python-lxml: upgrade 3.2.5 -> 3.4.4

* Dropped backported python-lxml-3.2.5-fix-CVE-2014-3146.patch * Modify DISTUTILS_INSTALL_ARGS to avoid errors in the step of do_install | ValueError: invalid literal for int() with base 10: '--should-not-have-used-/usr/bin/xml2-config' | ERROR: python setup.py install execution failed. Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Li xin <lixin.fnst@cn.fujitsu.com> 2015-08-17 13:25:22 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2015-08-24 13:56:26 +0200
commit: f13f3b2f20d5a4d14c084a7965034570bdc56319 (patch)
tree: 9bf09c4d3d53e7e3589a9366c16af7ab9bdda610 /meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch
parent: a1f5f27f47564c9a3edc963b5efdeb39b8f5532c (diff)
download: meta-openembedded-f13f3b2f20d5a4d14c084a7965034570bdc56319.tar.gz
1 files changed, 0 insertions, 91 deletions
diff --git a/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch b/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch
deleted file mode 100644
index 0a8e211bd3..0000000000
--- a/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-Upstream-status:Backport
--- a/src/lxml/html/clean.py
-+++ b/src/lxml/html/clean.py
-@@ -70,9 +70,10 @@ _css_import_re = re.compile(
- 
- # All kinds of schemes besides just javascript: that can cause
- # execution:
-_javascript_scheme_re = re.compile(
-    r'\s*(?:javascript|jscript|livescript|vbscript|data|about|mocha):', re.I)
-_substitute_whitespace = re.compile(r'\s+').sub
-+_is_javascript_scheme = re.compile(
-+    r'(?:javascript|jscript|livescript|vbscript|data|about|mocha):',
-+    re.I).search
-+_substitute_whitespace = re.compile(r'[\s\x00-\x08\x0B\x0C\x0E-\x19]+').sub
- # FIXME: should data: be blocked?
- 
- # FIXME: check against: http://msdn2.microsoft.com/en-us/library/ms537512.aspx
-@@ -467,7 +468,7 @@ class Cleaner(object):
-     def _remove_javascript_link(self, link):
-         # links like "j a v a s c r i p t:" might be interpreted in IE
-         new = _substitute_whitespace('', link)
-        if _javascript_scheme_re.search(new):
-+        if _is_javascript_scheme(new):
-             # FIXME: should this be None to delete?
-             return ''
-         return link
--- a/src/lxml/html/tests/test_clean.txt
-+++ b/src/lxml/html/tests/test_clean.txt
-@@ -1,3 +1,4 @@
-+>>> import re
- >>> from lxml.html import fromstring, tostring
- >>> from lxml.html.clean import clean, clean_html, Cleaner
- >>> from lxml.html import usedoctest
-@@ -17,6 +18,7 @@
- ...   <body onload="evil_function()">
- ...     <!-- I am interpreted for EVIL! -->
- ...     <a href="javascript:evil_function()">a link</a>
-+...     <a href="j\x01a\x02v\x03a\x04s\x05c\x06r\x07i\x0Ep t:evil_function()">a control char link</a>
- ...     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
- ...     <a href="#" onclick="evil_function()">another link</a>
- ...     <p onclick="evil_function()">a paragraph</p>
-@@ -33,7 +35,7 @@
- ...   </body>
- ... </html>'''
- 
->>> print(doc)
-+>>> print(re.sub('[\x00-\x07\x0E]', '', doc))
- <html>
-   <head>
-     <script type="text/javascript" src="evil-site"></script>
-@@ -49,6 +51,7 @@
-   <body onload="evil_function()">
-     <!-- I am interpreted for EVIL! -->
-     <a href="javascript:evil_function()">a link</a>
-+    <a href="javascrip t:evil_function()">a control char link</a>
-     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
-     <a href="#" onclick="evil_function()">another link</a>
-     <p onclick="evil_function()">a paragraph</p>
-@@ -81,6 +84,7 @@
-   <body onload="evil_function()">
-     <!-- I am interpreted for EVIL! -->
-     <a href="javascript:evil_function()">a link</a>
-+    <a href="javascrip%20t:evil_function()">a control char link</a>
-     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
-     <a href="#" onclick="evil_function()">another link</a>
-     <p onclick="evil_function()">a paragraph</p>
-@@ -104,6 +108,7 @@
-   </head>
-   <body>
-     <a href="">a link</a>
-+    <a href="">a control char link</a>
-     <a href="">data</a>
-     <a href="#">another link</a>
-     <p>a paragraph</p>
-@@ -123,6 +128,7 @@
-   </head>
-   <body>
-     <a href="">a link</a>
-+    <a href="">a control char link</a>
-     <a href="">data</a>
-     <a href="#">another link</a>
