python3-django: Fix CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41989 Upstream-patches: https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124 https://github.com/django/django/commit/4b066bde692078b194709d517b27e55defae787c https://github.com/django/django/commit/dcd974698301a38081c141ccba6dcafa5ed2c80e https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-01-10 13:17:57 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-01-22 19:20:15 -0500
commit: 46701493ac4201c76aad1aeaf28e9b35851398ec (patch)
tree: 7d5cb5fc2f251532dcf64dc492e83a74963ecf7e /meta-python/recipes-devtools/python/python3-django
parent: 91d60c9b0aafc368acdc034cc5f86fdf7d0a3343 (diff)
download: meta-openembedded-46701493ac4201c76aad1aeaf28e9b35851398ec.tar.gz
4 files changed, 234 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch
new file mode 100644
index 0000000000..04c0cf91e0
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch
@@ -0,0 +1,48 @@
+From 08c5a787262c1ae57f6517d4574b54a5fcaad124 Mon Sep 17 00:00:00 2001
+From: Vlastimil Zíma <ziima@users.noreply.github.com>
+Date: Mon, 24 Oct 2022 12:59:34 +0200
+Subject: [PATCH] Fixed #34098 -- Fixed loss of precision for Decimal values in
+  floatformat filter.
+Regression in 12f7928f5a455e330c0a7f19bc86b37baca12811.
+CVE: CVE-2024-41989
+Upstream-Status: Backport [https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ django/template/defaultfilters.py                     | 2 +-
+ tests/template_tests/filter_tests/test_floatformat.py | 4 ++++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
+index a1d77f5..9ca530c 100644
+--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
+@@ -123,7 +123,7 @@ def floatformat(text, arg=-1):
+     of that value.
+     """
+     try:
+-        input_val = repr(text)
+        input_val = str(text)
+         d = Decimal(input_val)
+     except InvalidOperation:
+         try:
+diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
+index cfc3eaf..acad66d 100644
+--- a/tests/template_tests/filter_tests/test_floatformat.py
+++ b/tests/template_tests/filter_tests/test_floatformat.py
+@@ -44,6 +44,10 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(0.12345, 2), '0.12')
+         self.assertEqual(floatformat(Decimal('555.555'), 2), '555.56')
+         self.assertEqual(floatformat(Decimal('09.000')), '9')
+        self.assertEqual(
+            floatformat(Decimal("123456.123456789012345678901"), 21),
+            "123456.123456789012345678901",
+        )
+         self.assertEqual(floatformat('foo'), '')
+         self.assertEqual(floatformat(13.1031, 'bar'), '13.1031')
+         self.assertEqual(floatformat(18.125, 2), '18.13')
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0002.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0002.patch
new file mode 100644
index 0000000000..51cf79ffbd
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0002.patch
@@ -0,0 +1,48 @@
+From 4b066bde692078b194709d517b27e55defae787c Mon Sep 17 00:00:00 2001
+From: David Wobrock <david.wobrock@gmail.com>
+Date: Wed, 18 Jan 2023 22:54:17 +0100
+Subject: [PATCH] Fixed #34272 -- Fixed floatformat crash on zero with trailing
+ zeros to zero decimal places.
+Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124.
+Thanks Andrii Lahuta for the report.
+CVE: CVE-2024-41989
+Upstream-Status: Backport [https://github.com/django/django/commit/4b066bde692078b194709d517b27e55defae787c]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ django/template/defaultfilters.py                     | 2 +-
+ tests/template_tests/filter_tests/test_floatformat.py | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
+index 9ca530c..e72593b 100644
+--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
+@@ -140,7 +140,7 @@ def floatformat(text, arg=-1):
+     except (ValueError, OverflowError, InvalidOperation):
+         return input_val
+-    if not m and p < 0:
+    if not m and p <= 0:
+         return mark_safe(formats.number_format('%d' % (int(d)), 0))
+     exp = Decimal(1).scaleb(-abs(p))
+diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
+index acad66d..538f501 100644
+--- a/tests/template_tests/filter_tests/test_floatformat.py
+++ b/tests/template_tests/filter_tests/test_floatformat.py
+@@ -65,6 +65,8 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(0, 7), '0.0000000')
+         self.assertEqual(floatformat(0, 10), '0.0000000000')
+         self.assertEqual(floatformat(0.000000000000000000015, 20), '0.00000000000000000002')
+        self.assertEqual(floatformat("0.00", 0), "0")
+        self.assertEqual(floatformat(Decimal("0.00"), 0), "0")
+     def test_infinity(self):
+         pos_inf = float(1e30000)
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0003.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0003.patch
new file mode 100644
index 0000000000..649a58f822
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0003.patch
@@ -0,0 +1,57 @@
+From dcd974698301a38081c141ccba6dcafa5ed2c80e Mon Sep 17 00:00:00 2001
+From: "Panagiotis H.M. Issaris" <takis@issaris.com>
+Date: Wed, 22 Feb 2023 20:46:16 +0100
+Subject: [PATCH] Fixed #34363 -- Fixed floatformat crash on zero with trailing
+ zeros.
+Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124.
+Follow up to 4b066bde692078b194709d517b27e55defae787c.
+CVE: CVE-2024-41989
+Upstream-Status: Backport [https://github.com/django/django/commit/dcd974698301a38081c141ccba6dcafa5ed2c80e]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ django/template/defaultfilters.py                     | 3 ++-
+ tests/template_tests/filter_tests/test_floatformat.py | 4 ++++
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
+index e72593b..1aba321 100644
+--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
+@@ -2,7 +2,7 @@
+ import random as random_module
+ import re
+ import types
+-from decimal import ROUND_HALF_UP, Context, Decimal, InvalidOperation
+from decimal import ROUND_HALF_UP, Context, Decimal, InvalidOperation, getcontext
+ from functools import wraps
+ from operator import itemgetter
+ from pprint import pformat
+@@ -149,6 +149,7 @@ def floatformat(text, arg=-1):
+     units = len(tupl[1])
+     units += -tupl[2] if m else tupl[2]
+     prec = abs(p) + units + 1
+    prec = max(getcontext().prec, prec)
+     # Avoid conversion to scientific notation by accessing `sign`, `digits`,
+     # and `exponent` from Decimal.as_tuple() directly.
+diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
+index 538f501..413ba4b 100644
+--- a/tests/template_tests/filter_tests/test_floatformat.py
+++ b/tests/template_tests/filter_tests/test_floatformat.py
+@@ -67,6 +67,10 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(0.000000000000000000015, 20), '0.00000000000000000002')
+         self.assertEqual(floatformat("0.00", 0), "0")
+         self.assertEqual(floatformat(Decimal("0.00"), 0), "0")
+        self.assertEqual(floatformat("0.0000", 2), "0.00")
+        self.assertEqual(floatformat(Decimal("0.0000"), 2), "0.00")
+        self.assertEqual(floatformat("0.000000", 4), "0.0000")
+        self.assertEqual(floatformat(Decimal("0.000000"), 4), "0.0000")
+     def test_infinity(self):
+         pos_inf = float(1e30000)
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch
new file mode 100644
index 0000000000..1cd99df8b2
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch
@@ -0,0 +1,81 @@
+From fc76660f589ac07e45e9cd34ccb8087aeb11904b Mon Sep 17 00:00:00 2001
+From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
+Date: Fri, 12 Jul 2024 11:38:34 +0200
+Subject: [PATCH] [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory
+ consumption in floatformat.
+Thanks Elias Myllymäki for the report.
+Co-authored-by: Shai Berger <shai@platonix.com>
+CVE: CVE-2024-41989
+Upstream-Status: Backport [https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ django/template/defaultfilters.py               | 13 +++++++++++++
+ .../filter_tests/test_floatformat.py            | 17 +++++++++++++++++
+ 2 files changed, 30 insertions(+)
+diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
+index a1d77f5..4884852 100644
+--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
+@@ -135,6 +135,19 @@ def floatformat(text, arg=-1):
+     except ValueError:
+         return input_val
+    _, digits, exponent = d.as_tuple()
+    try:
+        number_of_digits_and_exponent_sum = len(digits) + abs(exponent)
+    except TypeError:
+        # Exponent values can be "F", "n", "N".
+        number_of_digits_and_exponent_sum = 0
+
+    # Values with more than 200 digits, or with a large exponent, are returned "as is"
+    # to avoid high memory consumption and potential denial-of-service attacks.
+    # The cut-off of 200 is consistent with django.utils.numberformat.floatformat().
