From daf1af11235eaca95fc44a1d75bca5c4930979a4 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sat, 24 Aug 2013 09:44:40 +0200
Subject: php-pear-Auth-OpenID: import from rawhide

---
 php-openid-2.2.2-cve-2013-4701.patch | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 php-openid-2.2.2-cve-2013-4701.patch

(limited to 'php-openid-2.2.2-cve-2013-4701.patch')

diff --git a/php-openid-2.2.2-cve-2013-4701.patch b/php-openid-2.2.2-cve-2013-4701.patch
new file mode 100644
index 0000000..8529d1b
--- /dev/null
+++ b/php-openid-2.2.2-cve-2013-4701.patch
@@ -0,0 +1,17 @@
+diff -Nur php-openid-2.2.2.orig/Auth/Yadis/XML.php php-openid-2.2.2/Auth/Yadis/XML.php
+--- php-openid-2.2.2.orig/Auth/Yadis/XML.php	2011-01-19 15:25:39.000000000 -0700
++++ php-openid-2.2.2/Auth/Yadis/XML.php	2013-08-23 21:39:13.818386179 -0600
+@@ -235,6 +235,13 @@
+         }
+ 
+         if (!@$this->doc->loadXML($xml_string)) {
++ 	 // disable external entities and libxml errors
++ 	 $loader = libxml_disable_entity_loader(true);
++ 	 $errors = libxml_use_internal_errors(true);
++ 	 $parse_result = @$this->doc->loadXML($xml_string);
++ 	 libxml_disable_entity_loader($loader);
++ 	 libxml_use_internal_errors($errors);
++ 	if (!$parse_result) {
+             return false;
+         }
+ 
-- 
cgit