backport another meinproc/libxml2 fix (kde#335001)
This commit is contained in:
parent
f9853a30da
commit
865d28c0b7
|
@ -0,0 +1,36 @@
|
||||||
|
From 684bb98b31d338d85e1e6089cac381a507a5b4d8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Luigi Toscano <luigi.toscano@tiscali.it>
|
||||||
|
Date: Fri, 13 Jun 2014 02:41:50 +0200
|
||||||
|
Subject: [PATCH 06/12] Do not set global loading of DTD and entities, no more
|
||||||
|
needed
|
||||||
|
|
||||||
|
The global settings have been replaced by the fine-grained
|
||||||
|
parameters passed to xmlReadFile.
|
||||||
|
Moreover a libxml2 regression prevents those parameters from
|
||||||
|
being used when the patch for CVE-2014-0191 is applied, see
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=730290
|
||||||
|
A new libxml2 patch is going to be deployed soon, but anyway
|
||||||
|
this code works even without setting those parameters.
|
||||||
|
|
||||||
|
CCBUG: 335001
|
||||||
|
---
|
||||||
|
kdoctools/meinproc.cpp | 3 ---
|
||||||
|
1 file changed, 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
|
||||||
|
index 0467f22..de4fbc8 100644
|
||||||
|
--- a/kdoctools/meinproc.cpp
|
||||||
|
+++ b/kdoctools/meinproc.cpp
|
||||||
|
@@ -157,9 +157,6 @@ int main(int argc, char **argv) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- xmlSubstituteEntitiesDefault(1);
|
||||||
|
- xmlLoadExtDtdDefaultValue = 1;
|
||||||
|
-
|
||||||
|
QVector<const char *> params;
|
||||||
|
#ifndef Q_WS_WIN
|
||||||
|
// libxslt parses the path given to outputFile as XPath expression which fails
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
|
|
||||||
Summary: KDE Libraries
|
Summary: KDE Libraries
|
||||||
Version: 4.13.2
|
Version: 4.13.2
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
|
|
||||||
Name: kdelibs
|
Name: kdelibs
|
||||||
Epoch: 6
|
Epoch: 6
|
||||||
|
@ -173,6 +173,8 @@ Patch092: return-application-icons-properly.patch
|
||||||
# revert disabling of packagekit
|
# revert disabling of packagekit
|
||||||
Patch093: turn-the-packagekit-support-feature-off-by-default.patch
|
Patch093: turn-the-packagekit-support-feature-off-by-default.patch
|
||||||
|
|
||||||
|
Patch106: 0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
|
||||||
|
|
||||||
## security fix
|
## security fix
|
||||||
Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
|
Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
|
||||||
|
|
||||||
|
@ -373,6 +375,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
||||||
%patch092 -p1 -R -b .return-application-icons-properly
|
%patch092 -p1 -R -b .return-application-icons-properly
|
||||||
%patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default
|
%patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default
|
||||||
|
|
||||||
|
%patch106 -p1 -b .0006
|
||||||
|
|
||||||
# security fixes
|
# security fixes
|
||||||
%patch158 -p1 -b .0008
|
%patch158 -p1 -b .0008
|
||||||
|
|
||||||
|
@ -631,6 +635,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 6:4.13.2-5
|
||||||
|
- backport another meinproc/libxml2 fix (kde#335001)
|
||||||
|
|
||||||
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 6:4.13.2-4
|
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 6:4.13.2-4
|
||||||
- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
|
- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue