Review Request 118270: [doc] explicitly load external entities (after CVE-2014-0191)

Commit Hook null at kde.org
Wed Jun 4 20:40:32 UTC 2014 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/118270/#review59243
-----------------------------------------------------------


This review has been submitted with commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a by Luigi Toscano to branch KDE/4.13.

- Commit Hook


On June 3, 2014, 1:50 p.m., Luigi Toscano wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/118270/
> -----------------------------------------------------------
> 
> (Updated June 3, 2014, 1:50 p.m.)
> 
> 
> Review request for Documentation, KDE Frameworks, kdelibs, Rohan Garg, Jonathan Riddell, Luc Menut, and Rex Dieter.
> 
> 
> Bugs: 335001
>     http://bugs.kde.org/show_bug.cgi?id=335001
> 
> 
> Repository: kdelibs
> 
> 
> Description
> -------
> 
> Use the more modern API function for XML loading and enable the flags which load the external entities, so that meinproc4 can work
> again after the security changes implemented for CVE-2014-0191.
> Without this change meinproc4 complains (see the referenced bug)
> 
> The fix (half of the patch, the other half is on code which was removed) applies to KF5 too, hence the group.
> 
> My tests shows that the documentation cache is properly generated as before, and the patch should work even on the old 
> 
> Packagers (Ubuntu packagers in CC, as Ubuntu is one of the few distributions where libxml2 has been already patched) could you please test it with a fixed libxml and without, and if possible with KF5 as well?
> 
> 
> Diffs
> -----
> 
>   kdoctools/meinproc.cpp 0894d63 
>   kdoctools/xslt.cpp a7265ca 
> 
> Diff: https://git.reviewboard.kde.org/r/118270/diff/
> 
> 
> Testing
> -------
> 
> meinproc4 works again
> 
> 
> Thanks,
> 
> Luigi Toscano
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20140604/8ca00906/attachment.html>

More information about the Kde-frameworks-devel mailing list