diff --git a/backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch b/backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch new file mode 100644 index 0000000000000000000000000000000000000000..2cf335a97063584396cff816e9fcf78000a0de75 --- /dev/null +++ b/backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch @@ -0,0 +1,44 @@ +From 9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 Mon Sep 17 00:00:00 2001 +From: Ralf Gommers +Date: Mon, 13 Jun 2022 20:12:00 +0200 +Subject: [PATCH] BUG: fix a minor refcounting issue in `Py_FindObjects` + +Closes gh-16235 + +Note: also change `Py_XDECREF`s for start/end variables to `Py_DECREF`, +because it's already checked higher up that those variables are not +NULL. + +Reference: https://github.com/scipy/scipy/pull/16397/commits/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 +Conflict: NA +--- + scipy/ndimage/src/nd_image.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/scipy/ndimage/src/nd_image.c b/scipy/ndimage/src/nd_image.c +index 8dfa21ea2..11d176a30 100644 +--- a/scipy/ndimage/src/nd_image.c ++++ b/scipy/ndimage/src/nd_image.c +@@ -885,7 +885,7 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args) + npy_intp idx = + PyArray_NDIM(input) > 0 ? 2 * PyArray_NDIM(input) * ii : ii; + if (regions[idx] >= 0) { +- PyObject *tuple = PyTuple_New(PyArray_NDIM(input)); ++ tuple = PyTuple_New(PyArray_NDIM(input)); + if (!tuple) { + PyErr_NoMemory(); + goto exit; +@@ -903,8 +903,8 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args) + PyErr_NoMemory(); + goto exit; + } +- Py_XDECREF(start); +- Py_XDECREF(end); ++ Py_DECREF(start); ++ Py_DECREF(end); + start = end = NULL; + PyTuple_SetItem(tuple, jj, slc); + slc = NULL; +-- +2.33.0 + diff --git a/backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch b/backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch new file mode 100644 index 0000000000000000000000000000000000000000..93f1a737dec514aed5d64c4eb54a9ad53abaeb66 --- /dev/null +++ b/backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch @@ -0,0 +1,31 @@ +From 133b92679ab23e0fa4a6f3b6e45f493312531024 Mon Sep 17 00:00:00 2001 +From: Ralf Gommers +Date: Mon, 13 Jun 2022 20:20:06 +0200 +Subject: [PATCH] BUG: fix small refcount issue in `ndimage._ctest` + +Note that this is only test code, so it wasn't a real-world problem. + +Closes gh-16236 + +Reference: https://github.com/scipy/scipy/pull/16397/commits/133b92679ab23e0fa4a6f3b6e45f493312531024 +Conflict: NA +--- + scipy/ndimage/src/_ctest.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/scipy/ndimage/src/_ctest.c b/scipy/ndimage/src/_ctest.c +index fe8ce676e..f84ba064a 100644 +--- a/scipy/ndimage/src/_ctest.c ++++ b/scipy/ndimage/src/_ctest.c +@@ -93,6 +93,8 @@ py_filter2d(PyObject *obj, PyObject *args) + goto error; + } + callback_data[i] = PyFloat_AsDouble(item); ++ Py_DECREF(item); ++ item = NULL; + if (PyErr_Occurred()) goto error; + } + +-- +2.33.0 + diff --git a/backport-BUG-optimize-dummy-commit-to-investigate-#10303-on-CI.patch b/backport-BUG-optimize-dummy-commit-to-investigate-#10303-on-CI.patch new file mode 100644 index 0000000000000000000000000000000000000000..0b6546feaf3e6f1c72d41a3e8a952f3f62d10cba --- /dev/null +++ b/backport-BUG-optimize-dummy-commit-to-investigate-#10303-on-CI.patch @@ -0,0 +1,24 @@ +From b1fde70ea31bc1e015f0a929453ac757c83f23d7 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 26 Dec 2023 11:42:35 +0800 +Subject: [PATCH] BUG: optimize: dummy commit to investigate + +--- + scipy/optimize/_linprog_simplex.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/scipy/optimize/_linprog_simplex.py b/scipy/optimize/_linprog_simplex.py +index 41e3b3f..f2f8cb9 100755 +--- a/scipy/optimize/_linprog_simplex.py ++++ b/scipy/optimize/_linprog_simplex.py +@@ -63,6 +63,7 @@ def _pivot_col(T, tol=1.0E-12, bland=False): + if ma.count() == 0: + return False, np.nan + if bland: ++ # ma.mask is sometimes 0d + return True, np.nonzero(ma.mask == False)[0][0] + return True, np.ma.nonzero(ma == ma.min())[0][0] + +-- +2.33.0 + diff --git a/backport-CVE-2023-29824.patch b/backport-CVE-2023-29824.patch new file mode 100644 index 0000000000000000000000000000000000000000..1bc41c9ee40636f1dfbed9bea6858c1c4e60ea0e --- /dev/null +++ b/backport-CVE-2023-29824.patch @@ -0,0 +1,24 @@ +From 2ecef38c8629e9a27613e646c4f01b5c0a0a566f Mon Sep 17 00:00:00 2001 +From: Py_FindObjects +Date: Tue, 28 Nov 2023 17:33:35 +0800 +Subject: [PATCH] MAINT: Fix use-after-free bug in Py_FindObject + +--- + scipy/ndimage/src/nd_image.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/scipy/ndimage/src/nd_image.c b/scipy/ndimage/src/nd_image.c +index 9f3aed3..d9fcc57 100644 +--- a/scipy/ndimage/src/nd_image.c ++++ b/scipy/ndimage/src/nd_image.c +@@ -928,7 +928,6 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args) + Py_XDECREF(slc); + free(regions); + if (PyErr_Occurred()) { +- Py_XDECREF(result); + return NULL; + } else { + return result; +-- +2.27.0 + \ No newline at end of file diff --git a/scipy.spec b/scipy.spec index fb00ff0762af149595dca9f4ecb73d46282ba6f1..2dee84717d8b3c40fc2e0e10b08c2e4abc9a36a6 100644 --- a/scipy.spec +++ b/scipy.spec @@ -3,12 +3,16 @@ Name: scipy Version: 1.2.2 -Release: 2 +Release: 6 Summary: A Python-based ecosystem of open-source software for mathematics, science, and engineering License: BSD, MIT, Boost and Public Domain URL: https://www.scipy.org Source0: https://github.com/scipy/scipy/releases/download/v%{version}/scipy-%{version}.tar.gz +Patch1: backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch +Patch2: backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch +Patch3: backport-CVE-2023-29824.patch +Patch4: backport-BUG-optimize-dummy-commit-to-investigate-#10303-on-CI BuildRequires: python3-devel python3-numpy >= 1.8.2 python3-numpy-f2py #BuildRequires: python3-pytest %if %{with python2} @@ -131,6 +135,20 @@ env FFLAGS="$RPM_OPT_FLAGS -fPIC" \ %endif %changelog +* Tue Dec 26 2023 maokecheng - 1.2.2-6 +- DESC:dummy commit to investigate #10303 on CI + +* Fri Dec 22 2023 xuyuchao - 1.2.2-5 +- Type:CVE +- CVE:CVE-2023-29824 +- DESC:fix CVE-2023-29824 + +* Thu Jul 13 2023 Wenyu Liu - 1.2.2-4 +- Fix CVE-2023-25399 + +* Tue Aug 18 2020 fanjiachen - 1.2.2-3 +- add release for update + * Mon Mar 23 2020 openEuler Buildteam - 1.2.2-2 - Add macros of python2