Description: Protect against XML vulnerabilities
 This patch contains fixes for XML parsing vulnerabilities:
 https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
 https://bugs.tryton.org/issue11219 (CVE-2022-26661)
 https://bugs.tryton.org/issue11244 (CVE-2022-26662)
Author: Cédric Krier <ced@b2ck.com>
Origin: vendor, https://hg.tryton.org/proteus/rev/85eb95f609cf
Bug: https://bugs.tryton.org/issue11219
Bug: https://bugs.tryton.org/issue11244
Forwarded: not-needed
Last-Update: 2022-03-09

--- tryton-proteus-5.0.8.orig/proteus/config.py
+++ tryton-proteus-5.0.8/proteus/config.py
@@ -11,8 +11,12 @@ import urllib.parse
 import xmlrpc.client
 from decimal import Decimal
 
+import defusedxml.xmlrpc
+
 __all__ = ['set_trytond', 'set_xmlrpc', 'get_config']
 
+defusedxml.xmlrpc.monkey_patch()
+
 
 def dump_decimal(self, value, write):
     value = {'__class__': 'Decimal',
--- tryton-proteus-5.0.8.orig/setup.py
+++ tryton-proteus-5.0.8/setup.py
@@ -77,6 +77,7 @@ setup(name=name,
     license='LGPL-3',
     python_requires='>=3.4',
     install_requires=[
+        'defusedxml',
         "python-dateutil",
         ],
     extras_require={