[kdelibs] backport another meinproc/libxml2 fix (kde#335001)
Rex Dieter
rdieter at fedoraproject.org
Thu Jun 19 14:51:24 UTC 2014
commit 865d28c0b7adc3b4071c2dcbe6d466e873e075b0
Author: Rex Dieter <rdieter at math.unl.edu>
Date: Thu Jun 19 08:49:53 2014 -0500
backport another meinproc/libxml2 fix (kde#335001)
...global-loading-of-DTD-and-entities-no-mor.patch | 36 ++++++++++++++++++++
kdelibs.spec | 9 ++++-
2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch b/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
new file mode 100644
index 0000000..974eab1
--- /dev/null
+++ b/0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
@@ -0,0 +1,36 @@
+From 684bb98b31d338d85e1e6089cac381a507a5b4d8 Mon Sep 17 00:00:00 2001
+From: Luigi Toscano <luigi.toscano at tiscali.it>
+Date: Fri, 13 Jun 2014 02:41:50 +0200
+Subject: [PATCH 06/12] Do not set global loading of DTD and entities, no more
+ needed
+
+The global settings have been replaced by the fine-grained
+parameters passed to xmlReadFile.
+Moreover a libxml2 regression prevents those parameters from
+being used when the patch for CVE-2014-0191 is applied, see
+https://bugzilla.gnome.org/show_bug.cgi?id=730290
+A new libxml2 patch is going to be deployed soon, but anyway
+this code works even without setting those parameters.
+
+CCBUG: 335001
+---
+ kdoctools/meinproc.cpp | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
+index 0467f22..de4fbc8 100644
+--- a/kdoctools/meinproc.cpp
++++ b/kdoctools/meinproc.cpp
+@@ -157,9 +157,6 @@ int main(int argc, char **argv) {
+ }
+ }
+
+- xmlSubstituteEntitiesDefault(1);
+- xmlLoadExtDtdDefaultValue = 1;
+-
+ QVector<const char *> params;
+ #ifndef Q_WS_WIN
+ // libxslt parses the path given to outputFile as XPath expression which fails
+--
+1.8.3.1
+
diff --git a/kdelibs.spec b/kdelibs.spec
index 83afdce..1d85b17 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -39,7 +39,7 @@
Summary: KDE Libraries
Version: 4.13.2
-Release: 4%{?dist}
+Release: 5%{?dist}
Name: kdelibs
Epoch: 6
@@ -173,6 +173,8 @@ Patch092: return-application-icons-properly.patch
# revert disabling of packagekit
Patch093: turn-the-packagekit-support-feature-off-by-default.patch
+Patch106: 0006-Do-not-set-global-loading-of-DTD-and-entities-no-mor.patch
+
## security fix
Patch158: 0008-Don-t-require-a-job-to-handle-messageboxes.patch
@@ -373,6 +375,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
%patch092 -p1 -R -b .return-application-icons-properly
%patch093 -p1 -R -b .turn-the-packagekit-support-feature-off-by-default
+%patch106 -p1 -b .0006
+
# security fixes
%patch158 -p1 -b .0008
@@ -631,6 +635,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
%changelog
+* Thu Jun 19 2014 Rex Dieter <rdieter at fedoraproject.org> 6:4.13.2-5
+- backport another meinproc/libxml2 fix (kde#335001)
+
* Thu Jun 19 2014 Rex Dieter <rdieter at fedoraproject.org> 6:4.13.2-4
- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
More information about the scm-commits
mailing list