Package: libxml2
Version: 2.9.1+dfsg1-5+deb8u3
Severity: important
The 0034-xmlSaveUri-incorrectly-recomposes-URIs-with-rootless.patch patch
was added back in 2.9.1+dfsg1-4, probably following the bug report at
https://bugzilla.gnome.org/show_bug.cgi?id=731063.
This patch, however, caused additional issues:
The first one was addressed in
https://git.gnome.org/browse/libxml2/commit/?id=beb7281055dbf0ed4d041022a67
c6c5cfd126f25. As far as I can tell, this change has not yet been
cherry-picked.
Second, the change caused a break with resolution of relative URLs, see
https://mail.gnome.org/archives/xml/2016-November/msg00012.html. The
result is that when using the default DTDs as provided by, for example,
the w3c-dtd-xhtml package, libxml will construct invalid URLs like
"file:/usr/share/xml/xhtml/schema/dtd/1.0/xhtml1-strict.dtd". This is
missing two "//" slashes in the beginning. libxml will wrongly interpret
this URL (including the file: prefix!) as a local file path and fail
during catalog resolution.
The error message typically would be something like
failed to load external entity
"file:/usr/share/xml/xhtml/schema/dtd/1.0/xhtml1-strict.dtd" in Entity,
line ...
A simple check is to run the testURI command which is contained in/build
by libxml:
./testURI --base file:///some/where file
Result without patch: file:/some/file
Result with patch: file:///some/file
Suggestion:
- Cherry pick
https://git.gnome.org/browse/libxml2/commit/?id=beb7281055dbf0ed4d041022a67
c6c5cfd126f25
- Additionally, apply the attached patch
Thanks!
-mp.
diff --git a/uri.c b/uri.c
index 2bd5720..6e09018 100644
--- a/uri.c
+++ b/uri.c
@@ -2024,7 +2024,7 @@ xmlBuildURI(const xmlChar *URI, const xmlChar *base) {
}
if (bas->authority != NULL)
res->authority = xmlMemStrdup(bas->authority);
- else if (bas->server != NULL) {
+ else if ((bas->server != NULL) || (bas->port == -1)) {
res->server = xmlMemStrdup(bas->server);
if (bas->user != NULL)
res->user = xmlMemStrdup(bas->user);
