Matej Cepl
8e56b3482c
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
and str in bases other than 2 (binary), 4, 8 (octal), 16
(hexadecimal), or 32 such as base 10 (decimal) now raises
a ValueError if the number of digits in string form is above
a limit to avoid potential denial of service attacks due to
the algorithmic complexity.
- Other bug fixes:
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes.
- Fix format string in _PyPegen_raise_error_known_location
that can lead to memory corruption on some 64bit systems.
The function was building a tuple with i (int) instead of
n (Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- coroutine.throw() now properly initializes the frame.f_back
when resuming a stack of coroutines. This allows e.g.
traceback.print_stack() to work correctly when an exception
(such as CancelledError) is thrown into a coroutine.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less
than (3, 8).
- Correct conversion of numbers.Rational’s to float.
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Update bundled pip to 22.2.2.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=56
76 lines
3.0 KiB
Diff
76 lines
3.0 KiB
Diff
From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001
|
||
From: "Miss Islington (bot)"
|
||
<31488909+miss-islington@users.noreply.github.com>
|
||
Date: Mon, 21 Feb 2022 08:16:09 -0800
|
||
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
|
||
(GH-31472)
|
||
|
||
Curly brackets were never allowed in namespace URIs
|
||
according to RFC 3986, and so-called namespace-validating
|
||
XML parsers have the right to reject them a invalid URIs.
|
||
|
||
libexpat >=2.4.5 has become strcter in that regard due to
|
||
related security issues; with ET.XML instantiating a
|
||
namespace-aware parser under the hood, this test has no
|
||
future in CPython.
|
||
|
||
References:
|
||
- https://datatracker.ietf.org/doc/html/rfc3968
|
||
- https://www.w3.org/TR/xml-names/
|
||
|
||
Also, test_minidom.py: Support Expat >=2.4.5
|
||
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
|
||
|
||
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
|
||
---
|
||
Lib/test/test_minidom.py | 23 +++++++++--------------
|
||
1 file changed, 9 insertions(+), 14 deletions(-)
|
||
create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
|
||
|
||
--- a/Lib/test/test_minidom.py
|
||
+++ b/Lib/test/test_minidom.py
|
||
@@ -6,7 +6,6 @@ import io
|
||
from test import support
|
||
import unittest
|
||
|
||
-import pyexpat
|
||
import xml.dom.minidom
|
||
|
||
from xml.dom.minidom import parse, Attr, Node, Document, parseString
|
||
@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase):
|
||
|
||
# Verify that character decoding errors raise exceptions instead
|
||
# of crashing
|
||
- if pyexpat.version_info >= (2, 4, 5):
|
||
- self.assertRaises(ExpatError, parseString,
|
||
- b'<fran\xe7ais></fran\xe7ais>')
|
||
- self.assertRaises(ExpatError, parseString,
|
||
- b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
|
||
- else:
|
||
- self.assertRaises(UnicodeDecodeError, parseString,
|
||
+ # It doesn’t make any sense to insist on the exact text of the
|
||
+ # error message, or even the exact Exception … it is enough that
|
||
+ # the error has been discovered.
|
||
+ with self.assertRaises((UnicodeDecodeError, ExpatError)):
|
||
+ parseString(
|
||
b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
|
||
|
||
doc.unlink()
|
||
@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase):
|
||
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
|
||
|
||
def testExceptionOnSpacesInXMLNSValue(self):
|
||
- if pyexpat.version_info >= (2, 4, 5):
|
||
- context = self.assertRaisesRegex(ExpatError, 'syntax error')
|
||
- else:
|
||
- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
|
||
-
|
||
- with context:
|
||
+ # It doesn’t make any sense to insist on the exact text of the
|
||
+ # error message, or even the exact Exception … it is enough that
|
||
+ # the error has been discovered.
|
||
+ with self.assertRaises((ExpatError, ValueError)):
|
||
parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>')
|
||
|
||
def testDocRemoveChild(self):
|