Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/l/libxml2/7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10.patch
Patrick J Volkerding ae0ce6df59 Tue Nov 9 20:22:27 UTC 2021 
a/dialog-1.3_20211107-x86_64-1.txz:  Upgraded.
ap/mariadb-10.5.13-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  Easily exploitable vulnerability allows high privileged attacker with network
  access via multiple protocols to compromise MariaDB Server. Successful
  attacks of this vulnerability can result in unauthorized ability to cause a
  hang or frequently repeatable crash (complete DOS) of MariaDB Server as well
  as unauthorized update, insert or delete access to some of MariaDB Server
  accessible data.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604
  (* Security fix *)
kde/bluedevil-5.23.3-x86_64-1.txz:  Upgraded.
kde/breeze-5.23.3-x86_64-1.txz:  Upgraded.
kde/breeze-grub-5.23.3-x86_64-1.txz:  Upgraded.
kde/breeze-gtk-5.23.3-x86_64-1.txz:  Upgraded.
kde/drkonqi-5.23.3-x86_64-1.txz:  Upgraded.
kde/kactivitymanagerd-5.23.3-x86_64-1.txz:  Upgraded.
kde/kde-cli-tools-5.23.3-x86_64-1.txz:  Upgraded.
kde/kde-gtk-config-5.23.3-x86_64-1.txz:  Upgraded.
kde/kdecoration-5.23.3-x86_64-1.txz:  Upgraded.
kde/kdeplasma-addons-5.23.3-x86_64-1.txz:  Upgraded.
kde/kdev-python-5.6.2-x86_64-4.txz:  Added.
kde/kgamma5-5.23.3-x86_64-1.txz:  Upgraded.
kde/khotkeys-5.23.3-x86_64-1.txz:  Upgraded.
kde/kinfocenter-5.23.3-x86_64-1.txz:  Upgraded.
kde/kmenuedit-5.23.3-x86_64-1.txz:  Upgraded.
kde/kscreen-5.23.3-x86_64-1.txz:  Upgraded.
kde/kscreenlocker-5.23.3-x86_64-1.txz:  Upgraded.
kde/ksshaskpass-5.23.3-x86_64-1.txz:  Upgraded.
kde/ksystemstats-5.23.3-x86_64-1.txz:  Upgraded.
kde/kwallet-pam-5.23.3-x86_64-1.txz:  Upgraded.
kde/kwayland-integration-5.23.3-x86_64-1.txz:  Upgraded.
kde/kwayland-server-5.23.3-x86_64-1.txz:  Upgraded.
kde/kwin-5.23.3-x86_64-1.txz:  Upgraded.
kde/kwrited-5.23.3-x86_64-1.txz:  Upgraded.
kde/layer-shell-qt-5.23.3-x86_64-1.txz:  Upgraded.
kde/libkscreen-5.23.3-x86_64-1.txz:  Upgraded.
kde/libksysguard-5.23.3-x86_64-1.txz:  Upgraded.
kde/milou-5.23.3-x86_64-1.txz:  Upgraded.
kde/oxygen-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-browser-integration-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-desktop-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-disks-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-firewall-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-integration-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-nm-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-pa-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-sdk-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-systemmonitor-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-vault-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-5.23.3-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-wallpapers-5.23.3-x86_64-1.txz:  Upgraded.
kde/polkit-kde-agent-1-5.23.3-x86_64-1.txz:  Upgraded.
kde/powerdevil-5.23.3-x86_64-1.txz:  Upgraded.
kde/qqc2-breeze-style-5.23.3-x86_64-1.txz:  Upgraded.
kde/sddm-kcm-5.23.3-x86_64-1.txz:  Upgraded.
kde/systemsettings-5.23.3-x86_64-1.txz:  Upgraded.
kde/xdg-desktop-portal-kde-5.23.3-x86_64-1.txz:  Upgraded.
l/libxml2-2.9.12-x86_64-5.txz:  Rebuilt.
  Applied upstream patch:
  [PATCH] Work around lxml API abuse.
  Thanks to brobr.
x/libdrm-2.4.108-x86_64-1.txz:  Upgraded.
x/libevdev-1.12.0-x86_64-1.txz:  Upgraded.
xap/xsnow-3.3.2-x86_64-1.txz:  Upgraded.
  Just in time for tomorrow night here in Minnesota. :-)
2021-11-10 17:59:56 +01:00

212 lines
8.3 KiB
Diff
Raw Blame History

From 7955b0d6fbbe49392ccc2e511edd00fbbfcb5a10 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 18 May 2021 20:08:28 +0200
Subject: [PATCH] Work around lxml API abuse
Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted
parent pointers. This used to work with the old recursive code but the
non-recursive rewrite required parent pointers to be set correctly.
Unfortunately, lxml relies on the old behavior and passes subtrees with
a corrupted structure. Fall back to a recursive function call if an
invalid parent pointer is detected.
Fixes #255.
