forked from pool/python312
Accepting request 1168530 from home:dgarcia:branches:devel:languages:python:Factory
- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number, just in 15.6. - Drop libexpat260.patch, not needed anymore. This patch is merged with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep working on 15.6. - Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083. OBS-URL: https://build.opensuse.org/request/show/1168530 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=45
This commit is contained in:
parent
2cda1ab826
commit
781fdc451d
67
CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
Normal file
67
CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
Index: Python-3.12.3/Lib/test/test_xml_etree.py
|
||||||
|
===================================================================
|
||||||
|
--- Python-3.12.3.orig/Lib/test/test_xml_etree.py
|
||||||
|
+++ Python-3.12.3/Lib/test/test_xml_etree.py
|
||||||
|
@@ -121,6 +121,11 @@ ATTLIST_XML = """\
|
||||||
|
</foo>
|
||||||
|
"""
|
||||||
|
|
||||||
|
+IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600"
|
||||||
|
+fails_with_expat_2_6_0 = (unittest.expectedFailure
|
||||||
|
+ # 2.4 version patched in SLE
|
||||||
|
+ if IS_SLE_15_6 and pyexpat.version_info >= (2, 4, 0) else
|
||||||
|
+ lambda test: test)
|
||||||
|
def checkwarnings(*filters, quiet=False):
|
||||||
|
def decorator(test):
|
||||||
|
def newtest(*args, **kwargs):
|
||||||
|
@@ -1424,9 +1429,11 @@ class XMLPullParserTest(unittest.TestCas
|
||||||
|
self.assert_event_tags(parser, [('end', 'root')])
|
||||||
|
self.assertIsNone(parser.close())
|
||||||
|
|
||||||
|
+ @fails_with_expat_2_6_0
|
||||||
|
def test_simple_xml_chunk_1(self):
|
||||||
|
self.test_simple_xml(chunk_size=1, flush=True)
|
||||||
|
|
||||||
|
+ @fails_with_expat_2_6_0
|
||||||
|
def test_simple_xml_chunk_5(self):
|
||||||
|
self.test_simple_xml(chunk_size=5, flush=True)
|
||||||
|
|
||||||
|
@@ -1651,6 +1658,9 @@ class XMLPullParserTest(unittest.TestCas
|
||||||
|
|
||||||
|
self.assert_event_tags(parser, [('end', 'doc')])
|
||||||
|
|
||||||
|
+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
|
||||||
|
+ f'Expat {pyexpat.version_info} does not '
|
||||||
|
+ 'support reparse deferral')
|
||||||
|
def test_flush_reparse_deferral_disabled(self):
|
||||||
|
parser = ET.XMLPullParser(events=('start', 'end'))
|
||||||
|
|
||||||
|
Index: Python-3.12.3/Lib/test/test_sax.py
|
||||||
|
===================================================================
|
||||||
|
--- Python-3.12.3.orig/Lib/test/test_sax.py
|
||||||
|
+++ Python-3.12.3/Lib/test/test_sax.py
|
||||||
|
@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase):
|
||||||
|
|
||||||
|
self.assertEqual(result.getvalue(), start + b"<doc></doc>")
|
||||||
|
|
||||||
|
+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
|
||||||
|
+ f'Expat {pyexpat.version_info} does not '
|
||||||
|
+ 'support reparse deferral')
|
||||||
|
def test_flush_reparse_deferral_disabled(self):
|
||||||
|
result = BytesIO()
|
||||||
|
xmlgen = XMLGenerator(result)
|
||||||
|
Index: Python-3.12.3/Lib/test/test_pyexpat.py
|
||||||
|
===================================================================
|
||||||
|
--- Python-3.12.3.orig/Lib/test/test_pyexpat.py
|
||||||
|
+++ Python-3.12.3/Lib/test/test_pyexpat.py
|
||||||
|
@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC
|
||||||
|
self.assertEqual(started, ['doc'])
|
||||||
|
|
||||||
|
def test_reparse_deferral_disabled(self):
|
||||||
|
+ if expat.version_info < (2, 6, 0):
|
||||||
|
+ self.skipTest(f'Expat {expat.version_info} does not '
|
||||||
|
+ 'support reparse deferral')
|
||||||
|
+
|
||||||
|
started = []
|
||||||
|
|
||||||
|
def start_element(name, _):
|
30
fix-test-recursion-limit-15.6.patch
Normal file
30
fix-test-recursion-limit-15.6.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
Index: Python-3.12.3/Lib/test/test_compile.py
|
||||||
|
===================================================================
|
||||||
|
--- Python-3.12.3.orig/Lib/test/test_compile.py
|
||||||
|
+++ Python-3.12.3/Lib/test/test_compile.py
|
||||||
|
@@ -14,6 +14,9 @@ from test.support import (script_helper,
|
||||||
|
requires_specialization, C_RECURSION_LIMIT)
|
||||||
|
from test.support.os_helper import FakePath
|
||||||
|
|
||||||
|
+IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600"
|
||||||
|
+IS_32bit = hasattr(os, "uname") and os.uname().machine in ["i386", "i486", "i586", "i686"]
|
||||||
|
+
|
||||||
|
class TestSpecifics(unittest.TestCase):
|
||||||
|
|
||||||
|
def compile_single(self, source):
|
||||||
|
@@ -110,6 +113,7 @@ class TestSpecifics(unittest.TestCase):
|
||||||
|
self.assertEqual(d['z'], 12)
|
||||||
|
|
||||||
|
@unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI")
|
||||||
|
+ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586")
|
||||||
|
def test_extended_arg(self):
|
||||||
|
repeat = int(C_RECURSION_LIMIT * 0.9)
|
||||||
|
longexpr = 'x = x or ' + '-x' * repeat
|
||||||
|
@@ -603,6 +607,7 @@ class TestSpecifics(unittest.TestCase):
|
||||||
|
|
||||||
|
@support.cpython_only
|
||||||
|
@unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI")
|
||||||
|
+ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586")
|
||||||
|
def test_compiler_recursion_limit(self):
