rpms/python3.9
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f42
rpms:f43
rpms:main
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f35
rpms:f36
rpms:f34
rpms:f33
..
compare: rpms:f41
Branches Tags
rpms:f42
rpms:f43
rpms:main
rpms:rawhide
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f35
rpms:f36
rpms:f34
rpms:f33

No commits in common. "rawhide" and "f41" have entirely different histories.
rawhide ... f41

2 changed files with 1 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

140
00471-cve-2025-12084.patch
View file

@ -1,140 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com>
Date: Mon, 22 Dec 2025 14:48:49 +0100
Subject: 00471: CVE-2025-12084
* gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146)
* gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794)
(cherry picked from commit 1cc7551b3f9f71efbc88d96dce90f82de98b2454)
(cherry picked from commit 08d8e18ad81cd45bc4a27d6da478b51ea49486e4)
(cherry picked from commit 8d2d7bb2e754f8649a68ce4116271a4932f76907)
Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com>
Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
---
Lib/test/test_minidom.py | 33 ++++++++++++++++++-
Lib/xml/dom/minidom.py | 11 ++-----
...-12-01-09-36-45.gh-issue-142145.tcAUhg.rst | 6 ++++
3 files changed, 41 insertions(+), 9 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
index 97620258d8..9f7f5b240e 100644
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -2,6 +2,7 @@
import copy
import pickle
+import time
import io
from test import support
import unittest
@@ -9,7 +10,7 @@ import unittest
import pyexpat
import xml.dom.minidom
-from xml.dom.minidom import parse, Node, Document, parseString
+from xml.dom.minidom import parse, Attr, Node, Document, Element, parseString
from xml.dom.minidom import getDOMImplementation
from xml.parsers.expat import ExpatError
@@ -163,6 +164,36 @@ class MinidomTest(unittest.TestCase):
self.confirm(dom.documentElement.childNodes[-1].data == "Hello")
dom.unlink()
+ @support.requires_resource('cpu')
+ def testAppendChildNoQuadraticComplexity(self):
+ impl = getDOMImplementation()
+
+ newdoc = impl.createDocument(None, "some_tag", None)
+ top_element = newdoc.documentElement
+ children = [newdoc.createElement(f"child-{i}") for i in range(1, 2 ** 15 + 1)]
+ element = top_element
+
+ start = time.monotonic()
+ for child in children:
+ element.appendChild(child)
+ element = child
+ end = time.monotonic()
+
+ # This example used to take at least 30 seconds.
+ # Conservative assertion due to the wide variety of systems and
+ # build configs timing based tests wind up run under.
+ # A --with-address-sanitizer --with-pydebug build on a rpi5 still
+ # completes this loop in <0.5 seconds.
+ self.assertLess(end - start, 4)
+
+ def testSetAttributeNodeWithoutOwnerDocument(self):
+ # regression test for gh-142754
+ elem = Element("test")
+ attr = Attr("id")
+ attr.value = "test-id"
+ elem.setAttributeNode(attr)
+ self.assertEqual(elem.getAttribute("id"), "test-id")
+
def testAppendChildFragment(self):
dom, orig, c1, c2, c3, frag = self._create_fragment_test_nodes()
dom.documentElement.appendChild(frag)
diff --git a/Lib/xml/dom/minidom.py b/Lib/xml/dom/minidom.py
index d09ef5e7d0..e4e8b42996 100644
--- a/Lib/xml/dom/minidom.py
+++ b/Lib/xml/dom/minidom.py
@@ -292,13 +292,6 @@ def _append_child(self, node):
childNodes.append(node)
node.parentNode = self
-def _in_document(node):
- # return True iff node is part of a document tree
- while node is not None:
- if node.nodeType == Node.DOCUMENT_NODE:
- return True
- node = node.parentNode
- return False
def _write_data(writer, data):
"Writes datachars to writer."
@@ -355,6 +348,7 @@ class Attr(Node):
def __init__(self, qName, namespaceURI=EMPTY_NAMESPACE, localName=None,
prefix=None):
self.ownerElement = None
+ self.ownerDocument = None
self._name = qName
self.namespaceURI = namespaceURI
self._prefix = prefix
@@ -678,6 +672,7 @@ class Element(Node):
def __init__(self, tagName, namespaceURI=EMPTY_NAMESPACE, prefix=None,
localName=None):
+ self.ownerDocument = None
self.parentNode = None
self.tagName = self.nodeName = tagName
self.prefix = prefix
@@ -1537,7 +1532,7 @@ def _clear_id_cache(node):
if node.nodeType == Node.DOCUMENT_NODE:
node._id_cache.clear()
node._id_search_stack = None
- elif _in_document(node):
+ elif node.ownerDocument:
node.ownerDocument._id_cache.clear()
node.ownerDocument._id_search_stack= None
diff --git a/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
new file mode 100644
index 0000000000..05c7df35d1
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
@@ -0,0 +1,6 @@
+Remove quadratic behavior in ``xml.minidom`` node ID cache clearing. In order
+to do this without breaking existing users, we also add the *ownerDocument*
+attribute to :mod:`xml.dom.minidom` elements and attributes created by directly
+instantiating the ``Element`` or ``Attr`` class. Note that this way of creating
+nodes is not supported; creator functions like
+:py:meth:`xml.dom.Document.documentElement` should be used instead.

