[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-03-05 Thread mattip 


mattip  added the comment:

> [T]he test has been removed in CPython pull request 
> https://github.com/python/cpython/pull/31453/files

Thanks, I missed that. Makes sense.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-03-04 Thread sping 


sping  added the comment:

Hi mattip,

at the core the problem is not the use of non-URI character "}" for a namespace 
separator but the use of non-URI character "}" in a namespace URI.  
test_issue3151 is mistaken (meaning that non-URI characters in URIs are 
malformed XML) and the test has been removed in CPython pull request 
https://github.com/python/cpython/pull/31453/files .  Expat pull request 
https://github.com/libexpat/libexpat/pull/577 is related but it's about URI 
characters not about non-URI ones, so it does not change anything about 
test_issue3151 in PyPy.  Does that make sense?

Best, Sebastian

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-03-04 Thread mattip 


mattip  added the comment:

On PyPy, the test `test_issue3151` in `test_xml_etree.py` is failing with 
libexpat 2.4.6. I think the problem is connected to instantiation of the 
`XMLParser()` with `parser = expat.ParserCreate(encoding, "}")` where `"}"` is 
not a valid URI character. In any case, due to libexpat issue 577, 
https://github.com/libexpat/libexpat/pull/577 they will be releasing a new 
version 2.4.7 soon.

--
nosy: +mattip

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-03-02 Thread Dong-hee Na 


Change by Dong-hee Na :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-03-02 Thread Łukasz Langa 

Łukasz Langa  added the comment:


New changeset eb6c840a2414dc057ffcfbb5ad68d6253c8dd57c by Miss Islington (bot) 
in branch '3.8':
bpo-46794: Bump up the libexpat version into 2.4.6 (GH-31487) (GH-31520)
https://github.com/python/cpython/commit/eb6c840a2414dc057ffcfbb5ad68d6253c8dd57c


--
nosy: +lukasz.langa

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-23 Thread Ned Deily 


Ned Deily  added the comment:


New changeset 15d7594d9974cfef10e65cbb01161168c42abe9d by Miss Islington (bot) 
in branch '3.7':
bpo-46794: Bump up the libexpat version into 2.4.6 (GH-31487) (GH-31521)
https://github.com/python/cpython/commit/15d7594d9974cfef10e65cbb01161168c42abe9d


--
nosy: +ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-22 Thread miss-islington 


miss-islington  added the comment:


New changeset 87cebb1e69758aa8b79f8e15187b976d62cba36a by Miss Islington (bot) 
in branch '3.9':
bpo-46794: Bump up the libexpat version into 2.4.6 (GH-31487)
https://github.com/python/cpython/commit/87cebb1e69758aa8b79f8e15187b976d62cba36a


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-22 Thread miss-islington 


miss-islington  added the comment:


New changeset 4955a9ed14c681ed835bc8902a9db0bcc728bdee by Miss Islington (bot) 
in branch '3.10':
bpo-46794: Bump up the libexpat version into 2.4.6 (GH-31487)
https://github.com/python/cpython/commit/4955a9ed14c681ed835bc8902a9db0bcc728bdee


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-22 Thread miss-islington 


Change by miss-islington :


--
pull_requests: +29647
pull_request: https://github.com/python/cpython/pull/31520

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-22 Thread Dong-hee Na 


Dong-hee Na  added the comment:


New changeset 1935e1cc284942bec8006287c939e295e1a7bf13 by Dong-hee Na in branch 
'main':
bpo-46794: Bump up the libexpat version into 2.4.6 (GH-31487)
https://github.com/python/cpython/commit/1935e1cc284942bec8006287c939e295e1a7bf13


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-22 Thread miss-islington 


Change by miss-islington :


--
pull_requests: +29648
pull_request: https://github.com/python/cpython/pull/31521

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-22 Thread miss-islington 


Change by miss-islington :


--
pull_requests: +29646
pull_request: https://github.com/python/cpython/pull/31519

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-22 Thread miss-islington 


Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 3.0 -> 4.0
pull_requests: +29645
pull_request: https://github.com/python/cpython/pull/31518

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-21 Thread Dong-hee Na 


Change by Dong-hee Na :


--
pull_requests: +29615, 29616
pull_request: https://github.com/python/cpython/pull/31487

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-21 Thread Dong-hee Na 


Change by Dong-hee Na :


--
pull_requests: +29615
pull_request: https://github.com/python/cpython/pull/31487

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-21 Thread Dong-hee Na 


Change by Dong-hee Na :


--
pull_requests:  -29614

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-21 Thread Dong-hee Na 


Change by Dong-hee Na :


--
keywords: +patch
pull_requests: +29614
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/31486

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-21 Thread Dong-hee Na 


Change by Dong-hee Na :


--
assignee:  -> corona10
nosy: +corona10

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-20 Thread sping 


sping  added the comment:

I have created a dedicated ticket bpo-46811 now, test suite pull request 
upcoming.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-20 Thread sping 


sping  added the comment:

I'm busy with the release upstream at the moment.  I'll see what I can do.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-20 Thread Michał Górny 

Michał Górny  added the comment:

Could you make a PR to fix the test failures?  I suppose that could speed 
things up and if not, I'd at least have something to pull into Gentoo.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

2022-02-20 Thread sping 

sping  added the comment:

Hi Michal,


TL;DR would be:

- There is a regression but none of these test fails are related.

- There will be a release Expat 2.4.6 with the regression fixed later today.

- The 3 failing tests need (small) adjustments to Expat 2.4.5
  and these fails are not considered bugs in Expat.

I will demo a fix to 2 of the 3 test fails below:


# git diff -U1 | cat
diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
index 1663b1f114..38cea97a97 100644
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -12,2 +12,3 @@
 from xml.dom.minidom import getDOMImplementation
+from xml.parsers.expat import ExpatError
 
@@ -1149,4 +1150,6 @@ def testEncodings(self):
 # of crashing
-self.assertRaises(UnicodeDecodeError, parseString,
-b'Comment \xe7a va ? Tr\xe8s bien 
?')
+self.assertRaises(ExpatError, parseString,
+b'')
+self.assertRaises(ExpatError, parseString,
+b'Comment \xe7a va ? Tr\xe8s bien ?')
 
@@ -1611,3 +1614,3 @@ def testEmptyXMLNSValue(self):
 def testExceptionOnSpacesInXMLNSValue(self):
-with self.assertRaisesRegex(ValueError, 'Unsupported syntax'):
+with self.assertRaisesRegex(ExpatError, "syntax error"):
 parseString('')
 

For the third test, the key is that the closing curly brace is used as the
namespace separator in line 3660…

  self->parser = EXPAT(ParserCreate_MM)(encoding, &ExpatMemoryHandler, "}");
  
…in file Modules/_elementtree.c (which is okay but part of the test fail).

Best



Sebastian

--
title: Please update bundled libexpat to 2.4.5 with security fixes (5 CVEs) -> 
Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com