From 1bf3058aba6daf3b4e34521798da32b01cb5f2de4fb4cbcb80f7b6ff8ca9910b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 2 Jul 2025 16:13:50 +0000 Subject: [PATCH] Fix tests OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=189 --- CVE-2025-6069-quad-complex-HTMLParser.patch | 33 +++++++++++---------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/CVE-2025-6069-quad-complex-HTMLParser.patch b/CVE-2025-6069-quad-complex-HTMLParser.patch index c044f5f..1a731c8 100644 --- a/CVE-2025-6069-quad-complex-HTMLParser.patch +++ b/CVE-2025-6069-quad-complex-HTMLParser.patch @@ -10,16 +10,16 @@ comments and declarations are automatically closed, tags are ignored. Co-authored-by: Serhiy Storchaka --- - Lib/html/parser.py | 41 ++++++-- - Lib/test/test_htmlparser.py | 49 +++++++--- + Lib/html/parser.py | 41 +++++--- + Lib/test/test_htmlparser.py | 51 +++++++--- Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst | 4 - 3 files changed, 73 insertions(+), 21 deletions(-) + 3 files changed, 74 insertions(+), 22 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst Index: Python-3.11.13/Lib/html/parser.py =================================================================== ---- Python-3.11.13.orig/Lib/html/parser.py 2025-07-02 17:11:09.096534277 +0200 -+++ Python-3.11.13/Lib/html/parser.py 2025-07-02 17:11:16.977433541 +0200 +--- Python-3.11.13.orig/Lib/html/parser.py 2025-07-02 18:12:07.084569398 +0200 ++++ Python-3.11.13/Lib/html/parser.py 2025-07-02 18:12:12.582519793 +0200 @@ -25,6 +25,7 @@ charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]') @@ -85,8 +85,8 @@ Index: Python-3.11.13/Lib/html/parser.py match = charref.match(rawdata, i) Index: Python-3.11.13/Lib/test/test_htmlparser.py =================================================================== ---- Python-3.11.13.orig/Lib/test/test_htmlparser.py 2025-07-02 17:11:10.487699349 +0200 -+++ Python-3.11.13/Lib/test/test_htmlparser.py 2025-07-02 17:12:43.419502465 +0200 +--- Python-3.11.13.orig/Lib/test/test_htmlparser.py 2025-07-02 18:12:08.523658593 +0200 ++++ Python-3.11.13/Lib/test/test_htmlparser.py 2025-07-02 18:13:32.674943007 +0200 @@ -4,6 +4,8 @@ import pprint import unittest @@ -141,14 +141,17 @@ Index: Python-3.11.13/Lib/test/test_htmlparser.py def test_slashes_in_starttag(self): self._run_check('', [('startendtag', 'a', [('foo', 'var')])]) -@@ -544,6 +552,7 @@ - '' - '') - expected = [ -+ ('comment', 'ELEMENT br EMPTY'), - ('comment', ' not really a comment '), - ('comment', ' not a comment either --'), +@@ -549,8 +557,9 @@ ('comment', ' -- close enough --'), + ('comment', ''), + ('comment', '<-- this was an empty comment'), +- ('comment', '!! another bogus comment !!!'), ++ ('comment', '!! another bogus comment !!!') + ] ++ + self._run_check(html, expected) + + def test_broken_condcoms(self): @@ -598,6 +607,26 @@ ('endtag', 'a'), ('data', ' bar & baz')] ) @@ -179,7 +182,7 @@ Index: Python-3.11.13/Lib/test/test_htmlparser.py Index: Python-3.11.13/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.13/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst 2025-07-02 17:11:16.978605629 +0200 ++++ Python-3.11.13/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst 2025-07-02 18:12:12.583386736 +0200 @@ -0,0 +1,4 @@ +Fix quadratic complexity in processing specially crafted input in +:class:`html.parser.HTMLParser`. End-of-file errors are now handled according