nokogiri 1.18.9 → 1.18.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e172a06a5a69eb0ed0203096425f18ffbe6c079a5a179b1760684e0717ec875
-  data.tar.gz: ba4805c9b64fdde8aeaacaadf0175ebcc8c4eed9d3cbd1b0e2c14699e4dd2901
+  metadata.gz: c1e8dcf8179f9ecf0ca485763ccdf7812d2b47981322e6e7dbc37e62e7b47c07
+  data.tar.gz: ec1c063738afa3d4c3c3d80933449f8479c3b460d0b7ddbd9937c3815c8e0822
 SHA512:
-  metadata.gz: 5a1bc7b561ea0c93a1d9d56c1f5f3d0cf6ec5014f7c51b3661b4881d8fc6d9f98e309a7d1659dbd84674defdc692f9337d6dff3fd65cc90b42f0f2a9ef7b407e
-  data.tar.gz: 3bbb0472af4cf797859667683b46ec7f647eba86680f19f59dda45a9571b861b8a21680318d5f5cac307b71545f19759b805aa07dc8ca4b9ab21d3d980607222
+  metadata.gz: 74caac3cdcd54f3674ac5a1f3d62e045e0751d6ac39c99bf7e736a8cf52e501c050f84e3906e34a380e12bf5ab4ba7336ef649ec8ec76bc171db10fffce4e44a
+  data.tar.gz: 9b767aa90cfabf02cfdafafbde63cdf373fb0d5ac4d6454bc61c1ddbc2bde6d693b3c174502dada08d615486ba6606f1a2a38a1d050620b24448b3da744cc421

data/dependencies.yml

@@ -1,8 +1,8 @@
 ---
 libxml2:
-  version: "2.13.8"
-  sha256: "277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a"
-  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.13/libxml2-2.13.8.sha256sum
+  version: "2.13.9"
+  sha256: "a2c9ae7b770da34860050c309f903221c67830c86e4a7e760692b803df95143a"
+  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.13/libxml2-2.13.9.sha256sum
 
 libxslt:
   version: "1.1.43"
@@ -15,28 +15,17 @@ zlib:
   # SHA-256 hash provided on http://zlib.net/
 
 libiconv:
-  version: "1.17"
-  sha256: "8f74213b56238c85a50a5329f77e06198771e70dd9a739779f4c02f65d971313"
-  # signature verified by following this path:
-  # - release announced at https://savannah.gnu.org/forum/forum.php?forum_id=10175
-  # - which links to https://savannah.gnu.org/users/haible as the releaser
-  # - which links to https://savannah.gnu.org/people/viewgpg.php?user_id=1871 as the gpg key
-  #
-  # So:
-  # - wget -q -O - https://savannah.gnu.org/people/viewgpg.php?user_id=1871 | gpg --import
-  #     gpg: key F5BE8B267C6A406D: 1 signature not checked due to a missing key
+  # $ gpg --keyserver keyserver.ubuntu.com --recv 9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D
   #     gpg: key F5BE8B267C6A406D: public key "Bruno Haible (Open Source Development) <bruno@clisp.org>" imported
   #     gpg: Total number processed: 1
   #     gpg:               imported: 1
-  #     gpg: marginals needed: 3  completes needed: 1  trust model: pgp
-  #     gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
-  #     gpg: next trustdb check due at 2024-05-09
-  # - gpg --verify libiconv-1.17.tar.gz.sig ports/archives/libiconv-1.17.tar.gz
-  #     gpg: Signature made Sun 15 May 2022 11:26:42 AM EDT
+  # $ gpg --verify libiconv-1.18.tar.gz.sig ports/archives/libiconv-1.18.tar.gz
+  #     gpg: Signature made Sun 15 Dec 2024 07:26:18 AM EST
   #     gpg:                using RSA key 9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D
-  #     gpg: Good signature from "Bruno Haible (Open Source Development) <bruno@clisp.org>" [unknown]
-  #     gpg: WARNING: This key is not certified with a trusted signature!
-  #     gpg:          There is no indication that the signature belongs to the owner.
+  #     gpg: Good signature from "Bruno Haible (Open Source Development) <bruno@clisp.org>" [expired]
+  #     gpg: Note: This key has expired!
   #     Primary key fingerprint: 9001 B85A F9E1 B83D F1BD  A942 F5BE 8B26 7C6A 406D
-  #
-  # And this sha256sum is calculated from that verified tarball.
+  # $ sha256sum ports/archives/libiconv-1.18.tar.gz
+  #     3b08f5f4f9b4eb82f151a7040bfd6fe6c6fb922efe4b1659c66ea933276965e8  ports/archives/libiconv-1.18.tar.gz
+  version: "1.18"
+  sha256: "3b08f5f4f9b4eb82f151a7040bfd6fe6c6fb922efe4b1659c66ea933276965e8"

