Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python310 for openSUSE:Factory
checked in at 2024-02-15 20:59:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
and /work/SRC/openSUSE:Factory/.python310.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310"
Thu Feb 15 20:59:20 2024 rev:38 rq:1146869 version:3.10.13
Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes 2023-09-12
21:03:18.585088100 +0200
+++ /work/SRC/openSUSE:Factory/.python310.new.1815/python310.changes
2024-02-15 20:59:46.626678627 +0100
@@ -1,0 +2,14 @@
+Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia <daniel.gar...@suse.com>
+
+- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
+ with Expat 2.6.0, gh#python/cpython#115289
+
+-------------------------------------------------------------------
+Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl <mc...@cepl.eu>
+
+- Refresh CVE-2023-27043-email-parsing-errors.patch to
+ gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
+- Thus we can remove Revert-gh105127-left-tests.patch, which is
+ now useless.
+
+-------------------------------------------------------------------
Old:
----
Revert-gh105127-left-tests.patch
New:
----
libexpat260.patch
BETA DEBUG BEGIN:
Old: gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
now useless.
BETA DEBUG END:
BETA DEBUG BEGIN:
New:
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
with Expat 2.6.0, gh#python/cpython#115289
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python310.spec ++++++
--- /var/tmp/diff_new_pack.RecaXK/_old 2024-02-15 20:59:48.042728396 +0100
+++ /var/tmp/diff_new_pack.RecaXK/_new 2024-02-15 20:59:48.046728536 +0100
@@ -1,7 +1,7 @@
#
-# spec file
+# spec file for package python310
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -177,9 +177,6 @@
# indicate the parsing error (old API), from gh#python/cpython!105127
# Patch carries a REGRESSION (gh#python/cpython#106669), so it has been also
partially REVERTED
Patch40: CVE-2023-27043-email-parsing-errors.patch
-# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638
mc...@suse.com
-# Partially revert previous patch
-Patch41: Revert-gh105127-left-tests.patch
# PATCH-FIX-UPSTREAM fix-sphinx-72.patch gh#python/cpython#97950
# This is a patch with a lot of PR combined to make the doc work with
# sphinx 7.2
@@ -194,6 +191,9 @@
# * gh#python/cpython#104221
# * gh#python/cpython#107246
Patch42: fix-sphinx-72.patch
+# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289
+# Fix tests for XMLPullParser with Expat 2.6.0
+Patch43: libexpat260.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -452,24 +452,24 @@
%prep
%setup -q -n %{tarname}
-%patch02 -p1
-%patch06 -p1
-%patch07 -p1
-%patch08 -p1
-%patch09 -p1
-%patch15 -p1
-%patch29 -p1
+%patch -P 02 -p1
+%patch -P 06 -p1
+%patch -P 07 -p1
+%patch -P 08 -p1
+%patch -P 09 -p1
+%patch -P 15 -p1
+%patch -P 29 -p1
%if 0%{?sle_version} && 0%{?sle_version} <= 150300
-%patch33 -p1
-%patch34 -p1
+%patch -P 33 -p1
+%patch -P 34 -p1
%endif
-%patch35 -p1
-%patch36 -p1
-%patch38 -p1
-%patch39 -p1
-%patch40 -p1
-%patch41 -p1
-%patch42 -p1
+%patch -P 35 -p1
+%patch -P 36 -p1
+%patch -P 38 -p1
+%patch -P 39 -p1
+%patch -P 40 -p1
+%patch -P 42 -p1
+%patch -P 43 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ CVE-2023-27043-email-parsing-errors.patch ++++++
++++ 625 lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/python310/CVE-2023-27043-email-parsing-errors.patch
++++ and
/work/SRC/openSUSE:Factory/.python310.new.1815/CVE-2023-27043-email-parsing-errors.patch
++++++ fix-sphinx-72.patch ++++++
++++ 1957 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/python310/fix-sphinx-72.patch
