r76218 - in /trunk/libxml-atom-perl: Changes MANIFEST META.yml debian/changelog lib/XML/Atom.pm lib/XML/Atom/Client.pm lib/XML/Atom/Content.pm lib/XML/Atom/Server.pm lib/XML/Atom/Thing.pm t/31-external-entities-libxml.t t/31-external-entities-xpath.t
ansgar at users.alioth.debian.org
ansgar at users.alioth.debian.org
Tue Jun 21 16:23:22 UTC 2011
Author: ansgar
Date: Tue Jun 21 16:23:20 2011
New Revision: 76218
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=76218
Log:
* Team upload.
* New upstream release.
Added:
trunk/libxml-atom-perl/t/31-external-entities-libxml.t
- copied unchanged from r76217, branches/upstream/libxml-atom-perl/current/t/31-external-entities-libxml.t
trunk/libxml-atom-perl/t/31-external-entities-xpath.t
- copied unchanged from r76217, branches/upstream/libxml-atom-perl/current/t/31-external-entities-xpath.t
Modified:
trunk/libxml-atom-perl/Changes
trunk/libxml-atom-perl/MANIFEST
trunk/libxml-atom-perl/META.yml
trunk/libxml-atom-perl/debian/changelog
trunk/libxml-atom-perl/lib/XML/Atom.pm
trunk/libxml-atom-perl/lib/XML/Atom/Client.pm
trunk/libxml-atom-perl/lib/XML/Atom/Content.pm
trunk/libxml-atom-perl/lib/XML/Atom/Server.pm
trunk/libxml-atom-perl/lib/XML/Atom/Thing.pm
Modified: trunk/libxml-atom-perl/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/Changes?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/Changes (original)
+++ trunk/libxml-atom-perl/Changes Tue Jun 21 16:23:20 2011
@@ -1,6 +1,9 @@
$Id$
Revision history for XML::Atom
+
+0.39 2011.06.20
+ * Disabled external entities and network to avoid possible security flaw (yannk)
0.38 2011.05.22
* Fixed a bug where content with newlines wasn't encoded in perl >= 5.12 (emasaka)
Modified: trunk/libxml-atom-perl/MANIFEST
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/MANIFEST?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/MANIFEST (original)
+++ trunk/libxml-atom-perl/MANIFEST Tue Jun 21 16:23:20 2011
@@ -49,6 +49,8 @@
t/28-ext.t
t/29-source.t
t/30-datetime-stringification.t
+t/31-external-entities-libxml.t
+t/31-external-entities-xpath.t
t/samples/atom-1.0.xml
t/samples/entry-euc.xml
t/samples/entry-full.xml
Modified: trunk/libxml-atom-perl/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/META.yml?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/META.yml (original)
+++ trunk/libxml-atom-perl/META.yml Tue Jun 21 16:23:20 2011
@@ -30,4 +30,4 @@
resources:
license: http://dev.perl.org/licenses/
repository: git://github.com/miyagawa/xml-atom.git
-version: 0.38
+version: 0.39
Modified: trunk/libxml-atom-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/debian/changelog?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/debian/changelog (original)
+++ trunk/libxml-atom-perl/debian/changelog Tue Jun 21 16:23:20 2011
@@ -1,3 +1,10 @@
+libxml-atom-perl (0.39-1) unstable; urgency=low
+
+ * Team upload.
+ * New upstream release.
+
+ -- Ansgar Burchardt <ansgar at debian.org> Tue, 21 Jun 2011 18:22:39 +0200
+
libxml-atom-perl (0.38-1) unstable; urgency=low
* Team upload.
