diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 02128f4..10f4a1d 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -17,11 +17,13 @@ with _PyUnicode_DecodeUnicodeEscapeInternal(). Include/internal/pycore_unicodeobject.h | 16 +++ Lib/test/test_codeccallbacks.py | 39 +++++++ Lib/test/test_codecs.py | 52 ++++++++-- + Lib/test/test_codeop.py | 2 + Lib/test/test_string_literals.py | 4 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 Objects/bytesobject.c | 43 ++++---- Objects/unicodeobject.c | 46 +++++--- Parser/string_parser.c | 32 +++--- - 8 files changed, 175 insertions(+), 60 deletions(-) + 10 files changed, 178 insertions(+), 63 deletions(-) Index: Python-3.12.10/Include/internal/pycore_bytesobject.h =================================================================== @@ -225,6 +227,41 @@ Index: Python-3.12.10/Lib/test/test_codecs.py def test_decode_errors(self): decode = codecs.unicode_escape_decode for c, d in (b'x', 2), (b'u', 4), (b'U', 4): +Index: Python-3.12.10/Lib/test/test_codeop.py +=================================================================== +--- Python-3.12.10.orig/Lib/test/test_codeop.py 2025-05-17 12:00:00.359727062 +0000 ++++ Python-3.12.10/Lib/test/test_codeop.py 2025-05-18 18:20:04.585744723 +0000 +@@ -282,7 +282,7 @@ + # Test that the warning is only returned once. + with warnings_helper.check_warnings( + ('"is" with \'str\' literal', SyntaxWarning), +- ("invalid escape sequence", SyntaxWarning), ++ ('"\\\\e" is an invalid escape sequence', SyntaxWarning), + ) as w: + compile_command(r"'\e' is 0") + self.assertEqual(len(w.warnings), 2) +Index: Python-3.12.10/Lib/test/test_string_literals.py +=================================================================== +--- Python-3.12.10.orig/Lib/test/test_string_literals.py 2025-05-17 12:00:01.489624803 +0000 ++++ Python-3.12.10/Lib/test/test_string_literals.py 2025-05-18 18:21:41.052332892 +0000 +@@ -228,7 +228,7 @@ + warnings.simplefilter('always', category=SyntaxWarning) + eval("b'''\n\\z'''") + self.assertEqual(len(w), 1) +- self.assertEqual(str(w[0].message), r"invalid escape sequence '\z'") ++ self.assertEqual(str(w[0].message), r"'\z' is an invalid escape sequence") + self.assertEqual(w[0].filename, '') + self.assertEqual(w[0].lineno, 2) + +@@ -252,7 +252,7 @@ + eval("b'''\n\\407'''") + self.assertEqual(len(w), 1) + self.assertEqual(str(w[0].message), +- r"invalid octal escape sequence '\407'") ++ r"'\407' is an invalid octal escape sequence") + self.assertEqual(w[0].filename, '') + self.assertEqual(w[0].lineno, 2) + Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000