import python3.9-3.9.10-3.el9_0

This commit is contained in:
CentOS Sources 2022-11-02 10:04:44 -04:00 committed by Stepan Oksanichenko
parent 3b70406d7d
commit 1310944532
3 changed files with 1652 additions and 1 deletions

View File

@ -0,0 +1,101 @@
From 3950e203a4c625b7bc53e67e96d5d5239758f4fa Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com>
Date: Mon, 21 Feb 2022 08:16:23 -0800
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
(GH-31469)
Curly brackets were never allowed in namespace URIs
according to RFC 3986, and so-called namespace-validating
XML parsers have the right to reject them a invalid URIs.
libexpat >=2.4.5 has become strcter in that regard due to
related security issues; with ET.XML instantiating a
namespace-aware parser under the hood, this test has no
future in CPython.
References:
- https://datatracker.ietf.org/doc/html/rfc3968
- https://www.w3.org/TR/xml-names/
Also, test_minidom.py: Support Expat >=2.4.5
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
---
Lib/test/test_minidom.py | 12 +++++++++---
Lib/test/test_xml_etree.py | 6 ------
.../Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 +
3 files changed, 10 insertions(+), 9 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
index 1663b1f..5f52ed1 100644
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -6,10 +6,12 @@ import io
from test import support
import unittest
+import pyexpat
import xml.dom.minidom
from xml.dom.minidom import parse, Node, Document, parseString
from xml.dom.minidom import getDOMImplementation
+from xml.parsers.expat import ExpatError
tstfile = support.findfile("test.xml", subdir="xmltestdata")
@@ -1147,8 +1149,10 @@ class MinidomTest(unittest.TestCase):
# Verify that character decoding errors raise exceptions instead
# of crashing
- self.assertRaises(UnicodeDecodeError, parseString,
- b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
+ self.assertRaises(ExpatError, parseString,
+ b'<fran\xe7ais></fran\xe7ais>')
+ self.assertRaises(ExpatError, parseString,
+ b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
doc.unlink()
@@ -1609,7 +1613,9 @@ class MinidomTest(unittest.TestCase):
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
def testExceptionOnSpacesInXMLNSValue(self):
- with self.assertRaisesRegex(ValueError, 'Unsupported syntax'):
+ context = self.assertRaisesRegex(ExpatError, 'syntax error')
+
+ with context:
parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>')
def testDocRemoveChild(self):
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
index 23c4cd5..142ce2c 100644
--- a/Lib/test/test_xml_etree.py
+++ b/Lib/test/test_xml_etree.py
@@ -2159,12 +2159,6 @@ class BugsTest(unittest.TestCase):
b"<?xml version='1.0' encoding='ascii'?>\n"
b'<body>t&#227;g</body>')
- def test_issue3151(self):
- e = ET.XML('<prefix:localname xmlns:prefix="${stuff}"/>')
- self.assertEqual(e.tag, '{${stuff}}localname')
- t = ET.ElementTree(e)
- self.assertEqual(ET.tostring(e), b'<ns0:localname xmlns:ns0="${stuff}" />')
-
def test_issue6565(self):
elem = ET.XML("<body><tag/></body>")
self.assertEqual(summarize_list(elem), ['tag'])
diff --git a/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
new file mode 100644
index 0000000..6969bd1
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
@@ -0,0 +1 @@
+Make test suite support Expat >=2.4.5
--
2.37.3

File diff suppressed because it is too large Load Diff

View File

@ -17,7 +17,7 @@ URL: https://www.python.org/
#global prerel ... #global prerel ...
%global upstream_version %{general_version}%{?prerel} %global upstream_version %{general_version}%{?prerel}
Version: %{general_version}%{?prerel:~%{prerel}} Version: %{general_version}%{?prerel:~%{prerel}}
Release: 2%{?dist} Release: 3%{?dist}
License: Python License: Python
@ -399,6 +399,52 @@ Patch329: 00329-fips.patch
# a nightmare because it's basically a binary file. # a nightmare because it's basically a binary file.
Patch353: 00353-architecture-names-upstream-downstream.patch Patch353: 00353-architecture-names-upstream-downstream.patch
# 00378 #
# Support expat 2.4.5
#
# Curly brackets were never allowed in namespace URIs
# according to RFC 3986, and so-called namespace-validating
# XML parsers have the right to reject them a invalid URIs.
#
# libexpat >=2.4.5 has become strcter in that regard due to
# related security issues; with ET.XML instantiating a
# namespace-aware parser under the hood, this test has no
# future in CPython.
#
# References:
# - https://datatracker.ietf.org/doc/html/rfc3968
# - https://www.w3.org/TR/xml-names/
#
# Also, test_minidom.py: Support Expat >=2.4.5
#
# The patch has diverged from upstream as the python test
# suite was relying on checking the expat version, whereas
# in RHEL fixes get backported instead of rebasing packages.
#
# Upstream: https://bugs.python.org/issue46811
Patch378: 00378-support-expat-2-4-5.patch
# 00387 # 87d28f3f0f0c9165c67b2a156134c614c6f6dcf5
# CVE-2020-10735: Prevent DoS by very large int()
#
# gh-95778: CVE-2020-10735: Prevent DoS by very large int() (GH-96504)
#
# Converting between `int` and `str` in bases other than 2
# (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now
# raises a `ValueError` if the number of digits in string form is above a
# limit to avoid potential denial of service attacks due to the algorithmic
# complexity. This is a mitigation for CVE-2020-10735
# (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735).
#
# This new limit can be configured or disabled by environment variable, command
# line flag, or :mod:`sys` APIs. See the `Integer String Conversion Length
# Limitation` documentation. The default limit is 4300
# digits in string form.
#
# Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback
# from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
Patch387: 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch
# (New patches go here ^^^) # (New patches go here ^^^)
# #
# When adding new patches to "python" and "python3" in Fedora, EL, etc., # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1800,6 +1846,11 @@ CheckPython optimized
# ====================================================== # ======================================================
%changelog %changelog
* Fri Sep 23 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.10-3
- Security fix for CVE-2020-10735
- Fix the test suite support for Expat >= 2.4.5
Resolves: rhbz#1834423
* Wed Feb 09 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.10-2 * Wed Feb 09 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.10-2
- Fix undefined behavior in Modules/_hashopenssl.c - Fix undefined behavior in Modules/_hashopenssl.c
Resolves: rhbz#1942527 Resolves: rhbz#1942527