<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/118270/">https://git.reviewboard.kde.org/r/118270/</a>
</td>
</tr>
</table>
<br />
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Thanks for the fix, it seems to work fine.
I built KDE SC 4.13.1 (Mageia Cauldron) with it with both original and patched libxml2; in the 2 cases, results are the same, and the same as original meinproc4 with unpatched libxml2.
Do we need ressources from network? If all the resources are supposed to be on the local machine, perhaps we should use XML_PARSE_NONET (Forbid network access) option? It is often suggested/recommended to use this option with DTDLOAD and NOENT when it's possible.
https://bugzilla.redhat.com/show_bug.cgi?id=863166#c3</pre>
<br />
<p>- Luc Menut</p>
<br />
<p>On May 23rd, 2014, 8:24 p.m. UTC, Luigi Toscano wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('https://git.reviewboard.kde.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for Documentation, KDE Frameworks, kdelibs, Rohan Garg, Jonathan Riddell, and Rex Dieter.</div>
<div>By Luigi Toscano.</div>
<p style="color: grey;"><i>Updated May 23, 2014, 8:24 p.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="http://bugs.kde.org/show_bug.cgi?id=335001">335001</a>
</div>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kdelibs
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Use the more modern API function for XML loading and enable the flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Without this change meinproc4 complains (see the referenced bug)
The fix (half of the patch, the other half is on code which was removed) applies to KF5 too, hence the group.
My tests shows that the documentation cache is properly generated as before, and the patch should work even on the old
Packagers (Ubuntu packagers in CC, as Ubuntu is one of the few distributions where libxml2 has been already patched) could you please test it with a fixed libxml and without, and if possible with KF5 as well?</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">meinproc4 works again
</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>kdoctools/meinproc.cpp <span style="color: grey">(0894d63)</span></li>
<li>kdoctools/xslt.cpp <span style="color: grey">(a7265ca)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/118270/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>