From 23840b1f776c22fc8755de14eaa001c92b59fd75 Mon Sep 17 00:00:00 2001 From: willwolf Date: Fri, 25 Jun 2021 20:14:29 +0800 Subject: [PATCH] python3: don't override PYTHONPATH which is already set and use gdbm_count for dbm_length --- ...ride-PYTHONPATH-which-is-already-set.patch | 36 ++++++++ ...dbm_count-for-dbm_length-if-possible.patch | 83 +++++++++++++++++++ python3.spec | 14 +++- 3 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 Don-t-override-PYTHONPATH-which-is-already-set.patch create mode 100644 backport-32494-Use-gdbm_count-for-dbm_length-if-possible.patch diff --git a/Don-t-override-PYTHONPATH-which-is-already-set.patch b/Don-t-override-PYTHONPATH-which-is-already-set.patch new file mode 100644 index 0000000..e3fb940 --- /dev/null +++ b/Don-t-override-PYTHONPATH-which-is-already-set.patch @@ -0,0 +1,36 @@ +From 6fe83a4c10239296cdfe22adb7d1b5fc485b166c Mon Sep 17 00:00:00 2001 +From: hanxinke +Date: Thu, 17 Jun 2021 03:12:23 -0400 +Subject: [PATCH] Don't override PYTHONPATH which is already set by the user. + +--- + Modules/main.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/Modules/main.c b/Modules/main.c +index be0807b..bb57198 100644 +--- a/Modules/main.c ++++ b/Modules/main.c +@@ -1976,12 +1976,14 @@ config_read_env_vars(_PyCoreConfig *config) + } + } + +- wchar_t *path; +- int res = config_get_env_var_dup(&path, L"PYTHONPATH", "PYTHONPATH"); +- if (res < 0) { +- return DECODE_LOCALE_ERR("PYTHONPATH", res); ++ if (config->module_search_path_env == NULL) { ++ wchar_t *path; ++ int res = config_get_env_var_dup(&path, L"PYTHONPATH", "PYTHONPATH"); ++ if (res < 0) { ++ return DECODE_LOCALE_ERR("PYTHONPATH", res); ++ } ++ config->module_search_path_env = path; + } +- config->module_search_path_env = path; + + if (config->use_hash_seed < 0) { + _PyInitError err = config_init_hash_seed(config); +-- +2.23.0 + diff --git a/backport-32494-Use-gdbm_count-for-dbm_length-if-possible.patch b/backport-32494-Use-gdbm_count-for-dbm_length-if-possible.patch new file mode 100644 index 0000000..6e71d82 --- /dev/null +++ b/backport-32494-Use-gdbm_count-for-dbm_length-if-possible.patch @@ -0,0 +1,83 @@ +From 3e28d01628fd92d0d50b9c4e68ca09b3d3e23b14 Mon Sep 17 00:00:00 2001 +From: Dong-hee Na +Date: Fri, 1 May 2020 21:15:35 +0900 +Subject: [PATCH] bpo-32494: Use gdbm_count for dbm_length if possible + (GH-19814) + +Reference:https://github.com/python/cpython/commit/8727664557cd44dcd00612ccba816942e8f885ab +Conflict:NA + +--- + .../2020-04-30-22-25-08.bpo-32494.1xaU5l.rst | 2 ++ + Modules/_gdbmmodule.c | 30 +++++++++++++++---- + 2 files changed, 27 insertions(+), 5 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2020-04-30-22-25-08.bpo-32494.1xaU5l.rst + +diff --git a/Misc/NEWS.d/next/Library/2020-04-30-22-25-08.bpo-32494.1xaU5l.rst b/Misc/NEWS.d/next/Library/2020-04-30-22-25-08.bpo-32494.1xaU5l.rst +new file mode 100644 +index 0000000..3989700 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2020-04-30-22-25-08.bpo-32494.1xaU5l.rst +@@ -0,0 +1,2 @@ ++Update :mod:`dbm.gnu` to use gdbm_count if possible when calling ++:func:`len`. Patch by Dong-hee Na. +diff --git a/Modules/_gdbmmodule.c b/Modules/_gdbmmodule.c +index 9996d8c..e6ec9d2 100644 +--- a/Modules/_gdbmmodule.c ++++ b/Modules/_gdbmmodule.c +@@ -36,7 +36,7 @@ values() methods are not supported."); + + typedef struct { + PyObject_HEAD +- int di_size; /* -1 means recompute */ ++ Py_ssize_t di_size; /* -1 means recompute */ + GDBM_FILE di_dbm; + } dbmobject; + +@@ -102,19 +102,39 @@ dbm_length(dbmobject *dp) + return -1; + } + if (dp->di_size < 0) { ++#if GDBM_VERSION_MAJOR >= 1 && GDBM_VERSION_MINOR >= 11 ++ errno = 0; ++ gdbm_count_t count; ++ if (gdbm_count(dp->di_dbm, &count) == -1) { ++ if (errno != 0) { ++ PyErr_SetFromErrno(DbmError); ++ } ++ else { ++ PyErr_SetString(DbmError, gdbm_strerror(gdbm_errno)); ++ } ++ return -1; ++ } ++ if (count > PY_SSIZE_T_MAX) { ++ PyErr_SetString(PyExc_OverflowError, "count exceeds PY_SSIZE_T_MAX"); ++ return -1; ++ } ++ dp->di_size = count; ++#else + datum key,okey; +- int size; + okey.dsize=0; + okey.dptr=NULL; + +- size = 0; +- for (key=gdbm_firstkey(dp->di_dbm); key.dptr; ++ Py_ssize_t size = 0; ++ for (key = gdbm_firstkey(dp->di_dbm); key.dptr; + key = gdbm_nextkey(dp->di_dbm,okey)) { + size++; +- if(okey.dsize) free(okey.dptr); ++ if (okey.dsize) { ++ free(okey.dptr); ++ } + okey=key; + } + dp->di_size = size; ++#endif + } + return dp->di_size; + } +-- +2.23.0 + diff --git a/python3.spec b/python3.spec index d23be70..835b102 100644 --- a/python3.spec +++ b/python3.spec @@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language URL: https://www.python.org/ Version: 3.7.9 -Release: 14 +Release: 15 License: Python %global branchversion 3.7 @@ -142,6 +142,9 @@ Patch6033: backport-42146-Fix-memory-leak-in-subprocess.Popen-in-cas.patch Patch6034: backport-42146-Unify-cleanup-in-subprocess_fork_exec-GH-2.patch patch6035: backport-Remove-thread-objects-which-finished-process-its-request.patch patch6036: backport-CVE-2021-3426.patch +patch6037: backport-32494-Use-gdbm_count-for-dbm_length-if-possible.patch + +patch9000: Don-t-override-PYTHONPATH-which-is-already-set.patch Recommends: %{name}-help = %{version}-%{release} Provides: python%{branchversion} = %{version}-%{release} @@ -270,6 +273,8 @@ rm Lib/ensurepip/_bundled/*.whl %patch6034 -p1 %patch6035 -p1 %patch6036 -p1 +%patch6037 -p1 +%patch9000 -p1 sed -i "s/generic_os/%{_vendor}/g" Lib/platform.py rm configure pyconfig.h.in @@ -871,6 +876,13 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP" %{_mandir}/*/* %changelog +* Fri Jun 25 2021 hehuazhen - 3.7.9-15 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Use gdbm_count for dbm_length if possible + Don't override PYTHONPATH which is already set by the user + * Mon May 31 2021 shixuantong - 3.7.9-14 - Type:CVE - CVE:CVE-2021-3426 -- Gitee