From e455bcb51a466ea7bdbc063f4d69c61a5ad978791ed72d7aa5d41889ab5a3865 Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Thu, 15 Feb 2024 14:36:44 +0000
Subject: [PATCH] Accepting request 1146815 from
 home:dgarcia:branches:devel:languages:python:Factory

- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
  with Expat 2.6.0, gh#python/cpython#115289

OBS-URL: https://build.opensuse.org/request/show/1146815
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=141
---
 libexpat260.patch | 107 ++++++++++++++++++++++++++++++++++++++++++++++
 python38.changes  |   6 +++
 python38.spec     |  50 ++++++++++++----------
 3 files changed, 140 insertions(+), 23 deletions(-)
 create mode 100644 libexpat260.patch

diff --git a/libexpat260.patch b/libexpat260.patch
new file mode 100644
index 0000000..0153868
--- /dev/null
+++ b/libexpat260.patch
@@ -0,0 +1,107 @@
+From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
+From: Serhiy Storchaka <storchaka@gmail.com>
+Date: Sun, 11 Feb 2024 12:08:39 +0200
+Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
+ (GH-115164)
+
+Feeding the parser by too small chunks defers parsing to prevent
+CVE-2023-52425. Future versions of Expat may be more reactive.
+(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
+
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+---
+ Lib/test/test_xml_etree.py                    | 58 ++++++++++++-------
+ ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst |  2 +
+ 2 files changed, 38 insertions(+), 22 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
+
+Index: Python-3.8.18/Lib/test/test_xml_etree.py
+===================================================================
+--- Python-3.8.18.orig/Lib/test/test_xml_etree.py
++++ Python-3.8.18/Lib/test/test_xml_etree.py
+@@ -14,6 +14,7 @@ import locale
+ import operator
+ import os
+ import pickle
++import pyexpat
+ import sys
+ import textwrap
+ import types
+@@ -103,6 +104,10 @@ EXTERNAL_ENTITY_XML = """\
+ <document>&entity;</document>
+ """
+ 
++fails_with_expat_2_6_0 = (unittest.expectedFailure
++                        if pyexpat.version_info >= (2, 6, 0) else
++                        lambda test: test)
++
+ def checkwarnings(*filters, quiet=False):
+     def decorator(test):
+         def newtest(*args, **kwargs):
+@@ -1266,28 +1271,37 @@ class XMLPullParserTest(unittest.TestCas
+         self.assertEqual([(action, elem.tag) for action, elem in events],
+                          expected)
+ 
+-    def test_simple_xml(self):
+-        for chunk_size in (None, 1, 5):
+-            with self.subTest(chunk_size=chunk_size):
+-                parser = ET.XMLPullParser()
+-                self.assert_event_tags(parser, [])
+-                self._feed(parser, "<!-- comment -->\n", chunk_size)
+-                self.assert_event_tags(parser, [])
+-                self._feed(parser,
+-                           "<root>\n  <element key='value'>text</element",
+-                           chunk_size)
+-                self.assert_event_tags(parser, [])
+-                self._feed(parser, ">\n", chunk_size)
+-                self.assert_event_tags(parser, [('end', 'element')])
+-                self._feed(parser, "<element>text</element>tail\n", chunk_size)
+-                self._feed(parser, "<empty-element/>\n", chunk_size)
+-                self.assert_event_tags(parser, [
+-                    ('end', 'element'),
+-                    ('end', 'empty-element'),
+-                    ])
+-                self._feed(parser, "</root>\n", chunk_size)
+-                self.assert_event_tags(parser, [('end', 'root')])
+-                self.assertIsNone(parser.close())
++    def test_simple_xml(self, chunk_size=None):
++        parser = ET.XMLPullParser()
++        self.assert_event_tags(parser, [])
++        self._feed(parser, "<!-- comment -->\n", chunk_size)
++        self.assert_event_tags(parser, [])
++        self._feed(parser,
++                   "<root>\n  <element key='value'>text</element",
++                   chunk_size)
++        self.assert_event_tags(parser, [])
++        self._feed(parser, ">\n", chunk_size)
++        self.assert_event_tags(parser, [('end', 'element')])
++        self._feed(parser, "<element>text</element>tail\n", chunk_size)
++        self._feed(parser, "<empty-element/>\n", chunk_size)
++        self.assert_event_tags(parser, [
++            ('end', 'element'),
++            ('end', 'empty-element'),
++            ])
++        self._feed(parser, "</root>\n", chunk_size)
++        self.assert_event_tags(parser, [('end', 'root')])
++        self.assertIsNone(parser.close())
++
++    @fails_with_expat_2_6_0
++    def test_simple_xml_chunk_1(self):
++        self.test_simple_xml(chunk_size=1)
++
++    @fails_with_expat_2_6_0
++    def test_simple_xml_chunk_5(self):
++        self.test_simple_xml(chunk_size=5)
++
++    def test_simple_xml_chunk_22(self):
++        self.test_simple_xml(chunk_size=22)
+ 
+     def test_feed_while_iterating(self):
+         parser = ET.XMLPullParser()
+Index: Python-3.8.18/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
+===================================================================
+--- /dev/null
++++ Python-3.8.18/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
+@@ -0,0 +1,2 @@
++Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
++2.6.0.
diff --git a/python38.changes b/python38.changes
index 206f89f..3442052 100644
--- a/python38.changes
+++ b/python38.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115289
+
 -------------------------------------------------------------------
 Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl <mcepl@cepl.eu>
 
diff --git a/python38.spec b/python38.spec
index 38a4b00..b7c6928 100644
--- a/python38.spec
+++ b/python38.spec
@@ -183,6 +183,9 @@ Patch41:        99366-patch.dict-can-decorate-async.patch
 # Detect email address parsing errors and return empty tuple to
 # indicate the parsing error (old API), from gh#python/cpython!105127
 Patch42:        CVE-2023-27043-email-parsing-errors.patch
+# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289
+# Fix tests for XMLPullParser with Expat 2.6.0
+Patch43:        libexpat260.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -426,37 +429,38 @@ other applications.
 %prep
 %setup -q -n %{tarname}
 %if "%{_lib}" == "lib64"
-%patch01 -p1
+%patch -P 01 -p1
 %endif
-%patch02 -p1
+%patch -P 02 -p1
 %if "%{_lib}" == "lib64"
-%patch03 -p1
+%patch -P 03 -p1
 %endif
 %if %{with mpdecimal}
-%patch05 -p1
+%patch -P 05 -p1
 %endif
 
-%patch06 -p1
-%patch07 -p1
-%patch08 -p1
-%patch09 -p1
-%patch15 -p1
+%patch -P 06 -p1
+%patch -P 07 -p1
+%patch -P 08 -p1
+%patch -P 09 -p1
+%patch -P 15 -p1
 %ifarch ppc ppc64 ppc64le
-%patch23 -p1
+%patch -P 23 -p1
 %endif
-%patch24 -p1
-%patch25 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
-%patch32 -p1
-%patch33 -p1
-%patch34 -p1
-%patch36 -p1
-%patch37 -p1
-%patch38 -p1
-%patch41 -p1
-%patch42 -p1
+%patch -P 24 -p1
+%patch -P 25 -p1
+%patch -P 27 -p1
+%patch -P 28 -p1
+%patch -P 29 -p1
+%patch -P 32 -p1
+%patch -P 33 -p1
+%patch -P 34 -p1
+%patch -P 36 -p1
+%patch -P 37 -p1
+%patch -P 38 -p1
+%patch -P 41 -p1
+%patch -P 42 -p1
+%patch -P 43 -p1
 
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac