Wrong list :-) This is a patch for meta-openembedded and should be sent to: [email protected]
Steve On Sun, Jul 31, 2022 at 6:44 PM Hitendra Prajapati <[email protected]> wrote: > > Source: https://github.com/lxml/lxml > MR: 119399 > Type: Security Fix > Disposition: Backport from > https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f > ChangeID: 0b1ef4ce4c901ef6574a83ecbe4c4b1d2ab24777 > Description: > CVE-2022-2309 libxml: NULL Pointer Dereference allows attackers to > cause a denial of service. > > Signed-off-by: Hitendra Prajapati <[email protected]> > --- > .../recipes-devtools/python/python-lxml.inc | 2 + > .../python/python3-lxml/CVE-2022-2309.patch | 94 +++++++++++++++++++ > 2 files changed, 96 insertions(+) > create mode 100644 > meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch > > diff --git a/meta-python/recipes-devtools/python/python-lxml.inc > b/meta-python/recipes-devtools/python/python-lxml.inc > index 05b5eae462..0276a3e81a 100644 > --- a/meta-python/recipes-devtools/python/python-lxml.inc > +++ b/meta-python/recipes-devtools/python/python-lxml.inc > @@ -18,6 +18,8 @@ LIC_FILES_CHKSUM = > "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \ > > DEPENDS += "libxml2 libxslt" > > +SRC_URI += "file://CVE-2022-2309.patch" > + > SRC_URI[md5sum] = "f088e452ed45b030b6f84269f1e84d11" > SRC_URI[sha256sum] = > "8620ce80f50d023d414183bf90cc2576c2837b88e00bea3f33ad2630133bbb60" > > diff --git > a/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch > b/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch > new file mode 100644 > index 0000000000..ff3fcee6e2 > --- /dev/null > +++ b/meta-python/recipes-devtools/python/python3-lxml/CVE-2022-2309.patch > @@ -0,0 +1,94 @@ > +From ccbda4b0669f418b2f00c4f099733cebe633eb47 Mon Sep 17 00:00:00 2001 > +From: Hitendra Prajapati <[email protected]> > +Date: Fri, 29 Jul 2022 10:16:59 +0530 > +Subject: [PATCH] CVE-2022-2309 > + > +Upstream-Status: Backport > [https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f] > +CVE: CVE-2022-2309 > +Signed-off-by: Hitendra Prajapati <[email protected]> > +--- > + src/lxml/apihelpers.pxi | 7 ++++--- > + src/lxml/iterparse.pxi | 11 ++++++----- > + src/lxml/tests/test_etree.py | 20 ++++++++++++++++++++ > + 3 files changed, 30 insertions(+), 8 deletions(-) > + > +diff --git a/src/lxml/apihelpers.pxi b/src/lxml/apihelpers.pxi > +index 5eb3416..88a031d 100644 > +--- a/src/lxml/apihelpers.pxi > ++++ b/src/lxml/apihelpers.pxi > +@@ -246,9 +246,10 @@ cdef dict _build_nsmap(xmlNode* c_node): > + while c_node is not NULL and c_node.type == tree.XML_ELEMENT_NODE: > + c_ns = c_node.nsDef > + while c_ns is not NULL: > +- prefix = funicodeOrNone(c_ns.prefix) > +- if prefix not in nsmap: > +- nsmap[prefix] = funicodeOrNone(c_ns.href) > ++ if c_ns.prefix or c_ns.href: > ++ prefix = funicodeOrNone(c_ns.prefix) > ++ if prefix not in nsmap: > ++ nsmap[prefix] = funicodeOrNone(c_ns.href) > + c_ns = c_ns.next > + c_node = c_node.parent > + return nsmap > +diff --git a/src/lxml/iterparse.pxi b/src/lxml/iterparse.pxi > +index 4c20506..3da7485 100644 > +--- a/src/lxml/iterparse.pxi > ++++ b/src/lxml/iterparse.pxi > +@@ -419,7 +419,7 @@ cdef int _countNsDefs(xmlNode* c_node): > + count = 0 > + c_ns = c_node.nsDef > + while c_ns is not NULL: > +- count += 1 > ++ count += (c_ns.href is not NULL) > + c_ns = c_ns.next > + return count > + > +@@ -430,9 +430,10 @@ cdef int _appendStartNsEvents(xmlNode* c_node, list > event_list) except -1: > + count = 0 > + c_ns = c_node.nsDef > + while c_ns is not NULL: > +- ns_tuple = (funicode(c_ns.prefix) if c_ns.prefix is not NULL else > '', > +- funicode(c_ns.href)) > +- event_list.append( (u"start-ns", ns_tuple) ) > +- count += 1 > ++ if c_ns.href: > ++ ns_tuple = (funicodeOrEmpty(c_ns.prefix), > ++ funicode(c_ns.href)) > ++ event_list.append( (u"start-ns", ns_tuple) ) > ++ count += 1 > + c_ns = c_ns.next > + return count > +diff --git a/src/lxml/tests/test_etree.py b/src/lxml/tests/test_etree.py > +index b997e4d..69e1bf1 100644 > +--- a/src/lxml/tests/test_etree.py > ++++ b/src/lxml/tests/test_etree.py > +@@ -1448,6 +1448,26 @@ class ETreeOnlyTestCase(HelperTestCase): > + [1,2,1,4], > + counts) > + > ++ def test_walk_after_parse_failure(self): > ++ # This used to be an issue because libxml2 can leak empty namespaces > ++ # between failed parser runs. iterwalk() failed to handle such a > tree. > ++ try: > ++ etree.XML('''<anot xmlns="1">''') > ++ except etree.XMLSyntaxError: > ++ pass > ++ else: > ++ assert False, "invalid input did not fail to parse" > ++ > ++ et = etree.XML('''<root> </root>''') > ++ try: > ++ ns = next(etree.iterwalk(et, events=('start-ns',))) > ++ except StopIteration: > ++ # This would be the expected result, because there was no > namespace > ++ pass > ++ else: > ++ # This is a bug in libxml2 > ++ assert not ns, repr(ns) > ++ > + def test_itertext_comment_pi(self): > + # https://bugs.launchpad.net/lxml/+bug/1844674 > + XML = self.etree.XML > +-- > +2.25.1 > + > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#168752): https://lists.openembedded.org/g/openembedded-core/message/168752 Mute This Topic: https://lists.openembedded.org/mt/92741215/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
