This is an automated email from the git hooks/post-receive script. carnil pushed a commit to branch master in repository libxml-libxml-perl.
commit a4f04e11f3cc8d58156e753375638dbc39cda64d Author: Salvatore Bonaccorso <car...@debian.org> Date: Fri May 1 12:25:25 2015 +0200 Adjust test case for CVE-2015-3451 to actually test for the vulnerability --- .../Preserve-unset-options-after-a-_clone-call.patch | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/debian/patches/Preserve-unset-options-after-a-_clone-call.patch b/debian/patches/Preserve-unset-options-after-a-_clone-call.patch index e99e282..65428d4 100644 --- a/debian/patches/Preserve-unset-options-after-a-_clone-call.patch +++ b/debian/patches/Preserve-unset-options-after-a-_clone-call.patch @@ -1,10 +1,11 @@ Description: Preserve unset options after a _clone() call (e.g: in load_xml()) -Origin: upstream, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30 +Origin: upstream, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30, + https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152 Bug-Debian: https://bugs.debian.org/783443 Forwarded: not-needed Author: Shlomi Fish <shlo...@shlomifish.org> -Last-Update: 2015-04-27 -Applied-Upstream: 2.0119 +Last-Update: 2015-05-01 +Applied-Upstream: 2.0120 --- a/LibXML.pm +++ b/LibXML.pm @@ -32,7 +33,7 @@ Applied-Upstream: 2.0119 use XML::LibXML; -@@ -125,6 +125,45 @@ no_network +@@ -125,6 +125,44 @@ no_network } { @@ -40,9 +41,8 @@ Applied-Upstream: 2.0119 +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE title [ <!ELEMENT title ANY > +<!ENTITY xxe SYSTEM "file:///etc/passwd" >]> -+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> ++<rss version="2.0"> +<channel> -+ <title>XXE</title> + <link>example.com</link> + <description>XXE</description> + <item> @@ -55,7 +55,7 @@ Applied-Upstream: 2.0119 +EOT + + my $sys_line = <<'EOT'; -+<!ENTITY xxe SYSTEM "file:///etc/passwd" ++<title>&xxe;</title> +EOT + + chomp ($sys_line); @@ -69,7 +69,7 @@ Applied-Upstream: 2.0119 + my $XML_DOC = $parser->load_xml( string => $XML, ); + + # TEST -+ like (scalar($XML_DOC->toString()), qr/\Q$sys_line\E/, ++ ok (scalar($XML_DOC->toString() =~ m{\Q$sys_line\E}), + "expand_entities is preserved after _clone()/etc." + ); +} -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libxml-libxml-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits