diff options
Diffstat (limited to 'meta/recipes-core/expat/expat/CVE-2023-52426-001.patch')
-rw-r--r-- | meta/recipes-core/expat/expat/CVE-2023-52426-001.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch new file mode 100644 index 0000000000..c38a334540 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch @@ -0,0 +1,35 @@ +From cdead241d4f1136c2f38d1b28e95073c59753d30 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Thu, 26 Oct 2023 01:40:05 +0200 +Subject: [PATCH] doc/reference.html: Clarify effect of XML_DTD on external + entities + +Defining XML_DTD emnables support for external parameter(!) +entities. External general(!) entities have been supported +even with XML_DTD undefined. (Only now with Expat 2.6.0 +defining XML_GE as 0 can take that away.) + +CVE: CVE-2023-52426 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/cdead241d4f1136c2f38d1b28e95073c59753d30] + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + doc/reference.html | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/reference.html b/doc/reference.html +index 8b0d47d..a30e462 100644 +--- a/doc/reference.html ++++ b/doc/reference.html +@@ -365,7 +365,7 @@ this is defined, default attribute values from an external DTD subset + are reported and attribute value normalization occurs based on the + type of attributes defined in the external subset. Without + this, Expat has a smaller memory footprint and can be faster, but will +-not load external entities or process conditional sections. If defined, makes ++not load external parameter entities or process conditional sections. If defined, makes + the functions <code><a + href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification"> + XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></code> and <code> +-- +2.40.0 + |