!51 [sync] PR-45: fix CVE-2023-29824

From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229

backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch

@@ -0,0 +1,44 @@
+From 9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 Mon Sep 17 00:00:00 2001
+From: Ralf Gommers <ralf.gommers@gmail.com>
+Date: Mon, 13 Jun 2022 20:12:00 +0200
+Subject: [PATCH] BUG: fix a minor refcounting issue in `Py_FindObjects`
+
+Closes gh-16235
+
+Note: also change `Py_XDECREF`s for start/end variables to `Py_DECREF`,
+because it's already checked higher up that those variables are not
+NULL.
+
+Reference: https://github.com/scipy/scipy/pull/16397/commits/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2
+Conflict: NA
+---
+ scipy/ndimage/src/nd_image.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/scipy/ndimage/src/nd_image.c b/scipy/ndimage/src/nd_image.c
+index 8dfa21ea2..11d176a30 100644
+--- a/scipy/ndimage/src/nd_image.c
++++ b/scipy/ndimage/src/nd_image.c
+@@ -885,7 +885,7 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
+         npy_intp idx =
+                 PyArray_NDIM(input) > 0 ? 2 * PyArray_NDIM(input) * ii : ii;
+         if (regions[idx] >= 0) {
+-            PyObject *tuple = PyTuple_New(PyArray_NDIM(input));
++            tuple = PyTuple_New(PyArray_NDIM(input));
+             if (!tuple) {
+                 PyErr_NoMemory();
+                 goto exit;
+@@ -903,8 +903,8 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
+                     PyErr_NoMemory();
+                     goto exit;
+                 }
+-                Py_XDECREF(start);
+-                Py_XDECREF(end);
++                Py_DECREF(start);
++                Py_DECREF(end);
+                 start = end = NULL;
+                 PyTuple_SetItem(tuple, jj, slc);
+                 slc = NULL;
+-- 
+2.33.0
+

backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch

@@ -0,0 +1,31 @@
+From 133b92679ab23e0fa4a6f3b6e45f493312531024 Mon Sep 17 00:00:00 2001
+From: Ralf Gommers <ralf.gommers@gmail.com>
+Date: Mon, 13 Jun 2022 20:20:06 +0200
+Subject: [PATCH] BUG: fix small refcount issue in `ndimage._ctest`
+
+Note that this is only test code, so it wasn't a real-world problem.
+
+Closes gh-16236
+
+Reference: https://github.com/scipy/scipy/pull/16397/commits/133b92679ab23e0fa4a6f3b6e45f493312531024
+Conflict: NA
+---
+ scipy/ndimage/src/_ctest.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/scipy/ndimage/src/_ctest.c b/scipy/ndimage/src/_ctest.c
+index fe8ce676e..f84ba064a 100644
+--- a/scipy/ndimage/src/_ctest.c
++++ b/scipy/ndimage/src/_ctest.c
+@@ -93,6 +93,8 @@ py_filter2d(PyObject *obj, PyObject *args)
+ 	    goto error;
+ 	}
+ 	callback_data[i] = PyFloat_AsDouble(item);
++        Py_DECREF(item);
++        item = NULL;
+ 	if (PyErr_Occurred()) goto error;
+     }
+ 
+-- 
+2.33.0
+

backport-BUG-fix-use-after-free-bug-in-Py_FindObject.patch

@@ -0,0 +1,24 @@
+From 2ecef38c8629e9a27613e646c4f01b5c0a0a566f Mon Sep 17 00:00:00 2001
+From: Py_FindObjects
+Date: Tue, 28 Nov 2023 17:33:35 +0800
+Subject: [PATCH] MAINT: Fix use-after-free bug in Py_FindObject
+ 
+---
+ scipy/ndimage/src/nd_image.c | 1 -
+ 1 file changed, 1 deletion(-)
+ 
+diff --git a/scipy/ndimage/src/nd_image.c b/scipy/ndimage/src/nd_image.c
+index 9f3aed3..d9fcc57 100644
+--- a/scipy/ndimage/src/nd_image.c
++++ b/scipy/ndimage/src/nd_image.c
+@@ -928,7 +928,6 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
+     Py_XDECREF(slc);
+     free(regions);
+     if (PyErr_Occurred()) {
+-        Py_XDECREF(result);
+         return NULL;
+     } else {
+         return result;
+-- 
+2.27.0
+ 

