Project

General

Profile

Bug #6538 ยป 0001-update-to-pylxml-3.5.0.patch

patchset upgrading to pylxml-3.5.0 - Richard PALO, 2016-01-03 05:55 AM

View differences:

components/python/pylxml/Makefile
19 19
# CDDL HEADER END
20 20
#
21 21
# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
22
# Copyright 2015, PALO Richard.
22 23
#
23 24
include ../../../make-rules/shared-macros.mk
24 25

  
25 26
COMPONENT_NAME=		pylxml
26
COMPONENT_VERSION=	2.3.3
27
COMPONENT_REVISION=	1
27
COMPONENT_VERSION=	3.5.0
28 28
COMPONENT_PROJECT_URL=	http://lxml.de/
29 29
COMPONENT_SRC_NAME=	lxml
30 30
COMPONENT_SRC=		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
31 31
COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tgz
32 32
COMPONENT_ARCHIVE_HASH=	\
33
    sha256:2a3ca34f63b062ee8e059ca2460ac18040ec9622f0a31e143383f0db944ceb36
33
    sha256:349f93e3a4b09cc59418854ab8013d027d246757c51744bf20069bc89016f578
34

  
34 35
COMPONENT_ARCHIVE_URL=	$(COMPONENT_PROJECT_URL)files/$(COMPONENT_ARCHIVE)
35 36
COMPONENT_BUGDB=	python-mod/lxml
36 37

  
......
44 45

  
45 46
ASLR_MODE = $(ASLR_NOT_APPLICABLE)
46 47

  
48
COMPONENT_TEST_ARGS=	test
49
COMPONENT_TEST_CMD=	$(MAKE)
50
COMPONENT_TEST_DIR=	$(COMPONENT_SRC)
51
COMPONENT_TEST_ENV+=	PYTHON=$(PYTHON)
52

  
47 53
# common targets
48 54
build:		$(BUILD_32_and_64)
49 55

  
50 56
install:	$(INSTALL_32_and_64)
51 57

  
52
test:		$(BUILD_32_and_64)
53
		cd $(SOURCE_DIR) && $(PYTHON) selftest.py
54
		cd $(SOURCE_DIR) && $(PYTHON) selftest2.py
58
test:		$(TEST_32_and_64)
55 59

  
56 60
BUILD_PKG_DEPENDENCIES =	$(BUILD_TOOLS)
57 61

  
components/python/pylxml/patches/CVE-2014-3146.patch
1
--- lxml-2.3.3/src/lxml/html/clean.py.~1~	2012-01-04 21:27:53.000000000 +0400
2
+++ lxml-2.3.3/src/lxml/html/clean.py	2014-05-22 10:28:10.385151119 +0400
3
@@ -79,9 +79,10 @@
4
 
5
 # All kinds of schemes besides just javascript: that can cause
6
 # execution:
7
-_javascript_scheme_re = re.compile(
8
-    r'\s*(?:javascript|jscript|livescript|vbscript|data|about|mocha):', re.I)
9
-_substitute_whitespace = re.compile(r'\s+').sub
10
+_is_javascript_scheme = re.compile(
11
+    r'(?:javascript|jscript|livescript|vbscript|data|about|mocha):',
12
+    re.I).search
13
+_substitute_whitespace = re.compile(r'[\s\x00-\x08\x0B\x0C\x0E-\x19]+').sub
14
 # FIXME: should data: be blocked?
15
 
16
 # FIXME: check against: http://msdn2.microsoft.com/en-us/library/ms537512.aspx
17
@@ -459,7 +460,7 @@
18
     def _remove_javascript_link(self, link):
19
         # links like "j a v a s c r i p t:" might be interpreted in IE
20
         new = _substitute_whitespace('', link)
21
-        if _javascript_scheme_re.search(new):
22
+        if _is_javascript_scheme(new):
23
             # FIXME: should this be None to delete?
24
             return ''
25
         return link
26
--- lxml-2.3.3/src/lxml/html/tests/test_clean.txt.~1~	2012-01-04 21:27:53.000000000 +0400
27
+++ lxml-2.3.3/src/lxml/html/tests/test_clean.txt	2014-05-22 10:28:10.385786201 +0400
28
@@ -1,3 +1,4 @@
29
+>>> import re
30
 >>> from lxml.html import fromstring, tostring
31
 >>> from lxml.html.clean import clean, clean_html, Cleaner
32
 >>> from lxml.html import usedoctest
33
@@ -15,6 +16,7 @@
34
 ...   <body onload="evil_function()">
35
 ...     <!-- I am interpreted for EVIL! -->
36
 ...     <a href="javascript:evil_function()">a link</a>
37
+...     <a href="j\x01a\x02v\x03a\x04s\x05c\x06r\x07i\x0Ep t:evil_function()">a control char link</a>
38
 ...     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
39
 ...     <a href="#" onclick="evil_function()">another link</a>
40
 ...     <p onclick="evil_function()">a paragraph</p>
41
@@ -29,7 +31,7 @@
42
 ...   </body>
43
 ... </html>'''
44
 
