packages/scipy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!27 Fix CVE-2023-25399

Browse Source 
From: @WizardHowl 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
This commit is contained in:
openeuler-ci-bot 2023-07-14 09:25:37 +00:00 committed by Gitee
commit 84f1b7b91b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch Normal file
View File

@ -0,0 +1,44 @@
From 9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 Mon Sep 17 00:00:00 2001
From: Ralf Gommers <ralf.gommers@gmail.com>
Date: Mon, 13 Jun 2022 20:12:00 +0200
Subject: [PATCH] BUG: fix a minor refcounting issue in `Py_FindObjects`
Closes gh-16235
Note: also change `Py_XDECREF`s for start/end variables to `Py_DECREF`,
because it's already checked higher up that those variables are not
NULL.
Reference: https://github.com/scipy/scipy/pull/16397/commits/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2
Conflict: NA
---
scipy/ndimage/src/nd_image.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scipy/ndimage/src/nd_image.c b/scipy/ndimage/src/nd_image.c
index 8dfa21ea2..11d176a30 100644
--- a/scipy/ndimage/src/nd_image.c
+++ b/scipy/ndimage/src/nd_image.c
@@ -885,7 +885,7 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
npy_intp idx =
PyArray_NDIM(input) > 0 ? 2 * PyArray_NDIM(input) * ii : ii;
if (regions[idx] >= 0) {
- PyObject *tuple = PyTuple_New(PyArray_NDIM(input));
+ tuple = PyTuple_New(PyArray_NDIM(input));
if (!tuple) {
PyErr_NoMemory();
goto exit;
@@ -903,8 +903,8 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
PyErr_NoMemory();
goto exit;
}
- Py_XDECREF(start);
- Py_XDECREF(end);
+ Py_DECREF(start);
+ Py_DECREF(end);
start = end = NULL;
PyTuple_SetItem(tuple, jj, slc);
slc = NULL;
--
2.33.0

31
backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch Normal file
View File

@ -0,0 +1,31 @@
From 133b92679ab23e0fa4a6f3b6e45f493312531024 Mon Sep 17 00:00:00 2001
From: Ralf Gommers <ralf.gommers@gmail.com>
Date: Mon, 13 Jun 2022 20:20:06 +0200
Subject: [PATCH] BUG: fix small refcount issue in `ndimage._ctest`
Note that this is only test code, so it wasn't a real-world problem.
Closes gh-16236
Reference: https://github.com/scipy/scipy/pull/16397/commits/133b92679ab23e0fa4a6f3b6e45f493312531024
Conflict: NA
---
scipy/ndimage/src/_ctest.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scipy/ndimage/src/_ctest.c b/scipy/ndimage/src/_ctest.c
index fe8ce676e..f84ba064a 100644
--- a/scipy/ndimage/src/_ctest.c
+++ b/scipy/ndimage/src/_ctest.c
@@ -93,6 +93,8 @@ py_filter2d(PyObject *obj, PyObject *args)
goto error;
}
callback_data[i] = PyFloat_AsDouble(item);
+ Py_DECREF(item);
+ item = NULL;
if (PyErr_Occurred()) goto error;
}
--
2.33.0

8
scipy.spec
View File

@ -2,12 +2,15 @@
%global debug_package %{nil}
Name: scipy
Version: 1.6.2
Release: 1
Release: 2
Summary: A Python-based ecosystem of open-source software for mathematics, science, and engineering
License: Qhull and Apache-2.0
URL: https://www.scipy.org
Source0: https://github.com/scipy/scipy/releases/download/v%{version}/scipy-%{version}.tar.gz
Patch1: backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch
Patch2: backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch
BuildRequires: python3-devel python3-numpy >= 1.8.2 python3-numpy-f2py
BuildRequires: gcc-c++ openblas-devel gcc-gfortran chrpath
BuildRequires: pybind11-devel python3-pybind11 python3-Cython
@ -98,6 +101,9 @@ echo "%{_libdir}/%{name}" >> $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.c
%config(noreplace) /etc/ld.so.conf.d/*
%changelog
* Thu Jul 13 2023 Wenyu Liu <liuwenyu7@huawei.com> - 1.6.2-2
- Fix CVE-2023-25399
* Fri Dec 24 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.6.2-1
- upgrade to 1.6.2