jdom/CVE-2021-33813.patch

--- libjdom1-java-1.1.3.orig/src/java/org/jdom/input/SAXBuilder.java
+++ libjdom1-java-1.1.3/src/java/org/jdom/input/SAXBuilder.java
@@ -442,6 +442,11 @@ public class SAXBuilder {
     public void setFeature(String name, boolean value) {
         // Save the specified feature for later.
         features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
+        if (name.equals("http://xml.org/sax/features/external-general-entities")) {
+            // See issue https://github.com/hunterhacker/jdom/issues/189
+            // And PR https://github.com/hunterhacker/jdom/pull/188
+            setExpandEntities(value);
+        }
     }
 
     /**
@@ -766,13 +771,6 @@ public class SAXBuilder {
             internalSetFeature(parser, name, value.booleanValue(), name);
         }
 
-        // Set any user-specified properties on the parser.
-        iter = properties.keySet().iterator();
-        while (iter.hasNext()) {
-            String name = (String)iter.next();
-            internalSetProperty(parser, name, properties.get(name), name);
-        }
-
         if (coreFeatures) {
             // Set validation.
             try {
@@ -810,6 +808,13 @@ public class SAXBuilder {
         }
         catch (SAXNotRecognizedException e) { /* Ignore... */ }
         catch (SAXNotSupportedException  e) { /* Ignore... */ }
+
+        // Set any user-specified properties on the parser.
+        iter = properties.keySet().iterator();
+        while (iter.hasNext()) {
+            String name = (String)iter.next();
+            internalSetProperty(parser, name, properties.get(name), name);
+        }
     }
 
     /**
Sync from SUSE:ALP:Source:Standard:1.0 jdom revision 2cc4ed19563040e6a4514bcc168cdc3f 2024-02-19 15:41:14 +01:00			`--- libjdom1-java-1.1.3.orig/src/java/org/jdom/input/SAXBuilder.java`
			`+++ libjdom1-java-1.1.3/src/java/org/jdom/input/SAXBuilder.java`
			`@@ -442,6 +442,11 @@ public class SAXBuilder {`
			`public void setFeature(String name, boolean value) {`
			`// Save the specified feature for later.`
			`features.put(name, value ? Boolean.TRUE : Boolean.FALSE);`
			`+ if (name.equals("http://xml.org/sax/features/external-general-entities")) {`
			`+ // See issue https://github.com/hunterhacker/jdom/issues/189`
			`+ // And PR https://github.com/hunterhacker/jdom/pull/188`
			`+ setExpandEntities(value);`
			`+ }`
			`}`

			`/**`
			`@@ -766,13 +771,6 @@ public class SAXBuilder {`
			`internalSetFeature(parser, name, value.booleanValue(), name);`
			`}`

			`- // Set any user-specified properties on the parser.`
			`- iter = properties.keySet().iterator();`
			`- while (iter.hasNext()) {`
			`- String name = (String)iter.next();`
			`- internalSetProperty(parser, name, properties.get(name), name);`
			`- }`
			`-`
			`if (coreFeatures) {`
			`// Set validation.`
			`try {`
			`@@ -810,6 +808,13 @@ public class SAXBuilder {`
			`}`
			`catch (SAXNotRecognizedException e) { /* Ignore... */ }`
			`catch (SAXNotSupportedException e) { /* Ignore... */ }`
			`+`
			`+ // Set any user-specified properties on the parser.`
			`+ iter = properties.keySet().iterator();`
			`+ while (iter.hasNext()) {`
			`+ String name = (String)iter.next();`
			`+ internalSetProperty(parser, name, properties.get(name), name);`
			`+ }`
			`}`

			`/**`