45
->>> print(doc)
46
+>>> print(re.sub('[\x00-\x07\x0E]', '', doc))
47
 <html>
48
   <head>
49
     <script type="text/javascript" src="evil-site"></script>
50
@@ -43,6 +45,7 @@
51
   <body onload="evil_function()">
52
     <!-- I am interpreted for EVIL! -->
53
     <a href="javascript:evil_function()">a link</a>
54
+    <a href="javascrip t:evil_function()">a control char link</a>
55
     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
56
     <a href="#" onclick="evil_function()">another link</a>
57
     <p onclick="evil_function()">a paragraph</p>
58
@@ -71,6 +74,7 @@
59
   <body onload="evil_function()">
60
     <!-- I am interpreted for EVIL! -->
61
     <a href="javascript:evil_function()">a link</a>
62
+    <a href="javascrip%20t:evil_function()">a control char link</a>
63
     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
64
     <a href="#" onclick="evil_function()">another link</a>
65
     <p onclick="evil_function()">a paragraph</p>
66
@@ -92,6 +96,7 @@
67
   </head>
68
   <body>
69
     <a href="">a link</a>
70
+    <a href="">a control char link</a>
71
     <a href="">data</a>
72
     <a href="#">another link</a>
73
     <p>a paragraph</p>
74
@@ -110,6 +115,7 @@
75
   </head>
76
   <body>
77
     <a href="">a link</a>
78
+    <a href="">a control char link</a>
79
     <a href="">data</a>
80
     <a href="#">another link</a>
81
     <p>a paragraph</p>
82
--- lxml-2.3.3/src/lxml.egg-info/PKG-INFO.~1~	2012-01-04 21:53:53.000000000 +0400
83
+++ lxml-2.3.3/src/lxml.egg-info/PKG-INFO	2014-05-22 10:28:10.386213657 +0400
84
@@ -1,4 +1,4 @@
85
-Metadata-Version: 1.0
86
+Metadata-Version: 1.1
87
 Name: lxml
88
 Version: 2.3.3
89
 Summary: Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
components/python/pylxml/pylxml-26.p5m
19 19
# CDDL HEADER END
20 20
#
21 21
# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
22
# Copyright 2015, PALO Richard.
22 23
#
23 24