data/ext/nokogiri/extconf.rb

@@ -832,7 +832,7 @@ else
         cross_build_p,
       ) do |recipe|
         recipe.files = [{
-          url: "https://ftp.gnu.org/pub/gnu/libiconv/#{recipe.name}-#{recipe.version}.tar.gz",
+          url: "https://ftpmirror.gnu.org/gnu/libiconv/#{recipe.name}-#{recipe.version}.tar.gz",
           sha256: dependencies["libiconv"]["sha256"],
         }]
 

data/lib/nokogiri/version/constant.rb

@@ -2,5 +2,5 @@
 
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = "1.18.9"
+  VERSION = "1.18.10"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.18.9
+  version: 1.18.10
 platform: ruby
 authors:
 - Mike Dalessio
@@ -272,12 +272,8 @@ files:
 - patches/libxml2/0010-update-config.guess-and-config.sub-for-libxml2.patch
 - patches/libxml2/0011-rip-out-libxml2-s-libc_single_threaded-support.patch
 - patches/libxml2/0019-xpath-Use-separate-static-hash-table-for-standard-fu.patch
-- patches/libxml2/0020-CVE-2025-6021-tree-Fix-integer-overflow-in-xmlBuildQ.patch
-- patches/libxml2/0021-CVE-2025-6170-Fix-potential-buffer-overflows-of-inte.patch
-- patches/libxml2/0022-CVE-2025-49795-schematron-Fix-null-pointer-dereferen.patch
-- patches/libxml2/0023-CVE-2025-49794-CVE-2025-49796-schematron-Fix-xmlSche.patch
 - patches/libxslt/0001-update-config.guess-and-config.sub-for-libxslt.patch
-- ports/archives/libxml2-2.13.8.tar.xz
+- ports/archives/libxml2-2.13.9.tar.xz
 - ports/archives/libxslt-1.1.43.tar.xz
 homepage: https://nokogiri.org
 licenses:

data/patches/libxml2/0020-CVE-2025-6021-tree-Fix-integer-overflow-in-xmlBuildQ.patch

@@ -1,54 +0,0 @@
-From 17d950ae33c23f87692aa179bacedb6743f3188a Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 27 May 2025 12:53:17 +0200
-Subject: [PATCH 5/9] [CVE-2025-6021] tree: Fix integer overflow in
- xmlBuildQName
-
-Fixes #926.
----
- tree.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/tree.c b/tree.c
-index f097cf87..5bc95b8a 100644
---- a/tree.c
-+++ b/tree.c
-@@ -47,6 +47,10 @@
- #include "private/error.h"
- #include "private/tree.h"
- 
-+#ifndef SIZE_MAX
-+  #define SIZE_MAX ((size_t)-1)
-+#endif
-+
- int __xmlRegisterCallbacks = 0;
- 
- /************************************************************************
-@@ -167,10 +171,10 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) {
- xmlChar *
- xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix,
- 	      xmlChar *memory, int len) {
--    int lenn, lenp;
-+    size_t lenn, lenp;
-     xmlChar *ret;
- 
--    if (ncname == NULL) return(NULL);
-+    if ((ncname == NULL) || (len < 0)) return(NULL);
-     if (prefix == NULL) return((xmlChar *) ncname);
- 
- #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-@@ -181,8 +185,10 @@ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix,
- 
-     lenn = strlen((char *) ncname);
-     lenp = strlen((char *) prefix);
-+    if (lenn >= SIZE_MAX - lenp - 1)
-+        return(NULL);
- 
--    if ((memory == NULL) || (len < lenn + lenp + 2)) {
-+    if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) {
- 	ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2);
- 	if (ret == NULL)
- 	    return(NULL);
--- 
-2.50.1
-

