diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch
index 1ced142..6d74e95 100644
--- a/CVE-2023-27043-email-parsing-errors.patch
+++ b/CVE-2023-27043-email-parsing-errors.patch
@@ -5,10 +5,8 @@
Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8
4 files changed, 344 insertions(+), 21 deletions(-)
-Index: Python-3.11.8/Doc/library/email.utils.rst
-===================================================================
---- Python-3.11.8.orig/Doc/library/email.utils.rst
-+++ Python-3.11.8/Doc/library/email.utils.rst
+--- a/Doc/library/email.utils.rst
++++ b/Doc/library/email.utils.rst
@@ -60,13 +60,18 @@ of the new API.
begins with angle brackets, they are stripped off.
@@ -58,10 +56,8 @@ Index: Python-3.11.8/Doc/library/email.utils.rst
.. function:: parsedate(date)
-Index: Python-3.11.8/Lib/email/utils.py
-===================================================================
---- Python-3.11.8.orig/Lib/email/utils.py
-+++ Python-3.11.8/Lib/email/utils.py
+--- a/Lib/email/utils.py
++++ b/Lib/email/utils.py
@@ -48,6 +48,7 @@ TICK = "'"
specialsre = re.compile(r'[][\\()<>@,:;".]')
escapesre = re.compile(r'[\\"]')
@@ -241,10 +237,8 @@ Index: Python-3.11.8/Lib/email/utils.py
return addrs[0]
-Index: Python-3.11.8/Lib/test/test_email/test_email.py
-===================================================================
---- Python-3.11.8.orig/Lib/test/test_email/test_email.py
-+++ Python-3.11.8/Lib/test/test_email/test_email.py
+--- a/Lib/test/test_email/test_email.py
++++ b/Lib/test/test_email/test_email.py
@@ -17,6 +17,7 @@ from unittest.mock import patch
import email
@@ -253,7 +247,7 @@ Index: Python-3.11.8/Lib/test/test_email/test_email.py
from email.charset import Charset
from email.generator import Generator, DecodedGenerator, BytesGenerator
-@@ -3321,15 +3322,137 @@ Foo
+@@ -3336,15 +3337,137 @@ Foo
[('Al Person', 'aperson@dom.ain'),
('Bud Person', 'bperson@dom.ain')])
@@ -399,7 +393,7 @@ Index: Python-3.11.8/Lib/test/test_email/test_email.py
def test_getaddresses_embedded_comment(self):
"""Test proper handling of a nested comment"""
-@@ -3520,6 +3643,54 @@ multipart/report
+@@ -3535,6 +3658,54 @@ multipart/report
m = cls(*constructor, policy=email.policy.default)
self.assertIs(m.policy, email.policy.default)
@@ -454,10 +448,8 @@ Index: Python-3.11.8/Lib/test/test_email/test_email.py
# Test the iterator/generators
class TestIterators(TestEmailBase):
-Index: Python-3.11.8/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
-===================================================================
--- /dev/null
-+++ Python-3.11.8/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
@@ -0,0 +1,8 @@
+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
+return ``('', '')`` 2-tuples in more situations where invalid email
diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch
index 6238018..7c9bb82 100644
--- a/CVE-2023-52425-libexpat-2.6.0-backport.patch
+++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch
@@ -1,9 +1,10 @@
---
- Lib/test/support/__init__.py | 9 ++++++++-
- Lib/test/test_pyexpat.py | 8 ++++----
+ Lib/test/support/__init__.py | 16 ++++++++++++++--
+ Lib/test/test_minidom.py | 23 +++++++++--------------
+ Lib/test/test_pyexpat.py | 14 +++++++-------
Lib/test/test_sax.py | 18 +++++++++---------
- Lib/test/test_xml_etree.py | 12 +++++-------
- 4 files changed, 26 insertions(+), 21 deletions(-)
+ Lib/test/test_xml_etree.py | 12 ------------
+ 5 files changed, 39 insertions(+), 44 deletions(-)
--- a/Lib/test/support/__init__.py
+++ b/Lib/test/support/__init__.py
@@ -20,20 +21,75 @@
"ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST",
"LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT",
- "skip_on_s390x",
-+ "skip_on_s390x", "fails_with_expat_2_6_0"
++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0"
]
-@@ -2243,3 +2244,9 @@ def copy_python_src_ignore(path, names):
- #Windows doesn't have os.uname() but it doesn't support s390x.
