Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-116741: Upgrade libexpat to 2.6.2 #117296

Merged
merged 1 commit into from
Apr 23, 2024
Merged

gh-116741: Upgrade libexpat to 2.6.2 #117296

merged 1 commit into from
Apr 23, 2024

Conversation

sethmlarson
Copy link
Contributor

@sethmlarson sethmlarson commented Mar 27, 2024
edited by bedevere-app bot
Loading

@sethmlarson sethmlarson added the type-security A security issue label Mar 27, 2024
@bedevere-app bedevere-app bot mentioned this pull request Mar 27, 2024
Closed
hartwork
hartwork approved these changes Mar 27, 2024
View reviewed changes
Copy link
Contributor

@hartwork hartwork left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sethmlarson looks good, my verification script likes it. Thank you! 👍

# Copyright (c) 2022-2024 Sebastian Pipping <[email protected]>
# Licensed under the Apache License version 2.0

FROM alpine
RUN apk add --update \
            diffutils \
            git \
            sed \
        && \
    git clone --depth 1 https://github.com/python/cpython cpython-main \
        && \
    ( cd cpython-main && git rev-parse HEAD ) \
        && \
    git clone --depth 1 --branch libexpat-2.6.2 https://github.com/sethmlarson/cpython cpython-pr \
        && \
    ( cd cpython-pr && git rev-parse HEAD ) \
        && \
    git config --global advice.detachedHead false \
        && \
    git clone --depth 1 --branch R_2_6_0 https://github.com/libexpat/libexpat libexpat_2_6_0 \
        && \
    git clone --depth 1 --branch R_2_6_2 https://github.com/libexpat/libexpat libexpat_2_6_2 \
        && \
    diff -r -u libexpat_2_6_0/expat/lib/ cpython-main/Modules/expat/ | tee 2-6-0.diff \
        && \
    diff -r -u libexpat_2_6_2/expat/lib/ cpython-pr/Modules/expat/ | tee 2-6-2.diff \
        && \
    sed -e '/^Only in /d' -e '/^\(+++\|---\) /d' -e '/^diff /d' -i 2-6-0.diff 2-6-2.diff \
        && \
    diff -u 2-6-0.diff 2-6-2.diff \
        && \
    echo 'Diff is good.'

@hartwork
Copy link
Contributor

@sethmlarson ready to merge?

@hartwork
Copy link
Contributor

@sethmlarson any news?

@sethmlarson
Copy link
Contributor Author

@hartwork I can't merge PRs on my own, I'll find a core developer to merge.

gpshead
gpshead approved these changes Apr 23, 2024
View reviewed changes
Copy link
Member

@gpshead gpshead left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes appear to match libexpat/libexpat@R_2_6_0...R_2_6_2.

We should probably script updating this.

@gpshead gpshead added needs backport to 3.8 needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 bug and security fixes labels Apr 23, 2024
@gpshead gpshead merged commit c9829ee into python:main Apr 23, 2024
46 checks passed
@miss-islington-app
Copy link

Thanks @sethmlarson for the PR, and @gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8, 3.9, 3.10, 3.11, 3.12.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Apr 23, 2024
@sethmlarson @miss-islington
pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
45e4357 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@miss-islington-app
Copy link

Sorry, @sethmlarson and @gpshead, I could not cleanly backport this to 3.11 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker c9829eec0883a8991ea4d319d965e123a3cf6c20 3.11

@bedevere-app
Copy link

bedevere-app bot commented Apr 23, 2024

GH-118166 is a backport of this pull request to the 3.12 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.12 bug and security fixes label Apr 23, 2024
@miss-islington-app
Copy link

Sorry, @sethmlarson and @gpshead, I could not cleanly backport this to 3.10 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker c9829eec0883a8991ea4d319d965e123a3cf6c20 3.10

@miss-islington-app
Copy link

Sorry, @sethmlarson and @gpshead, I could not cleanly backport this to 3.9 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker c9829eec0883a8991ea4d319d965e123a3cf6c20 3.9

@miss-islington-app
Copy link

Sorry, @sethmlarson and @gpshead, I could not cleanly backport this to 3.8 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker c9829eec0883a8991ea4d319d965e123a3cf6c20 3.8

gpshead pushed a commit that referenced this pull request Apr 23, 2024
@miss-islington @sethmlarson
[3.12] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118166)
30725f0 
gh-116741: Upgrade libexpat to 2.6.2 (GH-117296)

Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@sethmlarson sethmlarson deleted the libexpat-2.6.2 branch April 23, 2024 16:59
@bedevere-app
Copy link

bedevere-app bot commented Apr 23, 2024

GH-118185 is a backport of this pull request to the 3.11 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.11 only security fixes label Apr 23, 2024
sethmlarson added a commit to sethmlarson/cpython that referenced this pull request Apr 23, 2024
@sethmlarson
[3.11] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
672820f 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
sethmlarson added a commit to sethmlarson/cpython that referenced this pull request Apr 23, 2024
@sethmlarson
[3.10] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
02e79dc 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Apr 23, 2024

GH-118186 is a backport of this pull request to the 3.10 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.10 only security fixes label Apr 23, 2024
sethmlarson added a commit to sethmlarson/cpython that referenced this pull request Apr 23, 2024
@sethmlarson
[3.9] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
2befdf2 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Apr 23, 2024

GH-118187 is a backport of this pull request to the 3.9 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.9 only security fixes label Apr 23, 2024
sethmlarson added a commit to sethmlarson/cpython that referenced this pull request Apr 23, 2024
@sethmlarson
[3.8] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
4ecde3b 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Apr 23, 2024

GH-118188 is a backport of this pull request to the 3.8 branch.

@sethmlarson
Copy link
Contributor Author

Created the backports:

@hartwork
Copy link
Contributor

@sethmlarson thanks a lot! 👍

gpshead pushed a commit that referenced this pull request Apr 23, 2024
@sethmlarson
[3.11] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (#118185)
8133285 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)
@bedevere-bot
Copy link

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot AMD64 RHEL8 FIPS Only Blake2 Builtin Hash 3.11 has failed when building commit 8133285.

What do you need to do:

  1. Don't panic.
  2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/962/builds/1513) and take a look at the build logs.
  4. Check if the failure is related to this commit (8133285) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/962/builds/1513

Failed tests:

  • test.test_multiprocessing_spawn.test_processes
  • test.test_multiprocessing_fork.test_processes
  • test.test_multiprocessing_forkserver.test_processes

Failed subtests:

  • test_empty_authkey - test.test_multiprocessing_forkserver.test_processes.WithProcessesTestListener.test_empty_authkey
  • test_empty_authkey - test.test_multiprocessing_fork.test_processes.WithProcessesTestListener.test_empty_authkey
  • test_empty_authkey - test.test_multiprocessing_spawn.test_processes.WithProcessesTestListener.test_empty_authkey

Summary of the results of the build (if available):

==

Click to see traceback logs 
Traceback (most recent call last):
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/_test_multiprocessing.py", line 3483, in test_empty_authkey
    with listener.accept() as d:
         ^^^^^^^^^^^^^^^^^
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/multiprocessing/connection.py", line 482, in accept
    deliver_challenge(c, self._authkey)
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/multiprocessing/connection.py", line 756, in deliver_challenge
    digest = hmac.new(authkey, message, 'md5').digest()
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/hmac.py", line 184, in new
    return HMAC(key, msg, digestmod)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/hmac.py", line 60, in __init__
    self._init_hmac(key, msg, digestmod)
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/hmac.py", line 67, in _init_hmac
    self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: no reason supplied


Traceback (most recent call last):
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/threading.py", line 1045, in _bootstrap_inner
    self.run()
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/threading.py", line 982, in run
    self._target(*self._args, **self._kwargs)
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/_test_multiprocessing.py", line 3474, in run
    client = self.connection.Client(addr, authkey=authkey)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/multiprocessing/connection.py", line 525, in Client
    answer_challenge(c, authkey)
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/multiprocessing/connection.py", line 772, in answer_challenge
    digest = hmac.new(authkey, message, 'md5').digest()
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/hmac.py", line 184, in new
    return HMAC(key, msg, digestmod)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/hmac.py", line 60, in __init__
    self._init_hmac(key, msg, digestmod)
  File "/home/buildbot/buildarea/3.11.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/hmac.py", line 67, in _init_hmac
    self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: no reason supplied
ERROR

ambv pushed a commit that referenced this pull request May 7, 2024
@sethmlarson
[3.10] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118186)
2ec7018 
(cherry picked from commit c9829ee)
ambv pushed a commit that referenced this pull request May 7, 2024
@sethmlarson
[3.9] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118187)
7db40cd 
(cherry picked from commit c9829ee)
ambv pushed a commit that referenced this pull request May 7, 2024
@sethmlarson
[3.8] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118188)
f791cda 
(cherry picked from commit c9829ee)
@hartwork hartwork mentioned this pull request Sep 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead gpshead approved these changes

@hartwork hartwork hartwork approved these changes

Assignees

@gpshead gpshead

Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sethmlarson @hartwork @bedevere-bot @gpshead