Add AlmaLinux to supported distros
This commit is contained in:
commit
af74a23675
116
SOURCES/00490-cve-2026-15308.patch
Normal file
116
SOURCES/00490-cve-2026-15308.patch
Normal file
@ -0,0 +1,116 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Lum=C3=ADr=20Balhar?= <lbalhar@redhat.com>
|
||||
Date: Fri, 10 Jul 2026 08:12:50 +0000
|
||||
Subject: 00490: CVE-2026-15308
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
gh-153030: Fix quadratic complexity in incremental parsing in HTMLParser (GH-153031) (GH-153038)
|
||||
|
||||
When an unterminated construct (e.g. a tag or comment) spanned many
|
||||
feed() calls, rescanning the growing buffer and concatenating new data
|
||||
onto it were both quadratic. New data is now accumulated in a list and
|
||||
only joined and parsed once enough has piled up.
|
||||
(cherry picked from commit bcf98ddbc40ec9b3ee87da0124a5660b19b7e606)
|
||||
|
||||
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
||||
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
||||
Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
|
||||
---
|
||||
Lib/html/parser.py | 32 ++++++++++++++++++++++++++++++--
|
||||
Lib/test/test_htmlparser.py | 21 +++++++++++++++++++++
|
||||
2 files changed, 51 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/Lib/html/parser.py b/Lib/html/parser.py
|
||||
index ef869bc72d..37bbadcc05 100644
|
||||
--- a/Lib/html/parser.py
|
||||
+++ b/Lib/html/parser.py
|
||||
@@ -99,6 +99,9 @@ class HTMLParser(_markupbase.ParserBase):
|
||||
self.lasttag = '???'
|
||||
self.interesting = interesting_normal
|
||||
self.cdata_elem = None
|
||||
+ self._pending = []
|
||||
+ self._pending_len = 0
|
||||
+ self._parse_threshold = 1
|
||||
_markupbase.ParserBase.reset(self)
|
||||
|
||||
def feed(self, data):
|
||||
@@ -107,11 +110,36 @@ class HTMLParser(_markupbase.ParserBase):
|
||||
Call this as often as you want, with as little or as much text
|
||||
as you want (may include '\n').
|
||||
"""
|
||||
- self.rawdata = self.rawdata + data
|
||||
- self.goahead(0)
|
||||
+ # Accumulate new data in a list and only join and parse it once
|
||||
+ # enough has piled up. Rescanning an unparsed buffer (e.g. an
|
||||
+ # unterminated tag) and concatenating onto it on every call would
|
||||
+ # both be quadratic in the input size.
|
||||
+ self._pending_len += len(data)
|
||||
+ if self._pending_len < self._parse_threshold:
|
||||
+ self._pending.append(data)
|
||||
+ else:
|
||||
+ if not self._pending:
|
||||
+ self.rawdata += data
|
||||
+ else:
|
||||
+ self._pending.append(data)
|
||||
+ self.rawdata += ''.join(self._pending)
|
||||
+ self._pending.clear()
|
||||
+ self._pending_len = 0
|
||||
+ n = len(self.rawdata)
|
||||
+ self.goahead(0)
|
||||
+ if len(self.rawdata) < n:
|
||||
+ # Some data was parsed; resume on the next call.
|
||||
+ self._parse_threshold = 1
|
||||
+ else:
|
||||
+ # Nothing was parsed; wait until the buffer doubles.
|
||||
+ self._parse_threshold = len(self.rawdata)
|
||||
|
||||
def close(self):
|
||||
"""Handle any buffered data."""
