summaryrefslogtreecommitdiffstats
path: root/source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2021-11-09 20:22:27 +0000
committer Eric Hameleers <alien@slackware.com>2021-11-10 17:59:56 +0100
commitae0ce6df59955601c1c2e852c3139eaec1dd43dc (patch)
tree885deae33b009f6cf164535331335954df626dc3 /source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch
parentbd953aa8c3d07ab46316ac6b5af07721202faf16 (diff)
downloadcurrent-ae0ce6df59955601c1c2e852c3139eaec1dd43dc.tar.gz
current-ae0ce6df59955601c1c2e852c3139eaec1dd43dc.tar.xz
Tue Nov 9 20:22:27 UTC 202120211109202227
a/dialog-1.3_20211107-x86_64-1.txz: Upgraded. ap/mariadb-10.5.13-x86_64-1.txz: Upgraded. This update fixes a security issue: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604 (* Security fix *) kde/bluedevil-5.23.3-x86_64-1.txz: Upgraded. kde/breeze-5.23.3-x86_64-1.txz: Upgraded. kde/breeze-grub-5.23.3-x86_64-1.txz: Upgraded. kde/breeze-gtk-5.23.3-x86_64-1.txz: Upgraded. kde/drkonqi-5.23.3-x86_64-1.txz: Upgraded. kde/kactivitymanagerd-5.23.3-x86_64-1.txz: Upgraded. kde/kde-cli-tools-5.23.3-x86_64-1.txz: Upgraded. kde/kde-gtk-config-5.23.3-x86_64-1.txz: Upgraded. kde/kdecoration-5.23.3-x86_64-1.txz: Upgraded. kde/kdeplasma-addons-5.23.3-x86_64-1.txz: Upgraded. kde/kdev-python-5.6.2-x86_64-4.txz: Added. kde/kgamma5-5.23.3-x86_64-1.txz: Upgraded. kde/khotkeys-5.23.3-x86_64-1.txz: Upgraded. kde/kinfocenter-5.23.3-x86_64-1.txz: Upgraded. kde/kmenuedit-5.23.3-x86_64-1.txz: Upgraded. kde/kscreen-5.23.3-x86_64-1.txz: Upgraded. kde/kscreenlocker-5.23.3-x86_64-1.txz: Upgraded. kde/ksshaskpass-5.23.3-x86_64-1.txz: Upgraded. kde/ksystemstats-5.23.3-x86_64-1.txz: Upgraded. kde/kwallet-pam-5.23.3-x86_64-1.txz: Upgraded. kde/kwayland-integration-5.23.3-x86_64-1.txz: Upgraded. kde/kwayland-server-5.23.3-x86_64-1.txz: Upgraded. kde/kwin-5.23.3-x86_64-1.txz: Upgraded. kde/kwrited-5.23.3-x86_64-1.txz: Upgraded. kde/layer-shell-qt-5.23.3-x86_64-1.txz: Upgraded. kde/libkscreen-5.23.3-x86_64-1.txz: Upgraded. kde/libksysguard-5.23.3-x86_64-1.txz: Upgraded. kde/milou-5.23.3-x86_64-1.txz: Upgraded. kde/oxygen-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-browser-integration-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-desktop-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-disks-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-firewall-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-integration-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-nm-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-pa-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-sdk-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-systemmonitor-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-vault-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-workspace-5.23.3-x86_64-1.txz: Upgraded. kde/plasma-workspace-wallpapers-5.23.3-x86_64-1.txz: Upgraded. kde/polkit-kde-agent-1-5.23.3-x86_64-1.txz: Upgraded. kde/powerdevil-5.23.3-x86_64-1.txz: Upgraded. kde/qqc2-breeze-style-5.23.3-x86_64-1.txz: Upgraded. kde/sddm-kcm-5.23.3-x86_64-1.txz: Upgraded. kde/systemsettings-5.23.3-x86_64-1.txz: Upgraded. kde/xdg-desktop-portal-kde-5.23.3-x86_64-1.txz: Upgraded. l/libxml2-2.9.12-x86_64-5.txz: Rebuilt. Applied upstream patch: [PATCH] Work around lxml API abuse. Thanks to brobr. x/libdrm-2.4.108-x86_64-1.txz: Upgraded. x/libevdev-1.12.0-x86_64-1.txz: Upgraded. xap/xsnow-3.3.2-x86_64-1.txz: Upgraded. Just in time for tomorrow night here in Minnesota. :-)
Diffstat (limited to 'source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch')
-rw-r--r--source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch212
1 files changed, 212 insertions, 0 deletions
diff --git a/source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch b/source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch
new file mode 100644
index 000000000..1f05c29d5
--- /dev/null
+++ b/source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch
@@ -0,0 +1,212 @@
+From 7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 18 May 2021 20:08:28 +0200
+Subject: [PATCH] Work around lxml API abuse
+
+Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted
+parent pointers. This used to work with the old recursive code but the
+non-recursive rewrite required parent pointers to be set correctly.
