File CVE-2021-33813.patch of Package jdom

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2021-33813.patch of Package jdom

--- libjdom1-java-1.1.3.orig/src/java/org/jdom/input/SAXBuilder.java
+++ libjdom1-java-1.1.3/src/java/org/jdom/input/SAXBuilder.java
@@ -442,6 +442,11 @@ public class SAXBuilder {
     public void setFeature(String name, boolean value) {
         // Save the specified feature for later.
         features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
+        if (name.equals("http://xml.org/sax/features/external-general-entities")) {
+            // See issue https://github.com/hunterhacker/jdom/issues/189
+            // And PR https://github.com/hunterhacker/jdom/pull/188
+            setExpandEntities(value);
+        }
     }
 
     /**
@@ -766,13 +771,6 @@ public class SAXBuilder {
             internalSetFeature(parser, name, value.booleanValue(), name);
         }
 
-        // Set any user-specified properties on the parser.
-        iter = properties.keySet().iterator();
-        while (iter.hasNext()) {
-            String name = (String)iter.next();
-            internalSetProperty(parser, name, properties.get(name), name);
-        }
-
         if (coreFeatures) {
             // Set validation.
             try {
@@ -810,6 +808,13 @@ public class SAXBuilder {
         }
         catch (SAXNotRecognizedException e) { /* Ignore... */ }
         catch (SAXNotSupportedException  e) { /* Ignore... */ }
+
+        // Set any user-specified properties on the parser.
+        iter = properties.keySet().iterator();
+        while (iter.hasNext()) {
+            String name = (String)iter.next();
+            internalSetProperty(parser, name, properties.get(name), name);
+        }
     }
 
     /**

Places

File CVE-2021-33813.patch of Package jdom

Places