nokogiri-xmlsec1 0.0.9 → 0.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/dependencies.yml +1 -1
- data/lib/xmlsec/version.rb +1 -1
- data/ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +29 -0
- data/ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +31 -0
- metadata +3 -12
- data/ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch +0 -265
- data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch +0 -102
- data/ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch +0 -26
- data/ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch +0 -26
- data/ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch +0 -158
- data/ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch +0 -78
- data/ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch +0 -480
- data/ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch +0 -315
- data/ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch +0 -37
- data/ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch +0 -2006
- data/ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch +0 -39
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001
|
|
2
|
-
From: Daniel Veillard <veillard@redhat.com>
|
|
3
|
-
Date: Tue, 22 Apr 2014 15:30:56 +0800
|
|
4
|
-
Subject: [PATCH] Do not fetch external parameter entities
|
|
5
|
-
|
|
6
|
-
Unless explicitely asked for when validating or replacing entities
|
|
7
|
-
with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com>
|
|
8
|
-
---
|
|
9
|
-
parser.c | 14 ++++++++++++++
|
|
10
|
-
1 file changed, 14 insertions(+)
|
|
11
|
-
|
|
12
|
-
diff --git a/parser.c b/parser.c
|
|
13
|
-
index 9347ac9..c0dea05 100644
|
|
14
|
-
--- a/parser.c
|
|
15
|
-
+++ b/parser.c
|
|
16
|
-
@@ -2598,6 +2598,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
|
|
17
|
-
xmlCharEncoding enc;
|
|
18
|
-
|
|
19
|
-
/*
|
|
20
|
-
+ * Note: external parsed entities will not be loaded, it is
|
|
21
|
-
+ * not required for a non-validating parser, unless the
|
|
22
|
-
+ * option of validating, or substituting entities were
|
|
23
|
-
+ * given. Doing so is far more secure as the parser will
|
|
24
|
-
+ * only process data coming from the document entity by
|
|
25
|
-
+ * default.
|
|
26
|
-
+ */
|
|
27
|
-
+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
|
|
28
|
-
+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
|
|
29
|
-
+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
|
|
30
|
-
+ (ctxt->validate == 0))
|
|
31
|
-
+ return;
|
|
32
|
-
+
|
|
33
|
-
+ /*
|
|
34
|
-
* handle the extra spaces added before and after
|
|
35
|
-
* c.f. http://www.w3.org/TR/REC-xml#as-PE
|
|
36
|
-
* this is done independently.
|
|
37
|
-
--
|
|
38
|
-
1.8.3.2
|
|
39
|
-
|