gnu: libxml2: Fix CVE-2017-{0663,7375,7376,9047,9048,9049,9050}.
* gnu/packages/patches/libxml2-CVE-2017-0663.patch, gnu/packages/patches/libxml2-CVE-2017-7375.patch, gnu/packages/patches/libxml2-CVE-2017-7376.patch, gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch, gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. Signed-off-by: Marius Bakke <mbakke@fastmail.com>
This commit is contained in:
parent
ff54f194f3
commit
76fed2b3c4
|
@ -803,6 +803,11 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/libxcb-python-3.5-compat.patch \
|
%D%/packages/patches/libxcb-python-3.5-compat.patch \
|
||||||
%D%/packages/patches/libxml2-CVE-2016-4658.patch \
|
%D%/packages/patches/libxml2-CVE-2016-4658.patch \
|
||||||
%D%/packages/patches/libxml2-CVE-2016-5131.patch \
|
%D%/packages/patches/libxml2-CVE-2016-5131.patch \
|
||||||
|
%D%/packages/patches/libxml2-CVE-2017-0663.patch \
|
||||||
|
%D%/packages/patches/libxml2-CVE-2017-7375.patch \
|
||||||
|
%D%/packages/patches/libxml2-CVE-2017-7376.patch \
|
||||||
|
%D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch \
|
||||||
|
%D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch \
|
||||||
%D%/packages/patches/libxslt-generated-ids.patch \
|
%D%/packages/patches/libxslt-generated-ids.patch \
|
||||||
%D%/packages/patches/libxslt-CVE-2016-4738.patch \
|
%D%/packages/patches/libxslt-CVE-2016-4738.patch \
|
||||||
%D%/packages/patches/libxt-guix-search-paths.patch \
|
%D%/packages/patches/libxt-guix-search-paths.patch \
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
Fix CVE-2017-0663:
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
|
||||||
|
https://security-tracker.debian.org/tracker/CVE-2017-0663
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
|
||||||
|
|
||||||
|
From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||||
|
Date: Tue, 6 Jun 2017 12:56:28 +0200
|
||||||
|
Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace
|
||||||
|
|
||||||
|
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
|
||||||
|
namespace declarations make no practical sense anyway.
|
||||||
|
|
||||||
|
Fixes bug 780228.
|
||||||
|
|
||||||
|
Found with libFuzzer and ASan.
|
||||||
|
---
|
||||||
|
valid.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/valid.c b/valid.c
|
||||||
|
index 8075d3a0..c51ea290 100644
|
||||||
|
--- a/valid.c
|
||||||
|
+++ b/valid.c
|
||||||
|
@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
|
||||||
|
+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
|
||||||
|
+ * no practical sense to use ID types anyway.
|
||||||
|
+ */
|
||||||
|
+#if 0
|
||||||
|
/* Validity Constraint: ID uniqueness */
|
||||||
|
if (attrDecl->atype == XML_ATTRIBUTE_ID) {
|
||||||
|
if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
|
||||||
|
@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
|
||||||
|
if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/* Validity Constraint: Notation Attributes */
|
||||||
|
if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
|
||||||
|
--
|
||||||
|
2.14.1
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
Fix CVE-2017-7375:
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
|
||||||
|
https://security-tracker.debian.org/tracker/CVE-2017-7375
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
|
||||||
|
|
||||||
|
From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Neel Mehta <nmehta@google.com>
|
||||||
|
Date: Fri, 7 Apr 2017 17:43:02 +0200
|
||||||
|
Subject: [PATCH] Prevent unwanted external entity reference
|
||||||
|
|
||||||
|
For https://bugzilla.gnome.org/show_bug.cgi?id=780691
|
||||||
|
|
||||||
|
* parser.c: add a specific check to avoid PE reference
|
||||||
|
---
|
||||||
|
parser.c | 9 +++++++++
|
||||||
|
1 file changed, 9 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/parser.c b/parser.c
|
||||||
|
index 609a2703..c2c812de 100644
|
||||||
|
--- a/parser.c
|
||||||
|
+++ b/parser.c
|
||||||
|
@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
|
||||||
|
if (xmlPushInput(ctxt, input) < 0)
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
|
||||||
|
+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
|
||||||
|
+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
|
||||||
|
+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
|
||||||
|
+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
|
||||||
|
+ (ctxt->replaceEntities == 0) &&
|
||||||
|
+ (ctxt->validate == 0))
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* TODO !!!
