diff --git a/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch b/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch new file mode 100644 index 0000000..59637d8 --- /dev/null +++ b/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch @@ -0,0 +1,63 @@ +From 60d40d7095983e0bc23a103b2050adc519dc7fe3 Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Fri, 3 May 2024 14:17:48 +0200 +Subject: [PATCH] Expect failures in tests not working properly with expat with + a fixed CVE in RHEL + +--- + Lib/test/test_pyexpat.py | 1 + + Lib/test/test_sax.py | 1 + + Lib/test/test_xml_etree.py | 3 +++ + 3 files changed, 5 insertions(+) + +diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py +index 43cbd27..27b1502 100644 +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -793,6 +793,7 @@ class ReparseDeferralTest(unittest.TestCase): + + self.assertEqual(started, ['doc']) + ++ @unittest.expectedFailure + def test_reparse_deferral_disabled(self): + started = [] + +diff --git a/Lib/test/test_sax.py b/Lib/test/test_sax.py +index 9b3014a..646c92d 100644 +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1240,6 +1240,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.expectedFailure + def test_flush_reparse_deferral_disabled(self): + result = BytesIO() + xmlgen = XMLGenerator(result) +diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py +index 9c382d1..62f2871 100644 +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1424,9 +1424,11 @@ class XMLPullParserTest(unittest.TestCase): + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + ++ @unittest.expectedFailure + def test_simple_xml_chunk_1(self): + self.test_simple_xml(chunk_size=1, flush=True) + ++ @unittest.expectedFailure + def test_simple_xml_chunk_5(self): + self.test_simple_xml(chunk_size=5, flush=True) + +@@ -1651,6 +1653,7 @@ class XMLPullParserTest(unittest.TestCase): + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.expectedFailure + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +-- +2.44.0 + diff --git a/python3.9.spec b/python3.9.spec index c98ba5f..5c475df 100644 --- a/python3.9.spec +++ b/python3.9.spec @@ -13,11 +13,11 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.18 +%global general_version %{pybasever}.19 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 3%{?dist} +Release: 1%{?dist} License: Python @@ -429,6 +429,13 @@ Patch414: 00414-skip_test_zlib_s390x.patch # config file or environment variable. Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +# 00422 # a353cebef737c41420dc7ae2469dd657371b8881 +# Fix tests for XMLPullParser with Expat 2.6.0 +# +# Feeding the parser by too small chunks defers parsing to prevent +# CVE-2023-52425. Future versions of Expat may be more reactive. +Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1830,6 +1837,12 @@ CheckPython optimized # ====================================================== %changelog +* Mon Apr 22 2024 Charalampos Stratakis - 3.9.19-1 +- Update to 3.9.19 +- Security fixes for CVE-2023-6597 and CVE-2024-0450 +- Fix tests for XMLPullParser with Expat with fixed CVE +Resolves: RHEL-33679, RHEL-33691 + * Wed Jan 24 2024 Lumír Balhar - 3.9.18-3 - Fix tests on s390x with hw acceleration Resolves: RHEL-13043 diff --git a/sources b/sources index 19cb08f..be10285 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (Python-3.9.18.tar.xz) = aab155aca757d298394eddb91ff9a8f239665bd46feb495c6b6f735bbcb7489c05c858cc4cd08f1575c24f293b33492d763e9a140d92f0b2b0cc81a165a677c7 -SHA512 (Python-3.9.18.tar.xz.asc) = dff9a86df2b0774b68e7c762bacf05e2482dbb218301acfdc9128fc600bbc51c97a3a44f6b7cee87bd4e153bcb4a0af3c98109560d0c7861b7508edc9ae05ea1 +SHA512 (Python-3.9.19.tar.xz) = 5577830c734e63a70bbc62cd33d263b9aa87c4381b49cb694c3559067c4c682a55506b65ec5514a8e0a5abf6294dc728e909385d449ae1c388e62f83cea9bb89 +SHA512 (Python-3.9.19.tar.xz.asc) = f7f4946243dfc56de2c84f50276b088d347f17054f50e3331d1e312e2a8e2c6ed1b4b4a807202b51137fd2af3fc9218cafa42ed348a954ace896d9a432e2defd