[oe-commits] Li xin : python-lxml: upgrade 3.2.5 -> 3.4.4

Mon Aug 24 12:02:27 UTC 2015

Module: meta-openembedded.git
Branch: master-next
Commit: f13f3b2f20d5a4d14c084a7965034570bdc56319
URL:    http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=f13f3b2f20d5a4d14c084a7965034570bdc56319

Author: Li xin <lixin.fnst at cn.fujitsu.com>
Date:   Mon Aug 17 13:25:22 2015 +0800

python-lxml: upgrade 3.2.5 -> 3.4.4

* Dropped backported python-lxml-3.2.5-fix-CVE-2014-3146.patch
* Modify DISTUTILS_INSTALL_ARGS to avoid errors in the step of do_install
  | ValueError: invalid literal for int() with base 10:
    '--should-not-have-used-/usr/bin/xml2-config'
  | ERROR: python setup.py install execution failed.

Signed-off-by: Li Xin <lixin.fnst at cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>

---

 .../python-lxml-3.2.5-fix-CVE-2014-3146.patch      | 91 ----------------------
 .../{python-lxml_3.2.5.bb => python-lxml_3.4.4.bb} |  9 +--
 2 files changed, 4 insertions(+), 96 deletions(-)

diff --git a/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch b/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch
deleted file mode 100644
index 0a8e211..0000000
--- a/meta-python/recipes-devtools/python/python-lxml/python-lxml-3.2.5-fix-CVE-2014-3146.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-Upstream-status:Backport
-
---- a/src/lxml/html/clean.py
-+++ b/src/lxml/html/clean.py
-@@ -70,9 +70,10 @@ _css_import_re = re.compile(
- 
- # All kinds of schemes besides just javascript: that can cause
- # execution:
--_javascript_scheme_re = re.compile(
--    r'\s*(?:javascript|jscript|livescript|vbscript|data|about|mocha):', re.I)
--_substitute_whitespace = re.compile(r'\s+').sub
-+_is_javascript_scheme = re.compile(
-+    r'(?:javascript|jscript|livescript|vbscript|data|about|mocha):',
-+    re.I).search
-+_substitute_whitespace = re.compile(r'[\s\x00-\x08\x0B\x0C\x0E-\x19]+').sub
- # FIXME: should data: be blocked?
- 
- # FIXME: check against: http://msdn2.microsoft.com/en-us/library/ms537512.aspx
-@@ -467,7 +468,7 @@ class Cleaner(object):
-     def _remove_javascript_link(self, link):
-         # links like "j a v a s c r i p t:" might be interpreted in IE
-         new = _substitute_whitespace('', link)
--        if _javascript_scheme_re.search(new):
-+        if _is_javascript_scheme(new):
-             # FIXME: should this be None to delete?
-             return ''
-         return link
---- a/src/lxml/html/tests/test_clean.txt
-+++ b/src/lxml/html/tests/test_clean.txt
-@@ -1,3 +1,4 @@
-+>>> import re
- >>> from lxml.html import fromstring, tostring
- >>> from lxml.html.clean import clean, clean_html, Cleaner
- >>> from lxml.html import usedoctest
-@@ -17,6 +18,7 @@
- ...   <body onload="evil_function()">
- ...     <!-- I am interpreted for EVIL! -->
- ...     <a href="javascript:evil_function()">a link</a>
-+...     <a href="j\x01a\x02v\x03a\x04s\x05c\x06r\x07i\x0Ep t:evil_function()">a control char link</a>
- ...     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
- ...     <a href="#" onclick="evil_function()">another link</a>
- ...     <p onclick="evil_function()">a paragraph</p>
-@@ -33,7 +35,7 @@
- ...   </body>
- ... </html>'''
- 
-->>> print(doc)
-+>>> print(re.sub('[\x00-\x07\x0E]', '', doc))
- <html>
-   <head>
-     <script type="text/javascript" src="evil-site"></script>
-@@ -49,6 +51,7 @@
-   <body onload="evil_function()">
-     <!-- I am interpreted for EVIL! -->
-     <a href="javascript:evil_function()">a link</a>
-+    <a href="javascrip t:evil_function()">a control char link</a>
-     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
-     <a href="#" onclick="evil_function()">another link</a>
-     <p onclick="evil_function()">a paragraph</p>
-@@ -81,6 +84,7 @@
-   <body onload="evil_function()">
-     <!-- I am interpreted for EVIL! -->
-     <a href="javascript:evil_function()">a link</a>
-+    <a href="javascrip%20t:evil_function()">a control char link</a>
-     <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgidGVzdCIpOzwvc2NyaXB0Pg==">data</a>
-     <a href="#" onclick="evil_function()">another link</a>
-     <p onclick="evil_function()">a paragraph</p>
-@@ -104,6 +108,7 @@
-   </head>
-   <body>
-     <a href="">a link</a>
-+    <a href="">a control char link</a>
-     <a href="">data</a>
-     <a href="#">another link</a>
-     <p>a paragraph</p>
-@@ -123,6 +128,7 @@
-   </head>
-   <body>
-     <a href="">a link</a>
-+    <a href="">a control char link</a>
-     <a href="">data</a>
-     <a href="#">another link</a>
-     <p>a paragraph</p>
-@@ -146,6 +152,7 @@
-   </head>
-   <body>
-     <a href="">a link</a>
-+    <a href="">a control char link</a> 
-     <a href="">data</a>
-     <a href="#">another link</a>
-     <p>a paragraph</p>
diff --git a/meta-python/recipes-devtools/python/python-lxml_3.2.5.bb b/meta-python/recipes-devtools/python/python-lxml_3.4.4.bb
similarity index 81%
rename from meta-python/recipes-devtools/python/python-lxml_3.2.5.bb
rename to meta-python/recipes-devtools/python/python-lxml_3.4.4.bb
index 68e3677..2480e4d 100644
--- a/meta-python/recipes-devtools/python/python-lxml_3.2.5.bb
+++ b/meta-python/recipes-devtools/python/python-lxml_3.4.4.bb
@@ -8,11 +8,10 @@ SRCNAME = "lxml"
 
 DEPENDS = "libxml2 libxslt"
 
-SRC_URI = "http://pypi.python.org/packages/source/l/${SRCNAME}/${SRCNAME}-${PV}.tar.gz \
-		file://python-lxml-3.2.5-fix-CVE-2014-3146.patch "
+SRC_URI = "http://pypi.python.org/packages/source/l/${SRCNAME}/${SRCNAME}-${PV}.tar.gz"
 
-SRC_URI[md5sum] = "6c4fb9b1840631cff09b8229a12a9ef7"
-SRC_URI[sha256sum] = "2bf072808a6546d0e56bf1ad3b98a43cca828724360d7419fad135141bd31f7e"
+SRC_URI[md5sum] = "a9a65972afc173ec7a39c585f4eea69c"
+SRC_URI[sha256sum] = "b3d362bac471172747cda3513238f115cbd6c5f8b8e6319bf6a97a7892724099"
 
 S = "${WORKDIR}/${SRCNAME}-${PV}"
 
@@ -25,7 +24,7 @@ DISTUTILS_BUILD_ARGS += " \
 
 DISTUTILS_INSTALL_ARGS += " \
                      --with-xslt-config='${STAGING_BINDIR_NATIVE}/pkg-config libxslt' \
-                     --with-xml2-config='${STAGING_BINDIR_CROSS}/xml2-config' \
+                     --with-xml2-config='${STAGING_BINDIR_CROSS}/pkg-config libxml2' \
 "
 
 BBCLASSEXTEND = "native nativesdk"

