[pycsw] 01/02: Include changes by Angelos from OSGeo-Live package.
Sebastiaan Couwenberg
sebastic at moszumanska.debian.org
Sat Jun 27 13:43:28 UTC 2015
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch master
in repository pycsw.
commit 6fdc600ac9ecf904e2ef44e8fa20fc5114c74a51
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Sat Jun 27 15:35:01 2015 +0200
Include changes by Angelos from OSGeo-Live package.
Fixed libxml < 2.9 XEE vulnerability.
---
debian/changelog | 12 ++++++++++
debian/patches/libxml2-xee.patch | 51 ++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 64 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 482fd2c..1d831bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+pycsw (1.10.1+dfsg-2) UNRELEASED; urgency=medium
+
+ * Team upload.
+
+ [ Angelos Tzotsos ]
+ * Fixed libxml < 2.9 XEE vulnerability.
+
+ [ Bas Couwenberg ]
+ * Include changes by Angelos from OSGeo-Live package.
+
+ -- Bas Couwenberg <sebastic at debian.org> Sat, 27 Jun 2015 15:31:52 +0200
+
pycsw (1.10.1+dfsg-1) unstable; urgency=medium
* Imported Upstream version 1.10.1+dfsg
diff --git a/debian/patches/libxml2-xee.patch b/debian/patches/libxml2-xee.patch
new file mode 100644
index 0000000..ccb7b0e
--- /dev/null
+++ b/debian/patches/libxml2-xee.patch
@@ -0,0 +1,51 @@
+Description: Fixing libxml < 2.9 xee vulnerability
+ .
+ pycsw (1.10.1+dfsg-2~trusty1) trusty; urgency=medium
+ .
+ * Fixed libxml < 2.9 XEE vulnerability
+Author: Angelos Tzotsos <gcpp.kalxas at gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- a/pycsw/admin.py
++++ b/pycsw/admin.py
+@@ -556,7 +556,7 @@ def validate_xml(xml, xsd):
+ LOGGER.info('Validating %s against schema %s', xml, xsd)
+
+ schema = etree.XMLSchema(file=xsd)
+- parser = etree.XMLParser(schema=schema)
++ parser = etree.XMLParser(schema=schema, resolve_entities=False)
+
+ try:
+ valid = etree.parse(xml, parser)
+--- a/pycsw/server.py
++++ b/pycsw/server.py
+@@ -1285,7 +1285,7 @@ class Csw(object):
+ LOGGER.debug('Validating Filter %s.' %
+ self.kvp['constraint'])
+ schema = etree.XMLSchema(file=schema)
+- parser = etree.XMLParser(schema=schema)
++ parser = etree.XMLParser(schema=schema, resolve_entities=False)
+ doc = etree.fromstring(self.kvp['constraint'], parser)
+ LOGGER.debug('Filter is valid XML.')
+ self.kvp['constraint'] = {}
+@@ -1976,7 +1976,7 @@ class Csw(object):
+
+ LOGGER.debug('Validating %s.' % postdata)
+ schema = etree.XMLSchema(file=schema)
+- parser = etree.XMLParser(schema=schema)
++ parser = etree.XMLParser(schema=schema, resolve_entities=False)
+ if hasattr(self, 'soap') and self.soap:
+ # validate the body of the SOAP request
+ doc = etree.fromstring(etree.tostring(doc), parser)
diff --git a/debian/patches/series b/debian/patches/series
index a92dfd2..5baf84c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
0004-Use-xdg-open-instead-of-firefox-in-desktop-file.patch
0005-Set-default-configuration-path-for-wsgi.patch
0006-Don-t-include-external-references-to-images.patch
+libxml2-xee.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/pycsw.git
More information about the Pkg-grass-devel
mailing list