  
24 25
set name=pkg.fmri \
......
41 42
file \
42 43
    path=usr/lib/python2.6/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.6.egg-info/not-zip-safe
43 44
file \
45
    path=usr/lib/python2.6/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.6.egg-info/requires.txt
46
file \
44 47
    path=usr/lib/python2.6/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.6.egg-info/top_level.txt
45 48
file path=usr/lib/python2.6/vendor-packages/lxml/64/etree.so
46 49
file path=usr/lib/python2.6/vendor-packages/lxml/64/objectify.so
......
51 54
file path=usr/lib/python2.6/vendor-packages/lxml/cssselect.py
52 55
file path=usr/lib/python2.6/vendor-packages/lxml/doctestcompare.py
53 56
file path=usr/lib/python2.6/vendor-packages/lxml/etree.so
54
file path=usr/lib/python2.6/vendor-packages/lxml/etree_defs.h
55
file path=usr/lib/python2.6/vendor-packages/lxml/etreepublic.pxd
56 57
file path=usr/lib/python2.6/vendor-packages/lxml/html/ElementSoup.py
57 58
file path=usr/lib/python2.6/vendor-packages/lxml/html/__init__.py
58
file path=usr/lib/python2.6/vendor-packages/lxml/html/_dictmixin.py
59 59
file path=usr/lib/python2.6/vendor-packages/lxml/html/_diffcommand.py
60 60
file path=usr/lib/python2.6/vendor-packages/lxml/html/_html5builder.py
61 61
file path=usr/lib/python2.6/vendor-packages/lxml/html/_setmixin.py
......
67 67
file path=usr/lib/python2.6/vendor-packages/lxml/html/html5parser.py
68 68
file path=usr/lib/python2.6/vendor-packages/lxml/html/soupparser.py
69 69
file path=usr/lib/python2.6/vendor-packages/lxml/html/usedoctest.py
70
file path=usr/lib/python2.6/vendor-packages/lxml/includes/__init__.py
71
file path=usr/lib/python2.6/vendor-packages/lxml/includes/c14n.pxd
72
file path=usr/lib/python2.6/vendor-packages/lxml/includes/config.pxd
73
file path=usr/lib/python2.6/vendor-packages/lxml/includes/dtdvalid.pxd
74
file path=usr/lib/python2.6/vendor-packages/lxml/includes/etree_defs.h
75
file path=usr/lib/python2.6/vendor-packages/lxml/includes/etreepublic.pxd
76
file path=usr/lib/python2.6/vendor-packages/lxml/includes/htmlparser.pxd
77
file path=usr/lib/python2.6/vendor-packages/lxml/includes/lxml-version.h
78
file path=usr/lib/python2.6/vendor-packages/lxml/includes/relaxng.pxd
79
file path=usr/lib/python2.6/vendor-packages/lxml/includes/schematron.pxd
80
file path=usr/lib/python2.6/vendor-packages/lxml/includes/tree.pxd
81
file path=usr/lib/python2.6/vendor-packages/lxml/includes/uri.pxd
82
file path=usr/lib/python2.6/vendor-packages/lxml/includes/xinclude.pxd
83
file path=usr/lib/python2.6/vendor-packages/lxml/includes/xmlerror.pxd
84
file path=usr/lib/python2.6/vendor-packages/lxml/includes/xmlparser.pxd
85
file path=usr/lib/python2.6/vendor-packages/lxml/includes/xmlschema.pxd
86
file path=usr/lib/python2.6/vendor-packages/lxml/includes/xpath.pxd
87
file path=usr/lib/python2.6/vendor-packages/lxml/includes/xslt.pxd
88
dir  path=usr/lib/python2.6/vendor-packages/lxml/isoschematron
70 89
file path=usr/lib/python2.6/vendor-packages/lxml/isoschematron/__init__.py
71 90
file \
72 91
    path=usr/lib/python2.6/vendor-packages/lxml/isoschematron/resources/rng/iso-schematron.rng
......
86 105
    path=usr/lib/python2.6/vendor-packages/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_svrl_for_xslt1.xsl
87 106
file \
88 107
    path=usr/lib/python2.6/vendor-packages/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
108
file path=usr/lib/python2.6/vendor-packages/lxml/lxml.etree.h
109
file path=usr/lib/python2.6/vendor-packages/lxml/lxml.etree_api.h
89 110
file path=usr/lib/python2.6/vendor-packages/lxml/objectify.so
90 111
file path=usr/lib/python2.6/vendor-packages/lxml/pyclasslookup.py
91 112
file path=usr/lib/python2.6/vendor-packages/lxml/sax.py
92
file path=usr/lib/python2.6/vendor-packages/lxml/tree.pxd
93 113
file path=usr/lib/python2.6/vendor-packages/lxml/usedoctest.py
94 114
license pylxml.copyright license="BSD, PSF, GPL"
95 115

  
components/python/pylxml/pylxml-27.p5m
19 19
# CDDL HEADER END
20 20
#
21 21
# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
22
# Copyright 2015, PALO Richard.
22 23
#
23 24

  
24 25
set name=pkg.fmri \
......
39 40
file path=usr/lib/python2.7/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.7.egg-info/not-zip-safe
40 41
file path=usr/lib/python2.7/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.7.egg-info/PKG-INFO
41 42
file path=usr/lib/python2.7/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.7.egg-info/SOURCES.txt
43
file path=usr/lib/python2.7/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.7.egg-info/requires.txt
42 44
file path=usr/lib/python2.7/vendor-packages/lxml-$(COMPONENT_VERSION)-py2.7.egg-info/top_level.txt
43 45
file path=usr/lib/python2.7/vendor-packages/lxml/__init__.py
44 46
file path=usr/lib/python2.7/vendor-packages/lxml/_elementpath.py
......
49 51
file path=usr/lib/python2.7/vendor-packages/lxml/doctestcompare.py
50 52
file path=usr/lib/python2.7/vendor-packages/lxml/ElementInclude.py
51 53
file path=usr/lib/python2.7/vendor-packages/lxml/etree.so
52
file path=usr/lib/python2.7/vendor-packages/lxml/etree_defs.h
53
file path=usr/lib/python2.7/vendor-packages/lxml/etreepublic.pxd
54 54
file path=usr/lib/python2.7/vendor-packages/lxml/html/__init__.py
55
file path=usr/lib/python2.7/vendor-packages/lxml/html/_dictmixin.py
56 55
file path=usr/lib/python2.7/vendor-packages/lxml/html/_diffcommand.py
57 56
file path=usr/lib/python2.7/vendor-packages/lxml/html/_setmixin.py
58 57
file path=usr/lib/python2.7/vendor-packages/lxml/html/builder.py
......
64 63
file path=usr/lib/python2.7/vendor-packages/lxml/html/html5parser.py
65 64
file path=usr/lib/python2.7/vendor-packages/lxml/html/soupparser.py
66 65
file path=usr/lib/python2.7/vendor-packages/lxml/html/usedoctest.py
66
file path=usr/lib/python2.7/vendor-packages/lxml/includes/__init__.py
67
file path=usr/lib/python2.7/vendor-packages/lxml/includes/c14n.pxd
68
file path=usr/lib/python2.7/vendor-packages/lxml/includes/config.pxd
69
file path=usr/lib/python2.7/vendor-packages/lxml/includes/dtdvalid.pxd
70
file path=usr/lib/python2.7/vendor-packages/lxml/includes/etree_defs.h
71
file path=usr/lib/python2.7/vendor-packages/lxml/includes/etreepublic.pxd
72
file path=usr/lib/python2.7/vendor-packages/lxml/includes/htmlparser.pxd
73
file path=usr/lib/python2.7/vendor-packages/lxml/includes/lxml-version.h
74
file path=usr/lib/python2.7/vendor-packages/lxml/includes/relaxng.pxd
75
file path=usr/lib/python2.7/vendor-packages/lxml/includes/schematron.pxd
76
file path=usr/lib/python2.7/vendor-packages/lxml/includes/tree.pxd
77
file path=usr/lib/python2.7/vendor-packages/lxml/includes/uri.pxd
78
file path=usr/lib/python2.7/vendor-packages/lxml/includes/xinclude.pxd
79
file path=usr/lib/python2.7/vendor-packages/lxml/includes/xmlerror.pxd
80
file path=usr/lib/python2.7/vendor-packages/lxml/includes/xmlparser.pxd
81
file path=usr/lib/python2.7/vendor-packages/lxml/includes/xmlschema.pxd
82
file path=usr/lib/python2.7/vendor-packages/lxml/includes/xpath.pxd
83
file path=usr/lib/python2.7/vendor-packages/lxml/includes/xslt.pxd
67 84
file path=usr/lib/python2.7/vendor-packages/lxml/isoschematron/__init__.py
68 85
file \
69 86
    path=usr/lib/python2.7/vendor-packages/lxml/isoschematron/resources/rng/iso-schematron.rng
......
83 100
    path=usr/lib/python2.7/vendor-packages/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_svrl_for_xslt1.xsl
84 101
file \
85 102
    path=usr/lib/python2.7/vendor-packages/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
103
file path=usr/lib/python2.7/vendor-packages/lxml/lxml.etree.h
104
file path=usr/lib/python2.7/vendor-packages/lxml/lxml.etree_api.h
86 105
file path=usr/lib/python2.7/vendor-packages/lxml/objectify.so
87 106
file path=usr/lib/python2.7/vendor-packages/lxml/pyclasslookup.py
88 107
file path=usr/lib/python2.7/vendor-packages/lxml/sax.py
89
file path=usr/lib/python2.7/vendor-packages/lxml/tree.pxd
90 108
file path=usr/lib/python2.7/vendor-packages/lxml/usedoctest.py
91 109

  
92 110
# force a dependency on the lxml package
    (1-1/1)