---
HTMLtree.c | 46 ++++++++++++++++++++++++++++------------------
xmlsave.c | 31 +++++++++++++++++++++----------
2 files changed, 49 insertions(+), 28 deletions(-)
diff --git a/HTMLtree.c b/HTMLtree.c
index 24434d453..bdd639c7f 100644
--- a/HTMLtree.c
+++ b/HTMLtree.c
@@ -744,7 +744,7 @@ void
htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED,
int format) {
- xmlNodePtr root;
+ xmlNodePtr root, parent;
xmlAttrPtr attr;
const htmlElemDesc * info;
@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
}
root = cur;
+ parent = cur->parent;
while (1) {
switch (cur->type) {
case XML_HTML_DOCUMENT_NODE:
@@ -762,13 +763,25 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
if (((xmlDocPtr) cur)->intSubset != NULL) {
htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL);
}
- if (cur->children != NULL) {
+ /* Always validate cur->parent when descending. */
+ if ((cur->parent == parent) && (cur->children != NULL)) {
+ parent = cur;
cur = cur->children;
continue;
}
break;
case XML_ELEMENT_NODE:
+ /*
+ * Some users like lxml are known to pass nodes with a corrupted
+ * tree structure. Fall back to a recursive call to handle this
+ * case.
+ */
+ if ((cur->parent != parent) && (cur->children != NULL)) {
+ htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format);
+ break;
+ }
+
/*
* Get specific HTML info for that node.
*/
@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
(cur->name != NULL) &&
(cur->name[0] != 'p')) /* p, pre, param */
xmlOutputBufferWriteString(buf, "\n");
+ parent = cur;
cur = cur->children;
continue;
}
@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
(info != NULL) && (!info->isinline)) {
if ((cur->next->type != HTML_TEXT_NODE) &&
(cur->next->type != HTML_ENTITY_REF_NODE) &&
- (cur->parent != NULL) &&
- (cur->parent->name != NULL) &&
- (cur->parent->name[0] != 'p')) /* p, pre, param */
+ (parent != NULL) &&
+ (parent->name != NULL) &&
+ (parent->name[0] != 'p')) /* p, pre, param */
xmlOutputBufferWriteString(buf, "\n");
}
@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
break;
if (((cur->name == (const xmlChar *)xmlStringText) ||
(cur->name != (const xmlChar *)xmlStringTextNoenc)) &&
- ((cur->parent == NULL) ||
- ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) &&
- (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) {
+ ((parent == NULL) ||
+ ((xmlStrcasecmp(parent->name, BAD_CAST "script")) &&
+ (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) {
xmlChar *buffer;
buffer = xmlEncodeEntitiesReentrant(doc, cur->content);
@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
break;
}
- /*
- * The parent should never be NULL here but we want to handle
- * corrupted documents gracefully.
- */
- if (cur->parent == NULL)
- return;
- cur = cur->parent;
+ cur = parent;
+ /* cur->parent was validated when descending. */
+ parent = cur->parent;
if ((cur->type == XML_HTML_DOCUMENT_NODE) ||
(cur->type == XML_DOCUMENT_NODE)) {
@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
(cur->next != NULL)) {
if ((cur->next->type != HTML_TEXT_NODE) &&
(cur->next->type != HTML_ENTITY_REF_NODE) &&
- (cur->parent != NULL) &&
- (cur->parent->name != NULL) &&
- (cur->parent->name[0] != 'p')) /* p, pre, param */
+ (parent != NULL) &&
+ (parent->name != NULL) &&
+ (parent->name[0] != 'p')) /* p, pre, param */
xmlOutputBufferWriteString(buf, "\n");
}
}
diff --git a/xmlsave.c b/xmlsave.c
index 61a40459b..aedbd5e70 100644
--- a/xmlsave.c
+++ b/xmlsave.c
@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
static void
xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
int format = ctxt->format;
- xmlNodePtr tmp, root, unformattedNode = NULL;
+ xmlNodePtr tmp, root, unformattedNode = NULL, parent;
xmlAttrPtr attr;
xmlChar *start, *end;
xmlOutputBufferPtr buf;
@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
buf = ctxt->buf;
root = cur;
+ parent = cur->parent;
while (1) {
switch (cur->type) {
case XML_DOCUMENT_NODE:
@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
break;
case XML_DOCUMENT_FRAG_NODE:
- if (cur->children != NULL) {
+ /* Always validate cur->parent when descending. */
+ if ((cur->parent == parent) && (cur->children != NULL)) {
+ parent = cur;
cur = cur->children;
continue;
}
@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
break;
case XML_ELEMENT_NODE:
- if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput))
+ /*
+ * Some users like lxml are known to pass nodes with a corrupted
+ * tree structure. Fall back to a recursive call to handle this
+ * case.
+ */
+ if ((cur->parent != parent) && (cur->children != NULL)) {
+ xmlNodeDumpOutputInternal(ctxt, cur);
+ break;
+ }
+
+ if ((ctxt->level > 0) && (ctxt->format == 1) &&
+ (xmlIndentTreeOutput))
xmlOutputBufferWrite(buf, ctxt->indent_size *
(ctxt->level > ctxt->indent_nr ?
ctxt->indent_nr : ctxt->level),
@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
xmlOutputBufferWrite(buf, 1, ">");
if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n");
if (ctxt->level >= 0) ctxt->level++;
+ parent = cur;
cur = cur->children;
continue;
}
@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
break;
}
- /*
- * The parent should never be NULL here but we want to handle
- * corrupted documents gracefully.
- */
- if (cur->parent == NULL)
- return;
- cur = cur->parent;
+ cur = parent;
+ /* cur->parent was validated when descending. */
+ parent = cur->parent;
if (cur->type == XML_ELEMENT_NODE) {
if (ctxt->level > 0) ctxt->level--;
--
GitLab
Reference in a new issue View git blame Copy permalink