pool/python39
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Fix building of documentation and the universal configuration of the

Browse Source 
%primary_interpreter.
- (bsc#1196784, CVE-2022-25236) Rename patch:
  support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
  and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
  as it was fully patched against CVE-2022-25236.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=103
This commit is contained in:
Matej Cepl 2022-06-10 18:01:18 +00:00 committed by Git OBS Bridge
parent c65f6c6577
commit 2253eadce9
4 changed files with 67 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
python39.changes
View File

@ -4,6 +4,12 @@ Thu Jun 9 16:43:30 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Fix building of documentation and the universal configuration of the
%primary_interpreter.
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.
-------------------------------------------------------------------
Fri May 20 14:18:15 UTC 2022 - Matej Cepl <mcepl@suse.com>

22
python39.spec
View File

@ -51,7 +51,11 @@
%define python_pkg_name python39
# Will provide the python3-* provides
# Will do the /usr/bin/python3 and all the core links
%define primary_interpreter 0
%if 0%{?sle_version} || 0%{?suse_version} >= 1550
%define primary_interpreter 0
%else
%define primary_interpreter 1
%endif
# We don't process beta signs well
%define folderversion 3.9.13
%define tarname Python-%{tarversion}
@ -151,9 +155,9 @@ Patch33: no-skipif-doctests.patch
# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com
# skip a test failing on SLE-15
Patch34: skip-test_pyobject_freed_is_freed.patch
# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mcepl@suse.com
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
# Makes Python resilient to changes of API of libexpat
Patch35: support-expat-245.patch
Patch35: support-expat-CVE-2022-25236-patched.patch
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com
# avoid the command injection in the mailcap module.
Patch36: CVE-2015-20107-mailcap-unsafe-filenames.patch
@ -184,12 +188,12 @@ BuildRequires: pkgconfig(libtirpc)
BuildRequires: mpdecimal-devel
%endif
%if %{with doc}
%if 0%{?suse_version} >= 1550
BuildRequires: %{python_pkg_name}-Sphinx
BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1
%else
%if 0%{?sle_version} && 0%{?sle_version} <= 150300
BuildRequires: python3-Sphinx
BuildRequires: python3-python-docs-theme >= 2022.1
%else
BuildRequires: %{python_pkg_name}-Sphinx
BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1
%endif
%endif
%if %{with general}
@ -407,10 +411,8 @@ other applications.
%patch25 -p1
%patch29 -p1
%patch32 -p1
%if 0%{?suse_version} <= 1500
%patch33 -p1
%endif
%if 0%{?sle_version} && 0%{?sle_version} <= 150300
%patch33 -p1
%patch34 -p1
%endif
%if %{with mpdecimal}

75
support-expat-245.patch
View File

@ -1,75 +0,0 @@
From d4f5bb912e67299b59b814b89a5afd9a8821a14e Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com>
Date: Mon, 21 Feb 2022 11:03:08 -0800
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
(GH-31471)
Curly brackets were never allowed in namespace URIs
according to RFC 3986, and so-called namespace-validating
XML parsers have the right to reject them a invalid URIs.
libexpat >=2.4.5 has become strcter in that regard due to
related security issues; with ET.XML instantiating a
namespace-aware parser under the hood, this test has no
future in CPython.
References:
- https://datatracker.ietf.org/doc/html/rfc3968
- https://www.w3.org/TR/xml-names/
Also, test_minidom.py: Support Expat >=2.4.5
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
---
Lib/test/test_minidom.py | 13 ++++------
Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1
2 files changed, 7 insertions(+), 7 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -6,12 +6,11 @@ import io
from test import support
import unittest
-import pyexpat
+import xml.parsers.expat
import xml.dom.minidom
from xml.dom.minidom import parse, Node, Document, parseString
from xml.dom.minidom import getDOMImplementation
-from xml.parsers.expat import ExpatError
tstfile = support.findfile("test.xml", subdir="xmltestdata")
@@ -1149,10 +1148,10 @@ class MinidomTest(unittest.TestCase):
# Verify that character decoding errors raise exceptions instead
# of crashing
- if pyexpat.version_info >= (2, 4, 5):
- self.assertRaises(ExpatError, parseString,
+ if xml.parsers.expat.version_info >= (2, 4, 4):
+ self.assertRaises(xml.parsers.expat.ExpatError, parseString,
b'<fran\xe7ais></fran\xe7ais>')
- self.assertRaises(ExpatError, parseString,
+ self.assertRaises(xml.parsers.expat.ExpatError, parseString,
b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
else:
self.assertRaises(UnicodeDecodeError, parseString,
@@ -1617,8 +1616,8 @@ class MinidomTest(unittest.TestCase):
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
def testExceptionOnSpacesInXMLNSValue(self):
- if pyexpat.version_info >= (2, 4, 5):
- context = self.assertRaisesRegex(ExpatError, 'syntax error')
+ if xml.parsers.expat.version_info >= (2, 4, 4):
+ context = self.assertRaisesRegex(xml.parsers.expat.ExpatError, 'syntax error')
else:
context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
@@ -0,0 +1 @@
+Make test suite support Expat >=2.4.5

49
support-expat-CVE-2022-25236-patched.patch Normal file
View File

@ -0,0 +1,49 @@
From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com>
Date: Mon, 21 Feb 2022 08:16:09 -0800
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
(GH-31472)
Curly brackets were never allowed in namespace URIs
according to RFC 3986, and so-called namespace-validating
XML parsers have the right to reject them a invalid URIs.
libexpat >=2.4.5 has become strcter in that regard due to
related security issues; with ET.XML instantiating a
namespace-aware parser under the hood, this test has no
future in CPython.
References:
- https://datatracker.ietf.org/doc/html/rfc3968
- https://www.w3.org/TR/xml-names/
Also, test_minidom.py: Support Expat >=2.4.5
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
---
Lib/test/test_minidom.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -1149,7 +1149,7 @@ class MinidomTest(unittest.TestCase):
# Verify that character decoding errors raise exceptions instead
# of crashing
- if pyexpat.version_info >= (2, 4, 5):
+ if pyexpat.version_info >= (2, 4, 4):
self.assertRaises(ExpatError, parseString,
b'<fran\xe7ais></fran\xe7ais>')
self.assertRaises(ExpatError, parseString,
@@ -1617,7 +1617,7 @@ class MinidomTest(unittest.TestCase):
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
def testExceptionOnSpacesInXMLNSValue(self):
- if pyexpat.version_info >= (2, 4, 5):
+ if pyexpat.version_info >= (2, 4, 4):
context = self.assertRaisesRegex(ExpatError, 'syntax error')
else:
context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')