GNOME Bugzilla – Bug 737840
Spurious warning when expanding external entities containing ID attributes
Last modified: 2017-06-17 11:17:39 UTC
Created attachment 287665 [details] Test case: XML file The following commit introduces spurious warnings when expanding an external entity that contains an attribute marked as ID: https://git.gnome.org/browse/libxml2/commit/?id=a16eb968075a82ec33b2c1e77db8909a35b44620 This is because an external entity is parsed using the original document as context doc: https://git.gnome.org/browse/libxml2/tree/parser.c?id=33f658c969501bb246f8d4c6d21772948c7bc965#n12987 Then, when entities are replaced, the ID values have already been added to the doc. Example output using the attached test case: $ xmllint --valid --noent bug.xml bug.xml:1: element elem: validity error : ID id0 already defined <?xml version="1.0"?> <!DOCTYPE root [ <!ELEMENT root (elem)> <!ELEMENT elem (#PCDATA)> <!ATTLIST elem id ID #IMPLIED> <!ENTITY target SYSTEM "bug.ent"> ]> <root> <elem id="id0"/> </root>
Created attachment 287666 [details] Test case: External entitiy
Hum that indeed looks like a genuine bug, but ... the problem doesn't seems to be with the patch exposing it. Need to think about it, shouldn't be too hard to fix Daniel
Hum trying to fix it breaks ./test/valid/id3.xml it's not gonna be simple :-( Daniel
Just to add some reference for people looking for this, this bug affects the building process of KDE documentation (kde-l10n-xy modules). It was reported for example here: http://lists.kde.org/?l=kde-doc-english&m=141443389212710&w=2 and two different users (ubuntu vivid and arch) told me that they were able to build the documentation again after downgrading to 2.9.1.
same here on Gentoo Linux (kde-base/kdelibs-4.14.3-r1 + dev-libs/libxml2-2.9.2) Unfortunately they do not have the option to downgrade to libxml2-2.9.1 anymore. Any solution / any patch in sight?
Also break atoum (PHP testing tools) https://github.com/atoum/atoum/issues/449
*** Bug 750628 has been marked as a duplicate of this bug. ***
This bug breaks various things and its a major regression, at the point that Debian had to revert to 2.9.1, with security fixes added: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766884 Since this is taking time, could you (upstream) do something similar, releasing a clean 2.9.3 based on 2.9.1 + security fixes + a non-regression test about this bug (so that it doesn't reappear in the future) + possible other patches?
Simplest was to revert part of #724903 and add the regression test to prevent reintroducing this. This isn't completely satisfactory, but seems the simplest way to build the ID table only on referenced expanded entities, https://git.gnome.org/browse/libxml2/commit/?id=ef709ce2f7b792d5fb69ed142796d743fb1eb388 thanks for the report, and sorry it took so long, I initially though this had been introduced by the security fixes themselves <grin/> Daniel
*** Bug 749599 has been marked as a duplicate of this bug. ***