35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From e44d1dbe769f3b60a3d671be310f4af4f9490e6b Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@cryptomilk.org>
|
|
Date: Thu, 3 Jan 2019 10:31:25 +0100
|
|
Subject: [PATCH 68/70] xmpsdk: Build with -DBanAllEntityUsage=1
|
|
|
|
Prevent a denial-service-attack related to XML entity expansion
|
|
("billion laughs attack").
|
|
See https://bugzilla.redhat.com/show_bug.cgi?id=888769
|
|
|
|
Search for BanAllEntityUsage in xmpsdk/src/ExpatAdapter.cpp
|
|
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
---
|
|
xmpsdk/CMakeLists.txt | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/xmpsdk/CMakeLists.txt b/xmpsdk/CMakeLists.txt
|
|
index fa521043..ae011dc3 100644
|
|
--- a/xmpsdk/CMakeLists.txt
|
|
+++ b/xmpsdk/CMakeLists.txt
|
|
@@ -38,6 +38,10 @@ target_include_directories(exiv2-xmp
|
|
${EXPAT_INCLUDE_DIR}
|
|
)
|
|
|
|
+# Prevent a denial-service-attack related to XML entity expansion
|
|
+# ("billion laughs attack").
|
|
+# See https://bugzilla.redhat.com/show_bug.cgi?id=888769
|
|
+target_compile_definitions(exiv2-xmp PRIVATE BanAllEntityUsage=1)
|
|
if (MSVC)
|
|
target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC)
|
|
endif()
|
|
--
|
|
2.17.2
|
|
|