summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorAron Xu <aron@debian.org>2015-09-22 16:23:21 +0800
committerAron Xu <aron@debian.org>2015-09-22 16:23:21 +0800
commitfccd80a7d35b9eefabcc384d5c9fe89d9545dd22 (patch)
treeca656201cfb4fdfff588be659e83e25bd9b060ce /debian
parent08766acaa78dcf7b2174cca94d5e102f910df6dd (diff)
downloadlibxml2-fccd80a7d35b9eefabcc384d5c9fe89d9545dd22.tar.gz
Upstream post release cherry-picks
Diffstat (limited to 'debian')
-rw-r--r--debian/patches/0003-Revert-Missing-initialization-for-the-catalog-module.patch25
-rw-r--r--debian/patches/0004-Fix-missing-entities-after-CVE-2014-3660-fix.patch (renamed from debian/patches/0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch)2
-rw-r--r--debian/patches/0005-Account-for-ID-attributes-in-xmlSetTreeDoc.patch32
-rw-r--r--debian/patches/0006-Stop-parsing-on-entities-boundaries-errors.patch28
-rw-r--r--debian/patches/0007-Cleanup-conditional-section-error-handling.patch45
-rw-r--r--debian/patches/0008-Fix-order-of-root-nodes.patch29
-rw-r--r--debian/patches/0009-xmlMemUsed-is-not-thread-safe.patch42
-rw-r--r--debian/patches/0010-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch172
-rw-r--r--debian/patches/0011-Do-not-process-encoding-values-if-the-declaration-if.patch34
-rw-r--r--debian/patches/0012-Fail-parsing-early-on-if-encoding-conversion-failed.patch31
-rw-r--r--debian/patches/0013-Fix-a-self-assignment-issue-raised-by-clang.patch40
-rw-r--r--debian/patches/0014-Fix-previous-change-to-node-sort-order.patch33
-rw-r--r--debian/patches/0015-Fix-the-spurious-ID-already-defined-error.patch84
-rw-r--r--debian/patches/series14
14 files changed, 609 insertions, 2 deletions
diff --git a/debian/patches/0003-Revert-Missing-initialization-for-the-catalog-module.patch b/debian/patches/0003-Revert-Missing-initialization-for-the-catalog-module.patch
new file mode 100644
index 0000000..d04a773
--- /dev/null
+++ b/debian/patches/0003-Revert-Missing-initialization-for-the-catalog-module.patch
@@ -0,0 +1,25 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 17 Oct 2014 17:13:41 +0800
+Subject: Revert "Missing initialization for the catalog module"
+
+This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
+As this break xmlcatalog command
+https://bugzilla.redhat.com/show_bug.cgi?id=1153753
+---
+ parser.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 1d93967..67c9dfd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
+ #ifdef LIBXML_XPATH_ENABLED
+ xmlXPathInit();
+ #endif
+-#ifdef LIBXML_CATALOG_ENABLED
+- xmlInitializeCatalog();
+-#endif
+ xmlParserInitialized = 1;
+ #ifdef LIBXML_THREAD_ENABLED
+ }
diff --git a/debian/patches/0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch b/debian/patches/0004-Fix-missing-entities-after-CVE-2014-3660-fix.patch
index 2afe1f0..01e131d 100644
--- a/debian/patches/0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+++ b/debian/patches/0004-Fix-missing-entities-after-CVE-2014-3660-fix.patch
@@ -12,7 +12,7 @@ first in anotther entity referenced from an attribute value
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/parser.c b/parser.c
-index 1d93967..313ff28 100644
+index 67c9dfd..a8d1b67 100644
--- a/parser.c
+++ b/parser.c
@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
diff --git a/debian/patches/0005-Account-for-ID-attributes-in-xmlSetTreeDoc.patch b/debian/patches/0005-Account-for-ID-attributes-in-xmlSetTreeDoc.patch
new file mode 100644
index 0000000..18d7720
--- /dev/null
+++ b/debian/patches/0005-Account-for-ID-attributes-in-xmlSetTreeDoc.patch
@@ -0,0 +1,32 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 19 Dec 2014 00:08:35 +0100
+Subject: Account for ID attributes in xmlSetTreeDoc
+
+---
+ tree.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/tree.c b/tree.c
+index 307782c..ff9a890 100644
+--- a/tree.c
++++ b/tree.c
+@@ -2799,8 +2799,19 @@ xmlSetTreeDoc(xmlNodePtr tree, xmlDocPtr doc) {
+ if(tree->type == XML_ELEMENT_NODE) {
+ prop = tree->properties;
+ while (prop != NULL) {
++ if (prop->atype == XML_ATTRIBUTE_ID) {
++ xmlRemoveID(tree->doc, prop);
++ }
++
+ prop->doc = doc;
+ xmlSetListDoc(prop->children, doc);
++
++ if (xmlIsID(doc, tree, prop)) {
++ xmlChar *idVal = xmlNodeListGetString(doc, prop->children,
