diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 9bcbe33..02128f4 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -18,10 +18,10 @@ with _PyUnicode_DecodeUnicodeEscapeInternal(). Lib/test/test_codeccallbacks.py | 39 +++++++ Lib/test/test_codecs.py | 52 ++++++++-- Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 - Objects/bytesobject.c | 41 ++++--- + Objects/bytesobject.c | 43 ++++---- Objects/unicodeobject.c | 46 +++++--- - Parser/string_parser.c | 28 +++-- - 8 files changed, 172 insertions(+), 57 deletions(-) + Parser/string_parser.c | 32 +++--- + 8 files changed, 175 insertions(+), 60 deletions(-) Index: Python-3.12.10/Include/internal/pycore_bytesobject.h =================================================================== @@ -69,7 +69,7 @@ Index: Python-3.12.10/Include/internal/pycore_unicodeobject.h Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== --- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-17 12:00:00.337816215 +0000 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-17 12:00:10.380006455 +0000 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-18 17:56:13.263167062 +0000 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -112,7 +112,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ check(br'\x0n\z', '\u0404\n\\z', r'"\z" is an invalid escape sequence') ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") + check(br'\x0n\501', '\u0404\n\u0141', r'"\501" is an invalid octal escape sequence') + check(br'\x0z', '\u0404\\z', r'"\z" is an invalid escape sequence') + @@ -133,7 +133,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py Index: Python-3.12.10/Lib/test/test_codecs.py =================================================================== --- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-17 12:00:00.357214034 +0000 -+++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-17 12:00:10.380601754 +0000 ++++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-18 18:00:01.013118263 +0000 @@ -1196,23 +1196,39 @@ check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") @@ -147,15 +147,15 @@ Index: Python-3.12.10/Lib/test/test_codecs.py if b not in b'abfnrtvx': - with self.assertWarns(DeprecationWarning): + with self.assertWarnsRegex(DeprecationWarning, -+ r'"\\%c" is an invalid escape sequence' % i): ++ r"'\\%c' is an invalid escape sequence" % i): check(b"\\" + b, b"\\" + b) - with self.assertWarns(DeprecationWarning): + with self.assertWarnsRegex(DeprecationWarning, -+ r'"\\%c" is an invalid escape sequence' % (i-32)): ++ r"invalid escape sequence '\\%c'" % (i-32)): check(b"\\" + b.upper(), b"\\" + b.upper()) - with self.assertWarns(DeprecationWarning): + with self.assertWarnsRegex(DeprecationWarning, -+ r'"\\8" is an invalid escape sequence'): ++ r"'\\8' is an invalid escape sequence"): check(br"\8", b"\\8") with self.assertWarns(DeprecationWarning): check(br"\9", b"\\9") @@ -235,7 +235,7 @@ Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133 Index: Python-3.12.10/Objects/bytesobject.c =================================================================== --- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-17 12:09:18.592219783 +0000 ++++ Python-3.12.10/Objects/bytesobject.c 2025-05-17 21:07:50.280395109 +0000 @@ -1048,10 +1048,11 @@ } @@ -310,16 +310,18 @@ Index: Python-3.12.10/Objects/bytesobject.c if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid octal escape sequence '\\%.3s'", - first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", ++ "'\\%o' is an invalid octal escape sequence. ", + first_invalid_escape_char) < 0) { Py_DECREF(result); return NULL; -@@ -1187,7 +1192,7 @@ +@@ -1186,8 +1191,8 @@ + } else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid escape sequence '\\%c'", +- "invalid escape sequence '\\%c'", - c) < 0) ++ "'\\%c' is an invalid escape sequence. ", + first_invalid_escape_char) < 0) { Py_DECREF(result); @@ -428,7 +430,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c Index: Python-3.12.10/Parser/string_parser.c =================================================================== --- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Parser/string_parser.c 2025-05-17 12:27:43.308776801 +0000 ++++ Python-3.12.10/Parser/string_parser.c 2025-05-17 21:41:25.941179624 +0000 @@ -1,4 +1,6 @@ #include +#include "pycore_bytesobject.h" // _PyBytes_DecodeEscape() @@ -436,6 +438,18 @@ Index: Python-3.12.10/Parser/string_parser.c #include "tokenizer.h" #include "pegen.h" +@@ -25,9 +27,9 @@ + int octal = ('4' <= c && c <= '7'); + PyObject *msg = + octal +- ? PyUnicode_FromFormat("invalid octal escape sequence '\\%.3s'", ++ ? PyUnicode_FromFormat("'\\%.3s' is an invalid octal escape sequence. ", + first_invalid_escape) +- : PyUnicode_FromFormat("invalid escape sequence '\\%c'", c); ++ : PyUnicode_FromFormat("'\\%c' is an invalid escape sequence. ", c); + if (msg == NULL) { + return -1; + } @@ -181,15 +183,18 @@ len = p - buf; s = buf;