+
+Unfortunately, lxml relies on the old behavior and passes subtrees with
+a corrupted structure. Fall back to a recursive function call if an
+invalid parent pointer is detected.
+
+Fixes #255.
+---
+ HTMLtree.c | 46 ++++++++++++++++++++++++++++------------------
+ xmlsave.c | 31 +++++++++++++++++++++----------
+ 2 files changed, 49 insertions(+), 28 deletions(-)
+
+diff --git a/HTMLtree.c b/HTMLtree.c
+index 24434d453..bdd639c7f 100644
+--- a/HTMLtree.c
++++ b/HTMLtree.c
+@@ -744,7 +744,7 @@ void
+ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED,
+ int format) {
+- xmlNodePtr root;
++ xmlNodePtr root, parent;
+ xmlAttrPtr attr;
+ const htmlElemDesc * info;
+
+@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ }
+
+ root = cur;
++ parent = cur->parent;
+ while (1) {
+ switch (cur->type) {
+ case XML_HTML_DOCUMENT_NODE:
+@@ -762,13 +763,25 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ if (((xmlDocPtr) cur)->intSubset != NULL) {
+ htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL);
+ }
+- if (cur->children != NULL) {
++ /* Always validate cur->parent when descending. */
++ if ((cur->parent == parent) && (cur->children != NULL)) {
++ parent = cur;
+ cur = cur->children;
+ continue;
+ }
+ break;
+
+ case XML_ELEMENT_NODE:
++ /*
++ * Some users like lxml are known to pass nodes with a corrupted
++ * tree structure. Fall back to a recursive call to handle this
++ * case.
++ */
++ if ((cur->parent != parent) && (cur->children != NULL)) {
++ htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format);
++ break;
++ }
++
+ /*
+ * Get specific HTML info for that node.
+ */
+@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ (cur->name != NULL) &&
+ (cur->name[0] != 'p')) /* p, pre, param */
+ xmlOutputBufferWriteString(buf, "\n");
++ parent = cur;
+ cur = cur->children;
+ continue;
+ }
+@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ (info != NULL) && (!info->isinline)) {
+ if ((cur->next->type != HTML_TEXT_NODE) &&
+ (cur->next->type != HTML_ENTITY_REF_NODE) &&
+- (cur->parent != NULL) &&
+- (cur->parent->name != NULL) &&
+- (cur->parent->name[0] != 'p')) /* p, pre, param */
++ (parent != NULL) &&
++ (parent->name != NULL) &&
++ (parent->name[0] != 'p')) /* p, pre, param */
+ xmlOutputBufferWriteString(buf, "\n");
+ }
+
+@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ break;
+ if (((cur->name == (const xmlChar *)xmlStringText) ||
+ (cur->name != (const xmlChar *)xmlStringTextNoenc)) &&
+- ((cur->parent == NULL) ||
+- ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) &&
+- (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) {
++ ((parent == NULL) ||
++ ((xmlStrcasecmp(parent->name, BAD_CAST "script")) &&
++ (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) {
+ xmlChar *buffer;
+
+ buffer = xmlEncodeEntitiesReentrant(doc, cur->content);
+@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ break;
+ }
+
+- /*
+- * The parent should never be NULL here but we want to handle
+- * corrupted documents gracefully.
