diff options
Diffstat (limited to 'meta/recipes-core/expat/expat/CVE-2023-52426-007.patch')
| -rw-r--r-- | meta/recipes-core/expat/expat/CVE-2023-52426-007.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-007.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-007.patch new file mode 100644 index 0000000000..a141bbf915 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2023-52426-007.patch @@ -0,0 +1,53 @@ +From d3f7bbd37bef2565d64f31b549e197a3a414574e Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Thu, 26 Oct 2023 01:39:39 +0200 +Subject: [PATCH] doc/reference.html: Document build time macro XML_GE + +CVE: CVE-2023-52426 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/d3f7bbd37bef2565d64f31b549e197a3a414574e] + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + doc/reference.html | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/doc/reference.html b/doc/reference.html +index 8b0d47d..74ba012 100644 +--- a/doc/reference.html ++++ b/doc/reference.html +@@ -359,6 +359,33 @@ and the definition of character types in the case of + <code>XML_UNICODE_WCHAR_T</code>. The symbols are:</p> + + <dl class="cpp-symbols"> ++<dt><a name="XML_GE">XML_GE</a></dt> ++<dd> ++Added in Expat 2.6.0. ++Include support for ++<a href="https://www.w3.org/TR/2006/REC-xml-20060816/#sec-physical-struct">general entities</a> ++(syntax <code>&e1;</code> to reference and ++syntax <code><!ENTITY e1 'value1'></code> (an internal general entity) or ++<code><!ENTITY e2 SYSTEM 'file2'></code> (an external general entity) to declare). ++With <code>XML_GE</code> enabled, general entities will be replaced by their declared replacement text; ++for this to work for <em>external</em> general entities, in addition an ++<code><a href="#XML_SetExternalEntityRefHandler">XML_ExternalEntityRefHandler</a></code> must be set using ++<code><a href="#XML_SetExternalEntityRefHandler">XML_SetExternalEntityRefHandler</a></code>. ++Also, enabling <code>XML_GE</code> makes ++the functions <code><a href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification"> ++XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></code> and <code> ++<a href="#XML_SetBillionLaughsAttackProtectionActivationThreshold"> ++XML_SetBillionLaughsAttackProtectionActivationThreshold</a></code> available. ++<br/> ++With <code>XML_GE</code> disabled, Expat has a smaller memory footprint and can be faster, but will ++not load external general entities and will replace all general entities ++(except the <a href="https://www.w3.org/TR/2006/REC-xml-20060816/#sec-predefined-ent">predefined five</a>: ++<code>amp</code>, <code>apos</code>, <code>gt</code>, <code>lt</code>, <code>quot</code>) ++with a self-reference: ++for example, referencing an entity <code>e1</code> via <code>&e1;</code> will be replaced ++by text <code>&e1;</code>. ++</dd> ++ + <dt>XML_DTD</dt> + <dd>Include support for using and reporting DTD-based content. If + this is defined, default attribute values from an external DTD subset +-- +2.40.0 |