Fix CVE-2017-7375:

https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
https://security-tracker.debian.org/tracker/CVE-2017-7375

Patch copied from upstream source repository:

https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
From: Neel Mehta <nmehta@google.com>
Date: Fri, 7 Apr 2017 17:43:02 +0200
Subject: [PATCH] Prevent unwanted external entity reference

For https://bugzilla.gnome.org/show_bug.cgi?id=780691

* parser.c: add a specific check to avoid PE reference
---
 parser.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/parser.c b/parser.c
index 609a2703..c2c812de 100644
--- a/parser.c
+++ b/parser.c
@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
 	    if (xmlPushInput(ctxt, input) < 0)
 		return;
 	} else {
+	    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
+	        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
+		((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
+		((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
+		((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
+		(ctxt->replaceEntities == 0) &&
+		(ctxt->validate == 0))
+		return;
+
 	    /*
 	     * TODO !!!
 	     * handle the extra spaces added before and after
-- 
2.14.1

cm?id=2e3b1a92f4df656a0e678b6461d17d08db67e894'>commit</a><a href='/guix/diff/gnu/packages/readline.scm?id=2e3b1a92f4df656a0e678b6461d17d08db67e894'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/readline.scm'>
<input type='hidden' name='id' value='2e3b1a92f4df656a0e678b6461d17d08db67e894'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=2e3b1a92f4df656a0e678b6461d17d08db67e894'>root</a>/<a href='/guix/log/gnu?id=2e3b1a92f4df656a0e678b6461d17d08db67e894'>gnu</a>/<a href='/guix/log/gnu/packages?id=2e3b1a92f4df656a0e678b6461d17d08db67e894'>packages</a>/<a href='/guix/log/gnu/packages/readline.scm?id=2e3b1a92f4df656a0e678b6461d17d08db67e894'>readline.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/readline.scm?id=2e3b1a92f4df656a0e678b6461d17d08db67e894&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2017-03-30 01:30:16 +0200'>2017-03-30</span></td><td><a href='/guix/commit/gnu/packages/readline.scm?id=6fd52309b8f52c9bb59fccffac53e029ce94b698'>gnu: Use HTTPS for almost all gnu.org HOME-PAGEs.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2016-12-07 10:23:17 +0100'>2016-12-07</span></td><td><a href='/guix/commit/gnu/packages/readline.scm?id=ae12d586275cdd96db23fb01bf840b2055b5b979'>gnu: readline: support mingw.</a><span class='msg-avail'>...</span></td><td>Jan Nieuwenhuizen</td></tr>
<tr><td><span title='2016-11-13 17:01:01 -0500'>2016-11-13</span></td><td><a href='/guix/commit/gnu/packages/readline.scm?id=d9721bcf27a049a87ee54701b8cb8e38dffd1a44'>gnu: readline-6.2: Fix CVE-2014-2524.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2016-10-01 00:00:02 +0200'>2016-10-01</span></td><td><a href='/guix/commit/gnu/packages/readline.scm?id=0c64d8564f9a4a7f6d6c9e5013e25193c598332d'>gnu: readline: Update to 7.0.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2016-07-17 08:56:03 +0300'>2016-07-17</span></td><td><a href='/guix/commit/gnu/packages/readline.scm?id=a2285798832daa6b4d33aac3382171ec25ea032d'>gnu: Add rlwrap.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>