553e9bd059
- Primarily a bug-fix release. See http://libvirt.org/news.html for a detailed list of bug fixes and improvements - Drop upstream patches: 0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch - libxl: Support ACPI shutdown event b98bf811-add-paravirt-shutdown-flag.patch, c4fe29f8-use-shutdown-flag.patch, da744120-use-reboot-flag.patch bnc#872777 - libx: Support migration libxl-migration-support.patch bnc#875193 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=369
35 lines
1.4 KiB
Diff
35 lines
1.4 KiB
Diff
commit d6b27d3e4c40946efa79e91d134616b41b1666c4
|
|
Author: Daniel P. Berrange <berrange@redhat.com>
|
|
Date: Tue Apr 15 11:20:29 2014 +0100
|
|
|
|
LSN-2014-0003: Don't expand entities when parsing XML
|
|
|
|
If the XML_PARSE_NOENT flag is passed to libxml2, then any
|
|
entities in the input document will be fully expanded. This
|
|
allows the user to read arbitrary files on the host machine
|
|
by creating an entity pointing to a local file. Removing
|
|
the XML_PARSE_NOENT flag means that any entities are left
|
|
unchanged by the parser, or expanded to "" by the XPath
|
|
APIs.
|
|
|
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
Index: libvirt-1.2.4/src/util/virxml.c
|
|
===================================================================
|
|
--- libvirt-1.2.4.orig/src/util/virxml.c
|
|
+++ libvirt-1.2.4/src/util/virxml.c
|
|
@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode,
|
|
|
|
if (filename) {
|
|
xml = xmlCtxtReadFile(pctxt, filename, NULL,
|
|
- XML_PARSE_NOENT | XML_PARSE_NONET |
|
|
+ XML_PARSE_NONET |
|
|
XML_PARSE_NOWARNING);
|
|
} else {
|
|
xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,
|
|
- XML_PARSE_NOENT | XML_PARSE_NONET |
|
|
+ XML_PARSE_NONET |
|
|
XML_PARSE_NOWARNING);
|
|
}
|
|
if (!xml)
|