+@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names):
+ }
+ return ignored
+
+-#Windows doesn't have os.uname() but it doesn't support s390x.
++
++# Windows doesn't have os.uname() but it doesn't support s390x.
skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x',
'skipped on s390x')
+
+
-+_null_pyexpat_parser=pyexpat.ParserCreate()
++@functools.lru_cache
++def _is_expat_2_6_0():
++ return hasattr(pyexpat.ParserCreate(), 'GetReparseDeferralEnabled')
++is_expat_2_6_0 = _is_expat_2_6_0()
++
+fails_with_expat_2_6_0 = (unittest.expectedFailure
-+ if hasattr(_null_pyexpat_parser, 'GetReparseDeferralEnabled') else
-+ lambda test: test)
++ if is_expat_2_6_0
++ else lambda test: test)
+--- a/Lib/test/test_minidom.py
++++ b/Lib/test/test_minidom.py
+@@ -6,7 +6,6 @@ import io
+ from test import support
+ import unittest
+
+-import pyexpat
+ import xml.dom.minidom
+
+ from xml.dom.minidom import parse, Attr, Node, Document, parseString
+@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase):
+
+ # Verify that character decoding errors raise exceptions instead
+ # of crashing
+- if pyexpat.version_info >= (2, 4, 5):
+- self.assertRaises(ExpatError, parseString,
+- b'')
+- self.assertRaises(ExpatError, parseString,
+- b'Comment \xe7a va ? Tr\xe8s bien ?')
+- else:
+- self.assertRaises(UnicodeDecodeError, parseString,
++ # It doesn’t make any sense to insist on the exact text of the
++ # error message, or even the exact Exception … it is enough that
++ # the error has been discovered.
++ with self.assertRaises((UnicodeDecodeError, ExpatError)):
++ parseString(
+ b'Comment \xe7a va ? Tr\xe8s bien ?')
+
+ doc.unlink()
+@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase):
+ self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
+
+ def testExceptionOnSpacesInXMLNSValue(self):
+- if pyexpat.version_info >= (2, 4, 5):
+- context = self.assertRaisesRegex(ExpatError, 'syntax error')
+- else:
+- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
+-
+- with context:
++ # It doesn’t make any sense to insist on the exact text of the
++ # error message, or even the exact Exception … it is enough that
++ # the error has been discovered.
