Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python310 for openSUSE:Factory
checked in at 2022-09-21 14:38:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
and /work/SRC/openSUSE:Factory/.python310.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310"
Wed Sep 21 14:38:55 2022 rev:22 rq:1004684 version:3.10.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes 2022-09-17
20:08:09.652779702 +0200
+++ /work/SRC/openSUSE:Factory/.python310.new.2083/python310.changes
2022-09-21 14:38:57.797177688 +0200
@@ -1,0 +2,6 @@
+Sun Sep 18 08:48:51 UTC 2022 - Andreas Schwab <sch...@suse.de>
+
+- test-int-timing.patch: gh-96710: Make the test timing more lenient for
+ the int/str DoS regression test. (#96717)
+
+-------------------------------------------------------------------
New:
----
test-int-timing.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python310.spec ++++++
--- /var/tmp/diff_new_pack.7hz15g/_old 2022-09-21 14:38:59.605182703 +0200
+++ /var/tmp/diff_new_pack.7hz15g/_new 2022-09-21 14:38:59.609182714 +0200
@@ -169,6 +169,8 @@
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511
mc...@suse.com
# avoid the command injection in the mailcap module.
Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch
+# PATCH-FIX-UPSTREAM gh-96710: Make the test timing more lenient for the
int/str DoS regression test. (#96717)
+Patch38: test-int-timing.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -438,6 +440,7 @@
%patch35 -p1
%patch36 -p1
%patch37 -p1
+%patch38 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ test-int-timing.patch ++++++
>From 11e3548fd1d3445ccde971d613633b58d73c3016 Mon Sep 17 00:00:00 2001
From: "Gregory P. Smith" <g...@krypto.org>
Date: Fri, 9 Sep 2022 12:51:34 -0700
Subject: [PATCH] gh-96710: Make the test timing more lenient for the int/str
DoS regression test. (#96717)
A regression would still absolutely fail and even a flaky pass isn't
harmful as it'd fail most of the time across our N system test runs.
Windows has a low resolution timer and CI systems are prone to odd
timing so this just gives more leeway to avoid flakiness.
---
Lib/test/test_int.py | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/Lib/test/test_int.py b/Lib/test/test_int.py
index 800c0b006c..c972b8afb4 100644
--- a/Lib/test/test_int.py
+++ b/Lib/test/test_int.py
@@ -650,7 +650,8 @@ def test_denial_of_service_prevented_int_to_str(self):
self.assertEqual(len(huge_decimal), digits)
# Ensuring that we chose a slow enough conversion to measure.
# It takes 0.1 seconds on a Zen based cloud VM in an opt build.
- if seconds_to_convert < 0.005:
+ # Some OSes have a low res 1/64s timer, skip if hard to measure.
+ if seconds_to_convert < 1/64:
raise unittest.SkipTest('"slow" conversion took only '
f'{seconds_to_convert} seconds.')
@@ -662,7 +663,7 @@ def test_denial_of_service_prevented_int_to_str(self):
str(huge_int)
seconds_to_fail_huge = get_time() - start
self.assertIn('conversion', str(err.exception))
- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
+ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
# Now we test that a conversion that would take 30x as long also fails
# in a similarly fast fashion.
@@ -673,7 +674,7 @@ def test_denial_of_service_prevented_int_to_str(self):
str(extra_huge_int)
seconds_to_fail_extra_huge = get_time() - start
self.assertIn('conversion', str(err.exception))
- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
+ self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/2)
def test_denial_of_service_prevented_str_to_int(self):
"""Regression test: ensure we fail before performing O(N**2) work."""
@@ -691,7 +692,8 @@ def test_denial_of_service_prevented_str_to_int(self):
seconds_to_convert = get_time() - start
# Ensuring that we chose a slow enough conversion to measure.
# It takes 0.1 seconds on a Zen based cloud VM in an opt build.
- if seconds_to_convert < 0.005:
+ # Some OSes have a low res 1/64s timer, skip if hard to measure.
+ if seconds_to_convert < 1/64:
raise unittest.SkipTest('"slow" conversion took only '
f'{seconds_to_convert} seconds.')
@@ -701,7 +703,7 @@ def test_denial_of_service_prevented_str_to_int(self):
int(huge)
seconds_to_fail_huge = get_time() - start
self.assertIn('conversion', str(err.exception))
- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
+ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
# Now we test that a conversion that would take 30x as long also fails
# in a similarly fast fashion.
@@ -712,7 +714,7 @@ def test_denial_of_service_prevented_str_to_int(self):
int(extra_huge)
seconds_to_fail_extra_huge = get_time() - start
self.assertIn('conversion', str(err.exception))
- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
+ self.assertLessEqual(seconds_to_fail_extra_huge, seconds_to_convert/2)
def test_power_of_two_bases_unlimited(self):
"""The limit does not apply to power of 2 bases."""
--
2.37.3