|
||||||
|
* handle the extra spaces added before and after
|
||||||
|
--
|
||||||
|
2.14.1
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
Fix CVE-2017-7376:
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
|
||||||
|
https://security-tracker.debian.org/tracker/CVE-2017-7376
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
|
||||||
|
|
||||||
|
From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Veillard <veillard@redhat.com>
|
||||||
|
Date: Fri, 7 Apr 2017 17:13:28 +0200
|
||||||
|
Subject: [PATCH] Increase buffer space for port in HTTP redirect support
|
||||||
|
|
||||||
|
For https://bugzilla.gnome.org/show_bug.cgi?id=780690
|
||||||
|
|
||||||
|
nanohttp.c: the code wrongly assumed a short int port value.
|
||||||
|
---
|
||||||
|
nanohttp.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nanohttp.c b/nanohttp.c
|
||||||
|
index e109ad75..373425de 100644
|
||||||
|
--- a/nanohttp.c
|
||||||
|
+++ b/nanohttp.c
|
||||||
|
@@ -1423,9 +1423,9 @@ retry:
|
||||||
|
if (ctxt->port != 80) {
|
||||||
|
/* reserve space for ':xxxxx', incl. potential proxy */
|
||||||
|
if (proxy)
|
||||||
|
- blen += 12;
|
||||||
|
+ blen += 17;
|
||||||
|
else
|
||||||
|
- blen += 6;
|
||||||
|
+ blen += 11;
|
||||||
|
}
|
||||||
|
bp = (char*)xmlMallocAtomic(blen);
|
||||||
|
if ( bp == NULL ) {
|
||||||
|
--
|
||||||
|
2.14.1
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,319 @@
|
||||||
|
Fix CVE-2017-{9049,9050}:
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public)
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public)
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
|
||||||
|
http://www.openwall.com/lists/oss-security/2017/05/15/1
|
||||||
|
https://security-tracker.debian.org/tracker/CVE-2017-9049
|
||||||
|
https://security-tracker.debian.org/tracker/CVE-2017-9050
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
|
||||||
|
|
||||||
|
Changes to 'runtest.c' are removed since they introduce test failure
|
||||||
|
when applying to libxml2 2.9.4 release tarball.
|
||||||
|
|
||||||
|
From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||||
|
Date: Mon, 5 Jun 2017 15:37:17 +0200
|
||||||
|
Subject: [PATCH] Fix handling of parameter-entity references
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
There were two bugs where parameter-entity references could lead to an
|
||||||
|
unexpected change of the input buffer in xmlParseNameComplex and
|
||||||
|
xmlDictLookup being called with an invalid pointer.
|
||||||
|
|
||||||
|
Percent sign in DTD Names
|
||||||
|
=========================
|
||||||
|
|
||||||
|
The NEXTL macro used to call xmlParserHandlePEReference. When parsing
|
||||||
|
"complex" names inside the DTD, this could result in entity expansion
|
||||||
|
which created a new input buffer. The fix is to simply remove the call
|
||||||
|
to xmlParserHandlePEReference from the NEXTL macro. This is safe because
|
||||||
|
no users of the macro require expansion of parameter entities.
|
||||||
|
|
||||||
|
- xmlParseNameComplex
|
||||||
|
- xmlParseNCNameComplex
|
||||||
|
- xmlParseNmtoken
|
||||||
|
|
||||||
|
The percent sign is not allowed in names, which are grammatical tokens.
|
||||||
|
|
||||||
|
- xmlParseEntityValue
|
||||||
|
|
||||||
|
Parameter-entity references in entity values are expanded but this
|
||||||
|
happens in a separate step in this function.
|
||||||
|
|
||||||
|
- xmlParseSystemLiteral
|
||||||
|
|
||||||
|
Parameter-entity references are ignored in the system literal.
|
||||||
|
|
||||||
|
- xmlParseAttValueComplex
|
||||||
|
- xmlParseCharDataComplex
|
||||||
|
- xmlParseCommentComplex
|
||||||
|
- xmlParsePI
|
||||||
|
- xmlParseCDSect
|
||||||
|
|
||||||
|
Parameter-entity references are ignored outside the DTD.
|
||||||
|
|
||||||
|
- xmlLoadEntityContent
|
||||||
|
|
||||||
|
This function is only called from xmlStringLenDecodeEntities and
|
||||||
|
entities are replaced in a separate step immediately after the function
|
||||||
|
call.
|
||||||
|
|
||||||
|
This bug could also be triggered with an internal subset and double
|
||||||
|
entity expansion.
|
||||||
|
|
||||||
|
This fixes bug 766956 initially reported by Wei Lei and independently by
|
||||||
|
Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
|
||||||
|
involved.
|
||||||
|
|
||||||
|
xmlParseNameComplex with XML_PARSE_OLD10
|
||||||
|
========================================
|
||||||
|
|
||||||
|
When parsing Names inside an expanded parameter entity with the
|
||||||
|
XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
|
||||||
|
GROW macro if the input buffer was exhausted. At the end of the
|
||||||
|
parameter entity's replacement text, this function would then call
|
||||||
|
xmlPopInput which invalidated the input buffer.
|
||||||
|
|
||||||
|
There should be no need to invoke GROW in this situation because the
|
||||||
|
buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
|
||||||
|
at least for UTF-8, in xmlCurrentChar. This also matches the code path
|
||||||
|
executed when XML_PARSE_OLD10 is not set.
|
||||||
|
|
||||||
|
This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
|
||||||
|
Thanks to Marcel Böhme and Thuan Pham for the report.
|
||||||
|
|
||||||
|
Additional hardening
|
||||||
|
====================
|
||||||
|
|
||||||
|
A separate check was added in xmlParseNameComplex to validate the
|
||||||
|
buffer size.
|
||||||
|
---
|
||||||
|
Makefile.am | 18 ++++++++++++++++++
|
||||||
|
parser.c | 18 ++++++++++--------
|
||||||
|
result/errors10/781205.xml | 0
|
||||||
|
result/errors10/781205.xml.err | 21 +++++++++++++++++++++
|
||||||
|
result/errors10/781361.xml | 0
|
||||||
|
result/errors10/781361.xml.err | 13 +++++++++++++
|
||||||
|
result/valid/766956.xml | 0
|
||||||
|
result/valid/766956.xml.err | 9 +++++++++
|
||||||
|
result/valid/766956.xml.err.rdr | 10 ++++++++++
|
||||||
|
runtest.c | 3 +++
|
||||||
|
test/errors10/781205.xml | 3 +++
|
||||||
|
test/errors10/781361.xml | 3 +++
|
||||||
|
test/valid/766956.xml | 2 ++
|
||||||
|
test/valid/dtds/766956.dtd | 2 ++
|
||||||
|
14 files changed, 94 insertions(+), 8 deletions(-)
|
||||||
|
create mode 100644 result/errors10/781205.xml
|
||||||
|
create mode 100644 result/errors10/781205.xml.err
|
||||||
|
create mode 100644 result/errors10/781361.xml
|
||||||
|
create mode 100644 result/errors10/781361.xml.err
|
||||||
|
create mode 100644 result/valid/766956.xml
|
||||||
|
create mode 100644 result/valid/766956.xml.err
|
||||||
|
create mode 100644 result/valid/766956.xml.err.rdr
|
||||||
|
create mode 100644 test/errors10/781205.xml
|
||||||
|
create mode 100644 test/errors10/781361.xml
|
||||||
|
create mode 100644 test/valid/766956.xml
|
||||||
|
create mode 100644 test/valid/dtds/766956.dtd
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 6fc8ffa9..10e716a5 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT)
|
||||||
|
if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
|
||||||
|
rm result.$$name error.$$name ; \
|
||||||
|
fi ; fi ; done)
|
||||||
|
+ @echo "## Error cases regression tests (old 1.0)"
|
||||||
|
+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
|
||||||
|
+ name=`basename $$i`; \
|
||||||
|
+ if [ ! -d $$i ] ; then \
|
||||||
|
+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
