Review Request 118270: [doc] explicitly load external entities (after CVE-2014-0191)
Luigi Toscano
luigi.toscano at tiscali.it
Sat May 31 01:07:11 BST 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/118270/
-----------------------------------------------------------
(Updated May 31, 2014, 2:07 a.m.)
Review request for Documentation, KDE Frameworks, kdelibs, Rohan Garg, Jonathan Riddell, and Rex Dieter.
Changes
-------
Sorry for the delay. I followed the suggestion and updated the patch to not load from network. After the changes, meinproc4 seems to work correctly. Could you please confirm it?
Bugs: 335001
http://bugs.kde.org/show_bug.cgi?id=335001
Repository: kdelibs
Description
-------
Use the more modern API function for XML loading and enable the flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Without this change meinproc4 complains (see the referenced bug)
The fix (half of the patch, the other half is on code which was removed) applies to KF5 too, hence the group.
My tests shows that the documentation cache is properly generated as before, and the patch should work even on the old
Packagers (Ubuntu packagers in CC, as Ubuntu is one of the few distributions where libxml2 has been already patched) could you please test it with a fixed libxml and without, and if possible with KF5 as well?
Diffs (updated)
-----
kdoctools/meinproc.cpp 0894d63
kdoctools/xslt.cpp a7265ca
Diff: https://git.reviewboard.kde.org/r/118270/diff/
Testing
-------
meinproc4 works again
Thanks,
Luigi Toscano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20140531/c99beffa/attachment.htm>
-------------- next part --------------
_______________________________________________
kde-doc-english mailing list
kde-doc-english at kde.org
https://mail.kde.org/mailman/listinfo/kde-doc-english
More information about the kde-core-devel
mailing list