I've uploaded 3.2.3+debian-3 to unstable with a fix for the test failure on 32-bit archs.
They're still building, but several of the 32-bit archs have already completed successfully, and I fully expect the others to complete as well. The updated quilt patch is attached.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1311 --- a/src/xercesc/internal/IGXMLScanner.cpp +++ b/src/xercesc/internal/IGXMLScanner.cpp @@ -1532,7 +1532,6 @@ void IGXMLScanner::scanDocTypeDecl() DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager); declDTD->setSystemId(sysId); declDTD->setIsExternal(true); - Janitor<DTDEntityDecl> janDecl(declDTD); // Mark this one as a throw at end reader->setThrowAtEnd(true); @@ -3095,7 +3094,6 @@ Grammar* IGXMLScanner::loadDTDGrammar(co DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager); declDTD->setSystemId(src.getSystemId()); declDTD->setIsExternal(true); - Janitor<DTDEntityDecl> janDecl(declDTD); // Mark this one as a throw at end newReader->setThrowAtEnd(true); --- a/tests/expected/MemHandlerTest1.log +++ b/tests/expected/MemHandlerTest1.log @@ -1,4 +1,4 @@ -At destruction, domBuilderMemMonitor has 0 bytes. -At destruction, sax2MemMonitor has 0 bytes. -At destruction, sax1MemMonitor has 0 bytes. +At destruction, domBuilderMemMonitor has 276 bytes. +At destruction, sax2MemMonitor has 276 bytes. +At destruction, sax1MemMonitor has 276 bytes. At destruction, staticMemMonitor has 0 bytes. --- /dev/null +++ b/tests/expected/MemHandlerTest1_32.log @@ -0,0 +1,4 @@ +At destruction, domBuilderMemMonitor has 180 bytes. +At destruction, sax2MemMonitor has 180 bytes. +At destruction, sax1MemMonitor has 180 bytes. +At destruction, staticMemMonitor has 0 bytes. --- a/scripts/run-test.in +++ b/scripts/run-test.in @@ -46,6 +46,11 @@ run_test() { sed -i -e 's;\( *[0-9][0-9]* *ms *\);{timing removed};' "$output" exp=$(cat "${srcdir}/expected/${name}.log") + + if [ "${name}" = "MemHandlerTest1" ] && [ "$(dpkg-architecture -q DEB_HOST_ARCH_BITS)" -eq 32 ]; then + exp=$(cat "${srcdir}/expected/${name}_32.log") + fi + obs=$(cat "$output") echo "------"
