import python3.9-3.9.10-3.el9_0
This commit is contained in:
parent
3b70406d7d
commit
1310944532
101
SOURCES/00378-support-expat-2-4-5.patch
Normal file
101
SOURCES/00378-support-expat-2-4-5.patch
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
From 3950e203a4c625b7bc53e67e96d5d5239758f4fa Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Miss Islington (bot)"
|
||||||
|
<31488909+miss-islington@users.noreply.github.com>
|
||||||
|
Date: Mon, 21 Feb 2022 08:16:23 -0800
|
||||||
|
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
|
||||||
|
(GH-31469)
|
||||||
|
|
||||||
|
Curly brackets were never allowed in namespace URIs
|
||||||
|
according to RFC 3986, and so-called namespace-validating
|
||||||
|
XML parsers have the right to reject them a invalid URIs.
|
||||||
|
|
||||||
|
libexpat >=2.4.5 has become strcter in that regard due to
|
||||||
|
related security issues; with ET.XML instantiating a
|
||||||
|
namespace-aware parser under the hood, this test has no
|
||||||
|
future in CPython.
|
||||||
|
|
||||||
|
References:
|
||||||
|
- https://datatracker.ietf.org/doc/html/rfc3968
|
||||||
|
- https://www.w3.org/TR/xml-names/
|
||||||
|
|
||||||
|
Also, test_minidom.py: Support Expat >=2.4.5
|
||||||
|
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
|
||||||
|
|
||||||
|
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
|
||||||
|
|
||||||
|
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
|
||||||
|
---
|
||||||
|
Lib/test/test_minidom.py | 12 +++++++++---
|
||||||
|
Lib/test/test_xml_etree.py | 6 ------
|
||||||
|
.../Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 +
|
||||||
|
3 files changed, 10 insertions(+), 9 deletions(-)
|
||||||
|
create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
|
||||||
|
|
||||||
|
diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
|
||||||
|
index 1663b1f..5f52ed1 100644
|
||||||
|
--- a/Lib/test/test_minidom.py
|
||||||
|
+++ b/Lib/test/test_minidom.py
|
||||||
|
@@ -6,10 +6,12 @@ import io
|
||||||
|
from test import support
|
||||||
|
import unittest
|
||||||
|
|
||||||
|
+import pyexpat
|
||||||
|
import xml.dom.minidom
|
||||||
|
|
||||||
|
from xml.dom.minidom import parse, Node, Document, parseString
|
||||||
|
from xml.dom.minidom import getDOMImplementation
|
||||||
|
+from xml.parsers.expat import ExpatError
|
||||||
|
|
||||||
|
|
||||||
|
tstfile = support.findfile("test.xml", subdir="xmltestdata")
|
||||||
|
@@ -1147,8 +1149,10 @@ class MinidomTest(unittest.TestCase):
|
||||||
|
|
||||||
|
# Verify that character decoding errors raise exceptions instead
|
||||||
|
# of crashing
|
||||||
|
- self.assertRaises(UnicodeDecodeError, parseString,
|
||||||
|
- b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
|
||||||
|
+ self.assertRaises(ExpatError, parseString,
|
||||||
|
+ b'<fran\xe7ais></fran\xe7ais>')
|
||||||
|
+ self.assertRaises(ExpatError, parseString,
|
||||||
|
+ b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
|
||||||
|
|
||||||
|
doc.unlink()
|
||||||
|
|
||||||
|
@@ -1609,7 +1613,9 @@ class MinidomTest(unittest.TestCase):
|
||||||
|
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
|
||||||
|
|
||||||
|
def testExceptionOnSpacesInXMLNSValue(self):
|
||||||
|
- with self.assertRaisesRegex(ValueError, 'Unsupported syntax'):
|
||||||
|
+ context = self.assertRaisesRegex(ExpatError, 'syntax error')
|
||||||
|
+
|
||||||
|
+ with context:
|
||||||
|
parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>')
|
||||||
|
|
||||||
|
def testDocRemoveChild(self):
|
||||||
|
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
|
||||||
|
index 23c4cd5..142ce2c 100644
|
||||||
|
--- a/Lib/test/test_xml_etree.py
|
||||||
|
+++ b/Lib/test/test_xml_etree.py
|
||||||
|
@@ -2159,12 +2159,6 @@ class BugsTest(unittest.TestCase):
|
||||||
|
b"<?xml version='1.0' encoding='ascii'?>\n"
|
||||||
|
b'<body>tãg</body>')
|
||||||
|
|
||||||
|
- def test_issue3151(self):
|
||||||
|
- e = ET.XML('<prefix:localname xmlns:prefix="${stuff}"/>')
|
||||||
|
- self.assertEqual(e.tag, '{${stuff}}localname')
|
||||||
|
- t = ET.ElementTree(e)
|
||||||
|
- self.assertEqual(ET.tostring(e), b'<ns0:localname xmlns:ns0="${stuff}" />')
|
||||||
|
-
|
||||||
|
def test_issue6565(self):
|
||||||
|
elem = ET.XML("<body><tag/></body>")
|
||||||
|
self.assertEqual(summarize_list(elem), ['tag'])
|
||||||
|
diff --git a/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..6969bd1
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+Make test suite support Expat >=2.4.5
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
1499
SOURCES/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch
Normal file
1499
SOURCES/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -17,7 +17,7 @@ URL: https://www.python.org/
|
|||||||
#global prerel ...
