Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev@l.g.o
Cc: "Michał Górny" <mgorny@g.o>
Subject: [gentoo-dev] [PATCH 1/2] glep-0068: Clarify and restrict XML data format
Date: Sat, 08 Oct 2022 06:40:51
Message-Id: 20221008064021.60348-2-mgorny@gentoo.org
In Reply to: [gentoo-dev] [PATCH 0/2] glep-0068: Stricten the XML format by "Michał Górny"
1 Explicitly specify XML 1.0 and link to the specification. Forbid
2 "external markup declarations" and processing DTDs to secure against
3 common XML attacks.
4
5 Signed-off-by: Michał Górny <mgorny@g.o>
6 ---
7 glep-0068.rst | 19 +++++++++++++------
8 1 file changed, 13 insertions(+), 6 deletions(-)
9
10 diff --git a/glep-0068.rst b/glep-0068.rst
11 index 78ac7ea..d3e3611 100644
12 --- a/glep-0068.rst
13 +++ b/glep-0068.rst
14 @@ -6,8 +6,8 @@ Type: Standards Track
15 Status: Final
16 Version: 1.2
17 Created: 2016-03-14
18 -Last-Modified: 2022-05-22
19 -Post-History: 2016-03-16, 2018-02-20, 2022-05-22
20 +Last-Modified: 2022-10-07
21 +Post-History: 2016-03-16, 2018-02-20, 2022-05-22, 2022-10-07
22 Content-Type: text/x-rst
23 Requires: 67
24 Replaces: 34, 46, 56
25 @@ -59,10 +59,14 @@ Metadata files
26 --------------
27
28 This specification provides two kinds of metadata files: category metadata
29 -files and package metadata files. Both kinds of files use XML file format
30 -with structure defined in this GLEP. The XML structure does not use
31 -a namespace and must not contain any elements outside the scope of this
32 -specification.
33 +files and package metadata files. Both kinds of files use the XML 1.0 file
34 +format [#XML10]_. They must not use external markup declarations, as defined
35 +in the XML specification. While they may reference or include a DTD, the parser
36 +must not fetch or process it.
37 +
38 +The data structure of metadata files is defined in this GLEP. The elements
39 +and attributes do not use namespaces. Conforming files must not contain
40 +any elements or attributes that are not defined in this specification.
41
42 Category metadata files are named ``metadata.xml`` and located inside category
43 directories in an ebuild repository. Their structure is described
44 @@ -516,6 +520,9 @@ References
45 .. [#METADATA-DTD] The original metadata.dtd file
46 https://gitweb.gentoo.org/data/dtd.git/tree/metadata.dtd?id=a908a93b5afe295359e0a01814c9bef8b5268bcd
47
48 +.. [#XML10] Extensible Markup Language (XML) 1.0 (Fifth Edition)
49 + https://www.w3.org/TR/xml/
50 +
51 .. [#BCP-47] BCP 47: "Tags for identifying languages",
52 https://tools.ietf.org/rfc/bcp/bcp47.txt
53
54 --
55 2.38.0
Report Message
Find on MARC Find on Google Groups