data/patches/libxml2/0021-CVE-2025-6170-Fix-potential-buffer-overflows-of-inte.patch

@@ -1,102 +0,0 @@
-From 5e9ec5c107d3f5b5179c3dbc19df43df041cd55b Mon Sep 17 00:00:00 2001
-From: Michael Mann <mmann78@netscape.net>
-Date: Fri, 20 Jun 2025 23:05:00 -0400
-Subject: [PATCH 6/9] [CVE-2025-6170] Fix potential buffer overflows of
- interactive shell
-
-Fixes #941
----
- debugXML.c                       | 15 ++++++++++-----
- result/scripts/long_command      |  8 ++++++++
- test/scripts/long_command.script |  6 ++++++
- test/scripts/long_command.xml    |  1 +
- 4 files changed, 25 insertions(+), 5 deletions(-)
- create mode 100644 result/scripts/long_command
- create mode 100644 test/scripts/long_command.script
- create mode 100644 test/scripts/long_command.xml
-
-diff --git a/debugXML.c b/debugXML.c
-index ed56b0f8..452b9573 100644
---- a/debugXML.c
-+++ b/debugXML.c
-@@ -1033,6 +1033,10 @@ xmlCtxtDumpOneNode(xmlDebugCtxtPtr ctxt, xmlNodePtr node)
-     xmlCtxtGenericNodeCheck(ctxt, node);
- }
- 
-+#define MAX_PROMPT_SIZE     500
-+#define MAX_ARG_SIZE        400
-+#define MAX_COMMAND_SIZE    100
-+
- /**
-  * xmlCtxtDumpNode:
-  * @output:  the FILE * for the output
-@@ -2795,10 +2799,10 @@ void
- xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input,
-          FILE * output)
- {
--    char prompt[500] = "/ > ";
-+    char prompt[MAX_PROMPT_SIZE] = "/ > ";
-     char *cmdline = NULL, *cur;
--    char command[100];
--    char arg[400];
-+    char command[MAX_COMMAND_SIZE];
-+    char arg[MAX_ARG_SIZE];
-     int i;
-     xmlShellCtxtPtr ctxt;
-     xmlXPathObjectPtr list;
-@@ -2856,7 +2860,8 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input,
-             cur++;
-         i = 0;
-         while ((*cur != ' ') && (*cur != '\t') &&
--               (*cur != '\n') && (*cur != '\r')) {
-+               (*cur != '\n') && (*cur != '\r') &&
-+               (i < (MAX_COMMAND_SIZE - 1))) {
-             if (*cur == 0)
-                 break;
-             command[i++] = *cur++;
-@@ -2871,7 +2876,7 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input,
-         while ((*cur == ' ') || (*cur == '\t'))
-             cur++;
-         i = 0;
--        while ((*cur != '\n') && (*cur != '\r') && (*cur != 0)) {
-+        while ((*cur != '\n') && (*cur != '\r') && (*cur != 0) && (i < (MAX_ARG_SIZE-1))) {
-             if (*cur == 0)
-                 break;
-             arg[i++] = *cur++;
-diff --git a/result/scripts/long_command b/result/scripts/long_command
-new file mode 100644
-index 00000000..e6f00708
---- /dev/null
-+++ b/result/scripts/long_command
-@@ -0,0 +1,8 @@
-+/ > b > b > Object is a Node Set :
-+Set contains 1 nodes:
-+1  ELEMENT a:c
-+b > Unknown command This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_comm
-+b > b > Unknown command ess_currents_of_time_and_existence
-+b > <?xml version="1.0"?>
-+<a xmlns:a="bar"><b xmlns:a="foo">Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_prof</b></a>
-+b > 
-
-diff --git a/test/scripts/long_command.script b/test/scripts/long_command.script
-new file mode 100644
-index 00000000..00f6df09
---- /dev/null
-+++ b/test/scripts/long_command.script
-@@ -0,0 +1,6 @@
-+cd a/b
-+set <a:c/>
-+xpath //*[namespace-uri()="foo"]
-+This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_command_please_dont_crash foo
-+set Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_profound_emotion_and_every_grand_aspiration_that_propels_our_species_ever_onward_through_the_relentless_currents_of_time_and_existence
-+save -
-diff --git a/test/scripts/long_command.xml b/test/scripts/long_command.xml
-new file mode 100644
-index 00000000..1ba44016
---- /dev/null
-+++ b/test/scripts/long_command.xml
-@@ -0,0 +1 @@
-+<a xmlns:a="bar"><b xmlns:a="foo"/></a>
--- 
-2.50.1
-

