-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/118270/
-----------------------------------------------------------

(Updated May 31, 2014, 2:07 a.m.)


Review request for Documentation, KDE Frameworks, kdelibs, Rohan Garg, Jonathan 
Riddell, and Rex Dieter.


Changes
-------

Sorry for the delay. I followed the suggestion and updated the patch to not 
load from network. After the changes, meinproc4 seems to work correctly. Could 
you please confirm it?


Bugs: 335001
    http://bugs.kde.org/show_bug.cgi?id=335001


Repository: kdelibs


Description
-------

Use the more modern API function for XML loading and enable the flags which 
load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Without this change meinproc4 complains (see the referenced bug)

The fix (half of the patch, the other half is on code which was removed) 
applies to KF5 too, hence the group.

My tests shows that the documentation cache is properly generated as before, 
and the patch should work even on the old 

Packagers (Ubuntu packagers in CC, as Ubuntu is one of the few distributions 
where libxml2 has been already patched) could you please test it with a fixed 
libxml and without, and if possible with KF5 as well?


Diffs (updated)
-----

  kdoctools/meinproc.cpp 0894d63 
  kdoctools/xslt.cpp a7265ca 

Diff: https://git.reviewboard.kde.org/r/118270/diff/


Testing
-------

meinproc4 works again


Thanks,

Luigi Toscano

_______________________________________________
Kde-frameworks-devel mailing list
Kde-frameworks-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-frameworks-devel

Reply via email to