From 37ecd27cc87ccc86418286738cc8d77b0615f17b3ca49956509a0b25c3eb13e7 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 30 Apr 2024 15:37:14 +0000 Subject: [PATCH] Update CVE-2023-52425-libexpat-2.6.0-backport.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=122 --- CVE-2023-52425-libexpat-2.6.0-backport.patch | 211 +++++++++++++++---- 1 file changed, 169 insertions(+), 42 deletions(-) diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch index 6600f2c..6238018 100644 --- a/CVE-2023-52425-libexpat-2.6.0-backport.patch +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -1,57 +1,184 @@ -Index: Python-3.11.9/Lib/test/test_xml_etree.py -=================================================================== ---- Python-3.11.9.orig/Lib/test/test_xml_etree.py -+++ Python-3.11.9/Lib/test/test_xml_etree.py -@@ -1424,9 +1424,13 @@ class XMLPullParserTest(unittest.TestCas - self.assert_event_tags(parser, [('end', 'root')]) - self.assertIsNone(parser.close()) +--- + Lib/test/support/__init__.py | 9 ++++++++- + Lib/test/test_pyexpat.py | 8 ++++---- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 +++++------- + 4 files changed, 26 insertions(+), 21 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0" + ] -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Fail with patched version of Expat {pyexpat.version_info}') - def test_simple_xml_chunk_1(self): - self.test_simple_xml(chunk_size=1, flush=True) -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Fail with patched version of Expat {pyexpat.version_info}') - def test_simple_xml_chunk_5(self): - self.test_simple_xml(chunk_size=5, flush=True) +@@ -2243,3 +2244,9 @@ def copy_python_src_ignore(path, names): + #Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++_null_pyexpat_parser=pyexpat.ParserCreate() ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if hasattr(_null_pyexpat_parser, 'GetReparseDeferralEnabled') else ++ lambda test: test) +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors -@@ -1651,6 +1655,9 @@ class XMLPullParserTest(unittest.TestCas +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, fails_with_expat_2_6_0 - self.assert_event_tags(parser, [('end', 'doc')]) + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -793,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Expat {pyexpat.version_info} does not ' -+ 'support reparse deferral') - def test_flush_reparse_deferral_disabled(self): - parser = ET.XMLPullParser(events=('start', 'end')) + self.assertEqual(started, ['doc']) -Index: Python-3.11.9/Lib/test/test_sax.py -=================================================================== ---- Python-3.11.9.orig/Lib/test/test_sax.py -+++ Python-3.11.9/Lib/test/test_sax.py -@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase): ++ @fails_with_expat_2_6_0 + def test_reparse_deferral_disabled(self): + started = [] + +@@ -800,9 +800,9 @@ class ReparseDeferralTest(unittest.TestC + started.append(name) + + parser = expat.ParserCreate() ++ self.assertTrue(hasattr(parser, 'GetReparseDeferralEnabled')) + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): +- parser.SetReparseDeferralEnabled(False) ++ parser.SetReparseDeferralEnabled(False) + self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, fails_with_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,9 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') ++ @fails_with_expat_2_6_0 + def test_flush_reparse_deferral_enabled(self): + result = BytesIO() + xmlgen = XMLGenerator(result) +@@ -1227,6 +1223,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + ++ self.assertTrue(hasattr(parser._parser, 'GetReparseDeferralEnabled')) ++ + self.assertEqual(result.getvalue(), start) # i.e. no elements started + self.assertTrue(parser._parser.GetReparseDeferralEnabled()) + +@@ -1240,6 +1238,7 @@ class ExpatReaderTest(XmlTestBase): self.assertEqual(result.getvalue(), start + b"") -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Expat {pyexpat.version_info} does not ' -+ 'support reparse deferral') ++ @fails_with_expat_2_6_0 def test_flush_reparse_deferral_disabled(self): result = BytesIO() xmlgen = XMLGenerator(result) -Index: Python-3.11.9/Lib/test/test_pyexpat.py -=================================================================== ---- Python-3.11.9.orig/Lib/test/test_pyexpat.py -+++ Python-3.11.9/Lib/test/test_pyexpat.py -@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC - self.assertEqual(started, ['doc']) +@@ -1249,9 +1248,10 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) - def test_reparse_deferral_disabled(self): -+ if expat.version_info < (2, 6, 0): -+ self.skipTest(f'Expat {expat.version_info} does not ' -+ 'support reparse deferral') +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ self.assertTrue(hasattr(parser._parser, 'SetReparseDeferralEnabled')) + - started = [] ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started - def start_element(name, _): + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -26,7 +25,7 @@ from itertools import product, islice + from test import support + from test.support import os_helper + from test.support import warnings_helper +-from test.support import findfile, gc_collect, swap_attr, swap_item ++from test.support import findfile, gc_collect, swap_attr, swap_item, fails_with_expat_2_6_0 + from test.support.import_helper import import_fresh_module + from test.support.os_helper import TESTFN + +@@ -1424,9 +1423,11 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_1(self): + self.test_simple_xml(chunk_size=1, flush=True) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_5(self): + self.test_simple_xml(chunk_size=5, flush=True) + +@@ -1627,9 +1628,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') ++ @fails_with_expat_2_6_0 + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1651,13 +1650,12 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @fails_with_expat_2_6_0 + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C')