On Mon, 20 Sep 2021, Vincent Lefevre wrote: > For the 1.1 DTD, w3c-dtd-xhtml 1.1-5 had the *upstream* file > xhtml-1.1/basic/xhtml-special.ent with the buggy entity definitions
Hmm, now where did t̲h̲a̲t̲ come from? http://www.w3.org/TR/2001/REC-xhtml11-20010531/xhtml11.tgz has the flattened DTD. Apparently XHTML™ Basic 1.1 is a thing, though. This is not XHTML 1.1… http://www.w3.org/TR/2010/REC-xhtml-basic-20101123/xhtml-basic.tgz does not contain the entities at all though. Hah, got it! XHTML™ Basic 1.0 does contain the bogus file: http://www.w3.org/TR/2000/REC-xhtml-basic-20001219/xhtml-basic.tgz Its list of errata is empty, so this is not listed upstream as known bug. > > But if this upstream change affects DTDs that were once released, maybe > > it should accept, but ignore, this specific wrong redeclaration. > > Perhaps. This should probably be first talked with upstream. So indeed. Can one of you bring this to them? (My contributions to libxml2 don’t appear to be liked, even if multiple CVEs could have been avoided by applying them.) Thanks, //mirabilos -- Infrastrukturexperte • tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/ Telephon +49 228 54881-393 • Fax: +49 228 54881-235 HRB AG Bonn 5168 • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /⁀\ The UTF-8 Ribbon ╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ╳ HTML eMail! Also, https://www.tarent.de/newsletter ╱ ╲ header encryption! ****************************************************