Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-15-SP1:GA
python3.26521
support-expat-CVE-2022-25236-patched.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File support-expat-CVE-2022-25236-patched.patch of Package python3.26521
From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 21 Feb 2022 08:16:09 -0800 Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) (GH-31472) Curly brackets were never allowed in namespace URIs according to RFC 3986, and so-called namespace-validating XML parsers have the right to reject them a invalid URIs. libexpat >=2.4.5 has become strcter in that regard due to related security issues; with ET.XML instantiating a namespace-aware parser under the hood, this test has no future in CPython. References: - https://datatracker.ietf.org/doc/html/rfc3968 - https://www.w3.org/TR/xml-names/ Also, test_minidom.py: Support Expat >=2.4.5 (cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e) Co-authored-by: Sebastian Pipping <sebastian@pipping.org> --- Lib/test/test_minidom.py | 16 ++++++++++++---- Lib/test/test_xml_etree.py | 6 ------ 2 files changed, 12 insertions(+), 10 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst --- a/Lib/test/test_minidom.py +++ b/Lib/test/test_minidom.py @@ -9,6 +9,7 @@ import xml.dom.minidom from xml.dom.minidom import parse, Node, Document, parseString from xml.dom.minidom import getDOMImplementation +from xml.parsers.expat import ExpatError tstfile = support.findfile("test.xml", subdir="xmltestdata") @@ -1156,8 +1157,12 @@ class MinidomTest(unittest.TestCase): # Verify that character decoding errors raise exceptions instead # of crashing - self.assertRaises(UnicodeDecodeError, parseString, - b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>') + # It doesn’t make any sense to insist on the exact text of the + # error message, or even the exact Exception … it is enough that + # the error has been discovered. + with self.assertRaises((UnicodeDecodeError, ExpatError)): + parseString( + b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>') doc.unlink() @@ -1602,8 +1607,11 @@ class MinidomTest(unittest.TestCase): self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) def testExceptionOnSpacesInXMLNSValue(self): - with self.assertRaisesRegex(ValueError, 'Unsupported syntax'): - parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>') + # It doesn’t make any sense to insist on the exact text of the + # error message, or even the exact Exception … it is enough that + # the error has been discovered. + with self.assertRaises((ExpatError, ValueError)): + parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>') def testDocRemoveChild(self): doc = parse(tstfile) --- a/Lib/test/test_xml_etree.py +++ b/Lib/test/test_xml_etree.py @@ -1668,12 +1668,6 @@ class BugsTest(unittest.TestCase): b"<?xml version='1.0' encoding='ascii'?>\n" b'<body>tãg</body>') - def test_issue3151(self): - e = ET.XML('<prefix:localname xmlns:prefix="${stuff}"/>') - self.assertEqual(e.tag, '{${stuff}}localname') - t = ET.ElementTree(e) - self.assertEqual(ET.tostring(e), b'<ns0:localname xmlns:ns0="${stuff}" />') - def test_issue6565(self): elem = ET.XML("<body><tag/></body>") self.assertEqual(summarize_list(elem), ['tag'])
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor