gnu: libxml2: Fix CVE-2017-{0663,7375,7376,9047,9048,9049,9050}.
* gnu/packages/patches/libxml2-CVE-2017-0663.patch, gnu/packages/patches/libxml2-CVE-2017-7375.patch, gnu/packages/patches/libxml2-CVE-2017-7376.patch, gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch, gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. Signed-off-by: Marius Bakke <mbakke@fastmail.com>
This commit is contained in:
parent
ff54f194f3
commit
76fed2b3c4
|
@ -803,6 +803,11 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libxcb-python-3.5-compat.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2016-4658.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2016-5131.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2017-0663.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2017-7375.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2017-7376.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch \
|
||||
%D%/packages/patches/libxslt-generated-ids.patch \
|
||||
%D%/packages/patches/libxslt-CVE-2016-4738.patch \
|
||||
%D%/packages/patches/libxt-guix-search-paths.patch \
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
Fix CVE-2017-0663:
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
|
||||
https://security-tracker.debian.org/tracker/CVE-2017-0663
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
|
||||
|
||||
From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Tue, 6 Jun 2017 12:56:28 +0200
|
||||
Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace
|
||||
|
||||
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
|
||||
namespace declarations make no practical sense anyway.
|
||||
|
||||
Fixes bug 780228.
|
||||
|
||||
Found with libFuzzer and ASan.
|
||||
---
|
||||
valid.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/valid.c b/valid.c
|
||||
index 8075d3a0..c51ea290 100644
|
||||
--- a/valid.c
|
||||
+++ b/valid.c
|
||||
@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
|
||||
}
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
|
||||
+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
|
||||
+ * no practical sense to use ID types anyway.
|
||||
+ */
|
||||
+#if 0
|
||||
/* Validity Constraint: ID uniqueness */
|
||||
if (attrDecl->atype == XML_ATTRIBUTE_ID) {
|
||||
if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
|
||||
@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
|
||||
if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
|
||||
ret = 0;
|
||||
}
|
||||
+#endif
|
||||
|
||||
/* Validity Constraint: Notation Attributes */
|
||||
if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
|
||||
--
|
||||
2.14.1
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
Fix CVE-2017-7375:
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
|
||||
https://security-tracker.debian.org/tracker/CVE-2017-7375
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
|
||||
|
||||
From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
|
||||
From: Neel Mehta <nmehta@google.com>
|
||||
Date: Fri, 7 Apr 2017 17:43:02 +0200
|
||||
Subject: [PATCH] Prevent unwanted external entity reference
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=780691
|
||||
|
||||
* parser.c: add a specific check to avoid PE reference
|
||||
---
|
||||
parser.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index 609a2703..c2c812de 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
|
||||
if (xmlPushInput(ctxt, input) < 0)
|
||||
return;
|
||||
} else {
|
||||
+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
|
||||
+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
|
||||
+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
|
||||
+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
|
||||
+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
|
||||
+ (ctxt->replaceEntities == 0) &&
|
||||
+ (ctxt->validate == 0))
|
||||
+ return;
|
||||
+
|
||||
/*
|
||||
* TODO !!!
|
||||
* handle the extra spaces added before and after
|
||||
--
|
||||
2.14.1
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
Fix CVE-2017-7376:
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
|
||||
https://security-tracker.debian.org/tracker/CVE-2017-7376
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
|
||||
|
||||
From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Veillard <veillard@redhat.com>
|
||||
Date: Fri, 7 Apr 2017 17:13:28 +0200
|
||||
Subject: [PATCH] Increase buffer space for port in HTTP redirect support
|
||||
|
||||
For https://bugzilla.gnome.org/show_bug.cgi?id=780690
|
||||
|
||||
nanohttp.c: the code wrongly assumed a short int port value.
|
||||
---
|
||||
nanohttp.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/nanohttp.c b/nanohttp.c
|
||||
index e109ad75..373425de 100644
|
||||
--- a/nanohttp.c
|
||||
+++ b/nanohttp.c
|
||||
@@ -1423,9 +1423,9 @@ retry:
|
||||
if (ctxt->port != 80) {
|
||||
/* reserve space for ':xxxxx', incl. potential proxy */
|
||||
if (proxy)
|
||||
- blen += 12;
|
||||
+ blen += 17;
|
||||
else
|
||||
- blen += 6;
|
||||
+ blen += 11;
|
||||
}
|
||||
bp = (char*)xmlMallocAtomic(blen);
|
||||
if ( bp == NULL ) {
|
||||
--
|
||||
2.14.1
|
||||
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,319 @@
|
|||
Fix CVE-2017-{9049,9050}:
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public)
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public)
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
|
||||
http://www.openwall.com/lists/oss-security/2017/05/15/1
|
||||
https://security-tracker.debian.org/tracker/CVE-2017-9049
|
||||
https://security-tracker.debian.org/tracker/CVE-2017-9050
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
|
||||
|
||||
Changes to 'runtest.c' are removed since they introduce test failure
|
||||
when applying to libxml2 2.9.4 release tarball.