|
||||||
|
# Expected limit is C_RECURSION_LIMIT * 2
|
||||||
|
# Duplicating the limit here is a little ugly.
|
@ -1,51 +0,0 @@
|
|||||||
From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Serhiy Storchaka <storchaka@gmail.com>
|
|
||||||
Date: Sun, 11 Feb 2024 12:08:39 +0200
|
|
||||||
Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
|
|
||||||
(GH-115164)
|
|
||||||
|
|
||||||
Feeding the parser by too small chunks defers parsing to prevent
|
|
||||||
CVE-2023-52425. Future versions of Expat may be more reactive.
|
|
||||||
(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
|
|
||||||
|
|
||||||
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
|
||||||
---
|
|
||||||
Lib/test/test_xml_etree.py | 7 +++++++
|
|
||||||
Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 ++
|
|
||||||
2 files changed, 9 insertions(+)
|
|
||||||
create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
|
|
||||||
|
|
||||||
--- a/Lib/test/test_xml_etree.py
|
|
||||||
+++ b/Lib/test/test_xml_etree.py
|
|
||||||
@@ -121,6 +121,10 @@ ATTLIST_XML = """\
|
|
||||||
</foo>
|
|
||||||
"""
|
|
||||||
|
|
||||||
+fails_with_expat_2_6_0 = (unittest.expectedFailure
|
|
||||||
+ if pyexpat.version_info >= (2, 6, 0) else
|
|
||||||
+ lambda test: test)
|
|
||||||
+
|
|
||||||
def checkwarnings(*filters, quiet=False):
|
|
||||||
def decorator(test):
|
|
||||||
def newtest(*args, **kwargs):
|
|
||||||
@@ -1424,12 +1428,15 @@ class XMLPullParserTest(unittest.TestCas
|
|
||||||
self.assert_event_tags(parser, [('end', 'root')])
|
|
||||||
self.assertIsNone(parser.close())
|
|
||||||
|
|
||||||
+ @fails_with_expat_2_6_0
|
|
||||||
def test_simple_xml_chunk_1(self):
|
|
||||||
self.test_simple_xml(chunk_size=1, flush=True)
|
|
||||||
|
|
||||||
+ @fails_with_expat_2_6_0
|
|
||||||
def test_simple_xml_chunk_5(self):
|
|
||||||
self.test_simple_xml(chunk_size=5, flush=True)
|
|
||||||
|
|
||||||
+ @fails_with_expat_2_6_0
|
|
||||||
def test_simple_xml_chunk_22(self):
|
|
||||||
self.test_simple_xml(chunk_size=22)
|
|
||||||
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
|
|
||||||
@@ -0,0 +1,2 @@
|
|
||||||
+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
|
|
||||||
+2.6.0.
|
|
@ -1,3 +1,14 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||||
|
|
||||||
|
- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with
|
||||||
|
patched libexpat below 2.6.0 that doesn't update the version number,
|
||||||
|
just in 15.6.
|
||||||
|
- Drop libexpat260.patch, not needed anymore. This patch is merged
|
||||||
|
with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep
|
||||||
|
working on 15.6.
|
||||||
|
- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 10 14:41:07 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
Wed Apr 10 14:41:07 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||||
|
|
||||||
|
@ -160,12 +160,17 @@ Patch35: fix_configure_rst.patch
|
|||||||
# Detect email address parsing errors and return empty tuple to
|
# Detect email address parsing errors and return empty tuple to
|
||||||
# indicate the parsing error (old API)
|
# indicate the parsing error (old API)
|
||||||
Patch36: CVE-2023-27043-email-parsing-errors.patch
|
Patch36: CVE-2023-27043-email-parsing-errors.patch
|
||||||
# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115288
|
|
||||||
# Fix tests for XMLPullParser with Expat 2.6.0
|
|
||||||
Patch37: libexpat260.patch
|
|
||||||
# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
|
# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
|
||||||
# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
|
# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
|
||||||
Patch38: CVE-2023-6597-TempDir-cleaning-symlink.patch
|
Patch38: CVE-2023-6597-TempDir-cleaning-symlink.patch
|
||||||
|
# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
|
||||||
|
# This problem on libexpat is patched on 15.6 without version
|
||||||
|
# update, this patch changes the tests to match the libexpat provided
|
||||||
|
# by SUSE
|
||||||
|
Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
|
||||||
|
# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
|
||||||
|
# Skip some failing tests in test_compile for i586 arch in 15.6.
|
||||||
|
Patch40: fix-test-recursion-limit-15.6.patch
|
||||||
BuildRequires: autoconf-archive
|
BuildRequires: autoconf-archive
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
@ -527,6 +532,8 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%check
|
%check
|
||||||
|
export SUSE_VERSION="0%{?suse_version}"
|
||||||
|
export SLE_VERSION="0%{?sle_version}"
|
||||||
%if %{with general}
|
%if %{with general}
|
||||||
# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos
|
# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos
|
||||||
# when you install gdb into your test env
|
# when you install gdb into your test env
|
||||||
|
Loading…
Reference in New Issue
Block a user