Subject: | FYI RHEL5's expat (1.95.8-8.3.el5_4.2), external DTD test failures |
Hello and Thanks for XML::Parser,
This is not a bug report for XML::Parser, but something that might look
like one.
If you are on RHEL5 and have expat-1.95.8-8.3.el5_4.2 as part of
http://rhn.redhat.com/errata/RHSA-2009-1625.html, see the links in the
errata for the CVE's and bugzilla. XML-Parser-2.34 (and 2.36) tests
will fail with:
t/decl.t
1..30
ok 1
syntax error at line 14, column 3, byte 214:
%ext;
<![%bar;[
==^
<!ATTLIST bar xyz (a|b|c) 'b'>
]]>
error in processing external entity reference at line 21, column 3, byte
3161:
<!ELEMENT bar ANY>
<!ATTLIST bar big CDATA 'This is a large string value to test whether
the declaration parser still works when the entity or attribute default
value may be broken into multiple calls to the default handler.
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
01234567890123456789012345678901234567890123456789012345678901234567890123456789
'>
]>
==^
<foo/>
at
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/XML/Parser.pm
line 187
and also
t/parament.t
1..12
ok 1
error in processing external entity reference at line 8, column 0, byte 173:
<!ENTITY more SYSTEM "t/ext2.ent">
]
Show quoted text
>
^
<foo>Happy, happy
<bar>&joy;, &joy;</bar>
at
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/XML/Parser.pm
line 187
This fails with RH's perl-XML-Parser (perl-XML-Parser-2.34-6.1.2.2.1),
and when building 2.34 or 2.36 from CPAN src distribution.
From what I have read, there was an issue introduced with the expat
changes for the CVE's, this was subsequently fixed in expat, but has not
made it yet into RH's expat.
I think this is the open bug:
https://bugzilla.redhat.com/show_bug.cgi?id=556415
Also see:
http://mail.libexpat.org/pipermail/expat-discuss/2009-December/thread.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561658
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166&view=patch
Cheers,
Peter (Stig) Edwards