Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) #115288

Merged
merged 1 commit into from
Feb 11, 2024
Merged

[3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) #115288

merged 1 commit into from
Feb 11, 2024
+38 −22

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Feb 11, 2024
edited by bedevere-app bot
Loading

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka [email protected]

@serhiy-storchaka @miss-islington
pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (python…
5cffa94 
…GH-115164)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
@bedevere-app bedevere-app bot mentioned this pull request Feb 11, 2024
Merged
@bedevere-app bedevere-app bot added the tests Tests in the Lib/test dir label Feb 11, 2024
@bedevere-app bedevere-app bot mentioned this pull request Feb 11, 2024
Closed
@serhiy-storchaka serhiy-storchaka enabled auto-merge (squash) February 11, 2024 10:09
@serhiy-storchaka serhiy-storchaka merged commit c4fa79b into python:3.12 Feb 11, 2024
28 checks passed
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Feb 15, 2024
@bmwiedemann
Update python312 to version 3.12.2 / rev 13 via SR 1146839
3c4b017 
https://build.opensuse.org/request/show/1146839
by user mcepl + anag+factory
Forwarded request #1146789 from dgarcia

- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
    with Expat 2.6.0, gh#python/cpython#115288
naveen521kk pushed a commit to naveen521kk/cpython that referenced this pull request Feb 19, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
8efd73c 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
naveen521kk pushed a commit to naveen521kk/cpython that referenced this pull request Feb 19, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
b2c5c9e 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
naveen521kk pushed a commit to naveen521kk/cpython that referenced this pull request Feb 19, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
f92fdcf 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
naveen521kk pushed a commit to naveen521kk/cpython that referenced this pull request Feb 21, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
7d3cf00 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
halstead pushed a commit to yoctoproject/poky that referenced this pull request Apr 13, 2024
@threexc @rpurdie
python3: upgrade 3.12.2 -> 3.12.3
fbdda17 
Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: python/cpython#115288

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

(From OE-Core rev: 95e9e03df13ca7bdb0dc445e62d400f72a0d8254)

Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Apr 13, 2024
@threexc @rpurdie
python3: upgrade 3.12.2 -> 3.12.3
95e9e03 
Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: python/cpython#115288

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
halstead pushed a commit to yoctoproject/poky that referenced this pull request Apr 13, 2024
@threexc @rpurdie
python3: upgrade 3.12.2 -> 3.12.3
8ccda67 
Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: python/cpython#115288

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

(From OE-Core rev: 95e9e03df13ca7bdb0dc445e62d400f72a0d8254)

Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
halstead pushed a commit to yoctoproject/poky that referenced this pull request Apr 14, 2024
@threexc @rpurdie
python3: upgrade 3.12.2 -> 3.12.3
6cbe62a 
Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: python/cpython#115288
(related to CVE-2023-52425)

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

(From OE-Core rev: 4122d8f6ecf6957de7a34fc51beffcd8e808911f)

Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Apr 14, 2024
@threexc @rpurdie
python3: upgrade 3.12.2 -> 3.12.3
4122d8f 
Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: python/cpython#115288
(related to CVE-2023-52425)

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
ninetteadhikari pushed a commit to neighbourhoodie/poky that referenced this pull request Apr 18, 2024
@threexc @ninetteadhikari
python3: upgrade 3.12.2 -> 3.12.3
b1ac0e4 
Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: python/cpython#115288
(related to CVE-2023-52425)

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

(From OE-Core rev: 4122d8f6ecf6957de7a34fc51beffcd8e808911f)

Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
daregit pushed a commit to daregit/yocto-combined that referenced this pull request May 22, 2024
@threexc @rpurdie
src/poky:python3: upgrade 3.12.2 -> 3.12.3
64cecaf 
Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: python/cpython#115288
(related to CVE-2023-52425)

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

(From OE-Core rev: 4122d8f6ecf6957de7a34fc51beffcd8e808911f)

Signed-off-by: Trevor Gamblin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
naveen521kk pushed a commit to naveen521kk/cpython that referenced this pull request Jul 11, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
e6aeef3 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
naveen521kk pushed a commit to naveen521kk/cpython that referenced this pull request Jul 11, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
76ea190 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
naveen521kk pushed a commit to naveen521kk/cpython that referenced this pull request Jul 11, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
95790f9 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
naveen521kk pushed a commit to msys2-contrib/cpython-mingw that referenced this pull request Aug 5, 2024
@miss-islington @serhiy-storchaka @naveen521kk
[3.12] pythongh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (p…
ad679e5 
…ythonGH-115164) (pythonGH-115288)

Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b)

Co-authored-by: Serhiy Storchaka <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
tests Tests in the Lib/test dir
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@miss-islington @serhiy-storchaka