[OE-core] revert e7fca5d looks wrong.
Burton, Ross
ross.burton at intel.com
Thu Jun 29 16:31:10 UTC 2017
On 28 June 2017 at 17:58, akuster808 <akuster808 at gmail.com> wrote:
> Please double check the revert in master. Is the commit message wrong or
> did the wrong thing get removed?
>
>
The revert in master:
libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading
even local"
.../libxml/libxml2/CVE-2016-9318.patch | 207
---------------------
-From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
-From: Doran Moppert <dmoppert at redhat.com>
-Date: Fri, 7 Apr 2017 16:45:56 +0200
-Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
- even local
So the commit message matches the summary of the patch being deleted.
The addition of this patch:
libxml2: CVE-2016-9318
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
new file mode 100644
index 00000000000..3581ab83df1
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
@@ -0,0 +1,207 @@
+From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert at redhat.com>
+Date: Fri, 7 Apr 2017 16:45:56 +0200
+Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
+ even local
So the addition of the patch also matches.
The revert actually happened upstream:
https://git.gnome.org/browse/libxml2/commit/id=030b1f7a27c22f9237eddca49ec5e620b6258d7d
Conclusion: I think the patch is good.
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170629/d4bb9549/attachment-0002.html>
More information about the Openembedded-core
mailing list