1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [gentoo-dev] [PATCH 1/2] glep-0068: Clarify and restrict XML data forma

    From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Sat Oct 8 08:50:01 2022
    Explicitly specify XML 1.0 and link to the specification. Forbid
    "external markup declarations" and processing DTDs to secure against
    common XML attacks.

    Signed-off-by: Michał Górny <mgorny@gentoo.org>
    ---
    glep-0068.rst | 19 +++++++++++++------
    1 file changed, 13 insertions(+), 6 deletions(-)

    diff --git a/glep-0068.rst b/glep-0068.rst
    index 78ac7ea..d3e3611 100644
    --- a/glep-0068.rst
    +++ b/glep-0068.rst
    @@ -6,8 +6,8 @@ Type: Standards Track
    Status: Final
    Version: 1.2
    Created: 2016-03-14
    -Last-Modified: 2022-05-22
    -Post-History: 2016-03-16, 2018-02-20, 2022-05-22
    +Last-Modified: 2022-10-07
    +Post-History: 2016-03-16, 2018-02-20, 2022-05-22, 2022-10-07
    Content-Type: text/x-rst
    Requires: 67
    Replaces: 34, 46, 56
    @@ -59,10 +59,14 @@ Metadata files
    --------------

    This specification provides two kinds of metadata files: category metadata -files and package metadata files. Both kinds of files use XML file format -with structure defined in this GLEP. The XML structure does not use
    -a namespace and must not contain any elements outside the scope of this -specification.
    +files and package metadata files. Both kinds of files use the XML 1.0 file +format [#XML10]_. They must not us