diff options
| author | Remi Collet <fedora@famillecollet.com> | 2013-08-24 09:44:40 +0200 |
|---|---|---|
| committer | Remi Collet <fedora@famillecollet.com> | 2013-08-24 09:44:40 +0200 |
| commit | daf1af11235eaca95fc44a1d75bca5c4930979a4 (patch) | |
| tree | 40e16091e56cfa9f9672825d950389cf0add05c0 /php-openid-2.2.2-cve-2013-4701.patch | |
php-pear-Auth-OpenID: import from rawhide
Diffstat (limited to 'php-openid-2.2.2-cve-2013-4701.patch')
| -rw-r--r-- | php-openid-2.2.2-cve-2013-4701.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/php-openid-2.2.2-cve-2013-4701.patch b/php-openid-2.2.2-cve-2013-4701.patch new file mode 100644 index 0000000..8529d1b --- /dev/null +++ b/php-openid-2.2.2-cve-2013-4701.patch @@ -0,0 +1,17 @@ +diff -Nur php-openid-2.2.2.orig/Auth/Yadis/XML.php php-openid-2.2.2/Auth/Yadis/XML.php +--- php-openid-2.2.2.orig/Auth/Yadis/XML.php 2011-01-19 15:25:39.000000000 -0700 ++++ php-openid-2.2.2/Auth/Yadis/XML.php 2013-08-23 21:39:13.818386179 -0600 +@@ -235,6 +235,13 @@ + } + + if (!@$this->doc->loadXML($xml_string)) { ++ // disable external entities and libxml errors ++ $loader = libxml_disable_entity_loader(true); ++ $errors = libxml_use_internal_errors(true); ++ $parse_result = @$this->doc->loadXML($xml_string); ++ libxml_disable_entity_loader($loader); ++ libxml_use_internal_errors($errors); ++ if (!$parse_result) { + return false; + } + |