|
||||||
|
+ echo New test file $$name ; \
|
||||||
|
+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
|
||||||
|
+ 2> $(srcdir)/result/errors10/$$name.err \
|
||||||
|
+ > $(srcdir)/result/errors10/$$name ; \
|
||||||
|
+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
|
||||||
|
+ else \
|
||||||
|
+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
|
||||||
|
+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
|
||||||
|
+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
|
||||||
|
+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
|
||||||
|
+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
|
||||||
|
+ rm result.$$name error.$$name ; \
|
||||||
|
+ fi ; fi ; done)
|
||||||
|
@echo "## Error cases stream regression tests"
|
||||||
|
-@(for i in $(srcdir)/test/errors/*.xml ; do \
|
||||||
|
name=`basename $$i`; \
|
||||||
|
diff --git a/parser.c b/parser.c
|
||||||
|
index df2efa55..a175ac4e 100644
|
||||||
|
--- a/parser.c
|
||||||
|
+++ b/parser.c
|
||||||
|
@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
|
||||||
|
ctxt->input->line++; ctxt->input->col = 1; \
|
||||||
|
} else ctxt->input->col++; \
|
||||||
|
ctxt->input->cur += l; \
|
||||||
|
- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
|
#define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
|
||||||
|
@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
|
||||||
|
len += l;
|
||||||
|
NEXTL(l);
|
||||||
|
c = CUR_CHAR(l);
|
||||||
|
- if (c == 0) {
|
||||||
|
- count = 0;
|
||||||
|
- GROW;
|
||||||
|
- if (ctxt->instate == XML_PARSER_EOF)
|
||||||
|
- return(NULL);
|
||||||
|
- c = CUR_CHAR(l);
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ((len > XML_MAX_NAME_LENGTH) &&
|
||||||
|
@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
|
||||||
|
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
+ if (ctxt->input->cur - ctxt->input->base < len) {
|
||||||
|
+ /*
|
||||||
|
+ * There were a couple of bugs where PERefs lead to to a change
|
||||||
|
+ * of the buffer. Check the buffer size to avoid passing an invalid
|
||||||
|
+ * pointer to xmlDictLookup.
|
||||||
|
+ */
|
||||||
|
+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
|
||||||
|
+ "unexpected change of input buffer");
|
||||||
|
+ return (NULL);
|
||||||
|
+ }
|
||||||
|
if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
|
||||||
|
return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
|
||||||
|
return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
|
||||||
|
diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..e69de29b
|
||||||
|
diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..da15c3f7
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/result/errors10/781205.xml.err
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
|
||||||
|
+
|
||||||
|
+ %a;
|
||||||
|
+ ^
|
||||||
|
+Entity: line 1:
|
||||||
|
+<:0000
|
||||||
|
+^
|
||||||
|
+Entity: line 1: parser error : DOCTYPE improperly terminated
|
||||||
|
+ %a;
|
||||||
|
+ ^
|
||||||
|
+Entity: line 1:
|
||||||
|
+<:0000
|
||||||
|
+^
|
||||||
|
+namespace error : Failed to parse QName ':0000'
|
||||||
|
+ %a;
|
||||||
|
+ ^
|
||||||
|
+<:0000
|
||||||
|
+ ^
|
||||||
|
+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
|
||||||
|
+
|
||||||
|
+^
|
||||||
|
diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..e69de29b
|
||||||
|
diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..655f41a2
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/result/errors10/781361.xml.err
|
||||||
|
@@ -0,0 +1,13 @@
|
||||||
|
+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
|
||||||
|
+
|
||||||
|
+^
|
||||||
|
+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+^
|
||||||
|
+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
|
||||||
|
+
|
||||||
|
+^
|
||||||
|
+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
|
||||||
|
+
|
