Bug#994765: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated
Control: forwarded -1 https://gitlab.gnome.org/GNOME/libxml2/-/issues/306 Control: tag -1 confirmed upstream On Mon, Sep 20, 2021 at 04:08:15PM +, Torrance, Douglas wrote: > A bit more information is given by running xmllint on one of the affected > files: > > $ xmllint --noout --loaddtd > /usr/share/doc/Macaulay2/Macaulay2Doc/html/_ideal.html > file:///usr/share/xml/w3c-sgml-lib/schema/dtd/WD-XHTMLplusMathMLplusSVG-20020809/xhtml-math-svg.dtd:338: > parser error : xmlParseEntityDecl: entity xhtml-qname-extra.mod not > terminated > %xhtml-qname-extra.decl; > ^ > Entity: line 2: > "http://www.w3.org/Math/DTD/mathml2/mathml2-qname-1.mod; > ^ > The problem appears to be that the latest release of libxml2 is more strict > when parsing DTD files, xhtml-math-svg.dtd in this particular case. > > See also [3], which involves a similar error related to the file > xhtml1-strict.dtd. As others pointed out, #993638 is a completely different matter. Anyway, after another round of bisecting libxml2: mattia@warren ..TEAM/xml-sgml/libxml2/upstream/libxml2 (git)-[CVE-2021-3541~189|bisect] % git bisect good a28f7d8789e63f5e2ac63b42083754cba58f1a0e is the first bad commit commit a28f7d8789e63f5e2ac63b42083754cba58f1a0e Author: Nick Wellnhofer Date: Wed Jun 10 13:41:13 2020 +0200 Never expand parameter entities in text declaration When parsing the text declaration of external DTDs or entities, make sure that parameter entities are not expanded. This also fixes a memory leak in certain error cases. The change to xmlSkipBlankChars assumes that the parser state is maintained correctly when parsing external DTDs or parameter entities, and might expose bugs in the code that were hidden previously. Found by OSS-Fuzz. parser.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) https://gitlab.gnome.org/GNOME/libxml2/-/commit/a28f7d8789e63f5e2ac63b42083754cba58f1a0e Not sure what to do about it for now, so I've reported it upstream. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#994765: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated
Package: libxml2 Version: 2.9.12+dfsg-3 Severity: normal Control: affects -1 src:macaulay2 X-Debbugs-Cc: dtorra...@piedmont.edu Beginning with the upload of 2.9.12 to sid, the build of the Macaulay2 package began failing when validating its html documentation. For example, from [1,2]: /usr/bin/make -C M2 validate-html make[2]: Entering directory '/<>/macaulay2-1.18.0.1+git202109031258/M2' -- validating all html and xhtml files in /<>/macaulay2-1.18.0.1+git202109031258/M2/usr-dist/common/share/doc/Macaulay2 validating: BGG/html/_direct__Image__Complex.html *** invalid HTML: /<>/macaulay2-1.18.0.1+git202109031258/M2/usr-dist/common/share/doc/Macaulay2/BGG/html/_direct__Image__Complex.html error: line 338: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated ... validating: AlgebraicSplines/html/index.html *** invalid HTML: /<>/macaulay2-1.18.0.1+git202109031258/M2/usr-dist/common/share/doc/Macaulay2/AlgebraicSplines/html/index.html error: line 338: xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated 9328 HTML files checked; 9328 invalid make[2]: *** [GNUmakefile:302: validate-html] Error 1 A bit more information is given by running xmllint on one of the affected files: $ xmllint --noout --loaddtd /usr/share/doc/Macaulay2/Macaulay2Doc/html/_ideal.html file:///usr/share/xml/w3c-sgml-lib/schema/dtd/WD-XHTMLplusMathMLplusSVG-20020809/xhtml-math-svg.dtd:338: parser error : xmlParseEntityDecl: entity xhtml-qname-extra.mod not terminated %xhtml-qname-extra.decl; ^ Entity: line 2: "http://www.w3.org/Math/DTD/mathml2/mathml2-qname-1.mod; ^ The problem appears to be that the latest release of libxml2 is more strict when parsing DTD files, xhtml-math-svg.dtd in this particular case. See also [3], which involves a similar error related to the file xhtml1-strict.dtd. [1] https://launchpadlibrarian.net/556859860/buildlog_ubuntu-impish-amd64.macaulay2_1.18.0.1+git202109031258-0ppa202109031444~ubuntu21.10.1_BUILDING.txt.gz [2] https://github.com/Macaulay2/M2/issues/2225 [3] https://bugs.debian.org/993638 signature.asc Description: PGP signature