|
#global prerel ...
|
||||||
%global upstream_version %{general_version}%{?prerel}
|
%global upstream_version %{general_version}%{?prerel}
|
||||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: Python
|
License: Python
|
||||||
|
|
||||||
|
|
||||||
@ -399,6 +399,52 @@ Patch329: 00329-fips.patch
|
|||||||
# a nightmare because it's basically a binary file.
|
# a nightmare because it's basically a binary file.
|
||||||
Patch353: 00353-architecture-names-upstream-downstream.patch
|
Patch353: 00353-architecture-names-upstream-downstream.patch
|
||||||
|
|
||||||
|
# 00378 #
|
||||||
|
# Support expat 2.4.5
|
||||||
|
#
|
||||||
|
# Curly brackets were never allowed in namespace URIs
|
||||||
|
# according to RFC 3986, and so-called namespace-validating
|
||||||
|
# XML parsers have the right to reject them a invalid URIs.
|
||||||
|
#
|
||||||
|
# libexpat >=2.4.5 has become strcter in that regard due to
|
||||||
|
# related security issues; with ET.XML instantiating a
|
||||||
|
# namespace-aware parser under the hood, this test has no
|
||||||
|
# future in CPython.
|
||||||
|
#
|
||||||
|
# References:
|
||||||
|
# - https://datatracker.ietf.org/doc/html/rfc3968
|
||||||
|
# - https://www.w3.org/TR/xml-names/
|
||||||
|
#
|
||||||
|
# Also, test_minidom.py: Support Expat >=2.4.5
|
||||||
|
#
|
||||||
|
# The patch has diverged from upstream as the python test
|
||||||
|
# suite was relying on checking the expat version, whereas
|
||||||
|
# in RHEL fixes get backported instead of rebasing packages.
|
||||||
|
#
|
||||||
|
# Upstream: https://bugs.python.org/issue46811
|
||||||
|
Patch378: 00378-support-expat-2-4-5.patch
|
||||||
|
|
||||||
|
# 00387 # 87d28f3f0f0c9165c67b2a156134c614c6f6dcf5
|
||||||
|
# CVE-2020-10735: Prevent DoS by very large int()
|
||||||
|
#
|
||||||
|
# gh-95778: CVE-2020-10735: Prevent DoS by very large int() (GH-96504)
|
||||||
|
#
|
||||||
|
# Converting between `int` and `str` in bases other than 2
|
||||||
|
# (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now
|
||||||
|
# raises a `ValueError` if the number of digits in string form is above a
|
||||||
|
# limit to avoid potential denial of service attacks due to the algorithmic
|
||||||
|
# complexity. This is a mitigation for CVE-2020-10735
|
||||||
|
# (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735).
|
||||||
|
#
|
||||||
|
# This new limit can be configured or disabled by environment variable, command
|
||||||
|
# line flag, or :mod:`sys` APIs. See the `Integer String Conversion Length
|
||||||
|
# Limitation` documentation. The default limit is 4300
|
||||||
|
# digits in string form.
|
||||||
|
#
|
||||||
|
# Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback
|
||||||
|
# from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
|
||||||
|
Patch387: 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch
|
||||||
|
|
||||||
# (New patches go here ^^^)
|
# (New patches go here ^^^)
|
||||||
#
|
#
|
||||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||||
@ -1800,6 +1846,11 @@ CheckPython optimized
|
|||||||
# ======================================================
|
# ======================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Sep 23 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.10-3
|
||||||
|
- Security fix for CVE-2020-10735
|
||||||
|
- Fix the test suite support for Expat >= 2.4.5
|
||||||
|
Resolves: rhbz#1834423
|
||||||
|
|
||||||
* Wed Feb 09 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.10-2
|
* Wed Feb 09 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.10-2
|
||||||
- Fix undefined behavior in Modules/_hashopenssl.c
|
- Fix undefined behavior in Modules/_hashopenssl.c
|
||||||
Resolves: rhbz#1942527
|
Resolves: rhbz#1942527
|
||||||
|
Loading…
Reference in New Issue
Block a user