main/librsvg/CVE-2013-1881a.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

From d83e426fff3f6d0fa6042d0930fb70357db24125 Mon Sep 17 00:00:00 2001
From: Christian Persch <chpe@gnome.org>
Date: Mon, 11 Feb 2013 22:36:30 +0100
Subject: io: Use XML_PARSE_NONET

We don't want to load resources off the net.

Bug #691708.

diff --git a/rsvg-base.c b/rsvg-base.c
index ed383d2..1f88479 100644
--- a/rsvg-base.c
+++ b/rsvg-base.c
@@ -572,6 +572,7 @@ rsvg_start_xinclude (RsvgHandle * ctx, RsvgPropertyBag * atts)
             goto fallback;
 
         xml_parser = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, ctx, NULL, 0, NULL);
+        xml_parser->options |= XML_PARSE_NONET;
 
         buffer = _rsvg_xml_input_buffer_new_from_stream (stream, NULL /* cancellable */, XML_CHAR_ENCODING_NONE, &err);
         g_object_unref (stream);
@@ -1111,6 +1112,7 @@ rsvg_handle_write_impl (RsvgHandle * handle, const guchar * buf, gsize count, GE
     if (handle->priv->ctxt == NULL) {
         handle->priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0,
                                                       rsvg_handle_get_base_uri (handle));
+        handle->priv->ctxt->options |= XML_PARSE_NONET;
 
         /* if false, external entities work, but internal ones don't. if true, internal entities
            work, but external ones don't. favor internal entities, in order to not cause a
@@ -1767,6 +1769,7 @@ rsvg_handle_read_stream_sync (RsvgHandle   *handle,
     if (priv->ctxt == NULL) {
         priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0,
                                               rsvg_handle_get_base_uri (handle));
+        priv->ctxt->options |= XML_PARSE_NONET;
 
         /* if false, external entities work, but internal ones don't. if true, internal entities
            work, but external ones don't. favor internal entities, in order to not cause a
diff --git a/rsvg-css.c b/rsvg-css.c
index 7813098..3f703cc 100644
--- a/rsvg-css.c
+++ b/rsvg-css.c
@@ -836,6 +836,8 @@ rsvg_css_parse_xml_attribute_string (const char *attribute_string)
     xmlSAX2InitDefaultSAXHandler (&handler, 0);
     handler.serror = rsvg_xml_noerror;
     parser = xmlCreatePushParserCtxt (&handler, NULL, tag, strlen (tag) + 1, NULL);
+    parser->options |= XML_PARSE_NONET;
+
     if (xmlParseDocument (parser) != 0)
         goto done;
 
-- 
cgit v0.10.1