backport another meinproc/libxml2 fix (kde#335001)

2014-06-19 08:49:53 -05:00 · 2014-06-19 08:49:53 -05:00 · 865d28c0b7
parent f9853a30da
commit 865d28c0b7
2 changed files with 44 additions and 1 deletions
--- a/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
+++ b/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
@ -0,0 +1,36 @@
+From 684bb98b31d338d85e1e6089cac381a507a5b4d8 Mon Sep 17 00:00:00 2001
+From: Luigi Toscano <luigi.toscano@tiscali.it>
+Date: Fri, 13 Jun 2014 02:41:50 +0200
+Subject: [PATCH 06/12] Do not set global loading of DTD and entities, no more
+ needed
+
+The global settings have been replaced by the fine-grained
+parameters passed to xmlReadFile.
+Moreover a libxml2 regression prevents those parameters from
+being used when the patch for CVE-2014-0191 is applied, see
+https://bugzilla.gnome.org/show_bug.cgi?id=730290
+A new libxml2 patch is going to be deployed soon, but anyway
+this code works even without setting those parameters.
+
+CCBUG: 335001
+---
+ kdoctools/meinproc.cpp | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
+index 0467f22..de4fbc8 100644
+--- a/kdoctools/meinproc.cpp
+++ b/kdoctools/meinproc.cpp
+@@ -157,9 +157,6 @@ int main(int argc, char **argv) {
+         }
+     }
+ 
+-    xmlSubstituteEntitiesDefault(1);
+-    xmlLoadExtDtdDefaultValue = 1;
+-
+     QVector<const char *> params;
+ #ifndef Q_WS_WIN
+     // libxslt parses the path given to outputFile as XPath expression which fails
+-- 
+1.8.3.1
+
--- a/kdelibs.spec
+++ b/kdelibs.spec
@ -39,7 +39,7 @@

 Summary: KDE Libraries
 Version: 4.13.2
-Release: 4%{?dist}
+Release: 5%{?dist}

 Name: kdelibs
 Epoch: 6
@ -173,6 +173,8 @@ Patch092: return-application-icons-properly.patch
 # revert disabling of packagekit
 Patch093: turn-the-packagekit-support-feature-off-by-default.patch

+Patch106: 0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
+
 ## security fix
 Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch

@ -373,6 +375,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
 %patch092 -p1 -R -b .return-application-icons-properly
 %patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default

+%patch106 -p1 -b .0006
+
 # security fixes
 %patch158 -p1 -b .0008

@ -631,6 +635,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :


 %changelog
+* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 6:4.13.2-5
+- backport another meinproc/libxml2 fix (kde#335001)
+
 * Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 6:4.13.2-4
 - POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)