++ 1);
++ xmlAddID(NULL, doc, idVal, prop);
++ }
++
+ prop = prop->next;
+ }
+ }
diff --git a/debian/patches/0006-Stop-parsing-on-entities-boundaries-errors.patch b/debian/patches/0006-Stop-parsing-on-entities-boundaries-errors.patch
new file mode 100644
index 0000000..00cca9d
--- /dev/null
+++ b/debian/patches/0006-Stop-parsing-on-entities-boundaries-errors.patch
@@ -0,0 +1,28 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:17:35 +0800
+Subject: Stop parsing on entities boundaries errors
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+There are times, like on unterminated entities that it's preferable to
+stop parsing, even if that means less error reporting. Entities are
+feeding the parser on further processing, and if they are ill defined
+then it's possible to get the parser to bug. Also do the same on
+Conditional Sections if the input is broken, as the structure of
+the document can't be guessed.
+---
+ parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/parser.c b/parser.c
+index a8d1b67..bbe97eb 100644
+--- a/parser.c
++++ b/parser.c
+@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
+ if (RAW != '>') {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
+ "xmlParseEntityDecl: entity %s not terminated\n", name);
++ xmlStopParser(ctxt);
+ } else {
+ if (input != ctxt->input) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
diff --git a/debian/patches/0007-Cleanup-conditional-section-error-handling.patch b/debian/patches/0007-Cleanup-conditional-section-error-handling.patch
new file mode 100644
index 0000000..0c8492c
--- /dev/null
+++ b/debian/patches/0007-Cleanup-conditional-section-error-handling.patch
@@ -0,0 +1,45 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:29:20 +0800
+Subject: Cleanup conditional section error handling
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+The error handling of Conditional Section also need to be
+straightened as the structure of the document can't be
+guessed on a failure there and it's better to stop parsing
+as further errors are likely to be irrelevant.
+---
+ parser.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index bbe97eb..fe603ac 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ SKIP_BLANKS;
+ if (RAW != '[') {
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++ xmlStopParser(ctxt);
++ return;
+ } else {
+ if (ctxt->input->id != id) {
+ xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ SKIP_BLANKS;
+ if (RAW != '[') {
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++ xmlStopParser(ctxt);
++ return;
+ } else {
+ if (ctxt->input->id != id) {
+ xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+
+ } else {
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
++ xmlStopParser(ctxt);
++ return;
+ }
+
+ if (RAW == 0)
diff --git a/debian/patches/0008-Fix-order-of-root-nodes.patch b/debian/patches/0008-Fix-order-of-root-nodes.patch
new file mode 100644
index 0000000..171c3da
--- /dev/null
+++ b/debian/patches/0008-Fix-order-of-root-nodes.patch
@@ -0,0 +1,29 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 8 Mar 2015 16:44:11 +0100
+Subject: Fix order of root nodes
+
+Make sure root nodes are sorted before other nodes.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index dc41ce6..95559b3 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -361,13 +361,13 @@ turtle_comparison:
+ /*
+ * compute depth to root
+ */
+- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
++ for (depth2 = 0, cur = node2; cur != NULL; cur = cur->parent) {
+ if (cur == node1)
+ return(1);
+ depth2++;
+ }
+ root = cur;
+- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
++ for (depth1 = 0, cur = node1; cur != NULL; cur = cur->parent) {
+ if (cur == node2)
+ return(-1);
+ depth1++;
diff --git a/debian/patches/0009-xmlMemUsed-is-not-thread-safe.patch b/debian/patches/0009-xmlMemUsed-is-not-thread-safe.patch
new file mode 100644
index 0000000..03a8f4f
--- /dev/null
+++ b/debian/patches/0009-xmlMemUsed-is-not-thread-safe.patch
@@ -0,0 +1,42 @@
+From: Martin von Gagern <Martin.vGagern@gmx.net>
+Date: Mon, 13 Apr 2015 16:32:14 +0800
+Subject: xmlMemUsed is not thread-safe
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=747437
+just use the mutex to protect access to those variables