data/patches/libxml2/0022-CVE-2025-49795-schematron-Fix-null-pointer-dereferen.patch

@@ -1,69 +0,0 @@
-From 62048278a4c5fdf14d287dfb400005c0a0caa69f Mon Sep 17 00:00:00 2001
-From: Michael Mann <mmann78@netscape.net>
-Date: Sat, 21 Jun 2025 12:11:30 -0400
-Subject: [PATCH 7/9] [CVE-2025-49795] schematron: Fix null pointer dereference
- leading to DoS
-
-Fixes #932
----
- result/schematron/zvon16_0.err | 3 +++
- schematron.c                   | 5 +++++
- test/schematron/zvon16.sct     | 7 +++++++
- test/schematron/zvon16_0.xml   | 5 +++++
- 4 files changed, 20 insertions(+)
- create mode 100644 result/schematron/zvon16_0.err
- create mode 100644 test/schematron/zvon16.sct
- create mode 100644 test/schematron/zvon16_0.xml
-
-diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err
-new file mode 100644
-index 00000000..3d052409
---- /dev/null
-+++ b/result/schematron/zvon16_0.err
-@@ -0,0 +1,3 @@
-+XPath error : Unregistered function
-+./test/schematron/zvon16_0.xml:2: element book: schematron error : /library/book line 2: Book 
-+./test/schematron/zvon16_0.xml fails to validate
-diff --git a/schematron.c b/schematron.c
-index 1de25deb..da603402 100644
---- a/schematron.c
-+++ b/schematron.c
-@@ -1506,6 +1506,11 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
-             select = xmlGetNoNsProp(child, BAD_CAST "select");
-             comp = xmlXPathCtxtCompile(ctxt->xctxt, select);
-             eval = xmlXPathCompiledEval(comp, ctxt->xctxt);
-+            if (eval == NULL) {
-+                xmlXPathFreeCompExpr(comp);
-+                xmlFree(select);
-+                return ret;
-+            }
- 
-             switch (eval->type) {
-             case XPATH_NODESET: {
-diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct
-new file mode 100644
-index 00000000..f03848aa
---- /dev/null
-+++ b/test/schematron/zvon16.sct
-@@ -0,0 +1,7 @@
-+<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
-+	<sch:pattern id="TestPattern">
-+		<sch:rule context="book">
-+			<sch:report test="not(@available)">Book <sch:value-of select="falae()"/> test</sch:report>
-+		</sch:rule>
-+	</sch:pattern>
-+</sch:schema>
-diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml
-new file mode 100644
-index 00000000..551e2d65
---- /dev/null
-+++ b/test/schematron/zvon16_0.xml
-@@ -0,0 +1,5 @@
-+<library>
-+	<book title="Test Book" id="bk101">
-+		<author>Test Author</author>
-+	</book>
-+</library>
--- 
-2.50.1
-

data/patches/libxml2/0023-CVE-2025-49794-CVE-2025-49796-schematron-Fix-xmlSche.patch

@@ -1,182 +0,0 @@
-From 81cef8c5b5aec2acdf5707e57a6db0c8d1d0abca Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 4 Jul 2025 14:28:26 +0200
-Subject: [PATCH 8/9] [CVE-2025-49794] [CVE-2025-49796] schematron: Fix
- xmlSchematronReportOutput
-
-Fix use-after-free (CVE-2025-49794) and type confusion (CVE-2025-49796)
-in xmlSchematronReportOutput.
-
-Fixes #931.
-Fixes #933.
----
- result/schematron/cve-2025-49794_0.err |  2 ++
- result/schematron/cve-2025-49796_0.err |  2 ++
- schematron.c                           | 49 ++++++++++++++------------
- test/schematron/cve-2025-49794.sct     | 10 ++++++
- test/schematron/cve-2025-49794_0.xml   |  6 ++++
- test/schematron/cve-2025-49796.sct     |  9 +++++
- test/schematron/cve-2025-49796_0.xml   |  3 ++
- 7 files changed, 58 insertions(+), 23 deletions(-)
- create mode 100644 result/schematron/cve-2025-49794_0.err
- create mode 100644 result/schematron/cve-2025-49796_0.err
- create mode 100644 test/schematron/cve-2025-49794.sct
- create mode 100644 test/schematron/cve-2025-49794_0.xml
- create mode 100644 test/schematron/cve-2025-49796.sct
- create mode 100644 test/schematron/cve-2025-49796_0.xml
-
-diff --git a/result/schematron/cve-2025-49794_0.err b/result/schematron/cve-2025-49794_0.err
-new file mode 100644
-index 00000000..57752310
---- /dev/null
-+++ b/result/schematron/cve-2025-49794_0.err
-@@ -0,0 +1,2 @@
-+./test/schematron/cve-2025-49794_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:  
-+./test/schematron/cve-2025-49794_0.xml fails to validate
-diff --git a/result/schematron/cve-2025-49796_0.err b/result/schematron/cve-2025-49796_0.err
-new file mode 100644
-index 00000000..bf875ee0
---- /dev/null
-+++ b/result/schematron/cve-2025-49796_0.err
-@@ -0,0 +1,2 @@
-+./test/schematron/cve-2025-49796_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:  
-+./test/schematron/cve-2025-49796_0.xml fails to validate
-diff --git a/schematron.c b/schematron.c
-index da603402..6e2ceeb7 100644
---- a/schematron.c
-+++ b/schematron.c
-@@ -1414,27 +1414,15 @@ xmlSchematronParse(xmlSchematronParserCtxtPtr ctxt)
-  *                                                                      *
-  ************************************************************************/
- 
--static xmlNodePtr
-+static xmlXPathObjectPtr
- xmlSchematronGetNode(xmlSchematronValidCtxtPtr ctxt,
-                      xmlNodePtr cur, const xmlChar *xpath) {
--    xmlNodePtr node = NULL;
--    xmlXPathObjectPtr ret;
--
-     if ((ctxt == NULL) || (cur == NULL) || (xpath == NULL))
-         return(NULL);
- 
-     ctxt->xctxt->doc = cur->doc;
-     ctxt->xctxt->node = cur;
--    ret = xmlXPathEval(xpath, ctxt->xctxt);
--    if (ret == NULL)
--        return(NULL);
--
--    if ((ret->type == XPATH_NODESET) &&
--        (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0))
--        node = ret->nodesetval->nodeTab[0];
--
--    xmlXPathFreeObject(ret);
--    return(node);
-+    return(xmlXPathEval(xpath, ctxt->xctxt));
- }
- 
- /**
-@@ -1480,25 +1468,40 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
-             (child->type == XML_CDATA_SECTION_NODE))
-             ret = xmlStrcat(ret, child->content);
-         else if (IS_SCHEMATRON(child, "name")) {
-+            xmlXPathObject *obj = NULL;
-             xmlChar *path;
- 
-             path = xmlGetNoNsProp(child, BAD_CAST "path");
- 
-             node = cur;
-             if (path != NULL) {
--                node = xmlSchematronGetNode(ctxt, cur, path);
--                if (node == NULL)
--                    node = cur;
-+                obj = xmlSchematronGetNode(ctxt, cur, path);
-+                if ((obj != NULL) &&
-+                    (obj->type == XPATH_NODESET) &&
-+                    (obj->nodesetval != NULL) &&
-+                    (obj->nodesetval->nodeNr > 0))
-+                    node = obj->nodesetval->nodeTab[0];
-                 xmlFree(path);
-             }
- 
--            if ((node->ns == NULL) || (node->ns->prefix == NULL))
--                ret = xmlStrcat(ret, node->name);
--            else {
--                ret = xmlStrcat(ret, node->ns->prefix);
--                ret = xmlStrcat(ret, BAD_CAST ":");
--                ret = xmlStrcat(ret, node->name);
-+            switch (node->type) {
-+                case XML_ELEMENT_NODE:
-+                case XML_ATTRIBUTE_NODE:
-+                    if ((node->ns == NULL) || (node->ns->prefix == NULL))
-+                        ret = xmlStrcat(ret, node->name);
-+                    else {
-+                        ret = xmlStrcat(ret, node->ns->prefix);
-+                        ret = xmlStrcat(ret, BAD_CAST ":");
-+                        ret = xmlStrcat(ret, node->name);
-+                    }
-+                    break;
-+
-+                /* TODO: handle other node types */
-+                default:
-+                    break;
-             }
-+
-+            xmlXPathFreeObject(obj);
-         } else if (IS_SCHEMATRON(child, "value-of")) {
-             xmlChar *select;
-             xmlXPathObjectPtr eval;
-diff --git a/test/schematron/cve-2025-49794.sct b/test/schematron/cve-2025-49794.sct
-new file mode 100644
-index 00000000..7fc9ee3d
---- /dev/null
-+++ b/test/schematron/cve-2025-49794.sct
-@@ -0,0 +1,10 @@
-+<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
-+    <sch:pattern id="">
-+        <sch:rule context="boo0">
-+            <sch:report test="not(0)">
-+                <sch:name path="&#9;e|namespace::*|e"/>
-+            </sch:report>
-+            <sch:report test="0"></sch:report>
-+        </sch:rule>
-+    </sch:pattern>
-+</sch:schema>
-diff --git a/test/schematron/cve-2025-49794_0.xml b/test/schematron/cve-2025-49794_0.xml
-new file mode 100644
-index 00000000..debc64ba
---- /dev/null
-+++ b/test/schematron/cve-2025-49794_0.xml
-@@ -0,0 +1,6 @@
-+<librar0>
-+    <boo0 t="">
-+        <author></author>
-+    </boo0>
-+    <ins></ins>
-+</librar0>
-diff --git a/test/schematron/cve-2025-49796.sct b/test/schematron/cve-2025-49796.sct
-new file mode 100644
-index 00000000..e9702d75
---- /dev/null
-+++ b/test/schematron/cve-2025-49796.sct
-@@ -0,0 +1,9 @@
-+<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
-+    <sch:pattern id="">
-+        <sch:rule context="boo0">
-+            <sch:report test="not(0)">
-+                <sch:name path="/"/>
-+            </sch:report>
-+        </sch:rule>
-+    </sch:pattern>
-+</sch:schema>
-diff --git a/test/schematron/cve-2025-49796_0.xml b/test/schematron/cve-2025-49796_0.xml
-new file mode 100644
-index 00000000..be33c4ec
---- /dev/null
-+++ b/test/schematron/cve-2025-49796_0.xml
-@@ -0,0 +1,3 @@
-+<librar0>
-+    <boo0/>
-+</librar0>
--- 
-2.50.1
-