libvirt/d6b27d3e-CVE-2014-0179.patch

commit d6b27d3e4c40946efa79e91d134616b41b1666c4
Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Tue Apr 15 11:20:29 2014 +0100

    LSN-2014-0003: Don't expand entities when parsing XML
    
    If the XML_PARSE_NOENT flag is passed to libxml2, then any
    entities in the input document will be fully expanded. This
    allows the user to read arbitrary files on the host machine
    by creating an entity pointing to a local file. Removing
    the XML_PARSE_NOENT flag means that any entities are left
    unchanged by the parser, or expanded to "" by the XPath
    APIs.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Index: libvirt-1.2.4/src/util/virxml.c
===================================================================
--- libvirt-1.2.4.orig/src/util/virxml.c
+++ libvirt-1.2.4/src/util/virxml.c
@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode,
 
     if (filename) {
         xml = xmlCtxtReadFile(pctxt, filename, NULL,
-                              XML_PARSE_NOENT | XML_PARSE_NONET |
+                              XML_PARSE_NONET |
                               XML_PARSE_NOWARNING);
     } else {
         xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,
-                             XML_PARSE_NOENT | XML_PARSE_NONET |
+                             XML_PARSE_NONET |
                              XML_PARSE_NOWARNING);
     }
     if (!xml)
- CVE-2014-0179: Don't expand entities when parsing XML d6b27d3e-CVE-2014-0179.patch bnc#873705 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=368 2014-05-06 19:46:39 +02:00			`commit d6b27d3e4c40946efa79e91d134616b41b1666c4`
			`Author: Daniel P. Berrange <berrange@redhat.com>`
			`Date: Tue Apr 15 11:20:29 2014 +0100`

			`LSN-2014-0003: Don't expand entities when parsing XML`

			`If the XML_PARSE_NOENT flag is passed to libxml2, then any`
			`entities in the input document will be fully expanded. This`
			`allows the user to read arbitrary files on the host machine`
			`by creating an entity pointing to a local file. Removing`
			`the XML_PARSE_NOENT flag means that any entities are left`
			`unchanged by the parser, or expanded to "" by the XPath`
			`APIs.`

			`Signed-off-by: Daniel P. Berrange <berrange@redhat.com>`

- Update to libvirt 1.2.4 - Primarily a bug-fix release. See http://libvirt.org/news.html for a detailed list of bug fixes and improvements - Drop upstream patches: 0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch - libxl: Support ACPI shutdown event b98bf811-add-paravirt-shutdown-flag.patch, c4fe29f8-use-shutdown-flag.patch, da744120-use-reboot-flag.patch bnc#872777 - libx: Support migration libxl-migration-support.patch bnc#875193 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=369 2014-05-06 20:02:27 +02:00			`Index: libvirt-1.2.4/src/util/virxml.c`
- CVE-2014-0179: Don't expand entities when parsing XML d6b27d3e-CVE-2014-0179.patch bnc#873705 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=368 2014-05-06 19:46:39 +02:00			`===================================================================`
- Update to libvirt 1.2.4 - Primarily a bug-fix release. See http://libvirt.org/news.html for a detailed list of bug fixes and improvements - Drop upstream patches: 0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch - libxl: Support ACPI shutdown event b98bf811-add-paravirt-shutdown-flag.patch, c4fe29f8-use-shutdown-flag.patch, da744120-use-reboot-flag.patch bnc#872777 - libx: Support migration libxl-migration-support.patch bnc#875193 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=369 2014-05-06 20:02:27 +02:00			`--- libvirt-1.2.4.orig/src/util/virxml.c`
			`+++ libvirt-1.2.4/src/util/virxml.c`
- CVE-2014-0179: Don't expand entities when parsing XML d6b27d3e-CVE-2014-0179.patch bnc#873705 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=368 2014-05-06 19:46:39 +02:00			`@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode,`

			`if (filename) {`
			`xml = xmlCtxtReadFile(pctxt, filename, NULL,`
			`- XML_PARSE_NOENT \| XML_PARSE_NONET \|`
			`+ XML_PARSE_NONET \|`
			`XML_PARSE_NOWARNING);`
			`} else {`
			`xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,`
			`- XML_PARSE_NOENT \| XML_PARSE_NONET \|`
			`+ XML_PARSE_NONET \|`
			`XML_PARSE_NOWARNING);`
			`}`
			`if (!xml)`