31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
$OpenBSD: patch-feedparser_feedparser_py,v 1.1 2012/05/25 12:27:33 jasper Exp $
|
|
|
|
Security fix for CVE-2012-2921,
|
|
feedparser DOCTYPE and ENTITY XML Declaration Denial of Service Vulnerability
|
|
|
|
Patch from upstream:
|
|
https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py
|
|
|
|
--- feedparser/feedparser.py.orig Fri May 25 14:24:41 2012
|
|
+++ feedparser/feedparser.py Fri May 25 14:25:48 2012
|
|
@@ -3703,9 +3703,6 @@ def parse(url_file_stream_or_string, etag=None, modifi
|
|
result['bozo'] = 1
|
|
result['bozo_exception'] = NonXMLContentType(bozo_message)
|
|
|
|
- if data is not None:
|
|
- result['version'], data, entities = _stripDoctype(data)
|
|
-
|
|
# ensure that baseuri is an absolute uri using an acceptable URI scheme
|
|
contentloc = http_headers.get('content-location', http_headers.get('Content-Location', ''))
|
|
href = result.get('href', '')
|
|
@@ -3790,6 +3787,9 @@ def parse(url_file_stream_or_string, etag=None, modifi
|
|
'document declared as %s, but parsed as %s' % \
|
|
(result['encoding'], proposed_encoding))
|
|
result['encoding'] = proposed_encoding
|
|
+
|
|
+ if data is not None:
|
|
+ result['version'], data, entities = _stripDoctype(data)
|
|
|
|
if not _XML_AVAILABLE:
|
|
use_strict_parser = 0
|