+- */
+- if (cur->parent == NULL)
+- return;
+- cur = cur->parent;
++ cur = parent;
++ /* cur->parent was validated when descending. */
++ parent = cur->parent;
+
+ if ((cur->type == XML_HTML_DOCUMENT_NODE) ||
+ (cur->type == XML_DOCUMENT_NODE)) {
+@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
+ (cur->next != NULL)) {
+ if ((cur->next->type != HTML_TEXT_NODE) &&
+ (cur->next->type != HTML_ENTITY_REF_NODE) &&
+- (cur->parent != NULL) &&
+- (cur->parent->name != NULL) &&
+- (cur->parent->name[0] != 'p')) /* p, pre, param */
++ (parent != NULL) &&
++ (parent->name != NULL) &&
++ (parent->name[0] != 'p')) /* p, pre, param */
+ xmlOutputBufferWriteString(buf, "\n");
+ }
+ }
+diff --git a/xmlsave.c b/xmlsave.c
+index 61a40459b..aedbd5e70 100644
+--- a/xmlsave.c
++++ b/xmlsave.c
+@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+ static void
+ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+ int format = ctxt->format;
+- xmlNodePtr tmp, root, unformattedNode = NULL;
++ xmlNodePtr tmp, root, unformattedNode = NULL, parent;
+ xmlAttrPtr attr;
+ xmlChar *start, *end;
+ xmlOutputBufferPtr buf;
+@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+ buf = ctxt->buf;
+
+ root = cur;
++ parent = cur->parent;
+ while (1) {
+ switch (cur->type) {
+ case XML_DOCUMENT_NODE:
+@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+ break;
+
+ case XML_DOCUMENT_FRAG_NODE:
+- if (cur->children != NULL) {
++ /* Always validate cur->parent when descending. */
++ if ((cur->parent == parent) && (cur->children != NULL)) {
++ parent = cur;
+ cur = cur->children;
+ continue;
+ }
+@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+ break;
+
+ case XML_ELEMENT_NODE:
+- if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput))
++ /*
++ * Some users like lxml are known to pass nodes with a corrupted
++ * tree structure. Fall back to a recursive call to handle this
++ * case.
++ */
++ if ((cur->parent != parent) && (cur->children != NULL)) {
++ xmlNodeDumpOutputInternal(ctxt, cur);
++ break;
++ }
++
++ if ((ctxt->level > 0) && (ctxt->format == 1) &&
++ (xmlIndentTreeOutput))
+ xmlOutputBufferWrite(buf, ctxt->indent_size *
+ (ctxt->level > ctxt->indent_nr ?
+ ctxt->indent_nr : ctxt->level),
+@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+ xmlOutputBufferWrite(buf, 1, ">");
+ if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n");
+ if (ctxt->level >= 0) ctxt->level++;
++ parent = cur;
+ cur = cur->children;
+ continue;
+ }
+@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
+ break;
+ }
+
+- /*
+- * The parent should never be NULL here but we want to handle
+- * corrupted documents gracefully.
+- */
+- if (cur->parent == NULL)
+- return;
+- cur = cur->parent;
++ cur = parent;
++ /* cur->parent was validated when descending. */
++ parent = cur->parent;
+
+ if (cur->type == XML_ELEMENT_NODE) {
+ if (ctxt->level > 0) ctxt->level--;
+--
+GitLab
+
+
generated by cgit v1.2.3-65-gdbad (git 2.45.1) at 2024-06-07 01:21:06 +0000