diff --git a/Ensure-incomplete-markup-declaration-in-raw-HTML-doe.patch b/Ensure-incomplete-markup-declaration-in-raw-HTML-doe.patch new file mode 100644 index 0000000000000000000000000000000000000000..f7410d70bac2865997e4de3894f40f12bdffb60c --- /dev/null +++ b/Ensure-incomplete-markup-declaration-in-raw-HTML-doe.patch @@ -0,0 +1,64 @@ +From 820721485c928c6f97f3d74f37afb6d2450aef9e Mon Sep 17 00:00:00 2001 +From: Waylan Limberg +Date: Wed, 18 Jun 2025 10:29:03 -0400 +Subject: [PATCH] Ensure incomplete markup declaration in raw HTML doesn't + crash parser. + +See Python bug report at gh-77057 for details. Until we drop support for +Python < 3.13 (where this was fixed upstream), we need to avoid the +unwanted error by checking for it explicitly. Fixes #1534. +--- + docs/changelog.md | 1 + + markdown/extensions/md_in_html.py | 4 ++++ + markdown/htmlparser.py | 4 ++++ + tests/test_syntax/blocks/test_html_blocks.py | 7 +++++++ + 4 files changed, 16 insertions(+) + +diff --git a/markdown/extensions/md_in_html.py b/markdown/extensions/md_in_html.py +index ba73c9425..5256e9046 100644 +--- a/markdown/extensions/md_in_html.py ++++ b/markdown/extensions/md_in_html.py +@@ -280,6 +280,10 @@ def parse_pi(self, i: int) -> int: + + def parse_html_declaration(self, i: int) -> int: + if self.at_line_start() or self.intail or self.mdstack: ++ if self.rawdata[i:i+3] == ' int: + + def parse_html_declaration(self, i: int) -> int: + if self.at_line_start() or self.intail: ++ if self.rawdata[i:i+3] == '<![

' ++ ) ++ + def test_raw_cdata_code_span(self): + self.assertMarkdownRenders( + self.dedent( diff --git a/Fixes-for-Python-3.14.patch b/Fixes-for-Python-3.14.patch new file mode 100644 index 0000000000000000000000000000000000000000..c241cbf808045c07f5a00828b535462413217373 --- /dev/null +++ b/Fixes-for-Python-3.14.patch @@ -0,0 +1,131 @@ +From 9980cb5b27b07ff48283178d98213e41543701ec Mon Sep 17 00:00:00 2001 +From: Isaac Muse +Date: Thu, 19 Jun 2025 09:46:13 -0600 +Subject: [PATCH] Fixes for Python 3.14 + +- Fix codecs deprecation +- Fix issue with unclosed ` int: + if self.rawdata[i:i+3] == '': ++ self.handle_data('<') ++ self.override_comment_update = True ++ return + self.handle_empty_tag(''.format(data), is_block=True) + ++ def updatepos(self, i: int, j: int) -> int: ++ if self.override_comment_update: ++ self.override_comment_update = False ++ i = 0 ++ j = 1 ++ return super().updatepos(i, j) ++ + def handle_decl(self, data: str): + self.handle_empty_tag(''.format(data), is_block=True) + +@@ -278,7 +293,11 @@ def parse_html_declaration(self, i: int) -> int: + if self.rawdata[i:i+3] == ' int: # pragma: no cover + self.__starttag_text = None + endpos = self.check_for_whole_start_tag(i) + if endpos < 0: +- return endpos ++ self.handle_data(self.rawdata[i:i + 1]) ++ return i + 1 + rawdata = self.rawdata + self.__starttag_text = rawdata[i:endpos] + diff --git a/Markdown-3.5.1.tar.gz b/Markdown-3.5.1.tar.gz deleted file mode 100644 index 94d740f1ccfb337b02fa8f935caf3c1648a0c93a..0000000000000000000000000000000000000000 Binary files a/Markdown-3.5.1.tar.gz and /dev/null differ diff --git a/markdown-3.7.tar.gz b/markdown-3.7.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..22bacd77f445d0d42ffa97ed263b876a6c2cfe66 Binary files /dev/null and b/markdown-3.7.tar.gz differ diff --git a/python-markdown.spec b/python-markdown.spec index d7a168e0b6e4965cf0615742621a57bee1c4a38d..e20d86c8de3f2c22a0a3d0dfe60de42eed664295 100644 --- a/python-markdown.spec +++ b/python-markdown.spec @@ -1,15 +1,18 @@ %{!?python3_version: %global python3_version %(%{__python3} -c "import sys; sys.stdout.write(sys.version[:3])")} Name: python-markdown -Version: 3.5.1 +Version: 3.7 Release: 1 Summary: A Python implementation of John Gruber’s Markdown License: BSD-3-Clause URL: https://pypi.org/project/Markdown/ -Source0: %{pypi_source Markdown} +Source0: %{pypi_source markdown} BuildArch: noarch +Patch0: Ensure-incomplete-markup-declaration-in-raw-HTML-doe.patch +Patch1: Fixes-for-Python-3.14.patch + BuildRequires: python3-devel >= 3.1 python3-nose2 python3-pyyaml python3-pip python3-wheel %description @@ -28,7 +31,7 @@ It is almost completely compliant with the reference implementation, though there are a few known issues. %prep -%autosetup -n Markdown-%{version} -p1 +%autosetup -n markdown-%{version} -p1 %build %pyproject_build @@ -49,6 +52,10 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} \ %{_bindir}/markdown_py %changelog +* Thu Sep 25 2025 xu_ping <707078654@qq.com> - 3.7-1 +- Upgrade to 3.7 +- fix build error due to python3 fix CVE-2025-6069. + * Mon Jan 8 2024 liyanan - 3.5.1-1 - Upgrade to 3.5.1