[libxml-libxml-perl] 01/02: Adjust test case for CVE-2015-3451 to actually test for the vulnerability

Salvatore Bonaccorso carnil at debian.org
Fri May 1 10:50:22 UTC 2015 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch master
in repository libxml-libxml-perl.

commit a4f04e11f3cc8d58156e753375638dbc39cda64d
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Fri May 1 12:25:25 2015 +0200

    Adjust test case for CVE-2015-3451 to actually test for the vulnerability
---
 .../Preserve-unset-options-after-a-_clone-call.patch     | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/debian/patches/Preserve-unset-options-after-a-_clone-call.patch b/debian/patches/Preserve-unset-options-after-a-_clone-call.patch
index e99e282..65428d4 100644
--- a/debian/patches/Preserve-unset-options-after-a-_clone-call.patch
+++ b/debian/patches/Preserve-unset-options-after-a-_clone-call.patch
@@ -1,10 +1,11 @@
 Description: Preserve unset options after a _clone() call (e.g: in load_xml())
-Origin: upstream, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
+Origin: upstream, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30,
+ https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
 Bug-Debian: https://bugs.debian.org/783443
 Forwarded: not-needed
 Author: Shlomi Fish <shlomif at shlomifish.org>
-Last-Update: 2015-04-27
-Applied-Upstream: 2.0119
+Last-Update: 2015-05-01
+Applied-Upstream: 2.0120
 
 --- a/LibXML.pm
 +++ b/LibXML.pm
@@ -32,7 +33,7 @@ Applied-Upstream: 2.0119
  
  use XML::LibXML;
  
-@@ -125,6 +125,45 @@ no_network
+@@ -125,6 +125,44 @@ no_network
  }
  
  {
@@ -40,9 +41,8 @@ Applied-Upstream: 2.0119
 +<?xml version="1.0" encoding="UTF-8"?>
 +<!DOCTYPE title [ <!ELEMENT title ANY >
 +<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
-+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
++<rss version="2.0">
 +<channel>
-+    <title>XXE</title>
 +    <link>example.com</link>
 +    <description>XXE</description>
 +    <item>
@@ -55,7 +55,7 @@ Applied-Upstream: 2.0119
 +EOT
 +
 +    my $sys_line = <<'EOT';
-+<!ENTITY xxe SYSTEM "file:///etc/passwd"
++<title>&xxe;</title>
 +EOT
 +
 +    chomp ($sys_line);
@@ -69,7 +69,7 @@ Applied-Upstream: 2.0119
 +    my $XML_DOC = $parser->load_xml( string => $XML, );
 +
 +    # TEST
-+    like (scalar($XML_DOC->toString()), qr/\Q$sys_line\E/,
++    ok (scalar($XML_DOC->toString() =~ m{\Q$sys_line\E}),
 +        "expand_entities is preserved after _clone()/etc."
 +    );
 +}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libxml-libxml-perl.git

More information about the Pkg-perl-cvs-commits mailing list