Review Request 118270: [doc] explicitly load external entities (after CVE-2014-0191)

Luigi Toscano luigi.toscano at tiscali.it
Sat May 31 01:07:11 BST 2014


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/118270/
-----------------------------------------------------------

(Updated May 31, 2014, 2:07 a.m.)


Review request for Documentation, KDE Frameworks, kdelibs, Rohan Garg, Jonathan Riddell, and Rex Dieter.


Changes
-------

Sorry for the delay. I followed the suggestion and updated the patch to not load from network. After the changes, meinproc4 seems to work correctly. Could you please confirm it?


Bugs: 335001
    http://bugs.kde.org/show_bug.cgi?id=335001


Repository: kdelibs


Description
-------

Use the more modern API function for XML loading and enable the flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Without this change meinproc4 complains (see the referenced bug)

The fix (half of the patch, the other half is on code which was removed) applies to KF5 too, hence the group.

My tests shows that the documentation cache is properly generated as before, and the patch should work even on the old 

Packagers (Ubuntu packagers in CC, as Ubuntu is one of the few distributions where libxml2 has been already patched) could you please test it with a fixed libxml and without, and if possible with KF5 as well?


Diffs (updated)
-----

  kdoctools/meinproc.cpp 0894d63 
  kdoctools/xslt.cpp a7265ca 

Diff: https://git.reviewboard.kde.org/r/118270/diff/


Testing
-------

meinproc4 works again


Thanks,

Luigi Toscano

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20140531/c99beffa/attachment.htm>
-------------- next part --------------
_______________________________________________
kde-doc-english mailing list
kde-doc-english at kde.org
https://mail.kde.org/mailman/listinfo/kde-doc-english


More information about the kde-core-devel mailing list