From a7f0a95500ed6272ddce35cae49301549ff2ca551ce055304183a7d2e0290a72 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 13:52:03 +0000 Subject: [PATCH 01/10] Fix patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=138 --- CVE-2025-4516-DecodeError-handler.patch | 34 ++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index fc761c2..3553602 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -31,8 +31,8 @@ Co-authored-by: Serhiy Storchaka Index: Python-3.12.10/Include/cpython/bytesobject.h =================================================================== ---- Python-3.12.10.orig/Include/cpython/bytesobject.h 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-22 12:38:07.205729906 +0000 +--- Python-3.12.10.orig/Include/cpython/bytesobject.h 2025-04-08 13:35:47.000000000 +0200 ++++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-22 14:38:07.205729906 +0200 @@ -25,6 +25,10 @@ int use_bytearray); @@ -46,8 +46,8 @@ Index: Python-3.12.10/Include/cpython/bytesobject.h Index: Python-3.12.10/Include/cpython/unicodeobject.h =================================================================== ---- Python-3.12.10.orig/Include/cpython/unicodeobject.h 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-22 12:38:07.205905378 +0000 +--- Python-3.12.10.orig/Include/cpython/unicodeobject.h 2025-04-08 13:35:47.000000000 +0200 ++++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-22 14:38:07.205905378 +0200 @@ -684,6 +684,19 @@ ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape @@ -70,8 +70,8 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Py_ssize_t length, /* size of string */ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-22 12:37:58.935377659 +0000 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-22 12:38:07.206131787 +0000 +--- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-22 14:37:58.935377659 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 15:51:28.818768066 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -114,8 +114,8 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++        check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\z'") ++        check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") + check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") + + check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") @@ -134,8 +134,8 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py # better generating one more character to fill the extra space slot Index: Python-3.12.10/Lib/test/test_codecs.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-22 12:37:58.952566393 +0000 -+++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-22 12:38:07.206633606 +0000 +--- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-22 14:37:58.952566393 +0200 ++++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-22 14:38:07.206633606 +0200 @@ -1196,23 +1196,39 @@ check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") @@ -230,14 +230,14 @@ Index: Python-3.12.10/Lib/test/test_codecs.py Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-22 12:38:07.207057599 +0000 ++++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-22 14:38:07.207057599 +0200 @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. Index: Python-3.12.10/Objects/bytesobject.c =================================================================== ---- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-22 12:38:07.207534041 +0000 +--- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 13:35:47.000000000 +0200 ++++ Python-3.12.10/Objects/bytesobject.c 2025-05-22 14:38:07.207534041 +0200 @@ -1048,10 +1048,11 @@ } @@ -347,8 +347,8 @@ Index: Python-3.12.10/Objects/bytesobject.c return NULL; Index: Python-3.12.10/Objects/unicodeobject.c =================================================================== ---- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Objects/unicodeobject.c 2025-05-22 12:38:07.209060814 +0000 +--- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 13:35:47.000000000 +0200 ++++ Python-3.12.10/Objects/unicodeobject.c 2025-05-22 14:38:07.209060814 +0200 @@ -6046,13 +6046,15 @@ /* --- Unicode Escape Codec ----------------------------------------------- */ @@ -469,8 +469,8 @@ Index: Python-3.12.10/Objects/unicodeobject.c return NULL; Index: Python-3.12.10/Parser/string_parser.c =================================================================== ---- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Parser/string_parser.c 2025-05-22 12:38:07.209950694 +0000 +--- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 13:35:47.000000000 +0200 ++++ Python-3.12.10/Parser/string_parser.c 2025-05-22 14:38:07.209950694 +0200 @@ -181,15 +181,18 @@ len = p - buf; s = buf; From f5a97f08ca5fd2be8b3298640fd9735bd453d95e42497c7cdf41001e2cb89a1b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 14:10:40 +0000 Subject: [PATCH 02/10] REmove A0 chars. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=139 --- CVE-2025-4516-DecodeError-handler.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 3553602..dcbdaeb 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -71,7 +71,7 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== --- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-22 14:37:58.935377659 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 15:51:28.818768066 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 16:10:07.476764666 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -114,8 +114,8 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+        check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\z'") -+        check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\z'") ++ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") + check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") + + check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") From 7dd198cfe7507d71a7890e3c0fd9b9fabc0985100d4a4bf13366509013f36203 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 14:38:51 +0000 Subject: [PATCH 03/10] Fix patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=140 --- CVE-2025-4516-DecodeError-handler.patch | 34 ++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index dcbdaeb..5332fe2 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -32,7 +32,7 @@ Co-authored-by: Serhiy Storchaka Index: Python-3.12.10/Include/cpython/bytesobject.h =================================================================== --- Python-3.12.10.orig/Include/cpython/bytesobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-22 14:38:07.205729906 +0200 ++++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-27 16:36:01.607634555 +0200 @@ -25,6 +25,10 @@ int use_bytearray); @@ -47,7 +47,7 @@ Index: Python-3.12.10/Include/cpython/bytesobject.h Index: Python-3.12.10/Include/cpython/unicodeobject.h =================================================================== --- Python-3.12.10.orig/Include/cpython/unicodeobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-22 14:38:07.205905378 +0200 ++++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-27 16:36:01.608024960 +0200 @@ -684,6 +684,19 @@ ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape @@ -70,8 +70,8 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Py_ssize_t length, /* size of string */ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-22 14:37:58.935377659 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 16:10:07.476764666 +0200 +--- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:35:57.334719437 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 16:37:19.987527413 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -114,15 +114,15 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\z'") ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\\\z'") + check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\\\\z'") + -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\\\\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\\\\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\\\\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\\\\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\\\\z'") + + check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") + check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") @@ -134,8 +134,8 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py # better generating one more character to fill the extra space slot Index: Python-3.12.10/Lib/test/test_codecs.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-22 14:37:58.952566393 +0200 -+++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-22 14:38:07.206633606 +0200 +--- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-27 16:35:57.358417139 +0200 ++++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-27 16:36:01.609174295 +0200 @@ -1196,23 +1196,39 @@ check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") @@ -230,14 +230,14 @@ Index: Python-3.12.10/Lib/test/test_codecs.py Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-22 14:38:07.207057599 +0200 ++++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:36:01.609723469 +0200 @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. Index: Python-3.12.10/Objects/bytesobject.c =================================================================== --- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-22 14:38:07.207534041 +0200 ++++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 16:36:01.610066425 +0200 @@ -1048,10 +1048,11 @@ } @@ -348,7 +348,7 @@ Index: Python-3.12.10/Objects/bytesobject.c Index: Python-3.12.10/Objects/unicodeobject.c =================================================================== --- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/unicodeobject.c 2025-05-22 14:38:07.209060814 +0200 ++++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 16:36:01.610906297 +0200 @@ -6046,13 +6046,15 @@ /* --- Unicode Escape Codec ----------------------------------------------- */ @@ -470,7 +470,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c Index: Python-3.12.10/Parser/string_parser.c =================================================================== --- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Parser/string_parser.c 2025-05-22 14:38:07.209950694 +0200 ++++ Python-3.12.10/Parser/string_parser.c 2025-05-27 16:36:01.611776325 +0200 @@ -181,15 +181,18 @@ len = p - buf; s = buf; From f28c965458a8fb9b4bcaa690ac916d20f6a63f3fd5501d1e6a973ed1a9616c17 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 15:09:51 +0000 Subject: [PATCH 04/10] Fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=141 --- CVE-2025-4516-DecodeError-handler.patch | 26 +++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 5332fe2..76ba793 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -20,13 +20,13 @@ Co-authored-by: Serhiy Storchaka --- Include/cpython/bytesobject.h | 4 Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 39 ++++++ + Lib/test/test_codeccallbacks.py | 41 ++++++ Lib/test/test_codecs.py | 52 ++++++-- Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 Objects/bytesobject.c | 54 +++++--- Objects/unicodeobject.c | 61 +++++++--- Parser/string_parser.c | 26 ++-- - 8 files changed, 194 insertions(+), 57 deletions(-) + 8 files changed, 196 insertions(+), 57 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst Index: Python-3.12.10/Include/cpython/bytesobject.h @@ -71,7 +71,7 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== --- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:35:57.334719437 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 16:37:19.987527413 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 17:09:28.010622211 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -89,7 +89,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,42 @@ +@@ -1159,6 +1160,44 @@ for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -114,15 +114,17 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\\\z'") ++ # The warning message for invalid escape sequences seems to have an extra layer of backslash escaping. ++ # It's likely due to how PyErr_WarnFormat handles the character after the initial backslash. ++ # '\\\\z' in the regex will match '\\z' in the actual string. ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\\\\\\\z'") + check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\\\\z'") -+ -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\\\\z'") -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\\\\z'") -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\\\\z'") -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\\\\z'") -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\\\\z'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\\\\\\\\z'") ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\\\\\\\\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\\\\\\\\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") + + check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") + check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") From 4b7d1d28de5fb8fd200757659bddc9a4eac6c8a0db3464c6b5613489cdb273af Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 15:29:36 +0000 Subject: [PATCH 05/10] fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=142 --- CVE-2025-4516-DecodeError-handler.patch | 49 +++++++++++-------------- 1 file changed, 22 insertions(+), 27 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 76ba793..aed8b8e 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -20,19 +20,19 @@ Co-authored-by: Serhiy Storchaka --- Include/cpython/bytesobject.h | 4 Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 41 ++++++ + Lib/test/test_codeccallbacks.py | 36 +++++ Lib/test/test_codecs.py | 52 ++++++-- Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 Objects/bytesobject.c | 54 +++++--- Objects/unicodeobject.c | 61 +++++++--- Parser/string_parser.c | 26 ++-- - 8 files changed, 196 insertions(+), 57 deletions(-) + 8 files changed, 191 insertions(+), 57 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst Index: Python-3.12.10/Include/cpython/bytesobject.h =================================================================== --- Python-3.12.10.orig/Include/cpython/bytesobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-27 16:36:01.607634555 +0200 ++++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-27 17:27:08.578524794 +0200 @@ -25,6 +25,10 @@ int use_bytearray); @@ -47,7 +47,7 @@ Index: Python-3.12.10/Include/cpython/bytesobject.h Index: Python-3.12.10/Include/cpython/unicodeobject.h =================================================================== --- Python-3.12.10.orig/Include/cpython/unicodeobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-27 16:36:01.608024960 +0200 ++++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-27 17:27:08.578940632 +0200 @@ -684,6 +684,19 @@ ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape @@ -70,8 +70,8 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Py_ssize_t length, /* size of string */ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:35:57.334719437 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 17:09:28.010622211 +0200 +--- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 17:27:04.334768069 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 17:29:17.508500659 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -89,7 +89,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,44 @@ +@@ -1159,6 +1160,39 @@ for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -114,30 +114,25 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ # The warning message for invalid escape sequences seems to have an extra layer of backslash escaping. -+ # It's likely due to how PyErr_WarnFormat handles the character after the initial backslash. -+ # '\\\\z' in the regex will match '\\z' in the actual string. -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\\\\\\\\z'") ++ # The warning message for invalid escape sequences dynamically escapes the backslash. ++ # Using re.escape to handle the backslash and then formatting the character directly. ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '%s'" % re.escape(r'\z')) + check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\\\\\\\\z'") -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\\\\\\\\z'") -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\\\\\\\\z'") -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\\\\\\\\z'") + -+ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) + # issue32583 def test_crashing_decode_handler(self): # better generating one more character to fill the extra space slot Index: Python-3.12.10/Lib/test/test_codecs.py =================================================================== ---- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-27 16:35:57.358417139 +0200 -+++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-27 16:36:01.609174295 +0200 +--- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-27 17:27:04.357147552 +0200 ++++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-27 17:27:08.579902284 +0200 @@ -1196,23 +1196,39 @@ check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") @@ -232,14 +227,14 @@ Index: Python-3.12.10/Lib/test/test_codecs.py Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:36:01.609723469 +0200 ++++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 17:27:08.580640093 +0200 @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. Index: Python-3.12.10/Objects/bytesobject.c =================================================================== --- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 16:36:01.610066425 +0200 ++++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 17:27:08.581189399 +0200 @@ -1048,10 +1048,11 @@ } @@ -350,7 +345,7 @@ Index: Python-3.12.10/Objects/bytesobject.c Index: Python-3.12.10/Objects/unicodeobject.c =================================================================== --- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 16:36:01.610906297 +0200 ++++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 17:27:08.583127021 +0200 @@ -6046,13 +6046,15 @@ /* --- Unicode Escape Codec ----------------------------------------------- */ @@ -472,7 +467,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c Index: Python-3.12.10/Parser/string_parser.c =================================================================== --- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Parser/string_parser.c 2025-05-27 16:36:01.611776325 +0200 ++++ Python-3.12.10/Parser/string_parser.c 2025-05-27 17:27:08.584587553 +0200 @@ -181,15 +181,18 @@ len = p - buf; s = buf; From 41648a15a29aecf3f437befe39caf709db309b100ef0713276f22fa370e72bce Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 18:45:33 +0000 Subject: [PATCH 06/10] fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=143 --- CVE-2025-4516-DecodeError-handler.patch | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index aed8b8e..90b9ac8 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -71,7 +71,7 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== --- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 17:27:04.334768069 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 17:29:17.508500659 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 20:45:06.747118127 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -116,15 +116,15 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + + # The warning message for invalid escape sequences dynamically escapes the backslash. + # Using re.escape to handle the backslash and then formatting the character directly. -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '%s'" % r'\z') + check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") + -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '%s'" % re.escape(r'\z')) -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '%s'" % re.escape(r'\z')) -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '%s'" % re.escape(r'\z')) -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '%s'" % re.escape(r'\z')) ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '%s'" % r'\z') ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '%s'" % r'\z') ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '%s'" % r'\z') ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '%s'" % r'\z') ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '%s'" % r'\z') ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '%s'" % r'\z') + # issue32583 def test_crashing_decode_handler(self): From 1165662ec539fa83f37488d06130c74a35e6eaf35d0594cc3c3a28d7b8d31e10 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 19:09:08 +0000 Subject: [PATCH 07/10] fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=144 --- CVE-2025-4516-DecodeError-handler.patch | 39 +++++++++++++------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 90b9ac8..81e1ec6 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -20,13 +20,13 @@ Co-authored-by: Serhiy Storchaka --- Include/cpython/bytesobject.h | 4 Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 36 +++++ + Lib/test/test_codeccallbacks.py | 39 ++++++ Lib/test/test_codecs.py | 52 ++++++-- Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 Objects/bytesobject.c | 54 +++++--- Objects/unicodeobject.c | 61 +++++++--- Parser/string_parser.c | 26 ++-- - 8 files changed, 191 insertions(+), 57 deletions(-) + 8 files changed, 194 insertions(+), 57 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst Index: Python-3.12.10/Include/cpython/bytesobject.h @@ -71,7 +71,7 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== --- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 17:27:04.334768069 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 20:45:06.747118127 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 21:05:08.061522938 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -89,7 +89,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,39 @@ +@@ -1159,6 +1160,42 @@ for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -114,17 +114,20 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ # The warning message for invalid escape sequences dynamically escapes the backslash. -+ # Using re.escape to handle the backslash and then formatting the character directly. -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '%s'" % r'\z') -+ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\\501'") ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") + -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '%s'" % r'\z') -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '%s'" % r'\z') -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '%s'" % r'\z') -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '%s'" % r'\z') -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '%s'" % r'\z') -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '%s'" % r'\z') ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") ++ ++ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") + # issue32583 def test_crashing_decode_handler(self): @@ -234,7 +237,7 @@ Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133 Index: Python-3.12.10/Objects/bytesobject.c =================================================================== --- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 17:27:08.581189399 +0200 ++++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 21:08:20.056554751 +0200 @@ -1048,10 +1048,11 @@ } @@ -328,7 +331,7 @@ Index: Python-3.12.10/Objects/bytesobject.c if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid octal escape sequence '\\%.3s'", - first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", ++ "invalid octal escape sequence '\\\\%o'", + first_invalid_escape_char) < 0) { Py_DECREF(result); @@ -345,7 +348,7 @@ Index: Python-3.12.10/Objects/bytesobject.c Index: Python-3.12.10/Objects/unicodeobject.c =================================================================== --- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 17:27:08.583127021 +0200 ++++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 21:08:02.745636052 +0200 @@ -6046,13 +6046,15 @@ /* --- Unicode Escape Codec ----------------------------------------------- */ @@ -450,7 +453,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid octal escape sequence '\\%.3s'", - first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", ++ "invalid octal escape sequence '\\\\%o'", + first_invalid_escape_char) < 0) { Py_DECREF(result); From 5809d58f851c0900ff5dce40dae411c029a160466fb1fe5425d0fcb4673f589c Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 19:36:16 +0000 Subject: [PATCH 08/10] fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=145 --- CVE-2025-4516-DecodeError-handler.patch | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 81e1ec6..b3abdda 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -20,13 +20,13 @@ Co-authored-by: Serhiy Storchaka --- Include/cpython/bytesobject.h | 4 Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 39 ++++++ + Lib/test/test_codeccallbacks.py | 40 ++++++ Lib/test/test_codecs.py | 52 ++++++-- Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 Objects/bytesobject.c | 54 +++++--- Objects/unicodeobject.c | 61 +++++++--- Parser/string_parser.c | 26 ++-- - 8 files changed, 194 insertions(+), 57 deletions(-) + 8 files changed, 195 insertions(+), 57 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst Index: Python-3.12.10/Include/cpython/bytesobject.h @@ -71,7 +71,7 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h Index: Python-3.12.10/Lib/test/test_codeccallbacks.py =================================================================== --- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 17:27:04.334768069 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 21:05:08.061522938 +0200 ++++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 21:33:39.393417492 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -89,7 +89,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,42 @@ +@@ -1159,6 +1160,43 @@ for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -114,6 +114,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + ++ + check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") + check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") + check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") @@ -331,7 +332,7 @@ Index: Python-3.12.10/Objects/bytesobject.c if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid octal escape sequence '\\%.3s'", - first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\\\%o'", ++ "invalid octal escape sequence '\\%o'", + first_invalid_escape_char) < 0) { Py_DECREF(result); @@ -453,7 +454,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid octal escape sequence '\\%.3s'", - first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\\\%o'", ++ "invalid octal escape sequence '\\%o'", + first_invalid_escape_char) < 0) { Py_DECREF(result); From 538749696737d0e5057255b9bed358fa06d27b0f448e615cde0612c5795a0e70 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 29 May 2025 14:09:57 +0000 Subject: [PATCH 09/10] Certainly correct patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=146 --- CVE-2025-4516-DecodeError-handler.patch | 124 ++++++++++++------------ 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index b3abdda..2eb4ba9 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -18,22 +18,22 @@ with _PyUnicode_DecodeUnicodeEscapeInternal(). Co-authored-by: Serhiy Storchaka --- - Include/cpython/bytesobject.h | 4 - Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 40 ++++++ - Lib/test/test_codecs.py | 52 ++++++-- - Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 - Objects/bytesobject.c | 54 +++++--- - Objects/unicodeobject.c | 61 +++++++--- - Parser/string_parser.c | 26 ++-- - 8 files changed, 195 insertions(+), 57 deletions(-) + Include/cpython/bytesobject.h | 4 ++ + Include/cpython/unicodeobject.h | 13 ++++ + Lib/test/test_codeccallbacks.py | 39 +++++++++++- + Lib/test/test_codecs.py | 52 +++++++++++++--- + ...-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 + + Objects/bytesobject.c | 54 ++++++++++------ + Objects/unicodeobject.c | 61 +++++++++++++------ + Parser/string_parser.c | 26 +++++--- + 8 files changed, 194 insertions(+), 57 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -Index: Python-3.12.10/Include/cpython/bytesobject.h -=================================================================== ---- Python-3.12.10.orig/Include/cpython/bytesobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-27 17:27:08.578524794 +0200 -@@ -25,6 +25,10 @@ +diff --git a/Include/cpython/bytesobject.h b/Include/cpython/bytesobject.h +index e982031c107de2..eef607a5760eda 100644 +--- a/Include/cpython/bytesobject.h ++++ b/Include/cpython/bytesobject.h +@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( int use_bytearray); /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ @@ -44,11 +44,11 @@ Index: Python-3.12.10/Include/cpython/bytesobject.h PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, const char *, const char **); -Index: Python-3.12.10/Include/cpython/unicodeobject.h -=================================================================== ---- Python-3.12.10.orig/Include/cpython/unicodeobject.h 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-27 17:27:08.578940632 +0200 -@@ -684,6 +684,19 @@ +diff --git a/Include/cpython/unicodeobject.h b/Include/cpython/unicodeobject.h +index f177cd9e2af9de..cf38928686019b 100644 +--- a/Include/cpython/unicodeobject.h ++++ b/Include/cpython/unicodeobject.h +@@ -684,6 +684,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeStateful( ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape chars. */ @@ -68,10 +68,10 @@ Index: Python-3.12.10/Include/cpython/unicodeobject.h PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( const char *string, /* Unicode-Escape encoded string */ Py_ssize_t length, /* size of string */ -Index: Python-3.12.10/Lib/test/test_codeccallbacks.py -=================================================================== ---- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-27 17:27:04.334768069 +0200 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-27 21:33:39.393417492 +0200 +diff --git a/Lib/test/test_codeccallbacks.py b/Lib/test/test_codeccallbacks.py +index 4991330489d139..d85f609d806932 100644 +--- a/Lib/test/test_codeccallbacks.py ++++ b/Lib/test/test_codeccallbacks.py @@ -1,6 +1,7 @@ import codecs import html.entities @@ -80,7 +80,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py import sys import unicodedata import unittest -@@ -1124,7 +1125,7 @@ +@@ -1124,7 +1125,7 @@ def test_bug828737(self): text = 'abcghi'*n text.translate(charmap) @@ -89,7 +89,7 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,43 @@ +@@ -1159,6 +1160,42 @@ def mutating(exc): for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -114,7 +114,6 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py + self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) + self.assertIn(msg, str(cm.warning)) + -+ + check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") + check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") + check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") @@ -133,11 +132,11 @@ Index: Python-3.12.10/Lib/test/test_codeccallbacks.py # issue32583 def test_crashing_decode_handler(self): # better generating one more character to fill the extra space slot -Index: Python-3.12.10/Lib/test/test_codecs.py -=================================================================== ---- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-27 17:27:04.357147552 +0200 -+++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-27 17:27:08.579902284 +0200 -@@ -1196,23 +1196,39 @@ +diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py +index f683f069ae1397..2e64a52acbae3a 100644 +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1196,23 +1196,39 @@ def test_escape(self): check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") check(br"[\x410]", b"[A0]") @@ -182,7 +181,7 @@ Index: Python-3.12.10/Lib/test/test_codecs.py def test_errors(self): decode = codecs.escape_decode self.assertRaises(ValueError, decode, br"\x") -@@ -2479,24 +2495,40 @@ +@@ -2479,24 +2495,40 @@ def test_escape_decode(self): check(br"[\x410]", "[A0]") check(br"\u20ac", "\u20ac") check(br"\U0001d120", "\U0001d120") @@ -228,18 +227,19 @@ Index: Python-3.12.10/Lib/test/test_codecs.py def test_decode_errors(self): decode = codecs.unicode_escape_decode for c, d in (b'x', 2), (b'u', 4), (b'U', 4): -Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 17:27:08.580640093 +0200 +diff --git a/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst +new file mode 100644 +index 00000000000000..39d2f1e1a892cf +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. -Index: Python-3.12.10/Objects/bytesobject.c -=================================================================== ---- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-27 21:08:20.056554751 +0200 -@@ -1048,10 +1048,11 @@ +diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c +index f3a978c86c3606..dae84127a7df4b 100644 +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -1048,10 +1048,11 @@ _PyBytes_FormatEx(const char *format, Py_ssize_t format_len, } /* Unescape a backslash-escaped string. */ @@ -253,7 +253,7 @@ Index: Python-3.12.10/Objects/bytesobject.c { int c; char *p; -@@ -1065,7 +1066,8 @@ +@@ -1065,7 +1066,8 @@ PyObject *_PyBytes_DecodeEscape(const char *s, return NULL; writer.overallocate = 1; @@ -263,7 +263,7 @@ Index: Python-3.12.10/Objects/bytesobject.c end = s + len; while (s < end) { -@@ -1103,9 +1105,10 @@ +@@ -1103,9 +1105,10 @@ PyObject *_PyBytes_DecodeEscape(const char *s, c = (c<<3) + *s++ - '0'; } if (c > 0377) { @@ -277,7 +277,7 @@ Index: Python-3.12.10/Objects/bytesobject.c } } *p++ = c; -@@ -1146,9 +1149,10 @@ +@@ -1146,9 +1149,10 @@ PyObject *_PyBytes_DecodeEscape(const char *s, break; default: @@ -291,7 +291,7 @@ Index: Python-3.12.10/Objects/bytesobject.c } *p++ = '\\'; s--; -@@ -1162,23 +1166,37 @@ +@@ -1162,23 +1166,37 @@ PyObject *_PyBytes_DecodeEscape(const char *s, return NULL; } @@ -337,7 +337,7 @@ Index: Python-3.12.10/Objects/bytesobject.c { Py_DECREF(result); return NULL; -@@ -1187,7 +1205,7 @@ +@@ -1187,7 +1205,7 @@ PyObject *PyBytes_DecodeEscape(const char *s, else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -346,11 +346,11 @@ Index: Python-3.12.10/Objects/bytesobject.c { Py_DECREF(result); return NULL; -Index: Python-3.12.10/Objects/unicodeobject.c -=================================================================== ---- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Objects/unicodeobject.c 2025-05-27 21:08:02.745636052 +0200 -@@ -6046,13 +6046,15 @@ +diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c +index 05562ad9927989..5accbd6d1ddcbb 100644 +--- a/Objects/unicodeobject.c ++++ b/Objects/unicodeobject.c +@@ -6046,13 +6046,15 @@ PyUnicode_AsUTF16String(PyObject *unicode) /* --- Unicode Escape Codec ----------------------------------------------- */ PyObject * @@ -368,7 +368,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c _PyUnicodeWriter writer; const char *end; PyObject *errorHandler = NULL; -@@ -6061,7 +6063,8 @@ +@@ -6061,7 +6063,8 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, PyInterpreterState *interp = _PyInterpreterState_Get(); // so we can remember if we've seen an invalid escape char or not @@ -378,7 +378,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c if (size == 0) { if (consumed) { -@@ -6149,9 +6152,12 @@ +@@ -6149,9 +6152,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, } } if (ch > 0377) { @@ -394,7 +394,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c } } WRITE_CHAR(ch); -@@ -6252,9 +6258,12 @@ +@@ -6252,9 +6258,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, goto error; default: @@ -410,7 +410,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c } WRITE_ASCII_CHAR('\\'); WRITE_CHAR(c); -@@ -6293,24 +6302,40 @@ +@@ -6293,24 +6302,40 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, return NULL; } @@ -459,7 +459,7 @@ Index: Python-3.12.10/Objects/unicodeobject.c { Py_DECREF(result); return NULL; -@@ -6319,7 +6344,7 @@ +@@ -6319,7 +6344,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -468,11 +468,11 @@ Index: Python-3.12.10/Objects/unicodeobject.c { Py_DECREF(result); return NULL; -Index: Python-3.12.10/Parser/string_parser.c -=================================================================== ---- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Parser/string_parser.c 2025-05-27 17:27:08.584587553 +0200 -@@ -181,15 +181,18 @@ +diff --git a/Parser/string_parser.c b/Parser/string_parser.c +index 8607885f2e46bd..c4c41b07f6b63d 100644 +--- a/Parser/string_parser.c ++++ b/Parser/string_parser.c +@@ -181,15 +181,18 @@ decode_unicode_with_escapes(Parser *parser, const char *s, size_t len, Token *t) len = p - buf; s = buf; @@ -497,7 +497,7 @@ Index: Python-3.12.10/Parser/string_parser.c Py_XDECREF(u); Py_DECREF(v); return NULL; -@@ -202,14 +205,17 @@ +@@ -202,14 +205,17 @@ decode_unicode_with_escapes(Parser *parser, const char *s, size_t len, Token *t) static PyObject * decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) { From 9c7fb3fd1cf75e7702de1062c8d6b9c3994560b7df12f27386cc71fa0961c5fd Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 9 Jun 2025 21:22:35 +0000 Subject: [PATCH 10/10] =?UTF-8?q?-=20Update=20to=203.12.11:=20=20=20-=20Se?= =?UTF-8?q?curity=20=20=20=20=20-=20gh-135034:=20Fixes=20multiple=20issues?= =?UTF-8?q?=20that=20allowed=20tarfile=20=20=20=20=20=20=20extraction=20fi?= =?UTF-8?q?lters=20(filter=3D"data"=20and=20filter=3D"tar")=20to=20be=20?= =?UTF-8?q?=20=20=20=20=20=20bypassed=20using=20crafted=20symlinks=20and?= =?UTF-8?q?=20hard=20links.=20=20=20=20=20=20=20Addresses=20CVE-2024-12718?= =?UTF-8?q?=20(bsc#1244056),=20CVE-2025-4138=20=20=20=20=20=20=20(bsc#1244?= =?UTF-8?q?059),=20CVE-2025-4330=20(bsc#1244060),=20and=20=20=20=20=20=20?= =?UTF-8?q?=20CVE-2025-4517=20(bsc#1244032).=20=20=20=20=20-=20gh-133767:?= =?UTF-8?q?=20Fix=20use-after-free=20in=20the=20=E2=80=9Cunicode-escape?= =?UTF-8?q?=E2=80=9D=20=20=20=20=20=20=20decoder=20with=20a=20non-?= =?UTF-8?q?=E2=80=9Cstrict=E2=80=9D=20error=20handler=20(CVE-2025-4516,=20?= =?UTF-8?q?=20=20=20=20=20=20bsc#1243273).=20=20=20=20=20-=20gh-128840:=20?= =?UTF-8?q?Short-circuit=20the=20processing=20of=20long=20IPv6=20=20=20=20?= =?UTF-8?q?=20=20=20addresses=20early=20in=20ipaddress=20to=20prevent=20ex?= =?UTF-8?q?cessive=20memory=20=20=20=20=20=20=20consumption=20and=20a=20mi?= =?UTF-8?q?nor=20denial-of-service.=20=20=20-=20Library=20=20=20=20=20-=20?= =?UTF-8?q?gh-128840:=20Fix=20parsing=20long=20IPv6=20addresses=20with=20e?= =?UTF-8?q?mbedded=20=20=20=20=20=20=20IPv4=20address.=20=20=20=20=20-=20g?= =?UTF-8?q?h-134062:=20ipaddress:=20fix=20collisions=20in=20=5F=5Fhash=5F?= =?UTF-8?q?=5F()=20for=20=20=20=20=20=20=20IPv4Network=20and=20IPv6Network?= =?UTF-8?q?=20objects.=20=20=20=20=20-=20gh-123409:=20Fix=20ipaddress.IPv6?= =?UTF-8?q?Address.reverse=5Fpointer=20output=20=20=20=20=20=20=20accordin?= =?UTF-8?q?g=20to=20RFC=203596,=20=C2=A72.5.=20Patch=20by=20B=C3=A9n=C3=A9?= =?UTF-8?q?dikt=20Tran.=20=20=20=20=20-=20bpo-43633:=20Improve=20the=20tex?= =?UTF-8?q?tual=20representation=20of=20=20=20=20=20=20=20IPv4-mapped=20IP?= =?UTF-8?q?v6=20addresses=20(RFC=204291=20Sections=202.2,=202.5.5.2)=20=20?= =?UTF-8?q?=20=20=20=20=20in=20ipaddress.=20Patch=20by=20Oleksandr=20Pavli?= =?UTF-8?q?uk.=20-=20Remove=20upstreamed=20patches:=20=20=20-=20CVE-2025-4?= =?UTF-8?q?516-DecodeError-handler.patch=20-=20restrict=20PEP668=20to=20AL?