[libxml-libxml-perl] 01/02: Adjust test case for CVE-2015-3451 to actually test for the vulnerability
Salvatore Bonaccorso
carnil at debian.org
Fri May 1 10:50:22 UTC 2015
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch master
in repository libxml-libxml-perl.
commit a4f04e11f3cc8d58156e753375638dbc39cda64d
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Fri May 1 12:25:25 2015 +0200
Adjust test case for CVE-2015-3451 to actually test for the vulnerability
---
.../Preserve-unset-options-after-a-_clone-call.patch | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/debian/patches/Preserve-unset-options-after-a-_clone-call.patch b/debian/patches/Preserve-unset-options-after-a-_clone-call.patch
index e99e282..65428d4 100644
--- a/debian/patches/Preserve-unset-options-after-a-_clone-call.patch
+++ b/debian/patches/Preserve-unset-options-after-a-_clone-call.patch
@@ -1,10 +1,11 @@
Description: Preserve unset options after a _clone() call (e.g: in load_xml())
-Origin: upstream, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
+Origin: upstream, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30,
+ https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
Bug-Debian: https://bugs.debian.org/783443
Forwarded: not-needed
Author: Shlomi Fish <shlomif at shlomifish.org>
-Last-Update: 2015-04-27
-Applied-Upstream: 2.0119
+Last-Update: 2015-05-01
+Applied-Upstream: 2.0120
--- a/LibXML.pm
+++ b/LibXML.pm
@@ -32,7 +33,7 @@ Applied-Upstream: 2.0119
use XML::LibXML;
-@@ -125,6 +125,45 @@ no_network
+@@ -125,6 +125,44 @@ no_network
}
{
@@ -40,9 +41,8 @@ Applied-Upstream: 2.0119
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE title [ <!ELEMENT title ANY >
+<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
-+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
++<rss version="2.0">
+<channel>
-+ <title>XXE</title>
+ <link>example.com</link>
+ <description>XXE</description>
+ <item>
@@ -55,7 +55,7 @@ Applied-Upstream: 2.0119
+EOT
+
+ my $sys_line = <<'EOT';
-+<!ENTITY xxe SYSTEM "file:///etc/passwd"
++<title>&xxe;</title>
+EOT
+
+ chomp ($sys_line);
@@ -69,7 +69,7 @@ Applied-Upstream: 2.0119
+ my $XML_DOC = $parser->load_xml( string => $XML, );
+
+ # TEST
-+ like (scalar($XML_DOC->toString()), qr/\Q$sys_line\E/,
++ ok (scalar($XML_DOC->toString() =~ m{\Q$sys_line\E}),
+ "expand_entities is preserved after _clone()/etc."
+ );
+}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libxml-libxml-perl.git
More information about the Pkg-perl-cvs-commits
mailing list