|
||||
|
||||
From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Mon, 5 Jun 2017 15:37:17 +0200
|
||||
Subject: [PATCH] Fix handling of parameter-entity references
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
There were two bugs where parameter-entity references could lead to an
|
||||
unexpected change of the input buffer in xmlParseNameComplex and
|
||||
xmlDictLookup being called with an invalid pointer.
|
||||
|
||||
Percent sign in DTD Names
|
||||
=========================
|
||||
|
||||
The NEXTL macro used to call xmlParserHandlePEReference. When parsing
|
||||
"complex" names inside the DTD, this could result in entity expansion
|
||||
which created a new input buffer. The fix is to simply remove the call
|
||||
to xmlParserHandlePEReference from the NEXTL macro. This is safe because
|
||||
no users of the macro require expansion of parameter entities.
|
||||
|
||||
- xmlParseNameComplex
|
||||
- xmlParseNCNameComplex
|
||||
- xmlParseNmtoken
|
||||
|
||||
The percent sign is not allowed in names, which are grammatical tokens.
|
||||
|
||||
- xmlParseEntityValue
|
||||
|
||||
Parameter-entity references in entity values are expanded but this
|
||||
happens in a separate step in this function.
|
||||
|
||||
- xmlParseSystemLiteral
|
||||
|
||||
Parameter-entity references are ignored in the system literal.
|
||||
|
||||
- xmlParseAttValueComplex
|
||||
- xmlParseCharDataComplex
|
||||
- xmlParseCommentComplex
|
||||
- xmlParsePI
|
||||
- xmlParseCDSect
|
||||
|
||||
Parameter-entity references are ignored outside the DTD.
|
||||
|
||||
- xmlLoadEntityContent
|
||||
|
||||
This function is only called from xmlStringLenDecodeEntities and
|
||||
entities are replaced in a separate step immediately after the function
|
||||
call.
|
||||
|
||||
This bug could also be triggered with an internal subset and double
|
||||
entity expansion.
|
||||
|
||||
This fixes bug 766956 initially reported by Wei Lei and independently by
|
||||
Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
|
||||
involved.
|
||||
|
||||
xmlParseNameComplex with XML_PARSE_OLD10
|
||||
========================================
|
||||
|
||||
When parsing Names inside an expanded parameter entity with the
|
||||
XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
|
||||
GROW macro if the input buffer was exhausted. At the end of the
|
||||
parameter entity's replacement text, this function would then call
|
||||
xmlPopInput which invalidated the input buffer.
|
||||
|
||||
There should be no need to invoke GROW in this situation because the
|
||||
buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
|
||||
at least for UTF-8, in xmlCurrentChar. This also matches the code path
|
||||
executed when XML_PARSE_OLD10 is not set.
|
||||
|
||||
This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
|
||||
Thanks to Marcel Böhme and Thuan Pham for the report.
|
||||
|
||||
Additional hardening
|
||||
====================
|
||||
|
||||
A separate check was added in xmlParseNameComplex to validate the
|
||||
buffer size.
|
||||
---
|
||||
Makefile.am | 18 ++++++++++++++++++
|
||||
parser.c | 18 ++++++++++--------
|
||||
result/errors10/781205.xml | 0
|
||||
result/errors10/781205.xml.err | 21 +++++++++++++++++++++
|
||||
result/errors10/781361.xml | 0
|
||||
result/errors10/781361.xml.err | 13 +++++++++++++
|
||||
result/valid/766956.xml | 0
|
||||
result/valid/766956.xml.err | 9 +++++++++
|
||||
result/valid/766956.xml.err.rdr | 10 ++++++++++
|
||||
runtest.c | 3 +++
|
||||
test/errors10/781205.xml | 3 +++
|
||||
test/errors10/781361.xml | 3 +++
|
||||
test/valid/766956.xml | 2 ++
|
||||
test/valid/dtds/766956.dtd | 2 ++
|
||||
14 files changed, 94 insertions(+), 8 deletions(-)
|
||||
create mode 100644 result/errors10/781205.xml
|
||||
create mode 100644 result/errors10/781205.xml.err
|
||||
create mode 100644 result/errors10/781361.xml
|
||||
create mode 100644 result/errors10/781361.xml.err
|
||||
create mode 100644 result/valid/766956.xml
|
||||
create mode 100644 result/valid/766956.xml.err
|
||||
create mode 100644 result/valid/766956.xml.err.rdr
|
||||
create mode 100644 test/errors10/781205.xml
|
||||
create mode 100644 test/errors10/781361.xml
|
||||
create mode 100644 test/valid/766956.xml
|
||||
create mode 100644 test/valid/dtds/766956.dtd
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 6fc8ffa9..10e716a5 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT)
|
||||
if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
|
||||
rm result.$$name error.$$name ; \
|
||||
fi ; fi ; done)
|
||||
+ @echo "## Error cases regression tests (old 1.0)"
|
||||
+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
|
||||
+ name=`basename $$i`; \
|
||||
+ if [ ! -d $$i ] ; then \
|
||||
+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
|
||||
+ echo New test file $$name ; \
|
||||
+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
|
||||
+ 2> $(srcdir)/result/errors10/$$name.err \
|
||||
+ > $(srcdir)/result/errors10/$$name ; \
|
||||
+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
|
||||
+ else \
|
||||
+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
|
||||
+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
|
||||
+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
|
||||
+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
|
||||
+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
|
||||
+ rm result.$$name error.$$name ; \
|
||||
+ fi ; fi ; done)
|
||||
@echo "## Error cases stream regression tests"
|
||||
-@(for i in $(srcdir)/test/errors/*.xml ; do \
|
||||
name=`basename $$i`; \
|
||||
diff --git a/parser.c b/parser.c
|
||||
index df2efa55..a175ac4e 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
|
||||
ctxt->input->line++; ctxt->input->col = 1; \
|
||||
} else ctxt->input->col++; \
|
||||
ctxt->input->cur += l; \
|
||||
- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
|
||||
} while (0)
|
||||
|
||||
#define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
|
||||
@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
|
||||
len += l;
|
||||
NEXTL(l);
|
||||
c = CUR_CHAR(l);
|
||||
- if (c == 0) {
|
||||
- count = 0;
|
||||
- GROW;
|
||||
- if (ctxt->instate == XML_PARSER_EOF)
|
||||
- return(NULL);
|
||||
- c = CUR_CHAR(l);
|
||||
- }
|
||||
}
|
||||
}
|
||||
if ((len > XML_MAX_NAME_LENGTH) &&
|
||||
@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
|
||||
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
|
||||
return(NULL);
|
||||
}
|
||||
+ if (ctxt->input->cur - ctxt->input->base < len) {
|
||||
+ /*
|
||||
+ * There were a couple of bugs where PERefs lead to to a change
|
||||
+ * of the buffer. Check the buffer size to avoid passing an invalid
|
||||
+ * pointer to xmlDictLookup.
|
||||
+ */
|
||||
+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
|
||||
+ "unexpected change of input buffer");
|
||||
+ return (NULL);
|
||||
+ }
|
||||
if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
|
||||
return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
|
||||
return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
|
||||
diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
|
||||
new file mode 100644
|
||||
index 00000000..e69de29b
|
||||
diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
|
||||
new file mode 100644
|
||||
index 00000000..da15c3f7
|
||||
--- /dev/null
|
||||
+++ b/result/errors10/781205.xml.err
|
||||
@@ -0,0 +1,21 @@
|
||||
+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
|
||||
+
|
||||
+ %a;