+---
+ xmlmemory.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/xmlmemory.c b/xmlmemory.c
+index a3dc737..f24fd6d 100644
+--- a/xmlmemory.c
++++ b/xmlmemory.c
+@@ -554,7 +554,12 @@ xmlMemoryStrdup(const char *str) {
+
+ int
+ xmlMemUsed(void) {
+- return(debugMemSize);
++ int res;
++
++ xmlMutexLock(xmlMemMutex);
++ res = debugMemSize;
++ xmlMutexUnlock(xmlMemMutex);
++ return(res);
+ }
+
+ /**
+@@ -567,7 +572,12 @@ xmlMemUsed(void) {
+
+ int
+ xmlMemBlocks(void) {
+- return(debugMemBlocks);
++ int res;
++
++ xmlMutexLock(xmlMemMutex);
++ res = debugMemBlocks;
++ xmlMutexUnlock(xmlMemMutex);
++ return(res);
+ }
+
+ #ifdef MEM_LIST
diff --git a/debian/patches/0010-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch b/debian/patches/0010-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch
new file mode 100644
index 0000000..14d3032
--- /dev/null
+++ b/debian/patches/0010-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch
@@ -0,0 +1,172 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 14 Apr 2015 17:41:48 +0800
+Subject: CVE-2015-1819 Enforce the reader to run in constant memory
+
+One of the operation on the reader could resolve entities
+leading to the classic expansion issue. Make sure the
+buffer used for xmlreader operation is bounded.
+Introduce a new allocation type for the buffers for this effect.
+---
+ buf.c | 43 ++++++++++++++++++++++++++++++++++++++++++-
+ include/libxml/tree.h | 3 ++-
+ xmlreader.c | 20 +++++++++++++++++++-
+ 3 files changed, 63 insertions(+), 3 deletions(-)
+
+diff --git a/buf.c b/buf.c
+index 6efc7b6..07922ff 100644
+--- a/buf.c
++++ b/buf.c
+@@ -27,6 +27,7 @@
+ #include <libxml/tree.h>
+ #include <libxml/globals.h>
+ #include <libxml/tree.h>
++#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
+ #include "buf.h"
+
+ #define WITH_BUFFER_COMPAT
+@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
+ if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
+ (scheme == XML_BUFFER_ALLOC_EXACT) ||
+ (scheme == XML_BUFFER_ALLOC_HYBRID) ||
+- (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
++ (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
++ (scheme == XML_BUFFER_ALLOC_BOUNDED)) {
+ buf->alloc = scheme;
+ if (buf->buffer)
+ buf->buffer->alloc = scheme;
+@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
+ size = buf->use + len + 100;
+ #endif
+
++ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++ /*
++ * Used to provide parsing limits
++ */
++ if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
++ (buf->size >= XML_MAX_TEXT_LENGTH)) {
++ xmlBufMemoryError(buf, "buffer error: text too long\n");
++ return(0);
++ }
++ if (size >= XML_MAX_TEXT_LENGTH)
++ size = XML_MAX_TEXT_LENGTH;
++ }
+ if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
+ size_t start_buf = buf->content - buf->contentIO;
+
+@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
+ CHECK_COMPAT(buf)
+
+ if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
++ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++ /*
++ * Used to provide parsing limits
++ */
++ if (size >= XML_MAX_TEXT_LENGTH) {
++ xmlBufMemoryError(buf, "buffer error: text too long\n");
++ return(0);
++ }
++ }
+
+ /* Don't resize if we don't have to */
+ if (size < buf->size)
+@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
+
+ needSize = buf->use + len + 2;
+ if (needSize > buf->size){
++ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++ /*
++ * Used to provide parsing limits
++ */
++ if (needSize >= XML_MAX_TEXT_LENGTH) {
++ xmlBufMemoryError(buf, "buffer error: text too long\n");
++ return(-1);
++ }
++ }
+ if (!xmlBufResize(buf, needSize)){
+ xmlBufMemoryError(buf, "growing buffer");
+ return XML_ERR_NO_MEMORY;
+@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
+ }
+ needSize = buf->use + len + 2;
+ if (needSize > buf->size){
++ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++ /*
++ * Used to provide parsing limits
++ */
++ if (needSize >= XML_MAX_TEXT_LENGTH) {
++ xmlBufMemoryError(buf, "buffer error: text too long\n");
++ return(-1);
++ }
++ }
+ if (!xmlBufResize(buf, needSize)){
+ xmlBufMemoryError(buf, "growing buffer");
+ return XML_ERR_NO_MEMORY;
+diff --git a/include/libxml/tree.h b/include/libxml/tree.h
