[python-sqlalchemy/el5] CVE-2012-0805 https://bugzilla.redhat.com/show_bug.cgi?id=800936
Toshio くらとみ
toshio at fedoraproject.org
Thu Mar 8 17:57:15 UTC 2012
commit 97ed5691c508390be2eb166927895edf93e13670
Author: Toshio Kuratomi <toshio at fedoraproject.org>
Date: Thu Mar 8 09:57:09 2012 -0800
CVE-2012-0805 https://bugzilla.redhat.com/show_bug.cgi?id=800936
SQLAlchemy-0.3.11-coerce-limit-offset-to-int.patch | 90 ++++++++++++++++++++
python-sqlalchemy.spec | 18 +++-
2 files changed, 105 insertions(+), 3 deletions(-)
---
diff --git a/SQLAlchemy-0.3.11-coerce-limit-offset-to-int.patch b/SQLAlchemy-0.3.11-coerce-limit-offset-to-int.patch
new file mode 100644
index 0000000..d357faf
--- /dev/null
+++ b/SQLAlchemy-0.3.11-coerce-limit-offset-to-int.patch
@@ -0,0 +1,90 @@
+Index: SQLAlchemy-0.3.11/lib/sqlalchemy/util.py
+===================================================================
+--- SQLAlchemy-0.3.11.orig/lib/sqlalchemy/util.py
++++ SQLAlchemy-0.3.11/lib/sqlalchemy/util.py
+@@ -49,6 +49,13 @@ def to_set(x):
+ else:
+ return x
+
++def asint(value):
++ """Coerce to integer."""
++
++ if value is None:
++ return value
++ return int(value)
++
+ def flatten_iterator(x):
+ """Given an iterator of which further sub-elements may also be
+ iterators, flatten the sub-elements into a single iterator.
+Index: SQLAlchemy-0.3.11/test/sql/select.py
+===================================================================
+--- SQLAlchemy-0.3.11.orig/test/sql/select.py
++++ SQLAlchemy-0.3.11/test/sql/select.py
+@@ -1,9 +1,13 @@
+ from testbase import PersistTest
+ import testbase
++import decimal
+ from sqlalchemy import *
+ from sqlalchemy.databases import sqlite, postgres, mysql, oracle, firebird, mssql
+ import unittest, re, operator
+
++def eq_(a, b, msg=None):
++ """Assert a == b, with repr messaging on failure."""
++ assert a == b, msg or "%r != %r" % (a, b)
+
+ # the select test now tests almost completely with TableClause/ColumnClause objects,
+ # which are free-roaming table/column objects not attached to any database.
+@@ -70,6 +74,27 @@ class SelectTest(SQLTest):
+ self.runtest(select([table1, table2]), "SELECT mytable.myid, mytable.name, mytable.description, myothertable.otherid, \
+ myothertable.othername FROM mytable, myothertable")
+
++ def test_int_limit_offset_coercion(self):
++ for given, exp in [
++ ("5", 5),
++ (5, 5),
++ (5.2, 5),
++ (decimal.Decimal("5"), 5),
++ (None, None),
++ ]:
++ # IN sqlalchemy-0.3, this form does not exist
++ #eq_(select().limit(given)._limit, exp)
++ #eq_(select().offset(given)._offset, exp)
++ eq_(select(limit=given).limit, exp)
++ eq_(select(offset=given).offset, exp)
++
++ #self.assertRaises(ValueError, select().limit, "foo")
++ #self.assertRaises(ValueError, select().offset, "foo")
++ self.assertRaises(ValueError, select, offset="foo")
++ self.assertRaises(ValueError, select, limit="foo")
++
++
++
+ def testselectselect(self):
+ """tests placing select statements in the column clause of another select, for the
+ purposes of selecting from the exported columns of that select."""
+Index: SQLAlchemy-0.3.11/lib/sqlalchemy/sql.py
+===================================================================
+--- SQLAlchemy-0.3.11.orig/lib/sqlalchemy/sql.py
++++ SQLAlchemy-0.3.11/lib/sqlalchemy/sql.py
+@@ -2790,8 +2790,8 @@ class CompoundSelect(_SelectBaseMixin, F
+ self.should_correlate = kwargs.pop('correlate', False)
+ self.for_update = kwargs.pop('for_update', False)
+ self.nowait = kwargs.pop('nowait', False)
+- self.limit = kwargs.pop('limit', None)
+- self.offset = kwargs.pop('offset', None)
++ self.limit = util.asint(kwargs.pop('limit', None))
++ self.offset = util.asint(kwargs.pop('offset', None))
+ self.is_compound = True
+ self.is_where = False
+ self.is_scalar = False
+@@ -2874,8 +2874,8 @@ class Select(_SelectBaseMixin, FromClaus
+ self.whereclause = None
+ self.having = None
+ self._bind = bind or engine
+- self.limit = limit
+- self.offset = offset
++ self.limit = util.asint(limit)
++ self.offset = util.asint(offset)
+ self.for_update = for_update
+ self.is_compound = False
+
diff --git a/python-sqlalchemy.spec b/python-sqlalchemy.spec
index b3a1578..4aca457 100644
--- a/python-sqlalchemy.spec
+++ b/python-sqlalchemy.spec
@@ -6,18 +6,21 @@
Name: python-sqlalchemy
Version: 0.3.11
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Modular and flexible ORM library for python
Group: Development/Libraries
License: MIT
URL: http://www.sqlalchemy.org/
Source0: http://downloads.sourceforge.net/sqlalchemy/%{srcname}-%{version}.tar.gz
+Patch0: SQLAlchemy-0.3.11-coerce-limit-offset-to-int.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
-BuildRequires: python-devel
+BuildRequires: python2-devel
BuildRequires: python-setuptools >= 0.6c3
+BuildRequires: python-sqlite2
%description
SQLAlchemy is an Object Relational Mappper (ORM) that provides a flexible,
@@ -31,6 +34,7 @@ domain.
%prep
%setup -q -n %{srcname}-%{version}
+%patch0 -p1
%build
CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
@@ -38,10 +42,15 @@ CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
%install
rm -rf $RPM_BUILD_ROOT
-%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT --single-version-externally-managed
+%{__python} setup.py install --skip-build --root $RPM_BUILD_ROOT --single-version-externally-managed
# remove unnecessary scripts for building documentation
rm -rf doc/build
+%check
+export PYTHONPATH=$(pwd):$(pwd)/test
+%{__python} setup.py develop -d .
+%{__python} test/alltests.py
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -53,6 +62,9 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitelib}/sqlalchemy/
%changelog
+* Wed Mar 7 2012 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.11-2
+- CVE-2012-0805 https://bugzilla.redhat.com/show_bug.cgi?id=800936
+
* Tue Dec 11 2007 Toshio Kuratomi <a.badger at gmail.com> - 0.3.11-1
- Upgrade to 0.3.11.
More information about the scm-commits
mailing list