From a5f079d05a2d37e70c702cde0e5ebfb79878de62 Mon Sep 17 00:00:00 2001 From: wangshuo Date: Thu, 23 May 2024 16:04:21 +0800 Subject: [PATCH] Fix tests for XMLPullParser with Expat 2.6.0 --- ...ix-tests-for-XMLPullParser-with-Expa.patch | 118 ++++++++++++++++++ python3.spec | 10 +- 2 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 backport-3.11-gh-115133-Fix-tests-for-XMLPullParser-with-Expa.patch diff --git a/backport-3.11-gh-115133-Fix-tests-for-XMLPullParser-with-Expa.patch b/backport-3.11-gh-115133-Fix-tests-for-XMLPullParser-with-Expa.patch new file mode 100644 index 0000000..2f1b8a1 --- /dev/null +++ b/backport-3.11-gh-115133-Fix-tests-for-XMLPullParser-with-Expa.patch @@ -0,0 +1,118 @@ +From 011dd5275954e5e79c2a3091b7486a74a6583b5a Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Thu, 23 May 2024 15:20:00 +0800 +Subject: [PATCH] [3.11] gh-115133: Fix tests for XMLPullParser with Expat + 2.6.0 (GH-115164) (GH-115289) + +Feeding the parser by too small chunks defers parsing to prevent +CVE-2023-52425. Future versions of Expat may be more reactive. +(cherry picked from commit 4a08e7b) + +Co-authored-by: Serhiy Storchaka + +See also: +https://github.com/python/cpython/issues/115133 +https://github.com/python/cpython/commit/3501eca89e27873f6037abcb39e5031dfbce7077 +--- + Lib/test/test_xml_etree.py | 57 +++++++++++++++++++++++--------------- + Misc/NEWS | 2 ++ + 2 files changed, 37 insertions(+), 22 deletions(-) + +diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py +index c095dd0..98451f0 100644 +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,6 +13,7 @@ import itertools + import operator + import os + import pickle ++import pyexpat + import sys + import textwrap + import types +@@ -120,6 +121,9 @@ ATTLIST_XML = """\ + + """ + ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if pyexpat.version_info >= (2, 6, 0) else ++ lambda test: test) + def checkwarnings(*filters, quiet=False): + def decorator(test): + def newtest(*args, **kwargs): +@@ -1398,28 +1402,37 @@ class XMLPullParserTest(unittest.TestCase): + self.assertEqual([(action, elem.tag) for action, elem in events], + expected) + +- def test_simple_xml(self): +- for chunk_size in (None, 1, 5): +- with self.subTest(chunk_size=chunk_size): +- parser = ET.XMLPullParser() +- self.assert_event_tags(parser, []) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, []) +- self._feed(parser, +- "\n text\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'element')]) +- self._feed(parser, "texttail\n", chunk_size) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [ +- ('end', 'element'), +- ('end', 'empty-element'), +- ]) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'root')]) +- self.assertIsNone(parser.close()) ++ def test_simple_xml(self, chunk_size=None): ++ parser = ET.XMLPullParser() ++ self.assert_event_tags(parser, []) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, []) ++ self._feed(parser, ++ "\n text\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'element')]) ++ self._feed(parser, "texttail\n", chunk_size) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [ ++ ('end', 'element'), ++ ('end', 'empty-element'), ++ ]) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'root')]) ++ self.assertIsNone(parser.close()) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_1(self): ++ self.test_simple_xml(chunk_size=1) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_5(self): ++ self.test_simple_xml(chunk_size=5) ++ ++ def test_simple_xml_chunk_22(self): ++ self.test_simple_xml(chunk_size=22) + + def test_feed_while_iterating(self): + parser = ET.XMLPullParser() +diff --git a/Misc/NEWS b/Misc/NEWS +index b6c14bf..d869592 100644 +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -2,6 +2,8 @@ + Python News + +++++++++++ + ++- gh-issue-115133: Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat 2.6.0. ++ + What's New in Python 3.11.6 final? + ================================== + +-- +2.43.0 + diff --git a/python3.spec b/python3.spec index 02c5fad..b1a0ec0 100644 --- a/python3.spec +++ b/python3.spec @@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language URL: https://www.python.org/ Version: 3.11.6 -Release: 2 +Release: 3 License: Python-2.0 %global branchversion 3.11 @@ -90,6 +90,7 @@ Patch251: 00251-change-user-install-location.patch Patch9000: add-the-sm3-method-for-obtaining-the-salt-value.patch Patch9001: 0001-add-loongarch64-support-for-python.patch +Patch9002: backport-3.11-gh-115133-Fix-tests-for-XMLPullParser-with-Expa.patch Provides: python%{branchversion} = %{version}-%{release} Provides: python(abi) = %{branchversion} @@ -187,6 +188,7 @@ rm configure pyconfig.h.in %patch9000 -p1 %patch9001 -p1 +%patch9002 -p1 %build autoconf @@ -848,6 +850,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP" %{_mandir}/*/* %changelog +* Thu May 23 2024 wangshuo - 3.11.6-3 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Fix tests for XMLPullParser with Expat 2.6.0 + * Mon Feb 26 2024 Wenlong Zhang - 3.11.6-2 - Type:bugfix - CVE:NA -- Gitee