Update python311 to version 3.11.8 / rev 29 via SR 1146838

mcepl · bmwiedemann · commit 56d47cc64173 · 2024-02-18T19:28:56.000Z
https://build.opensuse.org/request/show/1146838 by user mcepl + anag+factory Forwarded request #1146787 from dgarcia - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115289
diff --git a/packages/p/python311/.files b/packages/p/python311/.files
diff --git a/packages/p/python311/.rev b/packages/p/python311/.rev
@@ -1210,4 +1210,15 @@ C API
     <comment></comment>
     <requestid>1145179</requestid>
   </revision>
+  <revision rev="29" vrev="2">
+    <srcmd5>0f79b579e281a83df88a376893377637</srcmd5>
+    <version>3.11.8</version>
+    <time>1708284172</time>
+    <user>anag+factory</user>
+    <comment>Forwarded request #1146787 from dgarcia
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+    with Expat 2.6.0, gh#python/cpython#115289</comment>
+    <requestid>1146838</requestid>
+  </revision>
 </revisionlist>
diff --git a/packages/p/python311/libexpat260.patch b/packages/p/python311/libexpat260.patch
@@ -0,0 +1,108 @@
+From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
+From: Serhiy Storchaka <storchaka@gmail.com>
+Date: Sun, 11 Feb 2024 12:08:39 +0200
+Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
+ (GH-115164)
+
+Feeding the parser by too small chunks defers parsing to prevent
+CVE-2023-52425. Future versions of Expat may be more reactive.
+(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
+
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+---
+ Lib/test/test_xml_etree.py                    | 58 ++++++++++++-------
+ ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst |  2 +
+ 2 files changed, 38 insertions(+), 22 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
+
+diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
+index 267982a8233c92..fa03f381fac92a 100644
+--- a/Lib/test/test_xml_etree.py
++++ b/Lib/test/test_xml_etree.py
+@@ -13,6 +13,7 @@
+ import operator
+ import os
+ import pickle
++import pyexpat
+ import sys
+ import textwrap
+ import types
+@@ -120,6 +121,10 @@
+ </foo>
+ """
+ 
++fails_with_expat_2_6_0 = (unittest.expectedFailure
++                        if pyexpat.version_info >= (2, 6, 0) else
++                        lambda test: test)
++
+ def checkwarnings(*filters, quiet=False):
+     def decorator(test):
+         def newtest(*args, **kwargs):
+@@ -1400,28 +1405,37 @@ def assert_event_tags(self, parser, expected, max_events=None):
+         self.assertEqual([(action, elem.tag) for action, elem in events],
+                          expected)
+ 
+-    def test_simple_xml(self):
+-        for chunk_size in (None, 1, 5):
+-            with self.subTest(chunk_size=chunk_size):
+-                parser = ET.XMLPullParser()
+-                self.assert_event_tags(parser, [])
+-                self._feed(parser, "<!-- comment -->\n", chunk_size)
+-                self.assert_event_tags(parser, [])
+-                self._feed(parser,
+-                           "<root>\n  <element key='value'>text</element",
+-                           chunk_size)
+-                self.assert_event_tags(parser, [])
+-                self._feed(parser, ">\n", chunk_size)
+-                self.assert_event_tags(parser, [('end', 'element')])
+-                self._feed(parser, "<element>text</element>tail\n", chunk_size)
+-                self._feed(parser, "<empty-element/>\n", chunk_size)
+-                self.assert_event_tags(parser, [
+-                    ('end', 'element'),
+-                    ('end', 'empty-element'),
+-                    ])
+-                self._feed(parser, "</root>\n", chunk_size)
+-                self.assert_event_tags(parser, [('end', 'root')])
+-                self.assertIsNone(parser.close())
++    def test_simple_xml(self, chunk_size=None):
++        parser = ET.XMLPullParser()
++        self.assert_event_tags(parser, [])
++        self._feed(parser, "<!-- comment -->\n", chunk_size)
++        self.assert_event_tags(parser, [])
++        self._feed(parser,
++                   "<root>\n  <element key='value'>text</element",
++                   chunk_size)
++        self.assert_event_tags(parser, [])
++        self._feed(parser, ">\n", chunk_size)
++        self.assert_event_tags(parser, [('end', 'element')])
++        self._feed(parser, "<element>text</element>tail\n", chunk_size)
++        self._feed(parser, "<empty-element/>\n", chunk_size)
++        self.assert_event_tags(parser, [
++            ('end', 'element'),
++            ('end', 'empty-element'),
++            ])
++        self._feed(parser, "</root>\n", chunk_size)
++        self.assert_event_tags(parser, [('end', 'root')])
++        self.assertIsNone(parser.close())
++
++    @fails_with_expat_2_6_0
++    def test_simple_xml_chunk_1(self):
++        self.test_simple_xml(chunk_size=1)
++
++    @fails_with_expat_2_6_0
++    def test_simple_xml_chunk_5(self):
++        self.test_simple_xml(chunk_size=5)
++
++    def test_simple_xml_chunk_22(self):
++        self.test_simple_xml(chunk_size=22)
+ 
+     def test_feed_while_iterating(self):
+         parser = ET.XMLPullParser()
+diff --git a/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
+new file mode 100644
+index 00000000000000..6f1015235cc25d
+--- /dev/null
++++ b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
+@@ -0,0 +1,2 @@
++Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
++2.6.0.
diff --git a/packages/p/python311/python311.changes b/packages/p/python311/python311.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+  with Expat 2.6.0, gh#python/cpython#115289
+
 -------------------------------------------------------------------
 Thu Feb  8 07:27:40 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 
diff --git a/packages/p/python311/python311.spec b/packages/p/python311/python311.spec
@@ -165,6 +165,9 @@ Patch39:        skip_if_buildbot-extend.patch
 # Detect email address parsing errors and return empty tuple to
 # indicate the parsing error (old API)
 Patch40:        CVE-2023-27043-email-parsing-errors.patch
+# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289
+# Fix tests for XMLPullParser with Expat 2.6.0
+Patch41:        libexpat260.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -425,6 +428,7 @@ other applications.
 %patch -P 36 -p1
 %patch -P 39 -p1
 %patch -P 40 -p1
+%patch -P 41 -p1
 
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac

-Original file line number
+Diff line change
@@ @@ -1,3 +1,9 @@ @@
 +-------------------------------------------------------------------
 +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia <[email protected]>
++
 +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
 +  with Expat 2.6.0, gh#python/cpython#115289
++
 -------------------------------------------------------------------
 Thu Feb  8 07:27:40 UTC 2024 - Daniel Garcia <[email protected]>