+    if number_of_digits_and_exponent_sum > 200:
+        return input_val
+
+     try:
+         m = int(d) - d
+     except (ValueError, OverflowError, InvalidOperation):
+diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
+index cfc3eaf..bd0a998 100644
+--- a/tests/template_tests/filter_tests/test_floatformat.py
+++ b/tests/template_tests/filter_tests/test_floatformat.py
+@@ -55,6 +55,7 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(1.5e-15, 20), '0.00000000000000150000')
+         self.assertEqual(floatformat(1.5e-15, -20), '0.00000000000000150000')
+         self.assertEqual(floatformat(1.00000000000000015, 16), '1.0000000000000002')
+        self.assertEqual(floatformat("1e199"), "1" + "0" * 199)
+     def test_zero_values(self):
+         self.assertEqual(floatformat(0, 6), '0.000000')
+@@ -68,6 +69,22 @@ class FunctionTests(SimpleTestCase):
+         self.assertEqual(floatformat(pos_inf), 'inf')
+         self.assertEqual(floatformat(neg_inf), '-inf')
+         self.assertEqual(floatformat(pos_inf / pos_inf), 'nan')
+        self.assertEqual(floatformat("inf"), "inf")
+        self.assertEqual(floatformat("NaN"), "NaN")
+
+    def test_too_many_digits_to_render(self):
+        cases = [
+            "1e200",
+            "1E200",
+            "1E10000000000000000",
+            "-1E10000000000000000",
+            "1e10000000000000000",
+            "-1e10000000000000000",
+            "1" + "0" * 1_000_000,
+        ]
+        for value in cases:
+            with self.subTest(value=value):
+                self.assertEqual(floatformat(value), value)
+     def test_float_dunder_method(self):
+         class FloatWrapper:
+--
+2.40.0
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-01-10 13:17:57 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:20:15 -0500
commit	46701493ac4201c76aad1aeaf28e9b35851398ec (patch)
tree	7d5cb5fc2f251532dcf64dc492e83a74963ecf7e /meta-python/recipes-devtools/python/python3-django
parent	91d60c9b0aafc368acdc034cc5f86fdf7d0a3343 (diff)
download	meta-openembedded-46701493ac4201c76aad1aeaf28e9b35851398ec.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch new file mode 100644 index 0000000000..04c0cf91e0 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0001.patch
@@ -0,0 +1,48 @@
	1	From 08c5a787262c1ae57f6517d4574b54a5fcaad124 Mon Sep 17 00:00:00 2001
	2	From: Vlastimil Zíma <ziima@users.noreply.github.com>
	3	Date: Mon, 24 Oct 2022 12:59:34 +0200
	4	Subject: [PATCH] Fixed #34098 -- Fixed loss of precision for Decimal values in
	5	floatformat filter.
	6
	7	Regression in 12f7928f5a455e330c0a7f19bc86b37baca12811.
	8
	9	CVE: CVE-2024-41989
	10
	11	Upstream-Status: Backport [https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124]
	12
	13	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	14	---
	15	django/template/defaultfilters.py \| 2 +-
	16	tests/template_tests/filter_tests/test_floatformat.py \| 4 ++++
	17	2 files changed, 5 insertions(+), 1 deletion(-)
	18
	19	diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
	20	index a1d77f5..9ca530c 100644
	21	--- a/django/template/defaultfilters.py
	22	+++ b/django/template/defaultfilters.py
	23	@@ -123,7 +123,7 @@ def floatformat(text, arg=-1):
	24	of that value.
	25	"""
	26	try:
	27	- input_val = repr(text)
	28	+ input_val = str(text)
	29	d = Decimal(input_val)
	30	except InvalidOperation:
	31	try:
	32	diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
	33	index cfc3eaf..acad66d 100644
	34	--- a/tests/template_tests/filter_tests/test_floatformat.py
	35	+++ b/tests/template_tests/filter_tests/test_floatformat.py
	36	@@ -44,6 +44,10 @@ class FunctionTests(SimpleTestCase):
	37	self.assertEqual(floatformat(0.12345, 2), '0.12')
	38	self.assertEqual(floatformat(Decimal('555.555'), 2), '555.56')
	39	self.assertEqual(floatformat(Decimal('09.000')), '9')
	40	+ self.assertEqual(
	41	+ floatformat(Decimal("123456.123456789012345678901"), 21),
	42	+ "123456.123456789012345678901",
	43	+ )
	44	self.assertEqual(floatformat('foo'), '')
	45	self.assertEqual(floatformat(13.1031, 'bar'), '13.1031')
	46	self.assertEqual(floatformat(18.125, 2), '18.13')
	47	--
	48	2.40.0


diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0002.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0002.patch new file mode 100644 index 0000000000..51cf79ffbd --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0002.patch
@@ -0,0 +1,48 @@
	1	From 4b066bde692078b194709d517b27e55defae787c Mon Sep 17 00:00:00 2001
	2	From: David Wobrock <david.wobrock@gmail.com>
	3	Date: Wed, 18 Jan 2023 22:54:17 +0100
	4	Subject: [PATCH] Fixed #34272 -- Fixed floatformat crash on zero with trailing
	5	zeros to zero decimal places.