scipy.spec

@@ -1,15 +1,20 @@
 %global py_setup_args config_fc --fcompiler=gnu95 --noarch
 %global debug_package %{nil}
 Name: scipy
-Version: 1.2.2
+Version: 1.6.2
-Release: 6
+Release: 3
 Summary: A Python-based ecosystem of open-source software for mathematics, science, and engineering
 License: Qhull and Apache-2.0
 URL: https://www.scipy.org
 Source0: https://github.com/scipy/scipy/releases/download/v%{version}/scipy-%{version}.tar.gz
 
+Patch1:	backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch
+Patch2:	backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch
+Patch3: backport-BUG-fix-use-after-free-bug-in-Py_FindObject.patch
+
 BuildRequires: python3-devel python3-numpy >= 1.8.2 python3-numpy-f2py
-BuildRequires: gcc-c++ openblas-devel gcc-gfortran git
+BuildRequires: gcc-c++ openblas-devel gcc-gfortran chrpath
+BuildRequires: pybind11-devel python3-pybind11 python3-Cython 
 
 %description
 SciPy (pronounced "Sigh Pie") is open-source software for mathematics, science, and engineering. 
@@ -31,7 +36,7 @@ Requires: python3 python3-numpy
 python3 package for scipy
 
 %prep
-%autosetup -n %{name}-%{version} -p1 -Sgit
+%autosetup -n %{name}-%{version} -p1
 
 cat > site.cfg << EOF
 [amd]
@@ -74,16 +79,50 @@ popd
 
 find %{buildroot} -type f -name '*.so' -exec strip '{}' ';'
 
+cd  $RPM_BUILD_ROOT/usr
+file `find -type f`| grep -w ELF | awk -F":" '{print $1}' | for i in `xargs`
+do
+  chrpath -d $i
+done
+cd -
+mkdir -p  $RPM_BUILD_ROOT/etc/ld.so.conf.d
+echo "%{_bindir}/%{name}" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+echo "%{_libdir}/%{name}" >> $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+
+%post
+/sbin/ldconfig
+
+%postun
+/sbin/ldconfig
+
 %files -n python3-scipy
 %license LICENSE.txt
 %{python3_sitearch}/scipy
 %{python3_sitearch}/*.egg-info
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %changelog
-* Sat Sep 4 2021 zhangtao <zhangtao221@huawei.com> - 1.2.2-6
+* Fri Dec 22 2023 xuyuchao <xu.yuchao@xfusion.com> - 1.6.2-3
+- Type:CVE
+- CVE:CVE-2023-29824
+- DESC:fix CVE-2023-29824
+
+* Thu Jul 13 2023 Wenyu Liu <liuwenyu7@huawei.com> - 1.6.2-2
+- Fix CVE-2023-25399
+
+* Fri Dec 24 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.6.2-1
+- upgrade to 1.6.2 
+
+* Thu Sep 16 2021 chenchen <chen_aka_jan@163.com> - 1.2.2-8
+- del rpath for some binaries and bin
+
+* Sat Sep 4 2021 zhangtao <zhangtao221@huawei.com> - 1.2.2-7
 - Strip Dynamic library
 
-* Sun 01 Aug 2021 sunguoshuai <sunguoshuai@huawei.com> - 1.2.2-5
+* Mon Aug 02 2021 chenyanpanHW <chenyanpan@huawei.com> - 1.2.2-6
+- DESC: delete -Sgit from %autosetup, and delete BuildRequires git
+
+* Sun Aug 01 2021 sunguoshuai <sunguoshuai@huawei.com> - 1.2.2-5
 - Fix build error with gcc 10
 
 * Mon May 31 2021 huanghaitao <huanghaitao8@huawei.com> - 1.2.2-4