++ with self.assertRaises((ExpatError, ValueError)):
+ parseString('')
+
+ def testDocRemoveChild(self):
--- a/Lib/test/test_pyexpat.py
+++ b/Lib/test/test_pyexpat.py
@@ -14,8 +14,7 @@ from test.support import os_helper
@@ -42,23 +98,30 @@
-from test.support import sortdict, is_emscripten, is_wasi
-
-+from test.support import sortdict, is_emscripten, is_wasi, fails_with_expat_2_6_0
++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0
class SetAttributeTest(unittest.TestCase):
def setUp(self):
-@@ -793,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC
+@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC
+ self.assertIs(parser.GetReparseDeferralEnabled(), enabled)
- self.assertEqual(started, ['doc'])
+ def test_reparse_deferral_enabled(self):
+- if expat.version_info < (2, 6, 0):
+- self.skipTest(f'Expat {expat.version_info} does not '
+- 'support reparse deferral')
++ if not is_expat_2_6_0:
++ self.skipTest("Linked libexpat doesn't support reparse deferral")
-+ @fails_with_expat_2_6_0
- def test_reparse_deferral_disabled(self):
started = []
-@@ -800,9 +800,9 @@ class ReparseDeferralTest(unittest.TestC
+@@ -799,10 +797,12 @@ class ReparseDeferralTest(unittest.TestC
+ def start_element(name, _):
started.append(name)
++ if not is_expat_2_6_0:
++ self.skipTest("Linked libexpat doesn't support reparse deferral")
++
parser = expat.ParserCreate()
-+ self.assertTrue(hasattr(parser, 'GetReparseDeferralEnabled'))
parser.StartElementHandler = start_element
- if expat.version_info >= (2, 6, 0):
- parser.SetReparseDeferralEnabled(False)
@@ -79,47 +142,41 @@
import urllib.request
-from test.support import os_helper
-from test.support import findfile
-+from test.support import os_helper, findfile, fails_with_expat_2_6_0
++from test.support import os_helper, findfile, is_expat_2_6_0
from test.support.os_helper import FakePath, TESTFN
-@@ -1215,9 +1213,7 @@ class ExpatReaderTest(XmlTestBase):
+@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase):
self.assertEqual(result.getvalue(), start + b"text")
- @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
- f'Expat {pyexpat.version_info} does not '
- 'support reparse deferral')
-+ @fails_with_expat_2_6_0
def test_flush_reparse_deferral_enabled(self):
++ if not is_expat_2_6_0:
++ self.skipTest("Linked libexpat doesn't support reparse deferral")
++
result = BytesIO()
xmlgen = XMLGenerator(result)
-@@ -1227,6 +1223,8 @@ class ExpatReaderTest(XmlTestBase):
- for chunk in (""):
- parser.feed(chunk)
-
-+ self.assertTrue(hasattr(parser._parser, 'GetReparseDeferralEnabled'))
-+
- self.assertEqual(result.getvalue(), start) # i.e. no elements started
- self.assertTrue(parser._parser.GetReparseDeferralEnabled())
-
-@@ -1240,6 +1238,7 @@ class ExpatReaderTest(XmlTestBase):
-
+ parser = create_parser()
+@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase):
self.assertEqual(result.getvalue(), start + b"")
-+ @fails_with_expat_2_6_0
def test_flush_reparse_deferral_disabled(self):
++ if not is_expat_2_6_0:
++ self.skipTest("Linked libexpat doesn't support reparse deferral")
++
result = BytesIO()
xmlgen = XMLGenerator(result)
-@@ -1249,9 +1248,10 @@ class ExpatReaderTest(XmlTestBase):
+ parser = create_parser()
+@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase):
for chunk in (""):
parser.feed(chunk)
- if pyexpat.version_info >= (2, 6, 0):
- parser._parser.SetReparseDeferralEnabled(False)
- self.assertEqual(result.getvalue(), start) # i.e. no elements started
-+ self.assertTrue(hasattr(parser._parser, 'SetReparseDeferralEnabled'))
-+
+ parser._parser.SetReparseDeferralEnabled(False)
+ self.assertEqual(result.getvalue(), start) # i.e. no elements started
@@ -135,45 +192,30 @@
import sys
import textwrap
import types
-@@ -26,7 +25,7 @@ from itertools import product, islice
- from test import support
- from test.support import os_helper
- from test.support import warnings_helper
--from test.support import findfile, gc_collect, swap_attr, swap_item
-+from test.support import findfile, gc_collect, swap_attr, swap_item, fails_with_expat_2_6_0
- from test.support.import_helper import import_fresh_module
- from test.support.os_helper import TESTFN
-
-@@ -1424,9 +1423,11 @@ class XMLPullParserTest(unittest.TestCas
