed7 100644
|
||||
--- a/numpy/core/tests/test_deprecations.py
|
||||
+++ b/numpy/core/tests/test_deprecations.py
|
||||
@@ -314,21 +314,6 @@ def test_insufficient_width_negative(self):
|
||||
self.assert_deprecated(np.binary_repr, args=args, kwargs=kwargs)
|
||||
|
||||
|
||||
-class TestNumericStyleTypecodes(_DeprecationTestCase):
|
||||
- """
|
||||
- Most numeric style typecodes were previously deprecated (and removed)
|
||||
- in 1.20. This also deprecates the remaining ones.
|
||||
- """
|
||||
- # 2020-06-09, NumPy 1.20
|
||||
- def test_all_dtypes(self):
|
||||
- deprecated_types = ['Bytes0', 'Datetime64', 'Str0']
|
||||
- # Depending on intp size, either Uint32 or Uint64 is defined:
|
||||
- deprecated_types.append(f"U{np.dtype(np.intp).name}")
|
||||
- for dt in deprecated_types:
|
||||
- self.assert_deprecated(np.dtype, exceptions=(TypeError,),
|
||||
- args=(dt,))
|
||||
-
|
||||
-
|
||||
class TestDTypeAttributeIsDTypeDeprecation(_DeprecationTestCase):
|
||||
# Deprecated 2021-01-05, NumPy 1.21
|
||||
message = r".*`.dtype` attribute"
|
||||
diff --git a/numpy/core/tests/test_dtype.py b/numpy/core/tests/test_dtype.py
|
||||
index 4f52268..23269f0 100644
|
||||
--- a/numpy/core/tests/test_dtype.py
|
||||
+++ b/numpy/core/tests/test_dtype.py
|
||||
@@ -109,9 +109,12 @@ def test_richcompare_invalid_dtype_comparison(self, operation):
|
||||
operation(np.dtype(np.int32), 7)
|
||||
|
||||
@pytest.mark.parametrize("dtype",
|
||||
- ['Bool', 'Complex32', 'Complex64', 'Float16', 'Float32', 'Float64',
|
||||
- 'Int8', 'Int16', 'Int32', 'Int64', 'Object0', 'Timedelta64',
|
||||
- 'UInt8', 'UInt16', 'UInt32', 'UInt64', 'Void0',
|
||||
+ ['Bool', 'Bytes0', 'Complex32', 'Complex64',
|
||||
+ 'Datetime64', 'Float16', 'Float32', 'Float64',
|
||||
+ 'Int8', 'Int16', 'Int32', 'Int64',
|
||||
+ 'Object0', 'Str0', 'Timedelta64',
|
||||
+ 'UInt8', 'UInt16', 'Uint32', 'UInt32',
|
||||
+ 'Uint64', 'UInt64', 'Void0',
|
||||
"Float128", "Complex128"])
|
||||
def test_numeric_style_types_are_invalid(self, dtype):
|
||||
with assert_raises(TypeError):
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
13
numpy.spec
13
numpy.spec
@ -2,7 +2,7 @@
|
||||
|
||||
Name: numpy
|
||||
Version: 1.21.4
|
||||
Release: 3
|
||||
Release: 4
|
||||
Epoch: 1
|
||||
Summary: A fast multidimensional array facility for Python
|
||||
|
||||
@ -16,6 +16,7 @@ BuildRequires: python3-Cython >= 0.29.24
|
||||
|
||||
Patch0: backport-CVE-2021-41496.patch
|
||||
Patch1: backport-CVE-2021-41495.patch
|
||||
Patch2: backport-CVE-2021-34141.patch
|
||||
|
||||
%description
|
||||
NumPy is the fundamental package for scientific computing with Python. It contains among other things:
|
||||
@ -105,8 +106,14 @@ popd &> /dev/null
|
||||
|
||||
|
||||
%changelog
|
||||
+* Tue Feb 08 2022 renhongxun <renhongxun@h-partners.com> - 1.21.4-3
|
||||
+- fix CVE-2021-41495
|
||||
* Tue May 31 2022 huangduirong <huangduirong@huawei.com> - 1.21.4-4
|
||||
- Type:CVE
|
||||
- ID:CVE-2021-34141
|
||||
- SUGA:NA
|
||||
- DESC:fix CVE-2021-34141
|
||||
|
||||
* Tue Feb 08 2022 renhongxun <renhongxun@h-partners.com> - 1.21.4-3
|
||||
- fix CVE-2021-41495
|
||||
|
||||
* Wed Jan 05 2022 yuanxin <yuanxin24@huawei.com> - 1.21.4-2
|
||||
- fix CVE-2021-41496
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user