+index 2f90717..4a9b3bc 100644
+--- a/include/libxml/tree.h
++++ b/include/libxml/tree.h
+@@ -76,7 +76,8 @@ typedef enum {
+ XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
+ XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
+ XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
+- XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */
++ XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */
++ XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
+ } xmlBufferAllocationScheme;
+
+ /**
+diff --git a/xmlreader.c b/xmlreader.c
+index f19e123..471e7e2 100644
+--- a/xmlreader.c
++++ b/xmlreader.c
+@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
+ "xmlNewTextReader : malloc failed\n");
+ return(NULL);
+ }
++ /* no operation on a reader should require a huge buffer */
++ xmlBufSetAllocationScheme(ret->buffer,
++ XML_BUFFER_ALLOC_BOUNDED);
+ ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
+ if (ret->sax == NULL) {
+ xmlBufFree(ret->buffer);
+@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
+ return(((xmlNsPtr) node)->href);
+ case XML_ATTRIBUTE_NODE:{
+ xmlAttrPtr attr = (xmlAttrPtr) node;
++ const xmlChar *ret;
+
+ if ((attr->children != NULL) &&
+ (attr->children->type == XML_TEXT_NODE) &&
+@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
+ "xmlTextReaderSetup : malloc failed\n");
+ return (NULL);
+ }
++ xmlBufSetAllocationScheme(reader->buffer,
++ XML_BUFFER_ALLOC_BOUNDED);
+ } else
+ xmlBufEmpty(reader->buffer);
+ xmlBufGetNodeContent(reader->buffer, node);
+- return(xmlBufContent(reader->buffer));
++ ret = xmlBufContent(reader->buffer);
++ if (ret == NULL) {
++ /* error on the buffer best to reallocate */
++ xmlBufFree(reader->buffer);
++ reader->buffer = xmlBufCreateSize(100);
++ xmlBufSetAllocationScheme(reader->buffer,
++ XML_BUFFER_ALLOC_BOUNDED);
++ ret = BAD_CAST "";
++ }
++ return(ret);
+ }
+ break;
+ }
+@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
+ "xmlTextReaderSetup : malloc failed\n");
+ return (-1);
+ }
++ /* no operation on a reader should require a huge buffer */
++ xmlBufSetAllocationScheme(reader->buffer,
++ XML_BUFFER_ALLOC_BOUNDED);
+ if (reader->sax == NULL)
+ reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
+ if (reader->sax == NULL) {
diff --git a/debian/patches/0011-Do-not-process-encoding-values-if-the-declaration-if.patch b/debian/patches/0011-Do-not-process-encoding-values-if-the-declaration-if.patch
new file mode 100644
index 0000000..386ab1e
--- /dev/null
+++ b/debian/patches/0011-Do-not-process-encoding-values-if-the-declaration-if.patch
@@ -0,0 +1,34 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Jun 2015 09:08:25 +0800
+Subject: Do not process encoding values if the declaration if broken
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=751603
+
+If the string is not properly terminated do not try to convert
+to the given encoding.
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index fe603ac..a3a9568 100644
+--- a/parser.c
++++ b/parser.c
+@@ -10404,6 +10404,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+ encoding = xmlParseEncName(ctxt);
+ if (RAW != '"') {
+ xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
++ xmlFree((xmlChar *) encoding);
++ return(NULL);
+ } else
+ NEXT;
+ } else if (RAW == '\''){
+@@ -10411,6 +10413,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+ encoding = xmlParseEncName(ctxt);
+ if (RAW != '\'') {
+ xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
++ xmlFree((xmlChar *) encoding);
++ return(NULL);
+ } else
+ NEXT;
+ } else {
diff --git a/debian/patches/0012-Fail-parsing-early-on-if-encoding-conversion-failed.patch b/debian/patches/0012-Fail-parsing-early-on-if-encoding-conversion-failed.patch
new file mode 100644
index 0000000..d065088
--- /dev/null
+++ b/debian/patches/0012-Fail-parsing-early-on-if-encoding-conversion-failed.patch
@@ -0,0 +1,31 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Jun 2015 16:10:26 +0800
+Subject: Fail parsing early on if encoding conversion failed
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=751631
+
+If we fail conversing the current input stream while
+processing the encoding declaration of the XMLDecl
+then it's safer to just abort there and not try to
+report further errors.