+@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas
self.assert_event_tags(parser, [('end', 'root')])
self.assertIsNone(parser.close())
-+ @fails_with_expat_2_6_0
- def test_simple_xml_chunk_1(self):
- self.test_simple_xml(chunk_size=1, flush=True)
+- def test_simple_xml_chunk_1(self):
+- self.test_simple_xml(chunk_size=1, flush=True)
+-
+- def test_simple_xml_chunk_5(self):
+- self.test_simple_xml(chunk_size=5, flush=True)
+-
+ def test_simple_xml_chunk_22(self):
+ self.test_simple_xml(chunk_size=22)
-+ @fails_with_expat_2_6_0
- def test_simple_xml_chunk_5(self):
- self.test_simple_xml(chunk_size=5, flush=True)
-
-@@ -1627,9 +1628,7 @@ class XMLPullParserTest(unittest.TestCas
+@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas
with self.assertRaises(ValueError):
ET.XMLPullParser(events=('start', 'end', 'bogus'))
- @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
- f'Expat {pyexpat.version_info} does not '
- 'support reparse deferral')
-+ @fails_with_expat_2_6_0
def test_flush_reparse_deferral_enabled(self):
parser = ET.XMLPullParser(events=('start', 'end'))
-@@ -1651,13 +1650,12 @@ class XMLPullParserTest(unittest.TestCas
-
- self.assert_event_tags(parser, [('end', 'doc')])
-
-+ @fails_with_expat_2_6_0
- def test_flush_reparse_deferral_disabled(self):
- parser = ET.XMLPullParser(events=('start', 'end'))
+@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas
for chunk in (""):
parser.feed(chunk)
diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch
index 2fabf1b..9fa2590 100644
--- a/fix_configure_rst.patch
+++ b/fix_configure_rst.patch
@@ -3,11 +3,9 @@
Misc/NEWS | 2 +-
2 files changed, 1 insertion(+), 4 deletions(-)
-Index: Python-3.11.8/Doc/using/configure.rst
-===================================================================
---- Python-3.11.8.orig/Doc/using/configure.rst
-+++ Python-3.11.8/Doc/using/configure.rst
-@@ -41,7 +41,6 @@ General Options
+--- a/Doc/using/configure.rst
++++ b/Doc/using/configure.rst
+@@ -43,7 +43,6 @@ General Options
See :data:`sys.int_info.bits_per_digit `.
@@ -15,7 +13,7 @@ Index: Python-3.11.8/Doc/using/configure.rst
.. option:: --with-cxx-main=COMPILER
Compile the Python ``main()`` function and link Python executable with C++
-@@ -527,13 +526,11 @@ macOS Options
+@@ -529,13 +528,11 @@ macOS Options
See ``Mac/README.rst``.
@@ -29,11 +27,9 @@ Index: Python-3.11.8/Doc/using/configure.rst
.. option:: --enable-framework=INSTALLDIR
Create a Python.framework rather than a traditional Unix install. Optional
-Index: Python-3.11.8/Misc/NEWS
-===================================================================
---- Python-3.11.8.orig/Misc/NEWS
-+++ Python-3.11.8/Misc/NEWS
-@@ -9411,7 +9411,7 @@ C API
+--- a/Misc/NEWS
++++ b/Misc/NEWS
+@@ -9768,7 +9768,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`limited-api-list` now shows the public name
diff --git a/python311.changes b/python311.changes
index 5bcc5da..14ea885 100644
--- a/python311.changes
+++ b/python311.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed May 1 08:39:08 UTC 2024 - Matej Cepl
+
+- Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it
+ uses features sniffing, not just comparing version
+ number. Include also support-expat-CVE-2022-25236-patched.patch.
+- Refresh patches:
+ - CVE-2023-27043-email-parsing-errors.patch
+ - fix_configure_rst.patch
+ - skip_if_buildbot-extend.patch
+- Remove included patch:
+ - support-expat-CVE-2022-25236-patched.patch
+
-------------------------------------------------------------------
Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia
diff --git a/python311.spec b/python311.spec
index e5c3514..effbb92 100644
--- a/python311.spec
+++ b/python311.spec
@@ -155,9 +155,6 @@ Patch10: skip-test_pyobject_freed_is_freed.patch
# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com
# remove duplicate link targets and make documentation with old Sphinx in SLE
Patch11: fix_configure_rst.patch
-# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
-# Makes Python resilient to changes of API of libexpat
-Patch12: support-expat-CVE-2022-25236-patched.patch
# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com
# Skip test_freeze_simple_script
Patch13: skip_if_buildbot-extend.patch
@@ -429,7 +426,6 @@ other applications.