++++ and /work/SRC/openSUSE:Factory/.python310.new.1815/fix-sphinx-72.patch
++++++ libexpat260.patch ++++++
>From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storch...@gmail.com>
Date: Sun, 11 Feb 2024 12:08:39 +0200
Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
(GH-115164)
Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
Co-authored-by: Serhiy Storchaka <storch...@gmail.com>
---
Lib/test/test_xml_etree.py | 58 ++++++++++++-------
...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 +
2 files changed, 38 insertions(+), 22 deletions(-)
create mode 100644
Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
Index: Python-3.10.13/Lib/test/test_xml_etree.py
===================================================================
--- Python-3.10.13.orig/Lib/test/test_xml_etree.py
+++ Python-3.10.13/Lib/test/test_xml_etree.py
@@ -13,6 +13,7 @@ import itertools
import operator
import os
import pickle
+import pyexpat
import sys
import textwrap
import types
@@ -120,6 +121,10 @@ ATTLIST_XML = """\
</foo>
"""
+fails_with_expat_2_6_0 = (unittest.expectedFailure
+ if pyexpat.version_info >= (2, 6, 0) else
+ lambda test: test)
+
def checkwarnings(*filters, quiet=False):
def decorator(test):
def newtest(*args, **kwargs):
@@ -1396,28 +1401,37 @@ class XMLPullParserTest(unittest.TestCas
self.assertEqual([(action, elem.tag) for action, elem in events],
expected)
- def test_simple_xml(self):
- for chunk_size in (None, 1, 5):
- with self.subTest(chunk_size=chunk_size):
- parser = ET.XMLPullParser()
- self.assert_event_tags(parser, [])
- self._feed(parser, "<!-- comment -->\n", chunk_size)
- self.assert_event_tags(parser, [])
- self._feed(parser,
- "<root>\n <element key='value'>text</element",
- chunk_size)
- self.assert_event_tags(parser, [])
- self._feed(parser, ">\n", chunk_size)
- self.assert_event_tags(parser, [('end', 'element')])
- self._feed(parser, "<element>text</element>tail\n", chunk_size)
- self._feed(parser, "<empty-element/>\n", chunk_size)
- self.assert_event_tags(parser, [
- ('end', 'element'),
- ('end', 'empty-element'),
- ])
- self._feed(parser, "</root>\n", chunk_size)
- self.assert_event_tags(parser, [('end', 'root')])
- self.assertIsNone(parser.close())
+ def test_simple_xml(self, chunk_size=None):
+ parser = ET.XMLPullParser()
+ self.assert_event_tags(parser, [])
+ self._feed(parser, "<!-- comment -->\n", chunk_size)
+ self.assert_event_tags(parser, [])
+ self._feed(parser,
+ "<root>\n <element key='value'>text</element",
+ chunk_size)
+ self.assert_event_tags(parser, [])
+ self._feed(parser, ">\n", chunk_size)
+ self.assert_event_tags(parser, [('end', 'element')])
+ self._feed(parser, "<element>text</element>tail\n", chunk_size)
+ self._feed(parser, "<empty-element/>\n", chunk_size)
+ self.assert_event_tags(parser, [
+ ('end', 'element'),
+ ('end', 'empty-element'),
+ ])
+ self._feed(parser, "</root>\n", chunk_size)
+ self.assert_event_tags(parser, [('end', 'root')])
+ self.assertIsNone(parser.close())
+
+ @fails_with_expat_2_6_0
+ def test_simple_xml_chunk_1(self):
+ self.test_simple_xml(chunk_size=1)
+
+ @fails_with_expat_2_6_0
+ def test_simple_xml_chunk_5(self):
+ self.test_simple_xml(chunk_size=5)
+
+ def test_simple_xml_chunk_22(self):
+ self.test_simple_xml(chunk_size=22)
def test_feed_while_iterating(self):
parser = ET.XMLPullParser()
Index:
Python-3.10.13/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
===================================================================
--- /dev/null
+++
Python-3.10.13/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
@@ -0,0 +1,2 @@
+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
+2.6.0.
