Bug#994765: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated

2021-09-20 Thread Mattia Rizzolo 
Control: forwarded -1 https://gitlab.gnome.org/GNOME/libxml2/-/issues/306
Control: tag -1 confirmed upstream

On Mon, Sep 20, 2021 at 04:08:15PM +, Torrance, Douglas wrote:
> A bit more information is given by running xmllint on one of the affected 
> files:
> 
> $  xmllint --noout --loaddtd
> /usr/share/doc/Macaulay2/Macaulay2Doc/html/_ideal.html 
> file:///usr/share/xml/w3c-sgml-lib/schema/dtd/WD-XHTMLplusMathMLplusSVG-20020809/xhtml-math-svg.dtd:338:
> parser error : xmlParseEntityDecl: entity xhtml-qname-extra.mod not
> terminated
>   %xhtml-qname-extra.decl;
>   ^
> Entity: line 2:
> "http://www.w3.org/Math/DTD/mathml2/mathml2-qname-1.mod;
>   ^
> The problem appears to be that the latest release of libxml2 is more strict
> when parsing DTD files, xhtml-math-svg.dtd in this particular case.
> 
> See also [3], which involves a similar error related to the file
> xhtml1-strict.dtd.

As others pointed out, #993638 is a completely different matter.


Anyway, after another round of bisecting libxml2:

mattia@warren ..TEAM/xml-sgml/libxml2/upstream/libxml2 
(git)-[CVE-2021-3541~189|bisect] % git bisect good
a28f7d8789e63f5e2ac63b42083754cba58f1a0e is the first bad commit
commit a28f7d8789e63f5e2ac63b42083754cba58f1a0e
Author: Nick Wellnhofer 
Date:   Wed Jun 10 13:41:13 2020 +0200

Never expand parameter entities in text declaration

When parsing the text declaration of external DTDs or entities, make
sure that parameter entities are not expanded. This also fixes a memory
leak in certain error cases.

The change to xmlSkipBlankChars assumes that the parser state is
maintained correctly when parsing external DTDs or parameter entities,
and might expose bugs in the code that were hidden previously.

Found by OSS-Fuzz.

 parser.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)


https://gitlab.gnome.org/GNOME/libxml2/-/commit/a28f7d8789e63f5e2ac63b42083754cba58f1a0e


Not sure what to do about it for now, so I've reported it upstream.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#994765: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated

2021-09-20 Thread Torrance, Douglas 

Package: libxml2
Version: 2.9.12+dfsg-3
Severity: normal
Control: affects -1 src:macaulay2
X-Debbugs-Cc: dtorra...@piedmont.edu

Beginning with the upload of 2.9.12 to sid, the build of the Macaulay2 package
began failing when validating its html documentation.  For example, from [1,2]:

/usr/bin/make -C M2 validate-html
make[2]: Entering directory 
'/<>/macaulay2-1.18.0.1+git202109031258/M2'
-- validating all html and xhtml files in 
/<>/macaulay2-1.18.0.1+git202109031258/M2/usr-dist/common/share/doc/Macaulay2
validating: BGG/html/_direct__Image__Complex.html
*** invalid HTML: 
/<>/macaulay2-1.18.0.1+git202109031258/M2/usr-dist/common/share/doc/Macaulay2/BGG/html/_direct__Image__Complex.html
error: line 338: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated

...

validating: AlgebraicSplines/html/index.html
*** invalid HTML: 
/<>/macaulay2-1.18.0.1+git202109031258/M2/usr-dist/common/share/doc/Macaulay2/AlgebraicSplines/html/index.html
error: line 338: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated

9328 HTML files checked; 9328 invalid
make[2]: *** [GNUmakefile:302: validate-html] Error 1

A bit more information is given by running xmllint on one of the affected files:

$  xmllint --noout --loaddtd /usr/share/doc/Macaulay2/Macaulay2Doc/html/_ideal.html 
file:///usr/share/xml/w3c-sgml-lib/schema/dtd/WD-XHTMLplusMathMLplusSVG-20020809/xhtml-math-svg.dtd:338: parser error : xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated

  %xhtml-qname-extra.decl;
  ^
Entity: line 2: 
  "http://www.w3.org/Math/DTD/mathml2/mathml2-qname-1.mod;

  ^
The problem appears to be that the latest release of libxml2 is more strict
when parsing DTD files, xhtml-math-svg.dtd in this particular case.

See also [3], which involves a similar error related to the file
xhtml1-strict.dtd.

[1] 
https://launchpadlibrarian.net/556859860/buildlog_ubuntu-impish-amd64.macaulay2_1.18.0.1+git202109031258-0ppa202109031444~ubuntu21.10.1_BUILDING.txt.gz
[2] https://github.com/Macaulay2/M2/issues/2225
[3] https://bugs.debian.org/993638


signature.asc
Description: PGP signature