+---
+ parser.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index a3a9568..0edd53b 100644
+--- a/parser.c
++++ b/parser.c
+@@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+
+ handler = xmlFindCharEncodingHandler((const char *) encoding);
+ if (handler != NULL) {
+- xmlSwitchToEncoding(ctxt, handler);
++ if (xmlSwitchToEncoding(ctxt, handler) < 0) {
++ /* failed to convert */
++ ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING;
++ return(NULL);
++ }
+ } else {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING,
+ "Unsupported encoding %s\n", encoding);
diff --git a/debian/patches/0013-Fix-a-self-assignment-issue-raised-by-clang.patch b/debian/patches/0013-Fix-a-self-assignment-issue-raised-by-clang.patch
new file mode 100644
index 0000000..5cc28b2
--- /dev/null
+++ b/debian/patches/0013-Fix-a-self-assignment-issue-raised-by-clang.patch
@@ -0,0 +1,40 @@
+From: Scott Graham <scottmg@chromium.org>
+Date: Tue, 30 Jun 2015 10:47:16 +0800
+Subject: Fix a self assignment issue raised by clang
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=751679
+
+Also added a few newline cleanups
+---
+ xmlschemas.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 0657b66..d47512f 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -24186,6 +24186,7 @@ xmlSchemaValidateFacets(xmlSchemaAbstractCtxtPtr actxt,
+ else
+ goto pattern_and_enum;
+ }
++
+ /*
+ * Whitespace handling is only of importance for string-based
+ * types.
+@@ -24196,14 +24197,13 @@ xmlSchemaValidateFacets(xmlSchemaAbstractCtxtPtr actxt,
+ ws = xmlSchemaGetWhiteSpaceFacetValue(type);
+ } else
+ ws = XML_SCHEMA_WHITESPACE_COLLAPSE;
++
+ /*
+ * If the value was not computed (for string or
+ * anySimpleType based types), then use the provided
+ * type.
+ */
+- if (val == NULL)
+- valType = valType;
+- else
++ if (val != NULL)
+ valType = xmlSchemaGetValType(val);
+
+ ret = 0;
diff --git a/debian/patches/0014-Fix-previous-change-to-node-sort-order.patch b/debian/patches/0014-Fix-previous-change-to-node-sort-order.patch
new file mode 100644
index 0000000..4ff344b
--- /dev/null
+++ b/debian/patches/0014-Fix-previous-change-to-node-sort-order.patch
@@ -0,0 +1,33 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 11 Jul 2015 14:27:34 +0200
+Subject: Fix previous change to node sort order
+
+Commit ba58f23 broke comparison of nodes from different documents.
+Thanks to Olli Pottonen for the report.
+---
+ xpath.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 95559b3..e60f4e5 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -361,14 +361,14 @@ turtle_comparison:
+ /*
+ * compute depth to root
+ */
+- for (depth2 = 0, cur = node2; cur != NULL; cur = cur->parent) {
+- if (cur == node1)
++ for (depth2 = 0, cur = node2; cur->parent != NULL; cur = cur->parent) {
++ if (cur->parent == node1)
+ return(1);
+ depth2++;
+ }
+ root = cur;
+- for (depth1 = 0, cur = node1; cur != NULL; cur = cur->parent) {
+- if (cur == node2)
++ for (depth1 = 0, cur = node1; cur->parent != NULL; cur = cur->parent) {
++ if (cur->parent == node2)
+ return(-1);
+ depth1++;
+ }
diff --git a/debian/patches/0015-Fix-the-spurious-ID-already-defined-error.patch b/debian/patches/0015-Fix-the-spurious-ID-already-defined-error.patch
new file mode 100644
index 0000000..61b7dfa
--- /dev/null
+++ b/debian/patches/0015-Fix-the-spurious-ID-already-defined-error.patch
@@ -0,0 +1,84 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 10 Sep 2015 19:41:41 +0800
+Subject: Fix the spurious ID already defined error
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=737840
+the fix for 724903 introduced a regression on external entities carrying
+IDs, revert that patch in part and add a specific test to avoid readding it
+---
+ result/valid/737840.xml | 10 ++++++++++
+ result/valid/737840.xml.err | 0
+ result/valid/737840.xml.err.rdr | 0
+ test/valid/737840.xml | 10 ++++++++++
+ test/valid/dtds/737840.ent | 1 +
+ valid.c | 6 ++++--
+ 6 files changed, 25 insertions(+), 2 deletions(-)
+ create mode 100644 result/valid/737840.xml
+ create mode 100644 result/valid/737840.xml.err
+ create mode 100644 result/valid/737840.xml.err.rdr
+ create mode 100644 test/valid/737840.xml
+ create mode 100644 test/valid/dtds/737840.ent
+
+diff --git a/result/valid/737840.xml b/result/valid/737840.xml
+new file mode 100644
+index 0000000..433c6d6
+--- /dev/null
++++ b/result/valid/737840.xml
+@@ -0,0 +1,10 @@
++<?xml version="1.0"?>
++<!DOCTYPE root [
++<!ELEMENT root (elem)>
++<!ELEMENT elem (#PCDATA)>
++<!ATTLIST elem id ID #IMPLIED>
++<!ENTITY target SYSTEM "dtds/737840.ent">
++]>
++<root>
++ &target;
++</root>
+diff --git a/result/valid/737840.xml.err b/result/valid/737840.xml.err
+new file mode 100644
+index 0000000..e69de29
+diff --git a/result/valid/737840.xml.err.rdr b/result/valid/737840.xml.err.rdr
+new file mode 100644
+index 0000000..e69de29
+diff --git a/test/valid/737840.xml b/test/valid/737840.xml
+new file mode 100644
+index 0000000..2d27b73
+--- /dev/null
++++ b/test/valid/737840.xml
+@@ -0,0 +1,10 @@
++<!DOCTYPE root [
++<!ELEMENT root (elem)>
++<!ELEMENT elem (#PCDATA)>
++<!ATTLIST elem id ID #IMPLIED>
++<!ENTITY target SYSTEM "dtds/737840.ent">
++]>
++
++<root>
++ &target;
++</root>
+diff --git a/test/valid/dtds/737840.ent b/test/valid/dtds/737840.ent
+new file mode 100644
+index 0000000..e972132
+--- /dev/null
++++ b/test/valid/dtds/737840.ent
+@@ -0,0 +1 @@
++<elem id="id0"/>
+\ No newline at end of file
+diff --git a/valid.c b/valid.c
+index 409aa81..45a3f70 100644
+--- a/valid.c
++++ b/valid.c
+@@ -2634,8 +2634,10 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value,
+ /*
+ * The id is already defined in this DTD.
+ */
+- xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED,
+- "ID %s already defined\n", value, NULL, NULL);
++ if (ctxt != NULL) {
++ xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED,
++ "ID %s already defined\n", value, NULL, NULL);
++ }
+ #endif /* LIBXML_VALID_ENABLED */
+ xmlFreeID(ret);
+ return(NULL);
diff --git a/debian/patches/series b/debian/patches/series
index 631a2bf..6d8ee86 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,15 @@
0001-modify-xml2-config-and-pkgconfig-behaviour.patch
0002-fix-python-multiarch-includes.patch
-0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+0003-Revert-Missing-initialization-for-the-catalog-module.patch
+0004-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+0005-Account-for-ID-attributes-in-xmlSetTreeDoc.patch
+0006-Stop-parsing-on-entities-boundaries-errors.patch
+0007-Cleanup-conditional-section-error-handling.patch
+0008-Fix-order-of-root-nodes.patch
+0009-xmlMemUsed-is-not-thread-safe.patch
+0010-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch
+0011-Do-not-process-encoding-values-if-the-declaration-if.patch
+0012-Fail-parsing-early-on-if-encoding-conversion-failed.patch
+0013-Fix-a-self-assignment-issue-raised-by-clang.patch
+0014-Fix-previous-change-to-node-sort-order.patch
+0015-Fix-the-spurious-ID-already-defined-error.patch