= =?UTF-8?q?P/Tumbleweed=20=20=20*=20Support=20Expat=20>=3D=202.4.5=20-=20a?= =?UTF-8?q?llow=20build=20with=20Sphinx=20>=3D=203.x=20=20=20*=20remove=20?= =?UTF-8?q?importlib=5Fresources=20and=20importlib-metadata?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=147 --- CVE-2025-4516-DecodeError-handler.patch | 521 ------------------------ Python-3.12.10.tar.xz | 3 - Python-3.12.10.tar.xz.asc | 18 - Python-3.12.10.tar.xz.sigstore | 1 - Python-3.12.11.tar.xz | 3 + Python-3.12.11.tar.xz.asc | 18 + Python-3.12.11.tar.xz.sigstore | 1 + fix_configure_rst.patch | 16 +- python312.changes | 116 ++++-- python312.spec | 5 +- 10 files changed, 102 insertions(+), 600 deletions(-) delete mode 100644 CVE-2025-4516-DecodeError-handler.patch delete mode 100644 Python-3.12.10.tar.xz delete mode 100644 Python-3.12.10.tar.xz.asc delete mode 100644 Python-3.12.10.tar.xz.sigstore create mode 100644 Python-3.12.11.tar.xz create mode 100644 Python-3.12.11.tar.xz.asc create mode 100644 Python-3.12.11.tar.xz.sigstore diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch deleted file mode 100644 index 2eb4ba9..0000000 --- a/CVE-2025-4516-DecodeError-handler.patch +++ /dev/null @@ -1,521 +0,0 @@ -From a75953b347716fff694aa59a7c7c2489fa50d1f5 Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Tue, 20 May 2025 15:46:57 +0300 -Subject: [PATCH] [3.12] gh-133767: Fix use-after-free in the unicode-escape - decoder with an error handler (GH-129648) (GH-133944) - -If the error handler is used, a new bytes object is created to set as -the object attribute of UnicodeDecodeError, and that bytes object then -replaces the original data. A pointer to the decoded data will became invalid -after destroying that temporary bytes object. So we need other way to return -the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). - -_PyBytes_DecodeEscape() does not have such issue, because it does not -use the error handlers registry, but it should be changed for compatibility -with _PyUnicode_DecodeUnicodeEscapeInternal(). -(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) -(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) - -Co-authored-by: Serhiy Storchaka ---- - Include/cpython/bytesobject.h | 4 ++ - Include/cpython/unicodeobject.h | 13 ++++ - Lib/test/test_codeccallbacks.py | 39 +++++++++++- - Lib/test/test_codecs.py | 52 +++++++++++++--- - ...-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 + - Objects/bytesobject.c | 54 ++++++++++------ - Objects/unicodeobject.c | 61 +++++++++++++------ - Parser/string_parser.c | 26 +++++--- - 8 files changed, 194 insertions(+), 57 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst - -diff --git a/Include/cpython/bytesobject.h b/Include/cpython/bytesobject.h -index e982031c107de2..eef607a5760eda 100644 ---- a/Include/cpython/bytesobject.h -+++ b/Include/cpython/bytesobject.h -@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( - int use_bytearray); - - /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ -+PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, -+ const char *, -+ int *, const char **); -+// Export for binary compatibility. - PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, - const char *, const char **); - -diff --git a/Include/cpython/unicodeobject.h b/Include/cpython/unicodeobject.h -index f177cd9e2af9de..cf38928686019b 100644 ---- a/Include/cpython/unicodeobject.h -+++ b/Include/cpython/unicodeobject.h -@@ -684,6 +684,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeStateful( - ); - /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape - chars. */ -+PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( -+ const char *string, /* Unicode-Escape encoded string */ -+ Py_ssize_t length, /* size of string */ -+ const char *errors, /* error handling */ -+ Py_ssize_t *consumed, /* bytes consumed */ -+ int *first_invalid_escape_char, /* on return, if not -1, contain the first -+ invalid escaped char (<= 0xff) or invalid -+ octal escape (> 0xff) in string. */ -+ const char **first_invalid_escape_ptr); /* on return, if not NULL, may -+ point to the first invalid escaped -+ char in string. -+ May be NULL if errors is not NULL. */ -+// Export for binary compatibility. - PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( - const char *string, /* Unicode-Escape encoded string */ - Py_ssize_t length, /* size of string */ -diff --git a/Lib/test/test_codeccallbacks.py b/Lib/test/test_codeccallbacks.py -index 4991330489d139..d85f609d806932 100644 ---- a/Lib/test/test_codeccallbacks.py -+++ b/Lib/test/test_codeccallbacks.py -@@ -1,6 +1,7 @@ - import codecs - import html.entities - import itertools -+import re - import sys - import unicodedata - import unittest -@@ -1124,7 +1125,7 @@ def test_bug828737(self): - text = 'abcghi'*n - text.translate(charmap) - -- def test_mutatingdecodehandler(self): -+ def test_mutating_decode_handler(self): - baddata = [ - ("ascii", b"\xff"), - ("utf-7", b"++"), -@@ -1159,6 +1160,42 @@ def mutating(exc): - for (encoding, data) in baddata: - self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") - -+ def test_mutating_decode_handler_unicode_escape(self): -+ decode = codecs.unicode_escape_decode -+ def mutating(exc): -+ if isinstance(exc, UnicodeDecodeError): -+ r = data.get(exc.object[:exc.end]) -+ if r is not None: -+ exc.object = r[0] + exc.object[exc.end:] -+ return ('\u0404', r[1]) -+ raise AssertionError("don't know how to handle %r" % exc) -+ -+ codecs.register_error('test.mutating2', mutating) -+ data = { -+ br'\x0': (b'\\', 0), -+ br'\x3': (b'xxx\\', 3), -+ br'\x5': (b'x\\', 1), -+ } -+ def check(input, expected, msg): -+ with self.assertWarns(DeprecationWarning) as cm: -+ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) -+ self.assertIn(msg, str(cm.warning)) -+ -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") -+ -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") -+ -+ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") -+ - # issue32583 - def test_crashing_decode_handler(self): - # better generating one more character to fill the extra space slot -diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py -index f683f069ae1397..2e64a52acbae3a 100644 ---- a/Lib/test/test_codecs.py -+++ b/Lib/test/test_codecs.py -@@ -1196,23 +1196,39 @@ def test_escape(self): - check(br"[\1010]", b"[A0]") - check(br"[\x41]", b"[A]") - check(br"[\x410]", b"[A0]") -+ -+ def test_warnings(self): -+ decode = codecs.escape_decode -+ check = coding_checker(self, decode) - for i in range(97, 123): - b = bytes([i]) - if b not in b'abfnrtvx': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % i): - check(b"\\" + b, b"\\" + b) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % (i-32)): - check(b"\\" + b.upper(), b"\\" + b.upper()) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\8'"): - check(br"\8", b"\\8") - with self.assertWarns(DeprecationWarning): - check(br"\9", b"\\9") -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\\xfa'") as cm: - check(b"\\\xfa", b"\\\xfa") - for i in range(0o400, 0o1000): -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\%o'" % i): - check(rb'\%o' % i, bytes([i & 0o377])) - -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\z'"): -+ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\501'"): -+ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) -+ - def test_errors(self): - decode = codecs.escape_decode - self.assertRaises(ValueError, decode, br"\x") -@@ -2479,24 +2495,40 @@ def test_escape_decode(self): - check(br"[\x410]", "[A0]") - check(br"\u20ac", "\u20ac") - check(br"\U0001d120", "\U0001d120") -+ -+ def test_decode_warnings(self): -+ decode = codecs.unicode_escape_decode -+ check = coding_checker(self, decode) - for i in range(97, 123): - b = bytes([i]) - if b not in b'abfnrtuvx': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % i): - check(b"\\" + b, "\\" + chr(i)) - if b.upper() not in b'UN': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % (i-32)): - check(b"\\" + b.upper(), "\\" + chr(i-32)) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\8'"): - check(br"\8", "\\8") - with self.assertWarns(DeprecationWarning): - check(br"\9", "\\9") -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\\xfa'") as cm: - check(b"\\\xfa", "\\\xfa") - for i in range(0o400, 0o1000): -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\%o'" % i): - check(rb'\%o' % i, chr(i)) - -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\z'"): -+ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\501'"): -+ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) -+ - def test_decode_errors(self): - decode = codecs.unicode_escape_decode - for c, d in (b'x', 2), (b'u', 4), (b'U', 4): -diff --git a/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -new file mode 100644 -index 00000000000000..39d2f1e1a892cf ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -@@ -0,0 +1,2 @@ -+Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error -+handler. -diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c -index f3a978c86c3606..dae84127a7df4b 100644 ---- a/Objects/bytesobject.c -+++ b/Objects/bytesobject.c -@@ -1048,10 +1048,11 @@ _PyBytes_FormatEx(const char *format, Py_ssize_t format_len, - } - - /* Unescape a backslash-escaped string. */ --PyObject *_PyBytes_DecodeEscape(const char *s, -+PyObject *_PyBytes_DecodeEscape2(const char *s, - Py_ssize_t len, - const char *errors, -- const char **first_invalid_escape) -+ int *first_invalid_escape_char, -+ const char **first_invalid_escape_ptr) - { - int c; - char *p; -@@ -1065,7 +1066,8 @@ PyObject *_PyBytes_DecodeEscape(const char *s, - return NULL; - writer.overallocate = 1; - -- *first_invalid_escape = NULL; -+ *first_invalid_escape_char = -1; -+ *first_invalid_escape_ptr = NULL; - - end = s + len; - while (s < end) { -@@ -1103,9 +1105,10 @@ PyObject *_PyBytes_DecodeEscape(const char *s, - c = (c<<3) + *s++ - '0'; - } - if (c > 0377) { -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-3; /* Back up 3 chars, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = c; -+ /* Back up 3 chars, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 3; - } - } - *p++ = c; -@@ -1146,9 +1149,10 @@ PyObject *_PyBytes_DecodeEscape(const char *s, - break; - - default: -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-1; /* Back up one char, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = (unsigned char)s[-1]; -+ /* Back up one char, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 1; - } - *p++ = '\\'; - s--; -@@ -1162,23 +1166,37 @@ PyObject *_PyBytes_DecodeEscape(const char *s, - return NULL; - } - -+// Export for binary compatibility. -+PyObject *_PyBytes_DecodeEscape(const char *s, -+ Py_ssize_t len, -+ const char *errors, -+ const char **first_invalid_escape) -+{ -+ int first_invalid_escape_char; -+ return _PyBytes_DecodeEscape2( -+ s, len, errors, -+ &first_invalid_escape_char, -+ first_invalid_escape); -+} -+ - PyObject *PyBytes_DecodeEscape(const char *s, - Py_ssize_t len, - const char *errors, - Py_ssize_t Py_UNUSED(unicode), - const char *Py_UNUSED(recode_encoding)) - { -- const char* first_invalid_escape; -- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, -- &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) - return NULL; -- if (first_invalid_escape != NULL) { -- unsigned char c = *first_invalid_escape; -- if ('4' <= c && c <= '7') { -+ if (first_invalid_escape_char != -1) { -+ if (first_invalid_escape_char > 0xff) { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, -- "invalid octal escape sequence '\\%.3s'", -- first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -@@ -1187,7 +1205,7 @@ PyObject *PyBytes_DecodeEscape(const char *s, - else { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid escape sequence '\\%c'", -- c) < 0) -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c -index 05562ad9927989..5accbd6d1ddcbb 100644 ---- a/Objects/unicodeobject.c -+++ b/Objects/unicodeobject.c -@@ -6046,13 +6046,15 @@ PyUnicode_AsUTF16String(PyObject *unicode) - /* --- Unicode Escape Codec ----------------------------------------------- */ - - PyObject * --_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, -+_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, - Py_ssize_t size, - const char *errors, - Py_ssize_t *consumed, -- const char **first_invalid_escape) -+ int *first_invalid_escape_char, -+ const char **first_invalid_escape_ptr) - { - const char *starts = s; -+ const char *initial_starts = starts; - _PyUnicodeWriter writer; - const char *end; - PyObject *errorHandler = NULL; -@@ -6061,7 +6063,8 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, - PyInterpreterState *interp = _PyInterpreterState_Get(); - - // so we can remember if we've seen an invalid escape char or not -- *first_invalid_escape = NULL; -+ *first_invalid_escape_char = -1; -+ *first_invalid_escape_ptr = NULL; - - if (size == 0) { - if (consumed) { -@@ -6149,9 +6152,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, - } - } - if (ch > 0377) { -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-3; /* Back up 3 chars, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = ch; -+ if (starts == initial_starts) { -+ /* Back up 3 chars, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 3; -+ } - } - } - WRITE_CHAR(ch); -@@ -6252,9 +6258,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, - goto error; - - default: -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-1; /* Back up one char, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = c; -+ if (starts == initial_starts) { -+ /* Back up one char, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 1; -+ } - } - WRITE_ASCII_CHAR('\\'); - WRITE_CHAR(c); -@@ -6293,24 +6302,40 @@ _PyUnicode_DecodeUnicodeEscapeInternal(const char *s, - return NULL; - } - -+// Export for binary compatibility. -+PyObject * -+_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, -+ Py_ssize_t size, -+ const char *errors, -+ Py_ssize_t *consumed, -+ const char **first_invalid_escape) -+{ -+ int first_invalid_escape_char; -+ return _PyUnicode_DecodeUnicodeEscapeInternal2( -+ s, size, errors, consumed, -+ &first_invalid_escape_char, -+ first_invalid_escape); -+} -+ - PyObject * - _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, - Py_ssize_t size, - const char *errors, - Py_ssize_t *consumed) - { -- const char *first_invalid_escape; -- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, - consumed, -- &first_invalid_escape); -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) - return NULL; -- if (first_invalid_escape != NULL) { -- unsigned char c = *first_invalid_escape; -- if ('4' <= c && c <= '7') { -+ if (first_invalid_escape_char != -1) { -+ if (first_invalid_escape_char > 0xff) { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, -- "invalid octal escape sequence '\\%.3s'", -- first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -@@ -6319,7 +6344,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, - else { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid escape sequence '\\%c'", -- c) < 0) -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -diff --git a/Parser/string_parser.c b/Parser/string_parser.c -index 8607885f2e46bd..c4c41b07f6b63d 100644 ---- a/Parser/string_parser.c -+++ b/Parser/string_parser.c -@@ -181,15 +181,18 @@ decode_unicode_with_escapes(Parser *parser, const char *s, size_t len, Token *t) - len = p - buf; - s = buf; - -- const char *first_invalid_escape; -- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - - // HACK: later we can simply pass the line no, since we don't preserve the tokens - // when we are decoding the string but we preserve the line numbers. -- if (v != NULL && first_invalid_escape != NULL && t != NULL) { -- if (warn_invalid_escape_sequence(parser, s, first_invalid_escape, t) < 0) { -- /* We have not decref u before because first_invalid_escape points -- inside u. */ -+ if (v != NULL && first_invalid_escape_ptr != NULL && t != NULL) { -+ if (warn_invalid_escape_sequence(parser, s, first_invalid_escape_ptr, t) < 0) { -+ /* We have not decref u before because first_invalid_escape_ptr -+ points inside u. */ - Py_XDECREF(u); - Py_DECREF(v); - return NULL; -@@ -202,14 +205,17 @@ decode_unicode_with_escapes(Parser *parser, const char *s, size_t len, Token *t) - static PyObject * - decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) - { -- const char *first_invalid_escape; -- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) { - return NULL; - } - -- if (first_invalid_escape != NULL) { -- if (warn_invalid_escape_sequence(p, s, first_invalid_escape, t) < 0) { -+ if (first_invalid_escape_ptr != NULL) { -+ if (warn_invalid_escape_sequence(p, s, first_invalid_escape_ptr, t) < 0) { - Py_DECREF(result); - return NULL; - } diff --git a/Python-3.12.10.tar.xz b/Python-3.12.10.tar.xz deleted file mode 100644 index a673e29..0000000 --- a/Python-3.12.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:07ab697474595e06f06647417d3c7fa97ded07afc1a7e4454c5639919b46eaea -size 20520960 diff --git a/Python-3.12.10.tar.xz.asc b/Python-3.12.10.tar.xz.asc deleted file mode 100644 index 8283288..0000000 --- a/Python-3.12.10.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmf1EjJfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwXAwBAAncWm4sMrSvGW4bgyp7bHE0CeaA9ErIq55CmHfigrlxPKQUYVlzj38N7H -MVlpmqZSQ8wqDFy3gN0QeCXBGapxgO2dEcrgy5HxvtktXge25j1f7LvVraSFB9/F -DrOCZr54gVrE/r0242f1JmJQ1BDeMDSUbEYE6fd0xqWYCZ2xpzvYmQG/+6jD5FFC -UE6PYxJlq+rfSawj974//BDhrY4hZ3g0xxyiyhfXBBYMhZO3OzCckrAD5zZOQfNE -y/JK94nVWXLU/Lx3R+L7TvJgJ3ej4ggq5LRwrn09GU5jExwyITh4yUO7i56vbmvx -EtOobQC0RVz/xrsciJ4Gn3zByaO0XPjrGaCOU53nCsNlfJcBQhj2UQpum8CL9S9C -BJPCV4jL+Mo8EL91cJTyX4LqFoAXayMwPS0HKVOvYn33+pmVNe+duY/UjUpG50kw -jdsHbKAthh8QbSIO0VPk4eH3pVEQ3O9aG+3r/puGjPRWG8CMyLbQUVmlj4Sh3/Kh -vh7ydOjzJeuIUhAmFOLLqYG4mah71q1yBXx9jhyxzQSwvyoQaQwgpA+Yn+yB1bXy -ttxp2r4fS0ZvGYB44C1WrAxeKRI+J1z19i1IYMc2bV6SfSBoU9AaJqh2o4dMHHUS -F3Ko4UTyjU4bTfI18dCs2OgUEED6BAe5cs3ZyqDm3zL4fGIgNXs= -=k0VQ ------END PGP SIGNATURE----- diff --git a/Python-3.12.10.tar.xz.sigstore b/Python-3.12.10.tar.xz.sigstore deleted file mode 100644 index edb8a40..0000000 --- a/Python-3.12.10.tar.xz.sigstore +++ /dev/null @@ -1 +0,0 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyDCCAk+gAwIBAgIUV/pqMus1I52YzHj6d8XivxhMQIUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTIxMTIwWhcNMjUwNDA4MTIyMTIwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWygZnqBGHMJ6qn1QvD7+VsHJruX4Z3T9PUzXTmbl/fpD/n1GPY3Mp5pB50d6U2rfpbCSYERgppKvcuykX9qTaaOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUt8+5h4MSS5dk0L9D1ytJzB5Vs7QwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFU/nEwAABAMARjBEAiBIlU/EjElPuHeg0S/ByFOF7MDUsJus2IcrFZ1jOj/D1wIgEugM3UFxN3SFgLU+K9GMo6rciVW+P+9SQxiSrXDydrwwCgYIKoZIzj0EAwMDZwAwZAIwNkqoiOIKLy1qh7S7nijCh3pmS8ol+lP9vR19kzBLU0UseRpk/RHJQKL/aUHdFuOsAjBfHDXC7SC/3/659CBDEDR8tjGHB0wrgTOr3askW3HD70Xjnkgh6FCnrRTb3fLVKCE="}, "tlogEntries": [{"logIndex": "193829212", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744114280", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBIo5pHwogbg/goPtkWgVyz8zFP/olU2b+OU3SrU1TxQIgGh9u+YsN9LPcQTyoa6wCQmcwyEixANgLIfSb9iMDj04="}, "inclusionProof": {"logIndex": "71924950", "rootHash": "UjYqyELsc0qjUIHDSygvBe1JfXf3lGvpJDFvzqH7MWY=", "treeSize": "71924951", "hashes": ["o8iZ18aF/C6mMqtk487ge7PxtY95U6iXJ8aGmYXsDgU=", "Fw/vO9/kdamS2X70S5CmsF2B31S2RUX9ey/YY6DCQdE=", "1SHDD4NA+lqeJ7CG3KQuHpxGYl96AfqFn35U2bXxa2M=", "5yOaWkOXu1U6FhwkSs/Q5LvlfzKaoIDmsjZuCp7d9+o=", "wwcWBqOQyJLSK5Nwv8la9mGM4JTdemmwnHJxjdS2+zM=", "TzNxImLzqcFj7Mw6ijhc3K+oqOOChRwEsN45HmmR5Dg=", "HuWZg7u4+Jt1xi9OThUa81qCPhcfNnk7f65sB+Ydo+4=", "Uhh7+7E3v+7XORukXCZuNmoD2orl9UZRSHY0l4VjPKk=", "3KxPDv8uRtvXjzsH0IV9lZeXU31GVI2JE78JftFzcgM=", "ZiXTzR4fu03x4ORDazcYIvmdsRcp0oLWMY0I0ewiDRw=", "wz8AVqzGBjixNiXtnCb16MFP7zOW54eYx/zJ/1Jey/E=