diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2015-10-19 15:39:54 +0300 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2015-10-19 15:39:54 +0300 |
commit | 76d018a8af27653c40229684724c185830b1c482 (patch) | |
tree | 4765d32bae0948b8e929564d6eba54de1675b7a3 /debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch | |
parent | 5beef1c7a526e014a37ca8a422911e574d3e6951 (diff) | |
parent | 76c19f4d5b3328c05649314336d27c1f44a49e96 (diff) | |
download | libxml2-76d018a8af27653c40229684724c185830b1c482.tar.gz |
Merge branch 'master' of git://anonscm.debian.org/debian-xml-sgml/libxml2
Diffstat (limited to 'debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch')
-rw-r--r-- | debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch b/debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch deleted file mode 100644 index d9fc108..0000000 --- a/debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: Daniel Veillard <veillard@redhat.com> -Date: Wed, 11 Jun 2014 16:54:32 +0800 -Subject: Fix regressions introduced by CVE-2014-0191 patch - -A number of issues have been raised after the fix, and this patch -tries to correct all of them, though most were related to -postvalidation. -https://bugzilla.gnome.org/show_bug.cgi?id=730290 -and other reports on list, off-list and on Red Hat bugzilla ---- - parser.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/parser.c b/parser.c -index 8aad7b4..ea0ea65 100644 ---- a/parser.c -+++ b/parser.c -@@ -2595,8 +2595,8 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { - xmlCharEncoding enc; - - /* -- * Note: external parsed entities will not be loaded, it is -- * not required for a non-validating parser, unless the -+ * Note: external parameter entities will not be loaded, it -+ * is not required for a non-validating parser, unless the - * option of validating, or substituting entities were - * given. Doing so is far more secure as the parser will - * only process data coming from the document entity by -@@ -2605,6 +2605,9 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { - if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && - ((ctxt->options & XML_PARSE_NOENT) == 0) && - ((ctxt->options & XML_PARSE_DTDVALID) == 0) && -+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && -+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) && -+ (ctxt->replaceEntities == 0) && - (ctxt->validate == 0)) - return; - -@@ -12609,6 +12612,9 @@ xmlIOParseDTD(xmlSAXHandlerPtr sax, xmlParserInputBufferPtr input, - return(NULL); - } - -+ /* We are loading a DTD */ -+ ctxt->options |= XML_PARSE_DTDLOAD; -+ - /* - * Set-up the SAX context - */ -@@ -12736,6 +12742,9 @@ xmlSAXParseDTD(xmlSAXHandlerPtr sax, const xmlChar *ExternalID, - return(NULL); - } - -+ /* We are loading a DTD */ -+ ctxt->options |= XML_PARSE_DTDLOAD; -+ - /* - * Set-up the SAX context - */ |