Modified: trunk/libxml-atom-perl/lib/XML/Atom.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/lib/XML/Atom.pm?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/lib/XML/Atom.pm (original)
+++ trunk/libxml-atom-perl/lib/XML/Atom.pm Tue Jun 21 16:23:20 2011
@@ -4,7 +4,7 @@
use strict;
use 5.008_001;
-our $VERSION = '0.38';
+our $VERSION = '0.39';
BEGIN {
@XML::Atom::EXPORT = qw( LIBXML DATETIME);
@@ -33,6 +33,26 @@
$XML::Atom::ForceUnicode = 0;
$XML::Atom::DefaultVersion = 0.3;
+}
+
+sub libxml_parser {
+ ## uses old XML::LibXML < 1.70 interface for compat reasons
+ return XML::LibXML->new(
+ #no_network => 1, # v1.63+
+ expand_xinclude => 0,
+ expand_entities => 1,
+ load_ext_dtd => 0,
+ ext_ent_handler => sub { warn "External entities disabled."; '' },
+ );
+}
+
+sub expat_parser {
+ return XML::Parser->new(
+ Handlers => {
+ ExternEnt => sub { warn "External Entities disabled."; '' },
+ ExternEntFin => sub {},
+ },
+ );
}
use base qw( XML::Atom::ErrorHandler Exporter );
Modified: trunk/libxml-atom-perl/lib/XML/Atom/Client.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/lib/XML/Atom/Client.pm?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/lib/XML/Atom/Client.pm (original)
+++ trunk/libxml-atom-perl/lib/XML/Atom/Client.pm Tue Jun 21 16:23:20 2011
@@ -188,7 +188,7 @@
if ($client->use_soap && (my $xml = $res->content)) {
my $doc;
if (LIBXML) {
- my $parser = XML::LibXML->new;
+ my $parser = $client->libxml_parser;
$doc = $parser->parse_string($xml);
} else {
my $xp = XML::XPath->new(xml => $xml);
@@ -218,6 +218,8 @@
}
}
+sub libxml_parser { XML::Atom->libxml_parser }
+
package LWP::UserAgent::AtomClient;
use strict;
use Scalar::Util;
Modified: trunk/libxml-atom-perl/lib/XML/Atom/Content.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/lib/XML/Atom/Content.pm?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/lib/XML/Atom/Content.pm (original)
+++ trunk/libxml-atom-perl/lib/XML/Atom/Content.pm Tue Jun 21 16:23:20 2011
@@ -54,11 +54,12 @@
my $node;
eval {
if (LIBXML) {
- my $parser = XML::LibXML->new;
+ my $parser = XML::Atom->libxml_parser;
my $tree = $parser->parse_string($copy);
$node = $tree->getDocumentElement;
} else {
- my $xp = XML::XPath->new(xml => $copy);
+ my $parser = XML::Atom->expat_parser;
+ my $xp = XML::XPath->new(xml => $copy, parser => $parser);
$node = (($xp->find('/')->get_nodelist)[0]->getChildNodes)[0]
if $xp;
}
Modified: trunk/libxml-atom-perl/lib/XML/Atom/Server.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/lib/XML/Atom/Server.pm?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/lib/XML/Atom/Server.pm (original)
+++ trunk/libxml-atom-perl/lib/XML/Atom/Server.pm Tue Jun 21 16:23:20 2011
@@ -284,7 +284,7 @@
my $server = shift;
unless (exists $server->{xml_body}) {
if (LIBXML) {
- my $parser = XML::LibXML->new;
+ my $parser = $server->libxml_parser;
$server->{xml_body} =
$parser->parse_string($server->request_content);
} else {
@@ -308,6 +308,8 @@
}
$atom;
}
+
+sub libxml_parser { XML::Atom->libxml_parser }
1;
__END__
Modified: trunk/libxml-atom-perl/lib/XML/Atom/Thing.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libxml-atom-perl/lib/XML/Atom/Thing.pm?rev=76218&op=diff
==============================================================================
--- trunk/libxml-atom-perl/lib/XML/Atom/Thing.pm (original)
+++ trunk/libxml-atom-perl/lib/XML/Atom/Thing.pm Tue Jun 21 16:23:20 2011
@@ -22,7 +22,7 @@
my $atom = shift;
my %param = @_ == 1 ? (Stream => $_[0]) : @_;
if (my $stream = delete $param{Stream}) {
- my $parser = XML::LibXML->new;
+ my $parser = delete $param{Parser} || XML::Atom->libxml_parser;
my $doc;
if (ref($stream) eq 'SCALAR') {
$doc = $parser->parse_string($$stream);
@@ -50,13 +50,14 @@
my %param = @_ == 1 ? (Stream => $_[0]) : @_;
my $elem_name = $atom->element_name;
if (my $stream = delete $param{Stream}) {
+ my $parser = delete $param{Parser} || XML::Atom->expat_parser;
my $xp;
if (ref($stream) eq 'SCALAR') {
- $xp = XML::XPath->new(xml => $$stream);
+ $xp = XML::XPath->new(xml => $$stream, parser => $parser);
} elsif (ref($stream)) {
- $xp = XML::XPath->new(ioref => $stream);
+ $xp = XML::XPath->new(ioref => $stream, parser => $parser);
} else {
- $xp = XML::XPath->new(filename => $stream);
+ $xp = XML::XPath->new(filename => $stream, parser => $parser);
}
my $set = $xp->find('/' . $elem_name);
unless ($set && $set->size) {
More information about the Pkg-perl-cvs-commits
mailing list