%patch -p1 -P 10
%patch -p1 -P 11
-%patch -p1 -P 12
%patch -p1 -P 13
%patch -p1 -P 14
%patch -p1 -P 15
diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch
index 55a1b60..fd9a584 100644
--- a/skip_if_buildbot-extend.patch
+++ b/skip_if_buildbot-extend.patch
@@ -2,11 +2,9 @@
Lib/test/support/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: Python-3.11.8/Lib/test/support/__init__.py
-===================================================================
---- Python-3.11.8.orig/Lib/test/support/__init__.py
-+++ Python-3.11.8/Lib/test/support/__init__.py
-@@ -383,7 +383,7 @@ def skip_if_buildbot(reason=None):
+--- a/Lib/test/support/__init__.py
++++ b/Lib/test/support/__init__.py
+@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None):
if not reason:
reason = 'not suitable for buildbots'
try:
diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch
deleted file mode 100644
index d6fbad9..0000000
--- a/support-expat-CVE-2022-25236-patched.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Mon, 21 Feb 2022 08:16:09 -0800
-Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
- (GH-31472)
-
-Curly brackets were never allowed in namespace URIs
-according to RFC 3986, and so-called namespace-validating
-XML parsers have the right to reject them a invalid URIs.
-
-libexpat >=2.4.5 has become strcter in that regard due to
-related security issues; with ET.XML instantiating a
-namespace-aware parser under the hood, this test has no
-future in CPython.
-
-References:
-- https://datatracker.ietf.org/doc/html/rfc3968
-- https://www.w3.org/TR/xml-names/
-
-Also, test_minidom.py: Support Expat >=2.4.5
-(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
-
-Co-authored-by: Sebastian Pipping
----
- Lib/test/test_minidom.py | 23 +++++++++--------------
- 1 file changed, 9 insertions(+), 14 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
-
-Index: Python-3.11.8/Lib/test/test_minidom.py
-===================================================================
---- Python-3.11.8.orig/Lib/test/test_minidom.py
-+++ Python-3.11.8/Lib/test/test_minidom.py
-@@ -6,7 +6,6 @@ import io
- from test import support
- import unittest
-
--import pyexpat
- import xml.dom.minidom
-
- from xml.dom.minidom import parse, Attr, Node, Document, parseString
-@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase):
-
- # Verify that character decoding errors raise exceptions instead
- # of crashing
-- if pyexpat.version_info >= (2, 4, 5):
-- self.assertRaises(ExpatError, parseString,
-- b'')
-- self.assertRaises(ExpatError, parseString,
-- b'Comment \xe7a va ? Tr\xe8s bien ?')
-- else:
-- self.assertRaises(UnicodeDecodeError, parseString,
-+ # It doesn’t make any sense to insist on the exact text of the
-+ # error message, or even the exact Exception … it is enough that
-+ # the error has been discovered.
-+ with self.assertRaises((UnicodeDecodeError, ExpatError)):
-+ parseString(
- b'Comment \xe7a va ? Tr\xe8s bien ?')
-
- doc.unlink()
-@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase):
- self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
-
- def testExceptionOnSpacesInXMLNSValue(self):
-- if pyexpat.version_info >= (2, 4, 5):
-- context = self.assertRaisesRegex(ExpatError, 'syntax error')
-- else:
-- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
--
-- with context:
-+ # It doesn’t make any sense to insist on the exact text of the
-+ # error message, or even the exact Exception … it is enough that
-+ # the error has been discovered.
-+ with self.assertRaises((ExpatError, ValueError)):
- parseString('')
-
- def testDocRemoveChild(self):