SHA256
1
0
forked from pool/python312

Accepting request 1168530 from home:dgarcia:branches:devel:languages:python:Factory

- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number,
  just in 15.6.
- Drop libexpat260.patch, not needed anymore. This patch is merged
  with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep
  working on 15.6.
- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.

OBS-URL: https://build.opensuse.org/request/show/1168530
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=45
This commit is contained in:
Matej Cepl 2024-04-17 21:21:31 +00:00 committed by Git OBS Bridge
parent 2cda1ab826
commit 781fdc451d
5 changed files with 118 additions and 54 deletions

View File

@ -0,0 +1,67 @@
Index: Python-3.12.3/Lib/test/test_xml_etree.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_xml_etree.py
+++ Python-3.12.3/Lib/test/test_xml_etree.py
@@ -121,6 +121,11 @@ ATTLIST_XML = """\
</foo>
"""
+IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600"
+fails_with_expat_2_6_0 = (unittest.expectedFailure
+ # 2.4 version patched in SLE
+ if IS_SLE_15_6 and pyexpat.version_info >= (2, 4, 0) else
+ lambda test: test)
def checkwarnings(*filters, quiet=False):
def decorator(test):
def newtest(*args, **kwargs):
@@ -1424,9 +1429,11 @@ class XMLPullParserTest(unittest.TestCas
self.assert_event_tags(parser, [('end', 'root')])
self.assertIsNone(parser.close())
+ @fails_with_expat_2_6_0
def test_simple_xml_chunk_1(self):
self.test_simple_xml(chunk_size=1, flush=True)
+ @fails_with_expat_2_6_0
def test_simple_xml_chunk_5(self):
self.test_simple_xml(chunk_size=5, flush=True)
@@ -1651,6 +1658,9 @@ class XMLPullParserTest(unittest.TestCas
self.assert_event_tags(parser, [('end', 'doc')])
+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
+ f'Expat {pyexpat.version_info} does not '
+ 'support reparse deferral')
def test_flush_reparse_deferral_disabled(self):
parser = ET.XMLPullParser(events=('start', 'end'))
Index: Python-3.12.3/Lib/test/test_sax.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_sax.py
+++ Python-3.12.3/Lib/test/test_sax.py
@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase):
self.assertEqual(result.getvalue(), start + b"<doc></doc>")
+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
+ f'Expat {pyexpat.version_info} does not '
+ 'support reparse deferral')
def test_flush_reparse_deferral_disabled(self):
result = BytesIO()
xmlgen = XMLGenerator(result)
Index: Python-3.12.3/Lib/test/test_pyexpat.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_pyexpat.py
+++ Python-3.12.3/Lib/test/test_pyexpat.py
@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC
self.assertEqual(started, ['doc'])
def test_reparse_deferral_disabled(self):
+ if expat.version_info < (2, 6, 0):
+ self.skipTest(f'Expat {expat.version_info} does not '
+ 'support reparse deferral')
+
started = []
def start_element(name, _):

View File

@ -0,0 +1,30 @@
Index: Python-3.12.3/Lib/test/test_compile.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_compile.py
+++ Python-3.12.3/Lib/test/test_compile.py
@@ -14,6 +14,9 @@ from test.support import (script_helper,
requires_specialization, C_RECURSION_LIMIT)
from test.support.os_helper import FakePath
+IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600"
+IS_32bit = hasattr(os, "uname") and os.uname().machine in ["i386", "i486", "i586", "i686"]
+
class TestSpecifics(unittest.TestCase):
def compile_single(self, source):
@@ -110,6 +113,7 @@ class TestSpecifics(unittest.TestCase):
self.assertEqual(d['z'], 12)
@unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI")
+ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586")
def test_extended_arg(self):
repeat = int(C_RECURSION_LIMIT * 0.9)
longexpr = 'x = x or ' + '-x' * repeat
@@ -603,6 +607,7 @@ class TestSpecifics(unittest.TestCase):
@support.cpython_only
@unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI")
+ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586")
def test_compiler_recursion_limit(self):
# Expected limit is C_RECURSION_LIMIT * 2
# Duplicating the limit here is a little ugly.

View File

@ -1,51 +0,0 @@
From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Sun, 11 Feb 2024 12:08:39 +0200
Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
(GH-115164)
Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
---
Lib/test/test_xml_etree.py | 7 +++++++
Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 ++
2 files changed, 9 insertions(+)
create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
--- a/Lib/test/test_xml_etree.py
+++ b/Lib/test/test_xml_etree.py
@@ -121,6 +121,10 @@ ATTLIST_XML = """\
</foo>
"""
+fails_with_expat_2_6_0 = (unittest.expectedFailure
+ if pyexpat.version_info >= (2, 6, 0) else
+ lambda test: test)
+
def checkwarnings(*filters, quiet=False):
def decorator(test):
def newtest(*args, **kwargs):
@@ -1424,12 +1428,15 @@ class XMLPullParserTest(unittest.TestCas
self.assert_event_tags(parser, [('end', 'root')])
self.assertIsNone(parser.close())
+ @fails_with_expat_2_6_0
def test_simple_xml_chunk_1(self):
self.test_simple_xml(chunk_size=1, flush=True)
+ @fails_with_expat_2_6_0
def test_simple_xml_chunk_5(self):
self.test_simple_xml(chunk_size=5, flush=True)
+ @fails_with_expat_2_6_0
def test_simple_xml_chunk_22(self):
self.test_simple_xml(chunk_size=22)
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
@@ -0,0 +1,2 @@
+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
+2.6.0.

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with
patched libexpat below 2.6.0 that doesn't update the version number,
just in 15.6.
- Drop libexpat260.patch, not needed anymore. This patch is merged
with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep
working on 15.6.
- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 10 14:41:07 UTC 2024 - Matej Cepl <mcepl@cepl.eu> Wed Apr 10 14:41:07 UTC 2024 - Matej Cepl <mcepl@cepl.eu>

View File

@ -160,12 +160,17 @@ Patch35: fix_configure_rst.patch
# Detect email address parsing errors and return empty tuple to # Detect email address parsing errors and return empty tuple to
# indicate the parsing error (old API) # indicate the parsing error (old API)
Patch36: CVE-2023-27043-email-parsing-errors.patch Patch36: CVE-2023-27043-email-parsing-errors.patch
# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115288
# Fix tests for XMLPullParser with Expat 2.6.0
Patch37: libexpat260.patch
# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com # PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930) # tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
Patch38: CVE-2023-6597-TempDir-cleaning-symlink.patch Patch38: CVE-2023-6597-TempDir-cleaning-symlink.patch
# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
# This problem on libexpat is patched on 15.6 without version
# update, this patch changes the tests to match the libexpat provided
# by SUSE
Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
# Skip some failing tests in test_compile for i586 arch in 15.6.
Patch40: fix-test-recursion-limit-15.6.patch
BuildRequires: autoconf-archive BuildRequires: autoconf-archive
BuildRequires: automake BuildRequires: automake
BuildRequires: fdupes BuildRequires: fdupes
@ -527,6 +532,8 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \
%endif %endif
%check %check
export SUSE_VERSION="0%{?suse_version}"
export SLE_VERSION="0%{?sle_version}"
%if %{with general} %if %{with general}
# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos # exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos
# when you install gdb into your test env # when you install gdb into your test env