30
python3.9.spec
View file

@ -17,7 +17,7 @@ URL: https://www.python.org/
#global prerel ... #global prerel ...
%global upstream_version %{general_version}%{?prerel} %global upstream_version %{general_version}%{?prerel}
Version: %{general_version}%{?prerel:~%{prerel}} Version: %{general_version}%{?prerel:~%{prerel}}
Release: 3%{?dist} Release: 1%{?dist}
License: Python License: Python
@ -272,9 +272,6 @@ BuildRequires: /usr/sbin/ifconfig
%if %{with rpmwheels} %if %{with rpmwheels}
BuildRequires: python-setuptools-wheel BuildRequires: python-setuptools-wheel
BuildRequires: python-pip-wheel BuildRequires: python-pip-wheel
%else
# For %%python_wheel_inject_sbom
BuildRequires: python-rpm-macros
%endif %endif
%if %{without bootstrap} %if %{without bootstrap}
@ -403,13 +400,6 @@ Patch407: 00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-fo
# even when cross-compiling. # even when cross-compiling.
Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch
# 00471 # fc5f344f7e15c13dbf41824a1b7a82d92205f79d
# CVE-2025-12084
#
# * gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146)
# * gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794)
Patch471: 00471-cve-2025-12084.patch
# (New patches go here ^^^) # (New patches go here ^^^)
# #
# When adding new patches to "python" and "python3" in Fedora, EL, etc., # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1269,11 +1259,6 @@ for file in %{buildroot}%{pylibdir}/pydoc_data/topics.py $(grep --include='*.py'
rm ${directory}/{__pycache__/${module}.cpython-%{pyshortver}.opt-?.pyc,${module}.py} rm ${directory}/{__pycache__/${module}.cpython-%{pyshortver}.opt-?.pyc,${module}.py}
done done
%if %{without rpmwheels}
# Inject SBOM into the installed wheels (if the macro is available)
%{?python_wheel_inject_sbom:%python_wheel_inject_sbom %{buildroot}%{pylibdir}/ensurepip/_bundled/*.whl}
%endif
# ====================================================== # ======================================================
# Checks for packaging issues # Checks for packaging issues
# ====================================================== # ======================================================
@ -1541,10 +1526,6 @@ CheckPython optimized
%dir %{pylibdir}/site-packages/ %dir %{pylibdir}/site-packages/
%dir %{pylibdir}/site-packages/__pycache__/ %dir %{pylibdir}/site-packages/__pycache__/
%{pylibdir}/site-packages/README.txt %{pylibdir}/site-packages/README.txt
%exclude %{pylibdir}/_sysconfigdata_d_linux_%{platform_triplet}.py
%exclude %{pylibdir}/__pycache__/_sysconfigdata_d_linux_%{platform_triplet}%{bytecode_suffixes}
%{pylibdir}/*.py %{pylibdir}/*.py
%dir %{pylibdir}/__pycache__/ %dir %{pylibdir}/__pycache__/
%{pylibdir}/__pycache__/*%{bytecode_suffixes} %{pylibdir}/__pycache__/*%{bytecode_suffixes}
@ -1873,9 +1854,6 @@ CheckPython optimized
%{dynload_dir}/_testinternalcapi.%{SOABI_debug}.so %{dynload_dir}/_testinternalcapi.%{SOABI_debug}.so
%{dynload_dir}/_testmultiphase.%{SOABI_debug}.so %{dynload_dir}/_testmultiphase.%{SOABI_debug}.so
%{pylibdir}/_sysconfigdata_d_linux_%{platform_triplet}.py
%{pylibdir}/__pycache__/_sysconfigdata_d_linux_%{platform_triplet}%{bytecode_suffixes}
%endif # with debug_build %endif # with debug_build
# We put the debug-gdb.py file inside /usr/lib/debug to avoid noise from ldconfig # We put the debug-gdb.py file inside /usr/lib/debug to avoid noise from ldconfig
@ -1899,12 +1877,6 @@ CheckPython optimized
# ====================================================== # ======================================================
%changelog %changelog
* Wed Jan 14 2026 Lumír Balhar <lbalhar@redhat.com> - 3.9.25-3
- Security fix for CVE-2025-12084
* Mon Nov 10 2025 Tomas Orsava <torsava@redhat.com> - 3.9.25-2
- Move _sysconfigdata_d_linux*.py to the debug subpackage
* Mon Nov 03 2025 Karolina Surma <ksurma@redhat.com> - 3.9.25-1 * Mon Nov 03 2025 Karolina Surma <ksurma@redhat.com> - 3.9.25-1
- Update to Python 3.9.25 - Update to Python 3.9.25