meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191 (kde#335001)
This commit is contained in:
parent
379a767770
commit
2551653d7c
46
kdelibs-r118270.patch
Normal file
46
kdelibs-r118270.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From d31488721660d7592e29f20dda747e1f129e0290 Mon Sep 17 00:00:00 2001
|
||||
From: Luigi Toscano <luigi.toscano@tiscali.it>
|
||||
Date: Thu, 22 May 2014 23:29:09 +0200
|
||||
Subject: [PATCH] Explicitly load external entities (after CVE-2014-0191)
|
||||
|
||||
Use the more modern API function for XML loading and enable the
|
||||
flags which load the external entities, so that meinproc4 can work
|
||||
again after the security changes implemented for CVE-2014-0191.
|
||||
|
||||
BUG: 335001
|
||||
---
|
||||
kdoctools/meinproc.cpp | 4 ++--
|
||||
kdoctools/xslt.cpp | 2 +-
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
|
||||
index 0894d63..c4e963f 100644
|
||||
--- a/kdoctools/meinproc.cpp
|
||||
+++ b/kdoctools/meinproc.cpp
|
||||
@@ -197,8 +197,8 @@ int main(int argc, char **argv) {
|
||||
|
||||
if (style_sheet != NULL) {
|
||||
|
||||
- xmlDocPtr doc = xmlParseFile( QFile::encodeName( checkFilename ).constData() );
|
||||
-
|
||||
+ xmlDocPtr doc = xmlReadFile( QFile::encodeName( checkFilename ).constData(),
|
||||
+ NULL, XML_PARSE_NOENT|XML_PARSE_DTDLOAD );
|
||||
xmlDocPtr res = xsltApplyStylesheet(style_sheet, doc, ¶ms[0]);
|
||||
|
||||
xmlFreeDoc(doc);
|
||||
diff --git a/kdoctools/xslt.cpp b/kdoctools/xslt.cpp
|
||||
index a7265ca..0e7047d 100644
|
||||
--- a/kdoctools/xslt.cpp
|
||||
+++ b/kdoctools/xslt.cpp
|
||||
@@ -157,7 +157,7 @@ QString transform( const QString &pat, const QString& tss,
|
||||
|
||||
INFO(i18n("Parsing document"));
|
||||
|
||||
- xmlDocPtr doc = xmlParseFile(QFile::encodeName(pat));
|
||||
+ xmlDocPtr doc = xmlReadFile(QFile::encodeName(pat), NULL, XML_PARSE_NOENT|XML_PARSE_DTDLOAD);
|
||||
xsltTransformContextPtr ctxt;
|
||||
|
||||
ctxt = xsltNewTransformContext(style_sheet, doc);
|
||||
--
|
||||
2.0.0.rc2
|
||||
|
10
kdelibs.spec
10
kdelibs.spec
@ -39,7 +39,7 @@
|
||||
|
||||
Summary: KDE Libraries
|
||||
Version: 4.13.1
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
|
||||
Name: kdelibs
|
||||
Epoch: 6
|
||||
@ -144,6 +144,10 @@ Patch53: kdelibs-4.7.2-kjs-s390.patch
|
||||
# return valid locale (RFC 1766)
|
||||
Patch54: kdelibs-4.8.4-kjs-locale.patch
|
||||
|
||||
# meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191
|
||||
# http://bugs.kde.org/335001 , https://git.reviewboard.kde.org/r/118270
|
||||
Patch55: kdelibs-r118270.patch
|
||||
|
||||
# make filter working, TODO: upstream? -- rex
|
||||
Patch59: kdelibs-4.9.3-kcm_ssl.patch
|
||||
|
||||
@ -356,6 +360,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
||||
%patch52 -p1 -b .SOLID_UPNP
|
||||
%patch53 -p1 -b .kjs-s390
|
||||
%patch54 -p1 -b .kjs-locale
|
||||
%patch55 -p1 -b .r118270
|
||||
%patch59 -p1 -b .filter
|
||||
%patch61 -p1 -b .dot
|
||||
%patch62 -p1 -b .arm-plasma
|
||||
@ -624,6 +629,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri May 23 2014 Rex Dieter <rdieter@fedoraproject.org> - 6:4.13.1-2
|
||||
- meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191 (kde#335001)
|
||||
|
||||
* Sat May 10 2014 Rex Dieter <rdieter@fedoraproject.org> - 6:4.13.1-1
|
||||
- 4.13.1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user