Review Request 118270: [doc] explicitly load external entities (after CVE-2014-0191)

Luigi Toscano luigi.toscano at
Wed Jun 4 21:40:33 BST 2014

This is an automatically generated e-mail. To reply, visit:

(Updated June 4, 2014, 8:40 p.m.)


This change has been marked as submitted.

Review request for Documentation, KDE Frameworks, kdelibs, Rohan Garg, Jonathan Riddell, Luc Menut, and Rex Dieter.

Bugs: 335001

Repository: kdelibs


Use the more modern API function for XML loading and enable the flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Without this change meinproc4 complains (see the referenced bug)

The fix (half of the patch, the other half is on code which was removed) applies to KF5 too, hence the group.

My tests shows that the documentation cache is properly generated as before, and the patch should work even on the old 

Packagers (Ubuntu packagers in CC, as Ubuntu is one of the few distributions where libxml2 has been already patched) could you please test it with a fixed libxml and without, and if possible with KF5 as well?


  kdoctools/meinproc.cpp 0894d63 
  kdoctools/xslt.cpp a7265ca 



meinproc4 works again


Luigi Toscano

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
kde-doc-english mailing list
kde-doc-english at

More information about the kde-core-devel mailing list