[kdelibs] backport another meinproc/libxml2 fix (kde#335001)

Rex Dieter rdieter at fedoraproject.org
Thu Jun 19 14:51:24 UTC 2014 

commit 865d28c0b7adc3b4071c2dcbe6d466e873e075b0
Author: Rex Dieter <rdieter at math.unl.edu>
Date:   Thu Jun 19 08:49:53 2014 -0500

    backport another meinproc/libxml2 fix (kde#335001)

 ...global-loading-of-DTD-and-entities-no-mor.patch |   36 ++++++++++++++++++++
 kdelibs.spec                                       |    9 ++++-
 2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch b/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
new file mode 100644
index 0000000..974eab1
--- /dev/null
+++ b/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
@@ -0,0 +1,36 @@
+From 684bb98b31d338d85e1e6089cac381a507a5b4d8 Mon Sep 17 00:00:00 2001
+From: Luigi Toscano <luigi.toscano at tiscali.it>
+Date: Fri, 13 Jun 2014 02:41:50 +0200
+Subject: [PATCH 06/12] Do not set global loading of DTD and entities, no more
+ needed
+
+The global settings have been replaced by the fine-grained
+parameters passed to xmlReadFile.
+Moreover a libxml2 regression prevents those parameters from
+being used when the patch for CVE-2014-0191 is applied, see
+https://bugzilla.gnome.org/show_bug.cgi?id=730290
+A new libxml2 patch is going to be deployed soon, but anyway
+this code works even without setting those parameters.
+
+CCBUG: 335001
+---
+ kdoctools/meinproc.cpp | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
+index 0467f22..de4fbc8 100644
+--- a/kdoctools/meinproc.cpp
++++ b/kdoctools/meinproc.cpp
+@@ -157,9 +157,6 @@ int main(int argc, char **argv) {
+         }
+     }
+ 
+-    xmlSubstituteEntitiesDefault(1);
+-    xmlLoadExtDtdDefaultValue = 1;
+-
+     QVector<const char *> params;
+ #ifndef Q_WS_WIN
+     // libxslt parses the path given to outputFile as XPath expression which fails
+-- 
+1.8.3.1
+
diff --git a/kdelibs.spec b/kdelibs.spec
index 83afdce..1d85b17 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -39,7 +39,7 @@
 
 Summary: KDE Libraries
 Version: 4.13.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 
 Name: kdelibs
 Epoch: 6
@@ -173,6 +173,8 @@ Patch092: return-application-icons-properly.patch
 # revert disabling of packagekit
 Patch093: turn-the-packagekit-support-feature-off-by-default.patch
 
+Patch106: 0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
+
 ## security fix
 Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
 
@@ -373,6 +375,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
 %patch092 -p1 -R -b .return-application-icons-properly
 %patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default
 
+%patch106 -p1 -b .0006
+
 # security fixes
 %patch158 -p1 -b .0008
 
@@ -631,6 +635,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
 
 
 %changelog
+* Thu Jun 19 2014 Rex Dieter <rdieter at fedoraproject.org> 6:4.13.2-5
+- backport another meinproc/libxml2 fix (kde#335001)
+
 * Thu Jun 19 2014 Rex Dieter <rdieter at fedoraproject.org> 6:4.13.2-4
 - POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)

More information about the scm-commits mailing list