9d678ed1de
Fix CVE-2021-28957: lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute. https://github.com/lxml/lxml/blob/lxml-4.6.3/CHANGES.txt Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
39 lines
1.4 KiB
Makefile
39 lines
1.4 KiB
Makefile
################################################################################
|
|
#
|
|
# python-lxml
|
|
#
|
|
################################################################################
|
|
|
|
PYTHON_LXML_VERSION = 4.6.3
|
|
PYTHON_LXML_SITE = https://files.pythonhosted.org/packages/e5/21/a2e4517e3d216f0051687eea3d3317557bde68736f038a3b105ac3809247
|
|
PYTHON_LXML_SOURCE = lxml-$(PYTHON_LXML_VERSION).tar.gz
|
|
|
|
# Not including the GPL, because it is used only for the test scripts.
|
|
PYTHON_LXML_LICENSE = BSD-3-Clause, Others
|
|
PYTHON_LXML_LICENSE_FILES = \
|
|
LICENSES.txt \
|
|
doc/licenses/BSD.txt \
|
|
doc/licenses/elementtree.txt \
|
|
src/lxml/isoschematron/resources/rng/iso-schematron.rng
|
|
PYTHON_LXML_CPE_ID_VENDOR = lxml
|
|
PYTHON_LXML_CPE_ID_PRODUCT = lxml
|
|
|
|
# python-lxml can use either setuptools, or distutils as a fallback.
|
|
# So, we use setuptools.
|
|
PYTHON_LXML_SETUP_TYPE = setuptools
|
|
|
|
PYTHON_LXML_DEPENDENCIES = libxml2 libxslt zlib
|
|
HOST_PYTHON_LXML_DEPENDENCIES = host-libxml2 host-libxslt host-zlib
|
|
|
|
# python-lxml needs these scripts in order to properly detect libxml2 and
|
|
# libxslt compiler and linker flags
|
|
PYTHON_LXML_BUILD_OPTS = \
|
|
--xslt-config=$(STAGING_DIR)/usr/bin/xslt-config \
|
|
--xml2-config=$(STAGING_DIR)/usr/bin/xml2-config
|
|
HOST_PYTHON_LXML_BUILD_OPTS = \
|
|
--xslt-config=$(HOST_DIR)/bin/xslt-config \
|
|
--xml2-config=$(HOST_DIR)/bin/xml2-config
|
|
|
|
$(eval $(python-package))
|
|
$(eval $(host-python-package))
|