From 951fa01e4b25bb26ef71db1b89cdd3256c1d201f2d8c94ea36934510ca40dd68 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 15 Feb 2024 14:36:25 +0000 Subject: [PATCH] Accepting request 1146817 from home:dgarcia:branches:devel:languages:python:Factory - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115289 OBS-URL: https://build.opensuse.org/request/show/1146817 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=110 --- libexpat260.patch | 107 ++++++++++++++++++++++++++++++++++++++++++++++ python310.changes | 6 +++ python310.spec | 34 ++++++++------- 3 files changed, 132 insertions(+), 15 deletions(-) create mode 100644 libexpat260.patch diff --git a/libexpat260.patch b/libexpat260.patch new file mode 100644 index 0000000..bd4b4b3 --- /dev/null +++ b/libexpat260.patch @@ -0,0 +1,107 @@ +From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Sun, 11 Feb 2024 12:08:39 +0200 +Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 + (GH-115164) + +Feeding the parser by too small chunks defers parsing to prevent +CVE-2023-52425. Future versions of Expat may be more reactive. +(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) + +Co-authored-by: Serhiy Storchaka +--- + Lib/test/test_xml_etree.py | 58 ++++++++++++------- + ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 + + 2 files changed, 38 insertions(+), 22 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst + +Index: Python-3.10.13/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.10.13.orig/Lib/test/test_xml_etree.py ++++ Python-3.10.13/Lib/test/test_xml_etree.py +@@ -13,6 +13,7 @@ import itertools + import operator + import os + import pickle ++import pyexpat + import sys + import textwrap + import types +@@ -120,6 +121,10 @@ ATTLIST_XML = """\ + + """ + ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if pyexpat.version_info >= (2, 6, 0) else ++ lambda test: test) ++ + def checkwarnings(*filters, quiet=False): + def decorator(test): + def newtest(*args, **kwargs): +@@ -1396,28 +1401,37 @@ class XMLPullParserTest(unittest.TestCas + self.assertEqual([(action, elem.tag) for action, elem in events], + expected) + +- def test_simple_xml(self): +- for chunk_size in (None, 1, 5): +- with self.subTest(chunk_size=chunk_size): +- parser = ET.XMLPullParser() +- self.assert_event_tags(parser, []) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, []) +- self._feed(parser, +- "\n text\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'element')]) +- self._feed(parser, "texttail\n", chunk_size) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [ +- ('end', 'element'), +- ('end', 'empty-element'), +- ]) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'root')]) +- self.assertIsNone(parser.close()) ++ def test_simple_xml(self, chunk_size=None): ++ parser = ET.XMLPullParser() ++ self.assert_event_tags(parser, []) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, []) ++ self._feed(parser, ++ "\n text\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'element')]) ++ self._feed(parser, "texttail\n", chunk_size) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [ ++ ('end', 'element'), ++ ('end', 'empty-element'), ++ ]) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'root')]) ++ self.assertIsNone(parser.close()) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_1(self): ++ self.test_simple_xml(chunk_size=1) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_5(self): ++ self.test_simple_xml(chunk_size=5) ++ ++ def test_simple_xml_chunk_22(self): ++ self.test_simple_xml(chunk_size=22) + + def test_feed_while_iterating(self): + parser = ET.XMLPullParser() +Index: Python-3.10.13/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +=================================================================== +--- /dev/null ++++ Python-3.10.13/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +@@ -0,0 +1,2 @@ ++Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat ++2.6.0. diff --git a/python310.changes b/python310.changes index c9cbc46..1807d2a 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + ------------------------------------------------------------------- Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl diff --git a/python310.spec b/python310.spec index 8d20d2b..b214c0f 100644 --- a/python310.spec +++ b/python310.spec @@ -191,6 +191,9 @@ Patch40: CVE-2023-27043-email-parsing-errors.patch # * gh#python/cpython#104221 # * gh#python/cpython#107246 Patch42: fix-sphinx-72.patch +# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289 +# Fix tests for XMLPullParser with Expat 2.6.0 +Patch43: libexpat260.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -449,23 +452,24 @@ other applications. %prep %setup -q -n %{tarname} -%patch02 -p1 -%patch06 -p1 -%patch07 -p1 -%patch08 -p1 -%patch09 -p1 -%patch15 -p1 -%patch29 -p1 +%patch -P 02 -p1 +%patch -P 06 -p1 +%patch -P 07 -p1 +%patch -P 08 -p1 +%patch -P 09 -p1 +%patch -P 15 -p1 +%patch -P 29 -p1 %if 0%{?sle_version} && 0%{?sle_version} <= 150300 -%patch33 -p1 -%patch34 -p1 +%patch -P 33 -p1 +%patch -P 34 -p1 %endif -%patch35 -p1 -%patch36 -p1 -%patch38 -p1 -%patch39 -p1 -%patch40 -p1 -%patch42 -p1 +%patch -P 35 -p1 +%patch -P 36 -p1 +%patch -P 38 -p1 +%patch -P 39 -p1 +%patch -P 40 -p1 +%patch -P 42 -p1 +%patch -P 43 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac