rpms
/
python-lxml
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8-beta-stream-3.9
rpms:i8c-stream-3.9_bootstrap
rpms:c8-stream-3.9_bootstrap
rpms:i8c-stream-3.8_bootstrap
rpms:c8-stream-3.8_bootstrap
rpms:i8c-beta-stream-3.9
rpms:c8-beta-stream-3.9
rpms:i8c-beta-stream-2.7
rpms:c8-beta-stream-2.7
rpms:i8c-stream-3.9
rpms:c8-stream-3.9
rpms:i8c-stream-3.8
rpms:c8-stream-3.8
rpms:i8c-stream-2.7
rpms:c8-stream-2.7
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:c8-beta-stream-3.9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8-beta-stream-3.9
rpms:i8c-stream-3.9_bootstrap
rpms:c8-stream-3.9_bootstrap
rpms:i8c-stream-3.8_bootstrap
rpms:c8-stream-3.8_bootstrap
rpms:i8c-beta-stream-3.9
rpms:c8-beta-stream-3.9
rpms:i8c-beta-stream-2.7
rpms:c8-beta-stream-2.7
rpms:i8c-stream-3.9
rpms:c8-stream-3.9
rpms:i8c-stream-3.8
rpms:c8-stream-3.8
rpms:i8c-stream-2.7
rpms:c8-stream-2.7
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'c8-beta-stream-3.9' have entirely different histories.
c9 ... c8-beta-st

2 changed files with 24 additions and 156 deletions
Show Stats

104
SOURCES/CVE-2022-2309.patch
Unescape View File

@ -1,104 +0,0 @@
diff --git a/src/lxml/apihelpers.pxi b/src/lxml/apihelpers.pxi
index 5eb3416..88a031d 100644
--- a/src/lxml/apihelpers.pxi
+++ b/src/lxml/apihelpers.pxi
@@ -246,9 +246,10 @@ cdef dict _build_nsmap(xmlNode* c_node):
while c_node is not NULL and c_node.type == tree.XML_ELEMENT_NODE:
c_ns = c_node.nsDef
while c_ns is not NULL:
- prefix = funicodeOrNone(c_ns.prefix)
- if prefix not in nsmap:
- nsmap[prefix] = funicodeOrNone(c_ns.href)
+ if c_ns.prefix or c_ns.href:
+ prefix = funicodeOrNone(c_ns.prefix)
+ if prefix not in nsmap:
+ nsmap[prefix] = funicodeOrNone(c_ns.href)
c_ns = c_ns.next
c_node = c_node.parent
return nsmap
diff --git a/src/lxml/includes/xmlparser.pxd b/src/lxml/includes/xmlparser.pxd
index a196e34..45acfc8 100644
--- a/src/lxml/includes/xmlparser.pxd
+++ b/src/lxml/includes/xmlparser.pxd
@@ -144,6 +144,7 @@ cdef extern from "libxml/parser.h":
void* userData
int* spaceTab
int spaceMax
+ int nsNr
bint html
bint progressive
int inSubset
diff --git a/src/lxml/iterparse.pxi b/src/lxml/iterparse.pxi
index 4c20506..3da7485 100644
--- a/src/lxml/iterparse.pxi
+++ b/src/lxml/iterparse.pxi
@@ -419,7 +419,7 @@ cdef int _countNsDefs(xmlNode* c_node):
count = 0
c_ns = c_node.nsDef
while c_ns is not NULL:
- count += 1
+ count += (c_ns.href is not NULL)
c_ns = c_ns.next
return count
@@ -430,9 +430,10 @@ cdef int _appendStartNsEvents(xmlNode* c_node, list event_list) except -1:
count = 0
c_ns = c_node.nsDef
while c_ns is not NULL:
- ns_tuple = (funicode(c_ns.prefix) if c_ns.prefix is not NULL else '',
- funicode(c_ns.href))
- event_list.append( (u"start-ns", ns_tuple) )
- count += 1
+ if c_ns.href:
+ ns_tuple = (funicodeOrEmpty(c_ns.prefix),
+ funicode(c_ns.href))
+ event_list.append( (u"start-ns", ns_tuple) )
+ count += 1
c_ns = c_ns.next
return count
diff --git a/src/lxml/parser.pxi b/src/lxml/parser.pxi
index 3ed223b..f5ff6b2 100644
--- a/src/lxml/parser.pxi
+++ b/src/lxml/parser.pxi
@@ -569,6 +569,9 @@ cdef class _ParserContext(_ResolverContext):
self._c_ctxt.disableSAX = 0 # work around bug in libxml2
else:
xmlparser.xmlClearParserCtxt(self._c_ctxt)
+ # work around bug in libxml2 [2.9.10 .. 2.9.14]:
+ # https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
+ self._c_ctxt.nsNr = 0
cdef int prepare(self, bint set_document_loader=True) except -1:
cdef int result
diff --git a/src/lxml/tests/test_etree.py b/src/lxml/tests/test_etree.py
index 42613dc..db1f560 100644
--- a/src/lxml/tests/test_etree.py
+++ b/src/lxml/tests/test_etree.py
@@ -1459,6 +1459,27 @@ class ETreeOnlyTestCase(HelperTestCase):
[1,2,1,4],
counts)
+ def test_walk_after_parse_failure(self):
+ # This used to be an issue because libxml2 can leak empty namespaces
+ # between failed parser runs. iterwalk() failed to handle such a tree.
+ parser = etree.XMLParser()
+
+ try:
+ etree.XML('''<anot xmlns="1">''', parser=parser)
+ except etree.XMLSyntaxError:
+ pass
+ else:
+ assert False, "invalid input did not fail to parse"
+
+ et = etree.XML('''<root> </root>''', parser=parser)
+ try:
+ ns = next(etree.iterwalk(et, events=('start-ns',)))
+ except StopIteration:
+ # This would be the expected result, because there was no namespace
+ pass
+ else:
+ assert False, "Found unexpected namespace '%s'" % ns
+
def test_itertext_comment_pi(self):
# https://bugs.launchpad.net/lxml/+bug/1844674
XML = self.etree.XML

76
SPECS/python-lxml.spec
Unescape View File

@ -2,24 +2,17 @@
Name: python-%{modname} Name: python-%{modname}
Version: 4.6.5 Version: 4.6.5
Release: 3%{?dist} Release: 1%{?dist}
Summary: XML processing library combining libxml2/libxslt with the ElementTree API Summary: XML processing library combining libxml2/libxslt with the ElementTree API
# The lxml project is licensed under BSD License: BSD
# Some code is derived from ElementTree and cElementTree
# thus using the MIT-like elementtree license
# .xsl schematron files are under the MIT and zlib license
License: BSD and MIT and zlib
URL: https://github.com/lxml/lxml URL: https://github.com/lxml/lxml
Source0: %{pypi_source %{modname}} Source0: %{pypi_source %{modname}}
# Fix for CVE-2022-2309 # Exclude i686 arch. Due to a modularity issue it's being added to the
# Resolved upstream: # x86_64 compose of CRB, but we don't want to ship it at all.
# https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f # See: https://projects.engineering.redhat.com/browse/RCM-72605
# https://github.com/lxml/lxml/commit/d01872ccdf7e1e5e825b6c6292b43e7d27ae5fc4 ExcludeArch: i686
# https://github.com/lxml/lxml/commit/c742576c105f40fc8b754fcae56fee4aa35840a3
# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2107571
Patch0: CVE-2022-2309.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
@ -34,17 +27,18 @@ home page < or see our bug tracker at case you want to use the current ...
%description %{_description} %description %{_description}
%package -n python3-%{modname} %package -n python%{python3_pkgversion}-%{modname}
Summary: %{summary} Summary: %{summary}
BuildRequires: python3-devel BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python3-setuptools BuildRequires: python%{python3_pkgversion}-rpm-macros
BuildRequires: python3-Cython BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-Cython
Suggests: python%{python3_version}dist(cssselect) >= 0.7 Suggests: python%{python3_version}dist(cssselect) >= 0.7
Suggests: python%{python3_version}dist(html5lib) Suggests: python%{python3_version}dist(html5lib)
Suggests: python%{python3_version}dist(beautifulsoup4) Suggests: python%{python3_version}dist(beautifulsoup4)
%{?python_provide:%python_provide python3-%{modname}} %{?python_provide:%python_provide python%{python3_pkgversion}-%{modname}}
%description -n python3-%{modname} %{_description} %description -n python%{python3_pkgversion}-%{modname} %{_description}
Python 3 version. Python 3 version.
@ -54,7 +48,8 @@ Python 3 version.
find -type f -name '*.c' -print -delete find -type f -name '*.c' -print -delete
%build %build
env WITH_CYTHON=true %py3_build export WITH_CYTHON=true
%py3_build
%install %install
%py3_install %py3_install
@ -66,48 +61,25 @@ cp -a build/lib.%{python3_platform}-%{python3_version}/* src/
# The options are: verbose, unit, functional # The options are: verbose, unit, functional
%{python3} test.py -vuf %{python3} test.py -vuf
%files -n python3-%{modname} %files -n python%{python3_pkgversion}-%{modname}
%license LICENSES.txt doc/licenses/BSD.txt doc/licenses/elementtree.txt %license LICENSES.txt
%doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt %doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
%{python3_sitearch}/%{modname}/ %{python3_sitearch}/%{modname}/
%{python3_sitearch}/%{modname}-*.egg-info/ %{python3_sitearch}/%{modname}-*.egg-info/
%changelog %changelog
* Wed Jul 27 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.6.5-3
- Security fix for CVE-2022-2309
- Resolves: rhbz#2107571
* Tue Feb 08 2022 Tomas Orsava <torsava@redhat.com> - 4.6.5-2
- Add automatically generated Obsoletes tag with the python39- prefix
for smoother upgrade from RHEL8
- Related: rhbz#1990421
* Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.6.5-1 * Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.6.5-1
- Update to 4.6.5 - Update to 4.6.5
- Fixes CVE-2021-43818 - Security fix for CVE-2021-43818
- Resolves: rhbz#2032569 Resolves: rhbz#2032569
* Fri Nov 26 2021 Miro Hrončok <mhroncok@redhat.com> - 4.6.3-5
- Run the tests during build
- Resolves: rhbz#2026941
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 4.6.3-3 * Wed Mar 24 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.6.2-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Security fix for CVE-2021-28957
Related: rhbz#1991688
* Thu Jun 03 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.6.3-2
- Update the license information
* Thu May 20 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.6.3-1
- Update to 4.6.3
- Fixes CVE-2021-28957
Resolves: rhbz#1941534 Resolves: rhbz#1941534
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.6.2-3 * Mon Jan 18 2021 Tomas Orsava <torsava@redhat.com> - 4.6.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Convert from Fedora to the python39 module in RHEL8
- Resolves: rhbz#1877430
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Dec 01 2020 Miro Hrončok <mhroncok@redhat.com> - 4.6.2-1 * Tue Dec 01 2020 Miro Hrončok <mhroncok@redhat.com> - 4.6.2-1
- Update to 4.6.2 - Update to 4.6.2

Write Preview
Loading…
Cancel
Save