|
||||
+ if self._pending:
|
||||
+ self.rawdata += ''.join(self._pending)
|
||||
+ self._pending.clear()
|
||||
+ self._pending_len = 0
|
||||
self.goahead(1)
|
||||
|
||||
__starttag_text = None
|
||||
diff --git a/Lib/test/test_htmlparser.py b/Lib/test/test_htmlparser.py
|
||||
index 326e34290f..a2916b9511 100644
|
||||
--- a/Lib/test/test_htmlparser.py
|
||||
+++ b/Lib/test/test_htmlparser.py
|
||||
@@ -3,6 +3,7 @@
|
||||
import html.parser
|
||||
import pprint
|
||||
import unittest
|
||||
+from test import support
|
||||
|
||||
|
||||
class EventCollector(html.parser.HTMLParser):
|
||||
@@ -641,6 +642,26 @@ text
|
||||
('endtag', 'a'), ('data', ' bar & baz')]
|
||||
)
|
||||
|
||||
+ @support.requires_resource('cpu')
|
||||
+ def test_incremental_no_quadratic_complexity(self):
|
||||
+ # An unterminated construct fed in many small chunks used to take
|
||||
+ # quadratic time, both to rescan and to concatenate the buffer.
|
||||
+ # Now it takes a fraction of a second.
|
||||
+ def check(prefix, chunk, suffix):
|
||||
+ parser = html.parser.HTMLParser()
|
||||
+ parser.feed(prefix)
|
||||
+ for _ in range(200_000):
|
||||
+ parser.feed(chunk)
|
||||
+ parser.feed(suffix)
|
||||
+ parser.close()
|
||||
+ chunk = "a" * 64
|
||||
+ check("<!--", chunk, "-->") # comment
|
||||
+ check("<?", chunk, ">") # processing instruction
|
||||
+ check("<!doctype ", chunk, ">") # doctype
|
||||
+ check("<![CDATA[", chunk, "]]>") # CDATA section
|
||||
+ check("<a href='", chunk, "'>") # start tag
|
||||
+ check("<script>", chunk, "</script>") # RAWTEXT element
|
||||
+
|
||||
|
||||
class AttributesTestCase(TestCaseBase):
|
||||
|
||||
@ -14,7 +14,7 @@ URL: https://www.python.org/
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
Version: %{pybasever}.8
|
||||
Release: 76%{?dist}.alma.1
|
||||
Release: 77%{?dist}.alma.1
|
||||
License: Python
|
||||
|
||||
|
||||
@ -1017,6 +1017,17 @@ Patch480: 00480-cve-2026-4786.patch
|
||||
# Backported from Python 3.10
|
||||
Patch482: 00482-cve-2026-6100.patch
|
||||
|
||||
# 00490 #
|
||||
# CVE-2026-15308
|
||||
#
|
||||
# gh-153030: Fix quadratic complexity in incremental parsing in HTMLParser (GH-153031) (GH-153038)
|
||||
#
|
||||
# When an unterminated construct (e.g. a tag or comment) spanned many
|
||||
# feed() calls, rescanning the growing buffer and concatenating new data
|
||||
# onto it were both quadratic. New data is now accumulated in a list and
|
||||
# only joined and parsed once enough has piled up.
|
||||
Patch490: 00490-cve-2026-15308.patch
|
||||
|
||||
# AlmaLinux Patch
|
||||
Patch1000: python-3.6-almalinux_support.patch
|
||||
|
||||
@ -1400,6 +1411,7 @@ GIT_DIR=$PWD git apply %{PATCH351}
|
||||
%patch478 -p1
|
||||
%patch480 -p1
|
||||
%patch482 -p1
|
||||
%patch490 -p1
|
||||
|
||||
# Applying AlmaLinux Patch
|
||||
%patch1000 -p1 -b .python-36-almalinux_support
|
||||
@ -2334,9 +2346,13 @@ fi
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Tue Apr 28 2026 Eduard Abdullin <eabdullin@almalinux.org> - 3.6.8-76.alma.1
|
||||
* Tue Jul 14 2026 Eduard Abdullin <eabdullin@almalinux.org> - 3.6.8-77.alma.1
|
||||
- Add AlmaLinux to supported distros
|
||||
|
||||
* Fri Jul 10 2026 Lumír Balhar <lbalhar@redhat.com> - 3.6.8-77
|
||||
- Security fix for CVE-2026-15308
|
||||
Resolves: RHEL-193772
|
||||
|
||||
* Fri Apr 17 2026 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-76
|
||||
- Security fixes for CVE-2026-4786, CVE-2026-6100
|
||||
Resolves: RHEL-167890, RHEL-168128
|
||||
|
||||
Loading…
Reference in New Issue
Block a user