libxml2/libxml2-python3-string-null-check.patch

From 07b1c4c8a736a31ac4b8ae13ea25d50793dfea83 Mon Sep 17 00:00:00 2001
From: Mike Gorse <mgorse@alum.wpi.edu>
Date: Fri, 25 Jan 2019 12:55:52 -0600
Subject: [PATCH] python: return None if PY_IMPORT_STRING returns NULL

PY_IMPORT_STRING might return NULL on python 3 if, ie, a string can't be
encoded. We should check for this and return None, rather than returning
NULL. Fixes a NULL pointer dereference when reporting an error with an
invalid string.
---
 python/types.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/python/types.c b/python/types.c
index 124af565..50951ba3 100644
--- a/python/types.c
+++ b/python/types.c
@@ -150,6 +150,10 @@ libxml_charPtrConstWrap(const char *str)
         return (Py_None);
     }
     ret = PY_IMPORT_STRING(str);
+    if (ret == NULL) {
+        Py_INCREF(Py_None);
+        return (Py_None);
+    }
     return (ret);
 }
 
-- 
2.18.0
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=1 2009-06-18 18:16:21 +00:00			`From 07b1c4c8a736a31ac4b8ae13ea25d50793dfea83 Mon Sep 17 00:00:00 2001`
			`From: Mike Gorse <mgorse@alum.wpi.edu>`
			`Date: Fri, 25 Jan 2019 12:55:52 -0600`
			`Subject: [PATCH] python: return None if PY_IMPORT_STRING returns NULL`

			`PY_IMPORT_STRING might return NULL on python 3 if, ie, a string can't be`
			`encoded. We should check for this and return None, rather than returning`
			`NULL. Fixes a NULL pointer dereference when reporting an error with an`
			`invalid string.`
			`---`
Accepting request 668947 from home:mgorse:branches:devel:libraries:c_c++ - Version update to 2.9.9: * Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (boo#1088279 boo#1105166). + CVE-2018-14404 Fix nullptr deref with XPath logic ops (boo#1102046). * Bug fixes: + Fix building relative URIs + Problem with data in interleave in RelaxNG validation + Fix memory leak in xmlSwitchInputEncodingInt error path + Set doc on element obtained from freeElems + Fix HTML serialization with UTF-8 encoding + Use actual doc in xmlTextReaderReadXml + Unlink node before freeing it in xmlSAX2StartElement + Check return value of nodePush in xmlSAX2StartElement + Free input buffer in xmlHaltParser + Reset HTML parser input pointers on encoding failure + Fix xmlSchemaValidCtxtPtr reuse memory leak + Fix xmlTextReaderNext with preparsed document + HTML noscript should not close p + Don't change context node in xmlXPathRoot Improvements: + Remove redefined starts and defines inside include elements + Allow choice within choice in nameClass in RELAX NG + Look inside divs for starts and defines inside include + Add newlines to 'xmllint --xpath' output + Don't include SAX.h from globals.h + Support xmlTextReaderNextSibling w/o preparsed doc + Improve restoring of context size and position + Simplify and harden nodeset filtering OBS-URL: https://build.opensuse.org/request/show/668947 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=132 2019-01-28 07:51:27 +00:00			`python/types.c \| 4 ++++`
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=1 2009-06-18 18:16:21 +00:00			`1 file changed, 4 insertions(+)`

Accepting request 668947 from home:mgorse:branches:devel:libraries:c_c++ - Version update to 2.9.9: * Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (boo#1088279 boo#1105166). + CVE-2018-14404 Fix nullptr deref with XPath logic ops (boo#1102046). * Bug fixes: + Fix building relative URIs + Problem with data in interleave in RelaxNG validation + Fix memory leak in xmlSwitchInputEncodingInt error path + Set doc on element obtained from freeElems + Fix HTML serialization with UTF-8 encoding + Use actual doc in xmlTextReaderReadXml + Unlink node before freeing it in xmlSAX2StartElement + Check return value of nodePush in xmlSAX2StartElement + Free input buffer in xmlHaltParser + Reset HTML parser input pointers on encoding failure + Fix xmlSchemaValidCtxtPtr reuse memory leak + Fix xmlTextReaderNext with preparsed document + HTML noscript should not close p + Don't change context node in xmlXPathRoot Improvements: + Remove redefined starts and defines inside include elements + Allow choice within choice in nameClass in RELAX NG + Look inside divs for starts and defines inside include + Add newlines to 'xmllint --xpath' output + Don't include SAX.h from globals.h + Support xmlTextReaderNextSibling w/o preparsed doc + Improve restoring of context size and position + Simplify and harden nodeset filtering OBS-URL: https://build.opensuse.org/request/show/668947 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=132 2019-01-28 07:51:27 +00:00			`diff --git a/python/types.c b/python/types.c`
			`index 124af565..50951ba3 100644`
			`--- a/python/types.c`
			`+++ b/python/types.c`
			`@@ -150,6 +150,10 @@ libxml_charPtrConstWrap(const char *str)`
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=1 2009-06-18 18:16:21 +00:00			`return (Py_None);`
			`}`
			`ret = PY_IMPORT_STRING(str);`
			`+ if (ret == NULL) {`
			`+ Py_INCREF(Py_None);`
			`+ return (Py_None);`
			`+ }`
			`return (ret);`
			`}`

Accepting request 668947 from home:mgorse:branches:devel:libraries:c_c++ - Version update to 2.9.9: * Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (boo#1088279 boo#1105166). + CVE-2018-14404 Fix nullptr deref with XPath logic ops (boo#1102046). * Bug fixes: + Fix building relative URIs + Problem with data in interleave in RelaxNG validation + Fix memory leak in xmlSwitchInputEncodingInt error path + Set doc on element obtained from freeElems + Fix HTML serialization with UTF-8 encoding + Use actual doc in xmlTextReaderReadXml + Unlink node before freeing it in xmlSAX2StartElement + Check return value of nodePush in xmlSAX2StartElement + Free input buffer in xmlHaltParser + Reset HTML parser input pointers on encoding failure + Fix xmlSchemaValidCtxtPtr reuse memory leak + Fix xmlTextReaderNext with preparsed document + HTML noscript should not close p + Don't change context node in xmlXPathRoot Improvements: + Remove redefined starts and defines inside include elements + Allow choice within choice in nameClass in RELAX NG + Look inside divs for starts and defines inside include + Add newlines to 'xmllint --xpath' output + Don't include SAX.h from globals.h + Support xmlTextReaderNextSibling w/o preparsed doc + Improve restoring of context size and position + Simplify and harden nodeset filtering OBS-URL: https://build.opensuse.org/request/show/668947 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=132 2019-01-28 07:51:27 +00:00			`--`
			`2.18.0`