backport another meinproc/libxml2 fix (kde#335001)
This commit is contained in:
parent
f9853a30da
commit
865d28c0b7
|
@ -0,0 +1,36 @@
|
|||
From 684bb98b31d338d85e1e6089cac381a507a5b4d8 Mon Sep 17 00:00:00 2001
|
||||
From: Luigi Toscano <luigi.toscano@tiscali.it>
|
||||
Date: Fri, 13 Jun 2014 02:41:50 +0200
|
||||
Subject: [PATCH 06/12] Do not set global loading of DTD and entities, no more
|
||||
needed
|
||||
|
||||
The global settings have been replaced by the fine-grained
|
||||
parameters passed to xmlReadFile.
|
||||
Moreover a libxml2 regression prevents those parameters from
|
||||
being used when the patch for CVE-2014-0191 is applied, see
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=730290
|
||||
A new libxml2 patch is going to be deployed soon, but anyway
|
||||
this code works even without setting those parameters.
|
||||
|
||||
CCBUG: 335001
|
||||
---
|
||||
kdoctools/meinproc.cpp | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
|
||||
index 0467f22..de4fbc8 100644
|
||||
--- a/kdoctools/meinproc.cpp
|
||||
+++ b/kdoctools/meinproc.cpp
|
||||
@@ -157,9 +157,6 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
}
|
||||
|
||||
- xmlSubstituteEntitiesDefault(1);
|
||||
- xmlLoadExtDtdDefaultValue = 1;
|
||||
-
|
||||
QVector<const char *> params;
|
||||
#ifndef Q_WS_WIN
|
||||
// libxslt parses the path given to outputFile as XPath expression which fails
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -39,7 +39,7 @@
|
|||
|
||||
Summary: KDE Libraries
|
||||
Version: 4.13.2
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
|
||||
Name: kdelibs
|
||||
Epoch: 6
|
||||
|
@ -173,6 +173,8 @@ Patch092: return-application-icons-properly.patch
|
|||
# revert disabling of packagekit
|
||||
Patch093: turn-the-packagekit-support-feature-off-by-default.patch
|
||||
|
||||
Patch106: 0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
|
||||
|
||||
## security fix
|
||||
Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
|
||||
|
||||
|
@ -373,6 +375,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
|||
%patch092 -p1 -R -b .return-application-icons-properly
|
||||
%patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default
|
||||
|
||||
%patch106 -p1 -b .0006
|
||||
|
||||
# security fixes
|
||||
%patch158 -p1 -b .0008
|
||||
|
||||
|
@ -631,6 +635,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 6:4.13.2-5
|
||||
- backport another meinproc/libxml2 fix (kde#335001)
|
||||
|
||||
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 6:4.13.2-4
|
||||
- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
|
||||
|
||||
|
|
Loading…
Reference in New Issue