search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tdf#148470 if macOS glyph fallback provided a partial result flag what failed
[LibreOffice.git] / external / python3 / 0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
blob489e5d0e89ee1f335bfb10a8ff8166f8bbea388e
1 From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001
2 From: Christian Heimes <christian@python.org>
3 Date: Mon, 24 Sep 2018 14:38:31 +0200
4 Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser
5  (GH-9217) (GH-9512)
6
7 The SAX parser no longer processes general external entities by default
8 to increase security. Before, the parser created network connections
9 to fetch remote files or loaded local files from the file system for DTD
10 and entities.
11
12 Signed-off-by: Christian Heimes <christian@python.org>
13
14 https://bugs.python.org/issue17239.
15 (cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)
16
17 Co-authored-by: Christian Heimes <christian@python.org>
18
19
20
21 https://bugs.python.org/issue17239
22 ---
23  Doc/library/xml.dom.pulldom.rst               | 14 +++++
24  Doc/library/xml.rst                           |  6 +-
25  Doc/library/xml.sax.rst                       |  8 +++
26  Doc/whatsnew/3.6.rst                          | 18 +++++-
27  Lib/test/test_pulldom.py                      |  7 +++
28  Lib/test/test_sax.py                          | 60 ++++++++++++++++++-
29  Lib/test/test_xml_etree.py                    | 13 ++++
30  Lib/xml/sax/expatreader.py                    |  2 +-
31  .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst  |  3 +
32  9 files changed, 125 insertions(+), 6 deletions(-)
33  create mode 100644 Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
34
35 diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py
36 index 421358fa5b..5066ffc2fa 100644
37 --- a/Lib/xml/sax/expatreader.py
38 +++ b/Lib/xml/sax/expatreader.py
39 @@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, xmlreader.Locator):
40          self._lex_handler_prop = None
41          self._parsing = 0
42          self._entity_stack = []
43 -        self._external_ges = 1
44 +        self._external_ges = 0
45          self._interning = None
46  
47      # XMLReader methods
48 diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
49 new file mode 100644
50 index 0000000000..8dd0fe8c1b
51 --- /dev/null
52 +++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
53 @@ -0,0 +1,3 @@
54 +The xml.sax and xml.dom.minidom parsers no longer processes external
55 +entities by default. External DTD and ENTITY declarations no longer
56 +load files or create network connections.
57 -- 
58 2.20.1
59
FREE OFFICE SUITE