From 189da93480f9e72c03dbad7ce4a58820d74f6296 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Thu, 3 Jan 2019 10:31:25 +0100
Subject: [PATCH] xmpsdk: Build with -DBanAllEntityUsage=1

Prevent a denial-service-attack related to XML entity expansion
("billion laughs attack").
See https://bugzilla.redhat.com/show_bug.cgi?id=888769

Search for BanAllEntityUsage in xmpsdk/src/ExpatAdapter.cpp

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e44d1dbe769f3b60a3d671be310f4af4f9490e6b)
---
 xmpsdk/CMakeLists.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xmpsdk/CMakeLists.txt b/xmpsdk/CMakeLists.txt
index fa521043..ae011dc3 100644
--- a/xmpsdk/CMakeLists.txt
+++ b/xmpsdk/CMakeLists.txt
@@ -38,6 +38,10 @@ target_include_directories(exiv2-xmp
         ${EXPAT_INCLUDE_DIR}
 )
 
+# Prevent a denial-service-attack related to XML entity expansion
+# ("billion laughs attack").
+# See https://bugzilla.redhat.com/show_bug.cgi?id=888769
+target_compile_definitions(exiv2-xmp PRIVATE BanAllEntityUsage=1)
 if (MSVC)
     target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC)
 endif()