meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

From d5b02e96ab95d2a7ae0aea72d00054b9d036d76d Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Thu, 9 Nov 2023 19:28:05 +0100
Subject: [PATCH] xmlwf: Document argument "-q"

Rebased-and-adapted-by: Snild Dolkow <snild@sony.com>

CVE: CVE-2023-52425

Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/d5b02e96ab95d2a7ae0aea72d00054b9d036d76d]

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
 doc/xmlwf.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/xmlwf.xml b/doc/xmlwf.xml
index 9603abf..3d35393 100644
--- a/doc/xmlwf.xml
+++ b/doc/xmlwf.xml
@@ -313,6 +313,16 @@ supports both.
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><option>-q</option></term>
+        <listitem>
+          <para>
+            Disable reparse deferral, and allow quadratic parse runtime
+            on large tokens (default: reparse deferral enabled).
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>-r</option></term>
         <listitem>
-- 
2.40.0