forked from pool/python311
Update the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=181
This commit is contained in:
Git OBS Bridge
@@ -30,11 +30,9 @@ Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
||||
8 files changed, 197 insertions(+), 56 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst
|
||||
|
||||
Index: Python-3.11.12/Include/cpython/bytesobject.h
|
||||
===================================================================
|
||||
--- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-05-27 16:12:54.739976905 +0200
|
||||
+++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-27 16:13:11.519989563 +0200
|
||||
@@ -25,6 +25,10 @@
|
||||
--- a/Include/cpython/bytesobject.h
|
||||
+++ b/Include/cpython/bytesobject.h
|
||||
@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex(
|
||||
int use_bytearray);
|
||||
|
||||
/* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */
|
||||
@@ -45,11 +43,9 @@ Index: Python-3.11.12/Include/cpython/bytesobject.h
|
||||
PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t,
|
||||
const char *, const char **);
|
||||
|
||||
Index: Python-3.11.12/Include/cpython/unicodeobject.h
|
||||
===================================================================
|
||||
--- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-05-27 16:12:54.739976905 +0200
|
||||
+++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-27 16:13:11.520156067 +0200
|
||||
@@ -914,6 +914,19 @@
|
||||
--- a/Include/cpython/unicodeobject.h
|
||||
+++ b/Include/cpython/unicodeobject.h
|
||||
@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU
|
||||
);
|
||||
/* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape
|
||||
chars. */
|
||||
@@ -69,10 +65,8 @@ Index: Python-3.11.12/Include/cpython/unicodeobject.h
|
||||
PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal(
|
||||
const char *string, /* Unicode-Escape encoded string */
|
||||
Py_ssize_t length, /* size of string */
|
||||
Index: Python-3.11.12/Lib/test/test_codeccallbacks.py
|
||||
===================================================================
|
||||
--- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:12:54.739976905 +0200
|
||||
+++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-27 16:13:11.520378996 +0200
|
||||
--- a/Lib/test/test_codeccallbacks.py
|
||||
+++ b/Lib/test/test_codeccallbacks.py
|
||||
@@ -1,6 +1,7 @@
|
||||
import codecs
|
||||
import html.entities
|
||||
@@ -81,7 +75,7 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py
|
||||
import sys
|
||||
import unicodedata
|
||||
import unittest
|
||||
@@ -1124,7 +1125,7 @@
|
||||
@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas
|
||||
text = 'abc<def>ghi'*n
|
||||
text.translate(charmap)
|
||||
|
||||
@@ -90,7 +84,7 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py
|
||||
baddata = [
|
||||
("ascii", b"\xff"),
|
||||
("utf-7", b"++"),
|
||||
@@ -1159,6 +1160,42 @@
|
||||
@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas
|
||||
for (encoding, data) in baddata:
|
||||
self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242")
|
||||
|
||||
@@ -133,11 +127,9 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py
|
||||
# issue32583
|
||||
def test_crashing_decode_handler(self):
|
||||
# better generating one more character to fill the extra space slot
|
||||
Index: Python-3.11.12/Lib/test/test_codecs.py
|
||||
===================================================================
|
||||
--- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-27 16:12:54.739976905 +0200
|
||||
+++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-27 16:13:11.520814977 +0200
|
||||
@@ -1198,23 +1198,39 @@
|
||||
--- a/Lib/test/test_codecs.py
|
||||
+++ b/Lib/test/test_codecs.py
|
||||
@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase
|
||||
check(br"[\1010]", b"[A0]")
|
||||
check(br"[\x41]", b"[A]")
|
||||
check(br"[\x410]", b"[A0]")
|
||||
@@ -182,7 +174,7 @@ Index: Python-3.11.12/Lib/test/test_codecs.py
|
||||
def test_errors(self):
|
||||
decode = codecs.escape_decode
|
||||
self.assertRaises(ValueError, decode, br"\x")
|
||||
@@ -2487,24 +2503,40 @@
|
||||
@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte
|
||||
check(br"[\x410]", "[A0]")
|
||||
check(br"\u20ac", "\u20ac")
|
||||
check(br"\U0001d120", "\U0001d120")
|
||||
@@ -228,18 +220,14 @@ Index: Python-3.11.12/Lib/test/test_codecs.py
|
||||
def test_decode_errors(self):
|
||||
decode = codecs.unicode_escape_decode
|
||||
for c, d in (b'x', 2), (b'u', 4), (b'U', 4):
|
||||
Index: Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:13:11.521185394 +0200
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst
|
||||
@@ -0,0 +1,2 @@
|
||||
+Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error
|
||||
+handler.