-     <p>a paragraph</p>
-@@ -146,6 +152,7 @@
-   </head>
-   <body>
-     <a href="">a link</a>
-+    <a href="">a control char link</a> 
-     <a href="">data</a>
-     <a href="#">another link</a>
-     <p>a paragraph</p>
author	Li xin <lixin.fnst@cn.fujitsu.com>	2015-08-17 13:25:22 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-08-24 13:56:26 +0200
commit	f13f3b2f20d5a4d14c084a7965034570bdc56319 (patch)
tree	9bf09c4d3d53e7e3589a9366c16af7ab9bdda610 /meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch
parent	a1f5f27f47564c9a3edc963b5efdeb39b8f5532c (diff)
download	meta-openembedded-f13f3b2f20d5a4d14c084a7965034570bdc56319.tar.gz

diff --git a/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch b/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch deleted file mode 100644 index 0a8e211bd3..0000000000 --- a/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch +++ /dev/null
@@ -1,91 +0,0 @@
1	Upstream-status:Backport
2
3	--- a/src/lxml/html/clean.py
4	+++ b/src/lxml/html/clean.py
5	@@ -70,9 +70,10 @@ _css_import_re = re.compile(
6
7	# All kinds of schemes besides just javascript: that can cause
8	# execution:
9	-_javascript_scheme_re = re.compile(
10	- r'\s*(?:javascript\|jscript\|livescript\|vbscript\|data\|about\|mocha):', re.I)
11	-_substitute_whitespace = re.compile(r'\s+').sub
12	+_is_javascript_scheme = re.compile(
13	+ r'(?:javascript\|jscript\|livescript\|vbscript\|data\|about\|mocha):',
14	+ re.I).search
15	+_substitute_whitespace = re.compile(r'[\s\x00-\x08\x0B\x0C\x0E-\x19]+').sub
16	# FIXME: should data: be blocked?
17
18	# FIXME: check against: http://msdn2.microsoft.com/en-us/library/ms537512.aspx
19	@@ -467,7 +468,7 @@ class Cleaner(object):
20	def _remove_javascript_link(self, link):
21	# links like "j a v a s c r i p t:" might be interpreted in IE
22	new = _substitute_whitespace('', link)
23	- if _javascript_scheme_re.search(new):
24	+ if _is_javascript_scheme(new):
25	# FIXME: should this be None to delete?
26	return ''
27	return link
28	--- a/src/lxml/html/tests/test_clean.txt
29	+++ b/src/lxml/html/tests/test_clean.txt
30	@@ -1,3 +1,4 @@
31	+>>> import re
32	>>> from lxml.html import fromstring, tostring
33	>>> from lxml.html.clean import clean, clean_html, Cleaner
34	>>> from lxml.html import usedoctest
35	@@ -17,6 +18,7 @@
36	... <body onload="evil_function()">
37	... <!-- I am interpreted for EVIL! -->
38	... <a href="javascript:evil_function()">a link</a>
39	+... <a href="j\x01a\x02v\x03a\x04s\x05c\x06r\x07i\x0Ep t:evil_function()">a control char link</a>
40	... <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
41	... <a href="#" onclick="evil_function()">another link</a>
42	... <p onclick="evil_function()">a paragraph</p>
43	@@ -33,7 +35,7 @@
44	... </body>
45	... </html>'''
46
47	->>> print(doc)
48	+>>> print(re.sub('[\x00-\x07\x0E]', '', doc))
49	<html>
50	<head>
51	<script type="text/javascript" src="evil-site"></script>
52	@@ -49,6 +51,7 @@
53	<body onload="evil_function()">
54	<!-- I am interpreted for EVIL! -->
55	<a href="javascript:evil_function()">a link</a>
56	+ <a href="javascrip t:evil_function()">a control char link</a>
57	<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
58	<a href="#" onclick="evil_function()">another link</a>
59	<p onclick="evil_function()">a paragraph</p>
60	@@ -81,6 +84,7 @@
61	<body onload="evil_function()">
62	<!-- I am interpreted for EVIL! -->
63	<a href="javascript:evil_function()">a link</a>
64	+ <a href="javascrip%20t:evil_function()">a control char link</a>
65	<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
66	<a href="#" onclick="evil_function()">another link</a>
67	<p onclick="evil_function()">a paragraph</p>
68	@@ -104,6 +108,7 @@
69	</head>
70	<body>
71	<a href="">a link</a>
72	+ <a href="">a control char link</a>
73	<a href="">data</a>
74	<a href="#">another link</a>
75	<p>a paragraph</p>
76	@@ -123,6 +128,7 @@
77	</head>
78	<body>
79	<a href="">a link</a>
80	+ <a href="">a control char link</a>
81	<a href="">data</a>
82	<a href="#">another link</a>
83	<p>a paragraph</p>
84	@@ -146,6 +152,7 @@
85	</head>
86	<body>
87	<a href="">a link</a>
88	+ <a href="">a control char link</a>
89	<a href="">data</a>
90	<a href="#">another link</a>
91	<p>a paragraph</p>