	6
	7	Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124.
	8
	9	Thanks Andrii Lahuta for the report.
	10
	11	CVE: CVE-2024-41989
	12
	13	Upstream-Status: Backport [https://github.com/django/django/commit/4b066bde692078b194709d517b27e55defae787c]
	14
	15	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	16	---
	17	django/template/defaultfilters.py \| 2 +-
	18	tests/template_tests/filter_tests/test_floatformat.py \| 2 ++
	19	2 files changed, 3 insertions(+), 1 deletion(-)
	20
	21	diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
	22	index 9ca530c..e72593b 100644
	23	--- a/django/template/defaultfilters.py
	24	+++ b/django/template/defaultfilters.py
	25	@@ -140,7 +140,7 @@ def floatformat(text, arg=-1):
	26	except (ValueError, OverflowError, InvalidOperation):
	27	return input_val
	28
	29	- if not m and p < 0:
	30	+ if not m and p <= 0:
	31	return mark_safe(formats.number_format('%d' % (int(d)), 0))
	32
	33	exp = Decimal(1).scaleb(-abs(p))
	34	diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
	35	index acad66d..538f501 100644
	36	--- a/tests/template_tests/filter_tests/test_floatformat.py
	37	+++ b/tests/template_tests/filter_tests/test_floatformat.py
	38	@@ -65,6 +65,8 @@ class FunctionTests(SimpleTestCase):
	39	self.assertEqual(floatformat(0, 7), '0.0000000')
	40	self.assertEqual(floatformat(0, 10), '0.0000000000')
	41	self.assertEqual(floatformat(0.000000000000000000015, 20), '0.00000000000000000002')
	42	+ self.assertEqual(floatformat("0.00", 0), "0")
	43	+ self.assertEqual(floatformat(Decimal("0.00"), 0), "0")
	44
	45	def test_infinity(self):
	46	pos_inf = float(1e30000)
	47	--
	48	2.40.0


diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0003.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0003.patch new file mode 100644 index 0000000000..649a58f822 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0003.patch
@@ -0,0 +1,57 @@
	1	From dcd974698301a38081c141ccba6dcafa5ed2c80e Mon Sep 17 00:00:00 2001
	2	From: "Panagiotis H.M. Issaris" <takis@issaris.com>
	3	Date: Wed, 22 Feb 2023 20:46:16 +0100
	4	Subject: [PATCH] Fixed #34363 -- Fixed floatformat crash on zero with trailing
	5	zeros.
	6
	7	Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124.
	8	Follow up to 4b066bde692078b194709d517b27e55defae787c.
	9
	10	CVE: CVE-2024-41989
	11
	12	Upstream-Status: Backport [https://github.com/django/django/commit/dcd974698301a38081c141ccba6dcafa5ed2c80e]
	13
	14	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	15	---
	16	django/template/defaultfilters.py \| 3 ++-
	17	tests/template_tests/filter_tests/test_floatformat.py \| 4 ++++
	18	2 files changed, 6 insertions(+), 1 deletion(-)
	19
	20	diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
	21	index e72593b..1aba321 100644
	22	--- a/django/template/defaultfilters.py
	23	+++ b/django/template/defaultfilters.py
	24	@@ -2,7 +2,7 @@
	25	import random as random_module
	26	import re
	27	import types
	28	-from decimal import ROUND_HALF_UP, Context, Decimal, InvalidOperation
	29	+from decimal import ROUND_HALF_UP, Context, Decimal, InvalidOperation, getcontext
	30	from functools import wraps
	31	from operator import itemgetter
	32	from pprint import pformat
	33	@@ -149,6 +149,7 @@ def floatformat(text, arg=-1):
	34	units = len(tupl[1])
	35	units += -tupl[2] if m else tupl[2]
	36	prec = abs(p) + units + 1
	37	+ prec = max(getcontext().prec, prec)
	38
	39	# Avoid conversion to scientific notation by accessing `sign`, `digits`,
	40	# and `exponent` from Decimal.as_tuple() directly.