|
||||
Index: Python-3.11.12/Objects/bytesobject.c
|
||||
===================================================================
|
||||
--- Python-3.11.12.orig/Objects/bytesobject.c 2025-05-27 16:12:54.739976905 +0200
|
||||
+++ Python-3.11.12/Objects/bytesobject.c 2025-05-27 16:13:11.521614202 +0200
|
||||
@@ -1057,10 +1057,11 @@
|
||||
--- a/Objects/bytesobject.c
|
||||
+++ b/Objects/bytesobject.c
|
||||
@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py
|
||||
}
|
||||
|
||||
/* Unescape a backslash-escaped string. */
|
||||
@@ -253,7 +241,7 @@ Index: Python-3.11.12/Objects/bytesobject.c
|
||||
{
|
||||
int c;
|
||||
char *p;
|
||||
@@ -1074,7 +1075,8 @@
|
||||
@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch
|
||||
return NULL;
|
||||
writer.overallocate = 1;
|
||||
|
||||
@@ -263,7 +251,7 @@ Index: Python-3.11.12/Objects/bytesobject.c
|
||||
|
||||
end = s + len;
|
||||
while (s < end) {
|
||||
@@ -1112,9 +1114,10 @@
|
||||
@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch
|
||||
c = (c<<3) + *s++ - '0';
|
||||
}
|
||||
if (c > 0377) {
|
||||
@@ -277,7 +265,7 @@ Index: Python-3.11.12/Objects/bytesobject.c
|
||||
}
|
||||
}
|
||||
*p++ = c;
|
||||
@@ -1155,9 +1158,10 @@
|
||||
@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch
|
||||
break;
|
||||
|
||||
default:
|
||||
@@ -291,7 +279,7 @@ Index: Python-3.11.12/Objects/bytesobject.c
|
||||
}
|
||||
*p++ = '\\';
|
||||
s--;
|
||||
@@ -1171,23 +1175,39 @@
|
||||
@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -339,7 +327,7 @@ Index: Python-3.11.12/Objects/bytesobject.c
|
||||
{
|
||||
Py_DECREF(result);
|
||||
return NULL;
|
||||
@@ -1196,7 +1216,7 @@
|
||||
@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha
|
||||
else {
|
||||
if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
|
||||
"invalid escape sequence '\\%c'",
|
||||
@@ -348,11 +336,9 @@ Index: Python-3.11.12/Objects/bytesobject.c
|
||||
{
|
||||
Py_DECREF(result);
|
||||
return NULL;
|
||||
Index: Python-3.11.12/Objects/unicodeobject.c
|
||||
===================================================================
|
||||
--- Python-3.11.12.orig/Objects/unicodeobject.c 2025-05-27 16:12:54.739976905 +0200
|
||||
+++ Python-3.11.12/Objects/unicodeobject.c 2025-05-27 16:13:11.523098541 +0200
|
||||
@@ -6301,20 +6301,23 @@
|
||||
--- a/Objects/unicodeobject.c
|
||||
+++ b/Objects/unicodeobject.c
|
||||
@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod
|
||||
static _PyUnicode_Name_CAPI *ucnhash_capi = NULL;
|
||||
|
||||
PyObject *
|
||||
@@ -379,7 +365,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c
|
||||
|
||||
if (size == 0) {
|
||||
if (consumed) {
|
||||
@@ -6402,9 +6405,12 @@
|
||||
@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c
|
||||
}
|
||||
}
|
||||
if (ch > 0377) {
|
||||
@@ -395,7 +381,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c
|
||||
}
|
||||
}
|
||||
WRITE_CHAR(ch);
|
||||
@@ -6503,9 +6509,12 @@
|
||||
@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c
|
||||
goto error;
|
||||
|
||||
default:
|
||||
@@ -411,7 +397,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c
|
||||
}
|
||||
WRITE_ASCII_CHAR('\\');
|
||||
WRITE_CHAR(c);
|
||||
@@ -6544,24 +6553,42 @@
|
||||
@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -462,7 +448,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c
|
||||
{
|
||||
Py_DECREF(result);
|
||||
return NULL;
|
||||
@@ -6570,7 +6597,7 @@
|
||||
@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c
|
||||
else {
|
||||
if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
|
||||
"invalid escape sequence '\\%c'",
|
||||
@@ -471,11 +457,9 @@ Index: Python-3.11.12/Objects/unicodeobject.c
|
||||
{
|
||||
Py_DECREF(result);
|
||||
return NULL;
|
||||
Index: Python-3.11.12/Parser/string_parser.c
|
||||
===================================================================
|
||||
--- Python-3.11.12.orig/Parser/string_parser.c 2025-05-27 16:12:54.739976905 +0200
|
||||
+++ Python-3.11.12/Parser/string_parser.c 2025-05-27 16:13:11.524051710 +0200
|
||||
@@ -130,12 +130,15 @@
|
||||
--- a/Parser/string_parser.c
|
||||
+++ b/Parser/string_parser.c
|
||||
@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars
|
||||
len = p - buf;
|
||||
s = buf;
|
||||
|
||||
@@ -496,7 +480,7 @@ Index: Python-3.11.12/Parser/string_parser.c
|
||||
inside u. */
|
||||
Py_XDECREF(u);
|
||||
Py_DECREF(v);
|
||||
@@ -149,14 +152,17 @@
|
||||
@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars
|
||||
static PyObject *
|
||||
decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user