Explicitly load external entities
Use the more modern API function for XML loading and enable the flags which load the external entities, so that meinproc4 can work again after the security changes implemented for CVE-2014-0191. Network loading is disabled too now. Please note that, even if the changes to the aforementioned CVE introduced a regression in libxml2, recently fixed upstream, and that the current meinproc code works again once the fix is deployed, nevertheless upstream suggests to not use global settings anymore. CCBUG: 335001 Adapted from the following kdelibs (Qt4 branch) commits: d4fca9ffb31a2383459c89b27f81b10b7ddece1a 684bb98b31d338d85e1e6089cac381a507a5b4d8
parent
08b886b9
Please register or sign in to comment