PR#1: Add a patch for the security vulnerability CVE-2017-12852 (rhbz#1483689) - rpms/python3-numpy

rpms / python3-numpy

#1 Add a patch for the security vulnerability CVE-2017-12852 (rhbz#1483689)

Merged 6 years ago by cstratak. Opened 6 years ago by ishcherb.

rpms/ ishcherb/python3-numpy epel7 into epel7

Add a patch for the security vulnerability CVE-2017-12852 (rhbz#1483689)

Iryna Shcherbina • 6 years ago

e7e0f9d

0001-Security-fix-for-CVE-2017-12852.patch

file added

+61

		`@@ -0,0 +1,61 @@`
		`+ From 83f089f54715ea4d3d649cb6eade3ddfd548f9fa Mon Sep 17 00:00:00 2001`
		`+ From: Iryna Shcherbina <ishcherb@redhat.com>`
		`+ Date: Wed, 13 Sep 2017 11:31:56 +0200`
		`+ Subject: [PATCH] Security fix for CVE-2017-12852`
		`+`
		`+ ---`
		`+ numpy/lib/arraypad.py \| 8 ++++++++`
		`+ numpy/lib/tests/test_arraypad.py \| 11 +++++++++++`
		`+ 2 files changed, 19 insertions(+)`
		`+`
		`+ diff --git a/numpy/lib/arraypad.py b/numpy/lib/arraypad.py`
		`+ index f70297f..183fd2e 100644`
		`+ --- a/numpy/lib/arraypad.py`
		`+ +++ b/numpy/lib/arraypad.py`
		`+ @@ -1433,6 +1433,14 @@ def pad(array, pad_width, mode=None, **kwargs):`
		`+`
		`+ elif mode == 'reflect':`
		`+ for axis, (pad_before, pad_after) in enumerate(pad_width):`
		`+ + if narray.shape[axis] == 0:`
		`+ + # Axes with non-zero padding cannot be empty.`
		`+ + if pad_before > 0 or pad_after > 0:`
		`+ + raise ValueError("There aren't any elements to reflect"`
		+ + " in axis {} of `array`".format(axis))
		`+ + # Skip zero padding on empty axes.`
		`+ + continue`
		`+ +`
		+ # Recursive padding along any axis where `pad_amt` is too large
		`+ # for indexing tricks. We can only safely pad the original axis`
		`+ # length, to keep the period of the reflections consistent.`
		`+ diff --git a/numpy/lib/tests/test_arraypad.py b/numpy/lib/tests/test_arraypad.py`
		`+ index 11d2c70..730befe 100644`
		`+ --- a/numpy/lib/tests/test_arraypad.py`
		`+ +++ b/numpy/lib/tests/test_arraypad.py`
		`+ @@ -627,6 +627,11 @@ class TestReflect(TestCase):`
		`+ b = np.array([1, 2, 3, 2, 1, 2, 3, 2, 1, 2, 3])`
		`+ assert_array_equal(a, b)`
		`+`
		`+ + def test_check_padding_an_empty_array(self):`
		`+ + a = pad(np.zeros((0, 3)), ((0,), (1,)), mode='reflect')`
		`+ + b = np.zeros((0, 5))`
		`+ + assert_array_equal(a, b)`
		`+ +`
		`+`
		`+ class TestSymmetric(TestCase):`
		`+ def test_check_simple(self):`
		`+ @@ -975,6 +980,12 @@ class ValueError1(TestCase):`
		`+ assert_raises(ValueError, pad, arr, ((-2, 3), (3, 2)),`
		`+ **kwargs)`
		`+`
		`+ + def test_check_empty_array(self):`
		`+ + assert_raises(ValueError, pad, [], 4, mode='reflect')`
		`+ + assert_raises(ValueError, pad, np.ndarray(0), 4, mode='reflect')`
		`+ + assert_raises(ValueError, pad, np.zeros((0, 3)), ((1,), (0,)),`
		`+ + mode='reflect')`
		`+ +`
		`+`
		`+ class ValueError2(TestCase):`
		`+ def test_check_negative_pad_amount(self):`
		`+ --`
		`+ 2.13.5`
		`+`

python3-numpy.spec

file modified

+9 -1

		`@@ -2,7 +2,7 @@`

		`Name: python3-%{srcname}`
		`Version: 1.10.4`
		`- Release: 4%{?dist}`
		`+ Release: 5%{?dist}`
		`Summary: A fast multidimensional array facility for Python 3`

		`# Everything is BSD except for class SafeEval in numpy/lib/utils.py which is Python`
		`@@ -16,6 +16,10 @@`
		`BuildRequires: gcc-gfortran`
		`BuildRequires: atlas-devel`

		`+ # Add input validation on empty list or ndarray in numpy.pad function.`
		`+ # Fixes rhbz#1483689`
		`+ Patch1: 0001-Security-fix-for-CVE-2017-12852.patch`
		`+`
		`%description`
		`NumPy is a general-purpose array-processing package designed to`
		`efficiently manipulate large multi-dimensional arrays of arbitrary`
		`@@ -60,6 +64,7 @@`

		`%prep`
		`%setup -q -n %{srcname}-%{version}`
		`+ %patch1 -p1`
		`# Strip shbang`
		`find -name \*.py -exec sed -i -e '1{/^#!/d}' {} +`
		`# workaround for rhbz#849713`
		`@@ -132,6 +137,9 @@`


		`%changelog`
		`+ * Wed Sep 13 2017 Iryna Shcherbina <ishcherb@redhat.com> - 1.10.4-5`
		`+ - Add a patch for the security vulnerability (rhbz#1483689)`
		`+`
		`* Tue Mar 1 2016 Orion Poplawski <orion@cora.nwra.com> - 1.10.4-4`
		`- Strip shbangs and fix .so permissions`