|
||||
+ ^
|
||||
+Entity: line 1:
|
||||
+<:0000
|
||||
+^
|
||||
+Entity: line 1: parser error : DOCTYPE improperly terminated
|
||||
+ %a;
|
||||
+ ^
|
||||
+Entity: line 1:
|
||||
+<:0000
|
||||
+^
|
||||
+namespace error : Failed to parse QName ':0000'
|
||||
+ %a;
|
||||
+ ^
|
||||
+<:0000
|
||||
+ ^
|
||||
+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
|
||||
+
|
||||
+^
|
||||
diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
|
||||
new file mode 100644
|
||||
index 00000000..e69de29b
|
||||
diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
|
||||
new file mode 100644
|
||||
index 00000000..655f41a2
|
||||
--- /dev/null
|
||||
+++ b/result/errors10/781361.xml.err
|
||||
@@ -0,0 +1,13 @@
|
||||
+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
|
||||
+
|
||||
+^
|
||||
+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
|
||||
+
|
||||
+
|
||||
+^
|
||||
+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
|
||||
+
|
||||
+^
|
||||
+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
|
||||
+
|
||||
+^
|
||||
diff --git a/result/valid/766956.xml b/result/valid/766956.xml
|
||||
new file mode 100644
|
||||
index 00000000..e69de29b
|
||||
diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
|
||||
new file mode 100644
|
||||
index 00000000..34b1dae6
|
||||
--- /dev/null
|
||||
+++ b/result/valid/766956.xml.err
|
||||
@@ -0,0 +1,9 @@
|
||||
+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
|
||||
+%ä%ent;
|
||||
+ ^
|
||||
+Entity: line 1: parser error : Content error in the external subset
|
||||
+ %ent;
|
||||
+ ^
|
||||
+Entity: line 1:
|
||||
+value
|
||||
+^
|
||||
diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
|
||||
new file mode 100644
|
||||
index 00000000..77603462
|
||||
--- /dev/null
|
||||
+++ b/result/valid/766956.xml.err.rdr
|
||||
@@ -0,0 +1,10 @@
|
||||
+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
|
||||
+%ä%ent;
|
||||
+ ^
|
||||
+Entity: line 1: parser error : Content error in the external subset
|
||||
+ %ent;
|
||||
+ ^
|
||||
+Entity: line 1:
|
||||
+value
|
||||
+^
|
||||
+./test/valid/766956.xml : failed to parse
|
||||
diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
|
||||
new file mode 100644
|
||||
index 00000000..d9e9e839
|
||||
--- /dev/null
|
||||
+++ b/test/errors10/781205.xml
|
||||
@@ -0,0 +1,3 @@
|
||||
+<!DOCTYPE D [
|
||||
+ <!ENTITY % a "<:0000">
|
||||
+ %a;
|
||||
diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
|
||||
new file mode 100644
|
||||
index 00000000..67476bcb
|
||||
--- /dev/null
|
||||
+++ b/test/errors10/781361.xml
|
||||
@@ -0,0 +1,3 @@
|
||||
+<!DOCTYPE doc [
|
||||
+ <!ENTITY % elem "<!ELEMENT e0000000000">
|
||||
+ %elem;
|
||||
diff --git a/test/valid/766956.xml b/test/valid/766956.xml
|
||||
new file mode 100644
|
||||
index 00000000..19a95a0e
|
||||
--- /dev/null
|
||||
+++ b/test/valid/766956.xml
|
||||
@@ -0,0 +1,2 @@
|
||||
+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
|
||||
+<test/>
|
||||
diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
|
||||
new file mode 100644
|
||||
index 00000000..dddde68b
|
||||
--- /dev/null
|
||||
+++ b/test/valid/dtds/766956.dtd
|
||||
@@ -0,0 +1,2 @@
|
||||
+<!ENTITY % ent "value">
|
||||
+%ä%ent;
|
||||
--
|
||||
2.14.1
|
||||
|
|
@ -16,6 +16,7 @@
|
|||
;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
|
||||
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
|
||||
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
|
||||
;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -110,6 +111,7 @@ hierarchical form with variable field lengths.")
|
|||
(package
|
||||
(name "libxml2")
|
||||
(version "2.9.4")
|
||||
(replacement libxml2/fixed)
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
|
||||
|
@ -138,6 +140,19 @@ hierarchical form with variable field lengths.")
|
|||
project (but it is usable outside of the Gnome platform).")
|
||||
(license license:x11)))
|
||||
|
||||
(define libxml2/fixed
|
||||
(package
|
||||
(inherit libxml2)
|
||||
(source
|
||||
(origin
|
||||
(inherit (package-source libxml2))
|
||||
(patches
|
||||
(search-patches "libxml2-CVE-2017-0663.patch"
|
||||
"libxml2-CVE-2017-7375.patch"
|
||||
"libxml2-CVE-2017-7376.patch"
|
||||
"libxml2-CVE-2017-9047+CVE-2017-9048.patch"
|
||||
"libxml2-CVE-2017-9049+CVE-2017-9050.patch"))))))
|
||||
|
||||
(define-public python-libxml2
|
||||
(package (inherit libxml2)
|
||||
(name "python-libxml2")
|
||||
|
|
Loading…
Reference in New Issue