| Message ID | 20250328090855.3347066-1-lizhi.xu@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | python: the fix for CVE-2019-20907 is adjusted in the python2 | expand |
is it meant for meta-python2 ? if so prefix it with [meta-python2] in subject On Fri, Mar 28, 2025 at 7:15 AM Xu, Lizhi via lists.openembedded.org <Lizhi.Xu=windriver.com@lists.openembedded.org> wrote: > > In the python2, assertRaisesRegex is not defined in Lib/unittest/case.py, > but assertRaisesRegexp is defined, so this error is reported. > In addition, the file recursion.tar is missing in Lib/test/, so it is added > together. > > Reproducer: > python test/test_tarfile.py | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -e '/\.\.\. [ERROR|FAIL]/ s/^/FAIL: /g' -e '/\.\.\. skipp > > ERROR: test_length_zero_header (test.test_tarfile.MiscReadTest) > ---------------------------------------------------------------------- > Traceback (most recent call last): > File "/usr/lib64/python2.7/test/test_tarfile.py", line 327, in test_length_zero_header > with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"): > AttributeError: 'MiscReadTest' object has no attribute 'assertRaisesRegex' > > Fixes: 044015255944 ("python: Add fix for CVE-2019-20907") > Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com> > --- > .../python/python/CVE-2019-20907.patch | 2 +- > recipes-devtools/python/python/recursion.tar | Bin 0 -> 516 bytes > 2 files changed, 1 insertion(+), 1 deletion(-) > create mode 100644 recipes-devtools/python/python/recursion.tar > > diff --git a/recipes-devtools/python/python/CVE-2019-20907.patch b/recipes-devtools/python/python/CVE-2019-20907.patch > index 624afd2..a2d050d 100644 > --- a/recipes-devtools/python/python/CVE-2019-20907.patch > +++ b/recipes-devtools/python/python/CVE-2019-20907.patch > @@ -37,7 +37,7 @@ index 89bd738..c61d02b 100644 > + def test_length_zero_header(self): > + # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail > + # with an exception > -+ with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"): > ++ with self.assertRaisesRegexp(tarfile.ReadError, "file could not be opened successfully"): > + with tarfile.open(support.findfile('recursion.tar')) as tar: > + pass > + > diff --git a/recipes-devtools/python/python/recursion.tar b/recipes-devtools/python/python/recursion.tar > new file mode 100644 > index 0000000000000000000000000000000000000000..b8237251964983f54ed1966297e887636cd0c5f4 > GIT binary patch > literal 516 > zcmYdFPRz+kEn=W0Fn}74P8%Xw3X=l~85kIuo0>8xq$A1Gm}!7)KUsFc41m#O8A5+e > I1_}|j06>QaCIA2c > > literal 0 > HcmV?d00001 > > -- > 2.43.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#116353): https://lists.openembedded.org/g/openembedded-devel/message/116353 > Mute This Topic: https://lists.openembedded.org/mt/111954747/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/recipes-devtools/python/python/CVE-2019-20907.patch b/recipes-devtools/python/python/CVE-2019-20907.patch index 624afd2..a2d050d 100644 --- a/recipes-devtools/python/python/CVE-2019-20907.patch +++ b/recipes-devtools/python/python/CVE-2019-20907.patch @@ -37,7 +37,7 @@ index 89bd738..c61d02b 100644 + def test_length_zero_header(self): + # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail + # with an exception -+ with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"): ++ with self.assertRaisesRegexp(tarfile.ReadError, "file could not be opened successfully"): + with tarfile.open(support.findfile('recursion.tar')) as tar: + pass + diff --git a/recipes-devtools/python/python/recursion.tar b/recipes-devtools/python/python/recursion.tar new file mode 100644 index 0000000000000000000000000000000000000000..b8237251964983f54ed1966297e887636cd0c5f4
In the python2, assertRaisesRegex is not defined in Lib/unittest/case.py, but assertRaisesRegexp is defined, so this error is reported. In addition, the file recursion.tar is missing in Lib/test/, so it is added together. Reproducer: python test/test_tarfile.py | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -e '/\.\.\. [ERROR|FAIL]/ s/^/FAIL: /g' -e '/\.\.\. skipp ERROR: test_length_zero_header (test.test_tarfile.MiscReadTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib64/python2.7/test/test_tarfile.py", line 327, in test_length_zero_header with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"): AttributeError: 'MiscReadTest' object has no attribute 'assertRaisesRegex' Fixes: 044015255944 ("python: Add fix for CVE-2019-20907") Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com> --- .../python/python/CVE-2019-20907.patch | 2 +- recipes-devtools/python/python/recursion.tar | Bin 0 -> 516 bytes 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 recipes-devtools/python/python/recursion.tar GIT binary patch literal 516 zcmYdFPRz+kEn=W0Fn}74P8%Xw3X=l~85kIuo0>8xq$A1Gm}!7)KUsFc41m#O8A5+e I1_}|j06>QaCIA2c literal 0 HcmV?d00001