Review Request 118270: [doc] explicitly load external entities (after CVE-2014-0191)
Luigi Toscano
luigi.toscano at tiscali.it
Tue Jun 3 14:50:52 BST 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/118270/
-----------------------------------------------------------
(Updated June 3, 2014, 3:50 p.m.)
Review request for Documentation, KDE Frameworks, kdelibs, Rohan Garg, Jonathan Riddell, Luc Menut, and Rex Dieter.
Changes
-------
Add Luc, who could have missed the last update
Bugs: 335001
http://bugs.kde.org/show_bug.cgi?id=335001
Repository: kdelibs
Description
-------
Use the more modern API function for XML loading and enable the flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Without this change meinproc4 complains (see the referenced bug)
The fix (half of the patch, the other half is on code which was removed) applies to KF5 too, hence the group.
My tests shows that the documentation cache is properly generated as before, and the patch should work even on the old
Packagers (Ubuntu packagers in CC, as Ubuntu is one of the few distributions where libxml2 has been already patched) could you please test it with a fixed libxml and without, and if possible with KF5 as well?
Diffs
-----
kdoctools/meinproc.cpp 0894d63
kdoctools/xslt.cpp a7265ca
Diff: https://git.reviewboard.kde.org/r/118270/diff/
Testing
-------
meinproc4 works again
Thanks,
Luigi Toscano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20140603/a90b8516/attachment.htm>
More information about the kde-core-devel
mailing list