Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make GMLAS and NAS drivers robust to XML billion laugh attack #10806

Merged
merged 3 commits into from
Sep 18, 2024
Merged

Make GMLAS and NAS drivers robust to XML billion laugh attack #10806

merged 3 commits into from
Sep 18, 2024
+236 −0

Conversation

rouault
Copy link
Member

@rouault rouault commented Sep 15, 2024

No description provided.

@rouault rouault merged commit 8ffe534 into OSGeo:master Sep 18, 2024
37 checks passed
@rouault
Copy link
Member Author

rouault commented Sep 18, 2024

The backport to release/3.9 failed:

The process '/usr/bin/git' failed with exit code 1
stderr 
error: could not apply e8182bb117... NAS: make it robust to XML billion laugh attack
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config advice.mergeConflict false"
stdout 
Auto-merging autotest/ogr/ogr_gml.py
[backport-10806-to-release/3.9 ef86211477] Test that GML driver is robust to XML billion laugh attack
 Author: Even Rouault <even.rouault@spatialys.com>
 Date: Sun Sep 15 22:47:35 2024 +0200
 3 files changed, 109 insertions(+)
 create mode 100644 autotest/ogr/data/gml/billionlaugh.gml
 create mode 100644 autotest/ogr/data/gml/billionlaugh.xsd
Auto-merging autotest/ogr/ogr_nas.py
CONFLICT (content): Merge conflict in autotest/ogr/ogr_nas.py

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-release/3.9 release/3.9
# Navigate to the new working tree
cd .worktrees/backport-release/3.9
# Create a new branch
git switch --create backport-10806-to-release/3.9
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick 640dafca4f90fa315819d6cfc5595ab7c99914b8,e8182bb1170b832405b5fb05189b34ad3873aa93,29d44e663ddcb59594b37932c12fe911eb2054c4
# Push it to GitHub
git push --set-upstream origin backport-10806-to-release/3.9
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-release/3.9

Then, create a pull request where the base branch is release/3.9 and the compare/head branch is backport-10806-to-release/3.9.

@rouault rouault added this to the 3.9.3 milestone Sep 18, 2024
@rouault
Copy link
Member Author

rouault commented Sep 18, 2024
edited
Loading

backported to 3.9 per 94238c9, a3f3fc1 and 0f48711

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport release/3.9
Projects
None yet
Milestone
3.9.3
Development

Successfully merging this pull request may close these issues.
1 participant
@rouault