From e7723bea0121d19ac1849a7c8b12713b8958964bfa1d4547e78fbba037e1e889 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 15 Feb 2024 12:59:08 +0000 Subject: [PATCH] Accepting request 1146789 from home:dgarcia:branches:devel:languages:python:Factory - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115288 OBS-URL: https://build.opensuse.org/request/show/1146789 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=35 --- libexpat260.patch | 107 ++++++++++++++++++++++++++++++++++++++++++++++ python312.changes | 6 +++ python312.spec | 4 ++ 3 files changed, 117 insertions(+) create mode 100644 libexpat260.patch diff --git a/libexpat260.patch b/libexpat260.patch new file mode 100644 index 0000000..4e38aab --- /dev/null +++ b/libexpat260.patch @@ -0,0 +1,107 @@ +From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Sun, 11 Feb 2024 12:08:39 +0200 +Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 + (GH-115164) + +Feeding the parser by too small chunks defers parsing to prevent +CVE-2023-52425. Future versions of Expat may be more reactive. +(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) + +Co-authored-by: Serhiy Storchaka +--- + Lib/test/test_xml_etree.py | 58 ++++++++++++------- + ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 + + 2 files changed, 38 insertions(+), 22 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst + +Index: Python-3.12.2/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.12.2.orig/Lib/test/test_xml_etree.py ++++ Python-3.12.2/Lib/test/test_xml_etree.py +@@ -13,6 +13,7 @@ import itertools + import operator + import os + import pickle ++import pyexpat + import sys + import textwrap + import types +@@ -120,6 +121,10 @@ ATTLIST_XML = """\ + + """ + ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if pyexpat.version_info >= (2, 6, 0) else ++ lambda test: test) ++ + def checkwarnings(*filters, quiet=False): + def decorator(test): + def newtest(*args, **kwargs): +@@ -1400,28 +1405,37 @@ class XMLPullParserTest(unittest.TestCas + self.assertEqual([(action, elem.tag) for action, elem in events], + expected) + +- def test_simple_xml(self): +- for chunk_size in (None, 1, 5): +- with self.subTest(chunk_size=chunk_size): +- parser = ET.XMLPullParser() +- self.assert_event_tags(parser, []) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, []) +- self._feed(parser, +- "\n text\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'element')]) +- self._feed(parser, "texttail\n", chunk_size) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [ +- ('end', 'element'), +- ('end', 'empty-element'), +- ]) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'root')]) +- self.assertIsNone(parser.close()) ++ def test_simple_xml(self, chunk_size=None): ++ parser = ET.XMLPullParser() ++ self.assert_event_tags(parser, []) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, []) ++ self._feed(parser, ++ "\n text\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'element')]) ++ self._feed(parser, "texttail\n", chunk_size) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [ ++ ('end', 'element'), ++ ('end', 'empty-element'), ++ ]) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'root')]) ++ self.assertIsNone(parser.close()) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_1(self): ++ self.test_simple_xml(chunk_size=1) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_5(self): ++ self.test_simple_xml(chunk_size=5) ++ ++ def test_simple_xml_chunk_22(self): ++ self.test_simple_xml(chunk_size=22) + + def test_feed_while_iterating(self): + parser = ET.XMLPullParser() +Index: Python-3.12.2/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +=================================================================== +--- /dev/null ++++ Python-3.12.2/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +@@ -0,0 +1,2 @@ ++Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat ++2.6.0. diff --git a/python312.changes b/python312.changes index 94c585b..9d306c4 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115288 + ------------------------------------------------------------------- Mon Feb 12 13:32:43 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index 3251a8d..aeb63d0 100644 --- a/python312.spec +++ b/python312.spec @@ -160,6 +160,9 @@ Patch35: fix_configure_rst.patch # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch36: CVE-2023-27043-email-parsing-errors.patch +# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115288 +# Fix tests for XMLPullParser with Expat 2.6.0 +Patch37: libexpat260.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -428,6 +431,7 @@ other applications. # %%endif %patch -P 35 -p1 %patch -P 36 -p1 +%patch -P 37 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac