Hi Daniel, The fix for the CVE-2014-0191 broke the --postvalid option. In that case, DTDs are not loaded even though requested on the command line. This was the CVE-2014-0191 patch: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df With --postvalid specified on the command line, the XML_PARSE_DTDVALID is not set in ctxt->options; instead, XML_PARSE_DTDLOAD is set). Same goes for the other options that set XML_PARSE_DTDLOAD, --dtdvalid and --dtdvalidfpi. Patch attached. Regards, Alexey.
Attachment:
postvalid-broken.diff
Description: Text Data