SHA256
1
0
forked from pool/libvirt
libvirt/d6b27d3e-CVE-2014-0179.patch
James Fehlig 553e9bd059 - Update to libvirt 1.2.4
- Primarily a bug-fix release.  See http://libvirt.org/news.html
    for a detailed list of bug fixes and improvements
  - Drop upstream patches:
    0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch
- libxl: Support ACPI shutdown event
  b98bf811-add-paravirt-shutdown-flag.patch,
  c4fe29f8-use-shutdown-flag.patch, da744120-use-reboot-flag.patch
  bnc#872777
- libx: Support migration
  libxl-migration-support.patch
  bnc#875193

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=369
2014-05-06 18:02:27 +00:00

35 lines
1.4 KiB
Diff

commit d6b27d3e4c40946efa79e91d134616b41b1666c4
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Tue Apr 15 11:20:29 2014 +0100
LSN-2014-0003: Don't expand entities when parsing XML
If the XML_PARSE_NOENT flag is passed to libxml2, then any
entities in the input document will be fully expanded. This
allows the user to read arbitrary files on the host machine
by creating an entity pointing to a local file. Removing
the XML_PARSE_NOENT flag means that any entities are left
unchanged by the parser, or expanded to "" by the XPath
APIs.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-1.2.4/src/util/virxml.c
===================================================================
--- libvirt-1.2.4.orig/src/util/virxml.c
+++ libvirt-1.2.4/src/util/virxml.c
@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode,
if (filename) {
xml = xmlCtxtReadFile(pctxt, filename, NULL,
- XML_PARSE_NOENT | XML_PARSE_NONET |
+ XML_PARSE_NONET |
XML_PARSE_NOWARNING);
} else {
xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,
- XML_PARSE_NOENT | XML_PARSE_NONET |
+ XML_PARSE_NONET |
XML_PARSE_NOWARNING);
}
if (!xml)