diff mbox series

[meta-python2] python: the fix for CVE-2019-20907 is adjusted in the python2

Message ID 20250329015102.1360744-1-lizhi.xu@windriver.com
State New
Headers show
Series [meta-python2] python: the fix for CVE-2019-20907 is adjusted in the python2 | expand

Commit Message

Xu, Lizhi March 29, 2025, 1:51 a.m. UTC 
In the python2, assertRaisesRegex is not defined in Lib/unittest/case.py,
but assertRaisesRegexp is defined, so this error is reported.
In addition, the file recursion.tar is missing in Lib/test/, so it is added
together.

Reproducer:
python test/test_tarfile.py | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -e '/\.\.\. [ERROR|FAIL]/ s/^/FAIL: /g' -e '/\.\.\. skipp

ERROR: test_length_zero_header (test.test_tarfile.MiscReadTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib64/python2.7/test/test_tarfile.py", line 327, in test_length_zero_header
    with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"):
AttributeError: 'MiscReadTest' object has no attribute 'assertRaisesRegex'

Fixes: 044015255944 ("python: Add fix for CVE-2019-20907")
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
---
 .../python/python/CVE-2019-20907.patch            |   2 +-
 recipes-devtools/python/python/recursion.tar      | Bin 0 -> 516 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 recipes-devtools/python/python/recursion.tar

GIT binary patch
literal 516
zcmYdFPRz+kEn=W0Fn}74P8%Xw3X=l~85kIuo0>8xq$A1Gm}!7)KUsFc41m#O8A5+e
I1_}|j06>QaCIA2c

literal 0
HcmV?d00001
diff mbox series

Patch

diff --git a/recipes-devtools/python/python/CVE-2019-20907.patch b/recipes-devtools/python/python/CVE-2019-20907.patch
index 624afd2..a2d050d 100644
--- a/recipes-devtools/python/python/CVE-2019-20907.patch
+++ b/recipes-devtools/python/python/CVE-2019-20907.patch
@@ -37,7 +37,7 @@  index 89bd738..c61d02b 100644
 +    def test_length_zero_header(self):
 +        # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
 +        # with an exception
-+        with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"):
++        with self.assertRaisesRegexp(tarfile.ReadError, "file could not be opened successfully"):
 +            with tarfile.open(support.findfile('recursion.tar')) as tar:
 +                pass
 +
diff --git a/recipes-devtools/python/python/recursion.tar b/recipes-devtools/python/python/recursion.tar
new file mode 100644
index 0000000000000000000000000000000000000000..b8237251964983f54ed1966297e887636cd0c5f4