[3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) #115288

miss-islington · 2024-02-11T10:08:46Z

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka [email protected]

Issue: test.test_xml_etree*.XMLPullParserTest.test_simple_xml fails with (system) expat 2.6.0 #115133

…GH-115164) Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive. (cherry picked from commit 4a08e7b) Co-authored-by: Serhiy Storchaka <[email protected]>

https://build.opensuse.org/request/show/1146839 by user mcepl + anag+factory Forwarded request #1146789 from dgarcia - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115288

…ythonGH-115164) (pythonGH-115288) Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive. (cherry picked from commit 4a08e7b) Co-authored-by: Serhiy Storchaka <[email protected]>

Remove the following patch: 0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch Which a different fix was submitted for in: c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288) See: python/cpython#115288 Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final (From OE-Core rev: 95e9e03df13ca7bdb0dc445e62d400f72a0d8254) Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Richard Purdie <[email protected]>

Remove the following patch: 0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch Which a different fix was submitted for in: c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288) See: python/cpython#115288 Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Richard Purdie <[email protected]>

Remove the following patch: 0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch Which a different fix was submitted for in: c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288) See: python/cpython#115288 Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final (From OE-Core rev: 95e9e03df13ca7bdb0dc445e62d400f72a0d8254) Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Richard Purdie <[email protected]>

Remove the following patch: 0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch Which a different fix was submitted for in: c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288) See: python/cpython#115288 (related to CVE-2023-52425) Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final (From OE-Core rev: 4122d8f6ecf6957de7a34fc51beffcd8e808911f) Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Richard Purdie <[email protected]>

Remove the following patch: 0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch Which a different fix was submitted for in: c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288) See: python/cpython#115288 (related to CVE-2023-52425) Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Richard Purdie <[email protected]>

Remove the following patch: 0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch Which a different fix was submitted for in: c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288) See: python/cpython#115288 (related to CVE-2023-52425) Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final (From OE-Core rev: 4122d8f6ecf6957de7a34fc51beffcd8e808911f) Signed-off-by: Trevor Gamblin <[email protected]> Signed-off-by: Richard Purdie <[email protected]>

…ythonGH-115164) (pythonGH-115288) Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive. (cherry picked from commit 4a08e7b) Co-authored-by: Serhiy Storchaka <[email protected]>

bedevere-app bot added the awaiting review label Feb 11, 2024

bedevere-app bot mentioned this pull request Feb 11, 2024

gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 #115164

Merged

bedevere-app bot added the tests Tests in the Lib/test dir label Feb 11, 2024

bedevere-app bot mentioned this pull request Feb 11, 2024

test.test_xml_etree*.XMLPullParserTest.test_simple_xml fails with (system) expat 2.6.0 #115133

Closed

serhiy-storchaka enabled auto-merge (squash) February 11, 2024 10:09

serhiy-storchaka merged commit c4fa79b into python:3.12 Feb 11, 2024

bedevere-app bot removed the awaiting review label Feb 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) #115288

[3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) #115288

Uh oh!

miss-islington commented Feb 11, 2024 •

edited by bedevere-app bot

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

[3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) #115288

[3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) #115288

Uh oh!

Conversation

miss-islington commented Feb 11, 2024 • edited by bedevere-app bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

miss-islington commented Feb 11, 2024 •

edited by bedevere-app bot

Loading