Accepting request 1004684 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1004684 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=22
This commit is contained in:
commit
cb4bb1e48d
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Sep 18 08:48:51 UTC 2022 - Andreas Schwab <schwab@suse.de>
|
||||||
|
|
||||||
|
- test-int-timing.patch: gh-96710: Make the test timing more lenient for
|
||||||
|
the int/str DoS regression test. (#96717)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Sep 11 08:32:53 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
Sun Sep 11 08:32:53 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
@ -169,6 +169,8 @@ Patch36: support-expat-CVE-2022-25236-patched.patch
|
|||||||
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com
|
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com
|
||||||
# avoid the command injection in the mailcap module.
|
# avoid the command injection in the mailcap module.
|
||||||
Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch
|
Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch
|
||||||
|
# PATCH-FIX-UPSTREAM gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717)
|
||||||
|
Patch38: test-int-timing.patch
|
||||||
BuildRequires: autoconf-archive
|
BuildRequires: autoconf-archive
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
@ -438,6 +440,7 @@ other applications.
|
|||||||
%patch35 -p1
|
%patch35 -p1
|
||||||
%patch36 -p1
|
%patch36 -p1
|
||||||
%patch37 -p1
|
%patch37 -p1
|
||||||
|
%patch38 -p1
|
||||||
|
|
||||||
# drop Autoconf version requirement
|
# drop Autoconf version requirement
|
||||||
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
||||||
|
78
test-int-timing.patch
Normal file
78
test-int-timing.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
From 11e3548fd1d3445ccde971d613633b58d73c3016 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Gregory P. Smith" <greg@krypto.org>
|
||||||
|
Date: Fri, 9 Sep 2022 12:51:34 -0700
|
||||||
|
Subject: [PATCH] gh-96710: Make the test timing more lenient for the int/str
|
||||||
|
DoS regression test. (#96717)
|
||||||
|
|
||||||
|
A regression would still absolutely fail and even a flaky pass isn't
|
||||||
|
harmful as it'd fail most of the time across our N system test runs.
|
||||||
|
|
||||||
|
Windows has a low resolution timer and CI systems are prone to odd
|
||||||
|
timing so this just gives more leeway to avoid flakiness.
|
||||||
|
---
|
||||||
|
Lib/test/test_int.py | 14 ++++++++------
|
||||||
|
1 file changed, 8 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Lib/test/test_int.py b/Lib/test/test_int.py
|
||||||
|
index 800c0b006c..c972b8afb4 100644
|
||||||
|
--- a/Lib/test/test_int.py
|
||||||
|
+++ b/Lib/test/test_int.py
|
||||||
|
@@ -650,7 +650,8 @@ def test_denial_of_service_prevented_int_to_str(self):
|
||||||
|
self.assertEqual(len(huge_decimal), digits)
|
||||||
|
# Ensuring that we chose a slow enough conversion to measure.
|
||||||
|
# It takes 0.1 seconds on a Zen based cloud VM in an opt build.
|
||||||
|
- if seconds_to_convert < 0.005:
|
||||||
|
+ # Some OSes have a low res 1/64s timer, skip if hard to measure.
|
||||||
|
+ if seconds_to_convert < 1/64:
|
||||||
|
raise unittest.SkipTest('"slow" conversion took only '
|
||||||
|
f'{seconds_to_convert} seconds.')
|
||||||
|
|
||||||
|
@@ -662,7 +663,7 @@ def test_denial_of_service_prevented_int_to_str(self):
|
||||||
|
str(huge_int)
|
||||||
|
seconds_to_fail_huge = get_time() - start
|
||||||
|
self.assertIn('conversion', str(err.exception))
|
||||||
|
- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
|
||||||
|
+ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
|
||||||
|
|
||||||
|
# Now we test that a conversion that would take 30x as long also fails
|
||||||
|
# in a similarly fast fashion.
|
||||||
|
@@ -673,7 +674,7 @@ def test_denial_of_service_prevented_int_to_str(self):
|
||||||
|
str(extra_huge_int)
|
||||||
|
seconds_to_fail_extra_huge = get_time() - start
|
||||||
|
self.assertIn('conversion', str(err.exception))
|
||||||
|
- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
|
||||||
|
+ self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/2)
|
||||||
|
|
||||||
|
def test_denial_of_service_prevented_str_to_int(self):
|
||||||
|
"""Regression test: ensure we fail before performing O(N**2) work."""
|
||||||
|
@@ -691,7 +692,8 @@ def test_denial_of_service_prevented_str_to_int(self):
|
||||||
|
seconds_to_convert = get_time() - start
|
||||||
|
# Ensuring that we chose a slow enough conversion to measure.
|
||||||
|
# It takes 0.1 seconds on a Zen based cloud VM in an opt build.
|
||||||
|
- if seconds_to_convert < 0.005:
|
||||||
|
+ # Some OSes have a low res 1/64s timer, skip if hard to measure.
|
||||||
|
+ if seconds_to_convert < 1/64:
|
||||||
|
raise unittest.SkipTest('"slow" conversion took only '
|
||||||
|
f'{seconds_to_convert} seconds.')
|
||||||
|
|
||||||
|
@@ -701,7 +703,7 @@ def test_denial_of_service_prevented_str_to_int(self):
|
||||||
|
int(huge)
|
||||||
|
seconds_to_fail_huge = get_time() - start
|
||||||
|
self.assertIn('conversion', str(err.exception))
|
||||||
|
- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
|
||||||
|
+ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
|
||||||
|
|
||||||
|
# Now we test that a conversion that would take 30x as long also fails
|
||||||
|
# in a similarly fast fashion.
|
||||||
|
@@ -712,7 +714,7 @@ def test_denial_of_service_prevented_str_to_int(self):
|
||||||
|
int(extra_huge)
|
||||||
|
seconds_to_fail_extra_huge = get_time() - start
|
||||||
|
self.assertIn('conversion', str(err.exception))
|
||||||
|
- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
|
||||||
|
+ self.assertLessEqual(seconds_to_fail_extra_huge, seconds_to_convert/2)
|
||||||
|
|
||||||
|
def test_power_of_two_bases_unlimited(self):
|
||||||
|
"""The limit does not apply to power of 2 bases."""
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
Loading…
Reference in New Issue
Block a user