||||||
|
+^
|
||||||
|
diff --git a/result/valid/766956.xml b/result/valid/766956.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..e69de29b
|
||||||
|
diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..34b1dae6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/result/valid/766956.xml.err
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
|
||||||
|
+%ä%ent;
|
||||||
|
+ ^
|
||||||
|
+Entity: line 1: parser error : Content error in the external subset
|
||||||
|
+ %ent;
|
||||||
|
+ ^
|
||||||
|
+Entity: line 1:
|
||||||
|
+value
|
||||||
|
+^
|
||||||
|
diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..77603462
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/result/valid/766956.xml.err.rdr
|
||||||
|
@@ -0,0 +1,10 @@
|
||||||
|
+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
|
||||||
|
+%ä%ent;
|
||||||
|
+ ^
|
||||||
|
+Entity: line 1: parser error : Content error in the external subset
|
||||||
|
+ %ent;
|
||||||
|
+ ^
|
||||||
|
+Entity: line 1:
|
||||||
|
+value
|
||||||
|
+^
|
||||||
|
+./test/valid/766956.xml : failed to parse
|
||||||
|
diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..d9e9e839
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/errors10/781205.xml
|
||||||
|
@@ -0,0 +1,3 @@
|
||||||
|
+<!DOCTYPE D [
|
||||||
|
+ <!ENTITY % a "<:0000">
|
||||||
|
+ %a;
|
||||||
|
diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..67476bcb
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/errors10/781361.xml
|
||||||
|
@@ -0,0 +1,3 @@
|
||||||
|
+<!DOCTYPE doc [
|
||||||
|
+ <!ENTITY % elem "<!ELEMENT e0000000000">
|
||||||
|
+ %elem;
|
||||||
|
diff --git a/test/valid/766956.xml b/test/valid/766956.xml
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..19a95a0e
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/valid/766956.xml
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
|
||||||
|
+<test/>
|
||||||
|
diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..dddde68b
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/valid/dtds/766956.dtd
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+<!ENTITY % ent "value">
|
||||||
|
+%ä%ent;
|
||||||
|
--
|
||||||
|
2.14.1
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
|
;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
|
||||||
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
|
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
|
||||||
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
|
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
|
||||||
|
;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -110,6 +111,7 @@ hierarchical form with variable field lengths.")
|
||||||
(package
|
(package
|
||||||
(name "libxml2")
|
(name "libxml2")
|
||||||
(version "2.9.4")
|
(version "2.9.4")
|
||||||
|
(replacement libxml2/fixed)
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
|
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
|
||||||
|
@ -138,6 +140,19 @@ hierarchical form with variable field lengths.")
|
||||||
project (but it is usable outside of the Gnome platform).")
|
project (but it is usable outside of the Gnome platform).")
|
||||||
(license license:x11)))
|
(license license:x11)))
|
||||||
|
|
||||||
|
(define libxml2/fixed
|
||||||
|
(package
|
||||||
|
(inherit libxml2)
|
||||||
|
(source
|
||||||
|
(origin
|
||||||
|
(inherit (package-source libxml2))
|
||||||
|
(patches
|
||||||
|
(search-patches "libxml2-CVE-2017-0663.patch"
|
||||||
|
"libxml2-CVE-2017-7375.patch"
|
||||||
|
"libxml2-CVE-2017-7376.patch"
|
||||||
|
"libxml2-CVE-2017-9047+CVE-2017-9048.patch"
|
||||||
|
"libxml2-CVE-2017-9049+CVE-2017-9050.patch"))))))
|
||||||
|
|
||||||
(define-public python-libxml2
|
(define-public python-libxml2
|
||||||
(package (inherit libxml2)
|
(package (inherit libxml2)
|
||||||
(name "python-libxml2")
|
(name "python-libxml2")
|
||||||
|
|
Loading…
Reference in New Issue