Description of problem: I use a piece of software called SABnzbd+. It uses uses expat to parse xml for nzb files. After upgrading to expat-2.0.1-8.fc12 from expat-2.0.1-7.fc12 I found it no longer worked properly. I have traced it down to expat-1.95.8-CVE-2009-3560.patch. I tried individually disabling both patches, and found only expat-1.95.8-CVE-2009-3560.patch made a difference. I also tried expat's latest cvs, and found the same error. I have also tried replacing the example dtd with another example dtd from W3, and get the same type of error. It doesn't seem to like %variable. Version-Release number of selected component (if applicable): expat-2.0.1-8.fc12.x86_64 How reproducible: Everytime Steps to Reproduce: 1. Download ubuntu.nzb 2. Download nzb-1.0.dtd 3. Run xmlwf -p ubuntu.nzb Actual results: nzb-1.0.dtd:30:13: syntax error ubuntu.nzb:2:64: error in processing external entity reference Expected results: (No output) Additional info:
Created attachment 376638 [details] An example nzb file
Created attachment 376639 [details] An example dtd file that goes with the example nzb file
expat-2.0.1-8.1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/expat-2.0.1-8.1.fc12
The latest stable expat for Fedora 12 appears to still be 2.0.1-8 currently. This contains only the broken first expat patch for CVE-2009-3560, rather than the reworked patch. Comment 3 implies that a newer version was submitted, but I cannot find expat-2.0.1-8.1.fc12 in the updates list (the link in comment 3 doesn't work). Should this have made it into updates? I noticed that Fedora 13 appears to have the reworked version of the patch in expat-2.0.1-10.fc13 Please would it be possible for the same fix be pushed out for FC12, or at least the reworked patch integrated instead of the broken one?
expat-2.0.1-8.2.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/expat-2.0.1-8.2.fc12
Sorry, this dropped off my radar. Update now filed.
expat-2.0.1-8.2.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update expat'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/expat-2.0.1-8.2.fc12
This update is available through updates-testing. Please submit results of testing through the link: https://admin.fedoraproject.org/updates/expat-2.0.1-8.2.fc12
This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
expat-2.0.1-8.2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.