/[packages]/updates/8/expat/current/SOURCES/CVE-2022-25236-3.patch
ViewVC logotype

Contents of /updates/8/expat/current/SOURCES/CVE-2022-25236-3.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1790357 - (show annotations) (download)
Fri Mar 11 09:19:06 2022 UTC (2 years ago) by ns80
File size: 1819 byte(s)
- add patches from Ubuntu to fix regressions introduced by security fixes (mga#30145)

1 From c57bea96b73eee1c6d5e288f0f57efbf5238e49a Mon Sep 17 00:00:00 2001
2 From: Sebastian Pipping <sebastian@pipping.org>
3 Date: Tue, 1 Mar 2022 23:04:52 +0100
4 Subject: [PATCH] lib|doc: Add a note on namespace URI validation
5
6 ---
7 expat/doc/reference.html | 8 ++++++++
8 expat/lib/expat.h | 6 ++++++
9 2 files changed, 14 insertions(+)
10
11 --- a/doc/reference.html
12 +++ b/doc/reference.html
13 @@ -936,6 +936,14 @@ the local part will be concatenated with
14 to support RDF processors. It is a programming error to use the null separator
15 with <a href= "#XML_SetReturnNSTriplet">namespace triplets</a>.</div>
16
17 +<p><strong>Note:</strong>
18 +Expat does not validate namespace URIs (beyond encoding)
19 +against RFC 3986 today (and is not required to do so with regard to
20 +the XML 1.0 namespaces specification) but it may start doing that
21 +in future releases. Before that, an application using Expat must
22 +be ready to receive namespace URIs containing non-URI characters.
23 +</p>
24 +
25 <pre class="fcndec" id="XML_ParserCreate_MM">
26 XML_Parser XMLCALL
27 XML_ParserCreate_MM(const XML_Char *encoding,
28 --- a/lib/expat.h
29 +++ b/lib/expat.h
30 @@ -226,6 +226,12 @@ XML_ParserCreate(const XML_Char *encodin
31 and the local part will be concatenated without any separator.
32 It is a programming error to use the separator '\0' with namespace
33 triplets (see XML_SetReturnNSTriplet).
34 +
35 + Note that Expat does not validate namespace URIs (beyond encoding)
36 + against RFC 3986 today (and is not required to do so with regard to
37 + the XML 1.0 namespaces specification) but it may start doing that
38 + in future releases. Before that, an application using Expat must
39 + be ready to receive namespace URIs containing non-URI characters.
40 */
41 XMLPARSEAPI(XML_Parser)
42 XML_ParserCreateNS(const XML_Char *encoding, XML_Char namespaceSeparator);

  ViewVC Help
Powered by ViewVC 1.1.30