	41	diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
	42	index 538f501..413ba4b 100644
	43	--- a/tests/template_tests/filter_tests/test_floatformat.py
	44	+++ b/tests/template_tests/filter_tests/test_floatformat.py
	45	@@ -67,6 +67,10 @@ class FunctionTests(SimpleTestCase):
	46	self.assertEqual(floatformat(0.000000000000000000015, 20), '0.00000000000000000002')
	47	self.assertEqual(floatformat("0.00", 0), "0")
	48	self.assertEqual(floatformat(Decimal("0.00"), 0), "0")
	49	+ self.assertEqual(floatformat("0.0000", 2), "0.00")
	50	+ self.assertEqual(floatformat(Decimal("0.0000"), 2), "0.00")
	51	+ self.assertEqual(floatformat("0.000000", 4), "0.0000")
	52	+ self.assertEqual(floatformat(Decimal("0.000000"), 4), "0.0000")
	53
	54	def test_infinity(self):
	55	pos_inf = float(1e30000)
	56	--
	57	2.40.0


diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch new file mode 100644 index 0000000000..1cd99df8b2 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch
@@ -0,0 +1,81 @@
	1	From fc76660f589ac07e45e9cd34ccb8087aeb11904b Mon Sep 17 00:00:00 2001
	2	From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
	3	Date: Fri, 12 Jul 2024 11:38:34 +0200
	4	Subject: [PATCH] [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory
	5	consumption in floatformat.
	6
	7	Thanks Elias Myllymäki for the report.
	8
	9	Co-authored-by: Shai Berger <shai@platonix.com>
	10
	11	CVE: CVE-2024-41989
	12
	13	Upstream-Status: Backport [https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b]
	14
	15	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	16	---
	17	django/template/defaultfilters.py \| 13 +++++++++++++
	18	.../filter_tests/test_floatformat.py \| 17 +++++++++++++++++
	19	2 files changed, 30 insertions(+)
	20
	21	diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
	22	index a1d77f5..4884852 100644
	23	--- a/django/template/defaultfilters.py
	24	+++ b/django/template/defaultfilters.py
	25	@@ -135,6 +135,19 @@ def floatformat(text, arg=-1):
	26	except ValueError:
	27	return input_val
	28
	29	+ _, digits, exponent = d.as_tuple()
	30	+ try:
	31	+ number_of_digits_and_exponent_sum = len(digits) + abs(exponent)
	32	+ except TypeError:
	33	+ # Exponent values can be "F", "n", "N".
	34	+ number_of_digits_and_exponent_sum = 0
	35	+
	36	+ # Values with more than 200 digits, or with a large exponent, are returned "as is"
	37	+ # to avoid high memory consumption and potential denial-of-service attacks.
	38	+ # The cut-off of 200 is consistent with django.utils.numberformat.floatformat().
	39	+ if number_of_digits_and_exponent_sum > 200:
	40	+ return input_val
	41	+
	42	try:
	43	m = int(d) - d
	44	except (ValueError, OverflowError, InvalidOperation):
	45	diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py
	46	index cfc3eaf..bd0a998 100644
	47	--- a/tests/template_tests/filter_tests/test_floatformat.py
	48	+++ b/tests/template_tests/filter_tests/test_floatformat.py
	49	@@ -55,6 +55,7 @@ class FunctionTests(SimpleTestCase):
	50	self.assertEqual(floatformat(1.5e-15, 20), '0.00000000000000150000')
	51	self.assertEqual(floatformat(1.5e-15, -20), '0.00000000000000150000')
	52	self.assertEqual(floatformat(1.00000000000000015, 16), '1.0000000000000002')
	53	+ self.assertEqual(floatformat("1e199"), "1" + "0" * 199)
	54
	55	def test_zero_values(self):
	56	self.assertEqual(floatformat(0, 6), '0.000000')
	57	@@ -68,6 +69,22 @@ class FunctionTests(SimpleTestCase):
	58	self.assertEqual(floatformat(pos_inf), 'inf')
	59	self.assertEqual(floatformat(neg_inf), '-inf')
	60	self.assertEqual(floatformat(pos_inf / pos_inf), 'nan')
	61	+ self.assertEqual(floatformat("inf"), "inf")
	62	+ self.assertEqual(floatformat("NaN"), "NaN")
	63	+
	64	+ def test_too_many_digits_to_render(self):
	65	+ cases = [
	66	+ "1e200",
	67	+ "1E200",
	68	+ "1E10000000000000000",
	69	+ "-1E10000000000000000",
	70	+ "1e10000000000000000",
	71	+ "-1e10000000000000000",
	72	+ "1" + "0" * 1_000_000,
	73	+ ]
	74	+ for value in cases:
	75	+ with self.subTest(value=value):
	76	+ self.assertEqual(floatformat(value), value)
	77
	78	def test_float_dunder_method(self):
	79	class FloatWrapper:
	80	--
	81	2.40.0