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71924951\nUjYqyELsc0qjUIHDSygvBe1JfXf3lGvpJDFvzqH7MWY=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAcWE2EYs/YqdFFFfYRhXj7zoff3e6rDoGaffPaGnpWBwIgGaYvZPKB8qJLWt1KDBCDbqm7yqfGt7n3dErdPpIi1Xg=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIwN2FiNjk3NDc0NTk1ZTA2ZjA2NjQ3NDE3ZDNjN2ZhOTdkZWQwN2FmYzFhN2U0NDU0YzU2Mzk5MTliNDZlYWVhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURHYVBYbVZicnBHaEFQTS9hQ0VvOXFZWFN1V2hVUWNZOHp1bDVxWEJialpRSWhBTVFnOGpkM01BYm43WUw0Tk9IK1JpUjZaWE5hWStsTGk4K2dzWUNpR25ZRyIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzclowRjNTVUpCWjBsVlZpOXdjVTExY3pGSk5USlpla2hxTm1RNFdHbDJlR2hOVVVsVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZFbDRUVlJKZDFkb1kwNU5hbFYzVGtSQk5FMVVTWGxOVkVsM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZYZVdkYWJuRkNSMGhOU2paeGJqRlJka1EzSzFaelNFcHlkVmcwV2pOVU9WQlZlbGdLVkcxaWJDOW1jRVF2YmpGSFVGa3pUWEExY0VJMU1HUTJWVEp5Wm5CaVExTlpSVkpuY0hCTGRtTjFlV3RZT1hGVVlXRlBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlYwT0NzMUNtZzBUVk5UTldSck1FdzVSREY1ZEVwNlFqVldjemRSZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIVjBaVkwyNUZkMEZCUWtGTlFRcFNha0pGUVdsQ1NXeFZMMFZxUld4UWRVaGxaekJUTDBKNVJrOUdOMDFFVlhOS2RYTXlTV055UmxveGFrOXFMMFF4ZDBsblJYVm5UVE5WUm5oT00xTkdDbWRNVlN0TE9VZE5ielp5WTJsV1Z5dFFLemxUVVhocFUzSllSSGxrY25kM1EyZFpTVXR2V2tsNmFqQkZRWGROUkZwM1FYZGFRVWwzVG10eGIybFBTVXNLVEhreGNXZzNVemR1YVdwRGFETndiVk00YjJ3cmJGQTVkbEl4T1d0NlFreFZNRlZ6WlZKd2F5OVNTRXBSUzB3dllWVklaRVoxVDNOQmFrSm1TRVJZUXdvM1UwTXZNeTgyTlRsRFFrUkZSRkk0ZEdwSFNFSXdkM0puVkU5eU0yRnphMWN6U0VRM01GaHFibXRuYURaR1EyNXlVbFJpTTJaTVZrdERSVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "B6tpdHRZXgbwZkdBfTx/qX3tB6/Bp+RFTFY5kZtG6uo="}, "signature": "MEYCIQDGaPXmVbrpGhAPM/aCEo9qYXSuWhUQcY8zul5qXBbjZQIhAMQg8jd3MAbn7YL4NOH+RiR6ZXNaY+lLi8+gsYCiGnYG"}} diff --git a/Python-3.12.11.tar.xz b/Python-3.12.11.tar.xz new file mode 100644 index 0000000..64fb9b5 --- /dev/null +++ b/Python-3.12.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb +size 20525812 diff --git a/Python-3.12.11.tar.xz.asc b/Python-3.12.11.tar.xz.asc new file mode 100644 index 0000000..0c071fe --- /dev/null +++ b/Python-3.12.11.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmg/MbpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwXySQ/7Ba9qlnTLmxqTCO8C7Gf545WNMBL2Ep6JZPgjOcgNk9e1QdAnNV5OOtGm +gW5nNPSTNNcIcPn058GuI24D4RpTQCJfMbMLsfYgvio0E7ij1gC19PsJHb6ejtCS +H2kK237Y1kuqRUdbTZssFDoAR4R9+UCaDuo4XdW+UKQk2GgdNQDMWLKmWF/Xk6Ob +/LihMXj27mDU9nXVdWR55sJzTFzfGB015vmORvcpuctkf1lZ4AfVFMgGw1CgjRjF +kjrOkrDErjDUQ8BIhMh90deiTpigfg7cg1HBDI6GRzklFg6cMfIdfvmfM0MfamX3 +Tow08TGBzmYXWgrqjYXW6JknKhBGOrjXMB7/yNDk9bJVLcOJaLbOmbcG0WRQF/Py +DMOCvr09l0yt5KFYpdKrDvyCuKYfpX33B4C60kU9JzmfXGyQ6LDTPXapZooJ+8Fg +GRTUsc0YWXoaDVCcxMIdiG+jEMQkjWVwW7E/nC/d7WT5L9KPoYFA1sZ834kKq3jr +NmZynbBnKH7m7L+u6HP6B+pa84FKEME69osAXZk0HJOIHB+SOX3E6BXRo6IV8Q/K +J6f5Ja26gJ7KXcUxTgkTkYh7tz0bhb+WeL3j6N/BC0eK7ZVsKRZ/3WnntGsG5B2m +FjVOYKolfkF4tf63SjdFuudgaKGCaDK1PvfwIr7k0oozxrB2ZEA= +=SYH/ +-----END PGP SIGNATURE----- diff --git a/Python-3.12.11.tar.xz.sigstore b/Python-3.12.11.tar.xz.sigstore new file mode 100644 index 0000000..793b770 --- /dev/null +++ b/Python-3.12.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyzCCAlGgAwIBAgIUYnM19yJLe8BOsB5QSK0ApWs7UFYwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTczMzU5WhcNMjUwNjAzMTc0MzU5WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEorc8E1btqvKxfzhMFNReGMAAH20rdFPI7kk7GPHd6PdKM7voZXQ95LgSzo2plgysqaIgn3em1cFPQ4JDfZj8FqOCAXAwggFsMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUVdDqigJFvvkJ9bwHazqUCUbFWHwwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXNttt1QAABAMASDBGAiEAqqQMp3XA3a5TFLhTtiligp2CQqGlqGE/KfJbdVIQnjUCIQDVOfo4//KX7sZMwYpkhdj7xr/H60oTncyTAQjov+3OTTAKBggqhkjOPQQDAwNoADBlAjEA7RpgIF7whv9DvpnOVavPj4kQxM+gIbCvib3ue2STONKO+JnllxtScT+CypbscLT4AjBQFn7rmkKLgY/lT8YTDf9DqvopFJHXCdlbitQ1imoqOhZqJMEI17CMKMdBcc+BmnU="}, "tlogEntries": [{"logIndex": "228874048", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748972040", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDC8I5uDgetSuD63qAPtlnnW58xKiSIGEX9AOJ5AnzNEgIgGfb+03Lf8DsOb1NkU5UNmPUeURv4bkQTgiZjtSfGJX0="}, "inclusionProof": {"logIndex": "106969786", "rootHash": "i3vbVg/L11/yzRE1My+dx8hKb/mLlOrFShOkXpDwz/o=", "treeSize": "106969787", "hashes": ["1fUlZVjuybf+gadL7+hmmzV88MK0fLFhuT2TIf4ruWE=", "h2PCG2d55a7VHzNH7amIjA/LgNJZQAVba+vKss3pYCc=", "fx5Vsw4rXULuFJQV5sKe1/WI5XEQGzkWHHyU/B1zfYw=", "iqK8b0KpsJULg7aqHgSStaU4dNbgrth5QDarXmEl3To=", "5S2DqBJZbuLio6e9iBmJWALzYi0hcpXFV3Z8ydE2lrA=", "n5MzQvR+waONXmENXriYi92eiz9pa5whuAyHmzyZa9Q=", "S+DrHAWb67kO9sHsAjIJ89A0RLlbeXy6mUvzoKO3dMI=", "JQ9xTJKo/o9IWVV8l4RTm06tpXUcGCeAh8ciAprOIoE=", "pqCD1LoiP58WZ9AfwL1uMRLqmiQQKDHHSdnl+4lB+/0=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n106969787\ni3vbVg/L11/yzRE1My+dx8hKb/mLlOrFShOkXpDwz/o=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiBibpE+dFaiZHUWTGPDNXeNfevho16eXV6wm1qMxN/m3wIhAN3M8Rs699nSFmZYP9sEHy6sNglaGwzKb+Nv8tJU7G7B\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjMzBiYjI0YjdmMWU5YTE5YjExYjU1YTU0NjQzNGY3NGU3MzliYjRjMjcxYTNlM2E4MGZmNDM4MGQ0OWY3YWRiIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQ2piY2JONkNNK1FNbFE4dG1MdkhHbXFuakNrMm9tMmp0WlBsaUdJUWJieUFpQi9wNjAxVTN6RUcxSjFVTk1GWHlCekNhcVhVemhnRTVzVXUwUGFhT2IyelE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVla05EUVd4SFowRjNTVUpCWjBsVldXNU5NVGw1U2t4bE9FSlBjMEkxVVZOTE1FRndWM00zVlVaWmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHTjZUWHBWTlZkb1kwNU5hbFYzVG1wQmVrMVVZekJOZWxVMVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ2Y21NNFJURmlkSEYyUzNobWVtaE5SazVTWlVkTlFVRklNakJ5WkVaUVNUZHJhemNLUjFCSVpEWlFaRXROTjNadldsaFJPVFZNWjFONmJ6SndiR2Q1YzNGaFNXZHVNMlZ0TVdOR1VGRTBTa1JtV21vNFJuRlBRMEZZUVhkblowWnpUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZXWkVSeENtbG5Ta1oyZG10S09XSjNTR0Y2Y1ZWRFZXSkdWMGgzZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIweENaMjl5UW1kRlJVRmtXalZCWjFGRFFrZ3dSV1YzUWpVS1FVaGpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIV0U1MGRIUXhVVUZCUWtGTlFRcFRSRUpIUVdsRlFYRnhVVTF3TTFoQk0yRTFWRVpNYUZSMGFXeHBaM0F5UTFGeFIyeHhSMFV2UzJaS1ltUldTVkZ1YWxWRFNWRkVWazltYnpRdkwwdFlDamR6V2sxM1dYQnJhR1JxTjNoeUwwZzJNRzlVYm1ONVZFRlJhbTkyS3pOUFZGUkJTMEpuWjNGb2EycFBVRkZSUkVGM1RtOUJSRUpzUVdwRlFUZFNjR2NLU1VZM2QyaDJPVVIyY0c1UFZtRjJVR28wYTFGNFRTdG5TV0pEZG1saU0zVmxNbE5VVDA1TFR5dEtibXhzZUhSVFkxUXJRM2x3WW5OalRGUTBRV3BDVVFwR2JqZHliV3RMVEdkWkwyeFVPRmxVUkdZNVJIRjJiM0JHU2toWVEyUnNZbWwwVVRGcGJXOXhUMmhhY1VwTlJVa3hOME5OUzAxa1FtTmpLMEp0YmxVOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "wwuyS38emhmxG1WlRkNPdOc5u0wnGj46gP9DgNSfets="}, "signature": "MEQCICjbcbN6CM+QMlQ8tmLvHGmqnjCk2om2jtZPliGIQbbyAiB/p601U3zEG1J1UNMFXyBzCaqXUzhgE5sUu0PaaOb2zQ=="}} diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 836b0f5..cacfcc3 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,11 +3,9 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) -Index: Python-3.12.10/Doc/using/configure.rst -=================================================================== ---- Python-3.12.10.orig/Doc/using/configure.rst 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Doc/using/configure.rst 2025-04-11 21:16:27.319169087 +0200 -@@ -640,13 +640,11 @@ +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -640,13 +640,11 @@ macOS Options See ``Mac/README.rst``. @@ -21,11 +19,9 @@ Index: Python-3.12.10/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.12.10/Misc/NEWS -=================================================================== ---- Python-3.12.10.orig/Misc/NEWS 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Misc/NEWS 2025-04-11 21:16:27.326169052 +0200 -@@ -15106,7 +15106,7 @@ +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -15146,7 +15146,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python312.changes b/python312.changes index 2670871..e22afaa 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Mon Jun 9 19:41:07 UTC 2025 - Matej Cepl + +- Update to 3.12.11: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") to be + bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - CVE-2025-4516-DecodeError-handler.patch + ------------------------------------------------------------------- Fri May 16 13:44:12 UTC 2025 - Matej Cepl @@ -1218,7 +1248,7 @@ Wed Aug 7 18:05:57 UTC 2024 - Matej Cepl ------------------------------------------------------------------- Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl - + - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz @@ -1859,7 +1889,7 @@ Mon Feb 12 13:32:43 UTC 2024 - Matej Cepl indicate the parsing error (old API). Add an optional 'strict' parameter to getaddresses() and parseaddr() functions. Patch by Thomas Dwyer. - + ------------------------------------------------------------------- Thu Feb 8 07:08:51 UTC 2024 - Daniel Garcia @@ -2937,7 +2967,7 @@ Wed Sep 20 07:14:17 UTC 2023 - Daniel Garcia ------------------------------------------------------------------- Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller -- restrict PEP668 to ALP/Tumbleweed +- restrict PEP668 to ALP/Tumbleweed ------------------------------------------------------------------- Mon Aug 7 07:31:27 UTC 2023 - Daniel Garcia @@ -4470,7 +4500,7 @@ Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik - Add patch support-expat-245.patch: - * Support Expat >= 2.4.5 + * Support Expat >= 2.4.5 ------------------------------------------------------------------- Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl @@ -4660,7 +4690,7 @@ Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl ------------------------------------------------------------------- Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller -- allow build with Sphinx >= 3.x +- allow build with Sphinx >= 3.x ------------------------------------------------------------------- Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák @@ -5212,7 +5242,7 @@ Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner - Last try before this results in an editwar: - * remove importlib_resources and importlib-metadata + * remove importlib_resources and importlib-metadata provides/obsoletes * import importlib_resources is not the same as import importlib.resources, same for metadata @@ -5329,54 +5359,54 @@ Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer - Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream - Removed recursion.tar: contained in upstream - Update to 3.9.0b5: - - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801). - bpo-41162: Audit hooks are now cleared later during finalization to avoid missing events. - - bpo-29778: Ensure python3.dll is loaded from correct locations + - bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523). - - bpo-39603: Prevent http header injection by rejecting control + - bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…). - bpo-41295: Resolve a regression in CPython 3.8.4 where defining - “__setattr__” in a multi-inheritance setup and + “__setattr__” in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types. - - bpo-41247: Always cache the running loop holder when running + - bpo-41247: Always cache the running loop holder when running asyncio.set_running_loop. - - bpo-41252: Fix incorrect refcounting in + - bpo-41252: Fix incorrect refcounting in _ssl.c’s _servername_callback(). - - bpo-41215: Use non-NULL default values in the PEG parser + - bpo-41215: Use non-NULL default values in the PEG parser keyword list to overcome a bug that was ' preventing Python from being properly compiled when using the XLC compiler. Patch by Pablo Galindo. - - bpo-41218: Python 3.8.3 had a regression where compiling with - ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would aggressively mark list comprehension with CO_COROUTINE. Now only list comprehension making use of async/await will tagged as so. - - bpo-41175: Guard against a NULL pointer dereference within + - bpo-41175: Guard against a NULL pointer dereference within bytearrayobject triggered by the bytearray() + bytearray() operation. - - bpo-39960: The “hackcheck” that prevents sneaking around a type’s - __setattr__() by calling the superclass method was + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was rewritten to allow C implemented heap types. - - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. - - bpo-39017: Avoid infinite loop when reading specially crafted + - bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). - - bpo-41207: In distutils.spawn, restore expectation that + - bpo-41207: In distutils.spawn, restore expectation that DistutilsExecError is raised when the command is not found. - bpo-39168: Remove the __new__ method of typing.Generic. - - bpo-41194: Fix a crash in the _ast module: it can no longer be + - bpo-41194: Fix a crash in the _ast module: it can no longer be loaded more than once. It now uses a global state rather than a module state. - - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a null string. - - bpo-41300: Save files with non-ascii chars. + - bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4. - - bpo-37765: Add keywords to module name completion list. + - bpo-37765: Add keywords to module name completion list. Rewrite Completions section of IDLE doc. - - bpo-40170: Revert PyType_HasFeature() change: it reads - again directly the PyTypeObject.tp_flags - member when the limited C API is not used, rather than always calling + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling PyType_GetFlags() which hides implementation details. ------------------------------------------------------------------- @@ -5897,7 +5927,7 @@ Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl pickling costs between processes - typed_ast is merged back to CPython - LOAD_GLOBAL is now 40% faster - - pickle now uses Protocol 4 by default, improving performance + - pickle now uses Protocol 4 by default, improving performance - Remove patches which were included in the upstream: - 00251-change-user-install-location.patch - 00316-mark-bdist_wininst-unsupported.patch @@ -6042,7 +6072,7 @@ Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com - Upgrade to 3.7.2rc1: * bugfix release, for the full list of all changes see - https://docs.python.org/3.7/whatsnew/changelog.html#changelog + https://docs.python.org/3.7/whatsnew/changelog.html#changelog - Make run of the test suite more verbose ------------------------------------------------------------------- @@ -6469,7 +6499,7 @@ Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com - Add 0001-allow-for-reproducible-builds-of-python-packages.patch - upstream https://github.com/python/cpython/pull/296 + upstream https://github.com/python/cpython/pull/296 ------------------------------------------------------------------- Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com @@ -6535,7 +6565,7 @@ Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com - Add Python-3.5.1-fix_lru_cache_copying.patch Fix copying the lru_cache() wrapper object. - Fixes deep-copying lru_cache regression, which worked on + Fixes deep-copying lru_cache regression, which worked on previous versions of python but fails on python 3.5. This fixes a bunch of packages in devel:languages:python3. See: https://bugs.python.org/issue25447 @@ -6673,7 +6703,7 @@ Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com ------------------------------------------------------------------- Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org -- Only pkgconfig(x11) is required for build, not the whole +- Only pkgconfig(x11) is required for build, not the whole set of packages provided by xorg-x11-devel metapackage. ------------------------------------------------------------------- @@ -6733,7 +6763,7 @@ Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com ------------------------------------------------------------------- Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com -- remove blacklisting of test_posix on aarch64: qemu bug is fixed +- remove blacklisting of test_posix on aarch64: qemu bug is fixed ------------------------------------------------------------------- Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com @@ -6836,7 +6866,7 @@ Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com ------------------------------------------------------------------- Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org -- build with -DOPENSSL_LOAD_CONF for the same reasons +- build with -DOPENSSL_LOAD_CONF for the same reasons described in the python2 package. ------------------------------------------------------------------- @@ -6848,7 +6878,7 @@ Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com ------------------------------------------------------------------- Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com -- Exclue test_faulthandler from tests on powerpc due to bnc#831629 +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 ------------------------------------------------------------------- Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com @@ -6907,7 +6937,7 @@ Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com - add ctypes-libffi-aarch64.patch: * import aarch64 support for libffi in _ctypes module -- add aarch64 to the list of lib64 based archs +- add aarch64 to the list of lib64 based archs - add movetogetdents64.diff: * port to getdents64, as SYS_getdents is not implemented everywhere @@ -6961,9 +6991,9 @@ Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com ------------------------------------------------------------------- Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com -- exclude test_math for SLE 11; math library fails on negative +- exclude test_math for SLE 11; math library fails on negative gamma function values close to integers and 0, probably - due to imprecision in -lm on SLE_11_SP2. + due to imprecision in -lm on SLE_11_SP2. ------------------------------------------------------------------- Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com @@ -6987,7 +7017,7 @@ Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com ------------------------------------------------------------------- Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com -- Correct dependency for python3-testsuite, +- Correct dependency for python3-testsuite, python3-tkinter -> python3-tk ------------------------------------------------------------------- @@ -7020,7 +7050,7 @@ Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com ------------------------------------------------------------------- Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com -- skip test_io on ppc +- skip test_io on ppc - drop test_io ppc patch ------------------------------------------------------------------- @@ -7069,8 +7099,8 @@ Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com ------------------------------------------------------------------- Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com -- Use system ffi, included one is broken see - http://bugs.python.org/issue11729 and +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and http://bugs.python.org/issue12081 ------------------------------------------------------------------- diff --git a/python312.spec b/python312.spec index 48af8a9..17fba23 100644 --- a/python312.spec +++ b/python312.spec @@ -118,7 +118,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.12.10 +Version: 3.12.11 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -184,9 +184,6 @@ Patch41: docs-docutils_014-Sphinx_420.patch # PATCH-FIX-SLE doc-py38-to-py36.patch mcepl@suse.com # Make documentation extensions working with Python 3.6 Patch44: doc-py38-to-py36.patch -# PATCH-FIX-UPSTREAM CVE-2025-4516-DecodeError-handler.patch bsc#1243273 mcepl@suse.com -# patch from gh#python/cpython!134337 -Patch45: CVE-2025-4516-DecodeError-handler.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes