Bug 755377

Summary:	libexpat1-2.0.1-109.4.1 couses an error for miranda clients connecting to ejabber
Product:	[openSUSE] openSUSE 12.1	Reporter:	Андрей Кувшинов <m407>
Component:	Other	Assignee:	Vojtech Dziewiecki <vdziewiecki>
Status:	VERIFIED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P2 - High	CC:	meissner, security-team
Version:	Final
Target Milestone:	---
Hardware:	i586
OS:	openSUSE 12.1
Whiteboard:	maint:released:sle11-sp1:46966
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	This patch is IMO the bare minimum to fix #bnc750914 Ok this one works.

Description Андрей Кувшинов 2012-04-03 06:50:08 UTC

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0

After updating libexpat1 from 2.0.1-109.1.4 to 2.0.1-109.4.1 Windows ejabber clients (Miranda IM) couldn't connect to ejabberd-2.1.10-3.1 with an error xml-not-well-formed.

Reproducible: Always

Steps to Reproduce:
1. Install ejabberd from obs://build.opensuse.org/devel:languages:erlang
2. Setup a basic config for ejabberd
3. Update you system from the Update-repo
4. Try to connect Miranda IM to you server
Actual Results:  
Client gets "xml-not-well-formed"

Expected Results:  
Established connection

Kopete and windows latest PSI clients connect smoothly. Miranda IM connects spontaneously only after 5-10 minutes.

May be this bug should be addressed to obs://build.opensuse.org/devel:languages:erlang maintainers.

Comment 1 Marcus Meissner 2012-04-04 13:03:32 UTC

we might have released a buggy expat security update.

Comment 2 Vojtech Dziewiecki 2012-04-11 15:30:56 UTC

Created attachment 485662 [details]
This patch is IMO the bare minimum to fix #bnc750914

The one released in the update contained some additional unnecessary hunks, I apologise for that, but it is not the cause. 
I tried running ejabberd with this one, then connecting from miranda, and the issue still exists. 
I can connect successfully if I install the new version of expat from factory, so I will try to find some way to fix this AND #bnc750914 with as few changes to expat as possible.

Comment 3 Vojtech Dziewiecki 2012-04-12 10:23:02 UTC

Created attachment 485805 [details]
Ok this one works.

I tried it and miranda connects as it should.
I will replace the old patch with this one and submit it.

Comment 4 Vojtech Dziewiecki 2012-04-12 11:51:42 UTC

Андрей, you can get the fixed packages from:
http://download.opensuse.org/repositories/home:/vdziewiecki:/branches:/OBS_Maintained:/expat/openSUSE_12.1_Update/

I have also submitted this fix as maintenance request #sr113333.

Comment 5 Vojtech Dziewiecki 2012-04-12 12:05:23 UTC

Андрей, could you please try those fixed packages and tell me if they solved your problem? Thanks

Comment 6 Андрей Кувшинов 2012-04-12 12:49:57 UTC

Thank you! I'll check it as soon as possible.

Comment 7 Benjamin Brunner 2012-04-18 16:28:03 UTC

Андрей can you already verify that the fix works?

Comment 8 Vojtech Dziewiecki 2012-04-19 07:43:45 UTC

Андрей, you can get the fixed packages from:
http://download.opensuse.org/repositories/home:/vdziewiecki/
Sorry for the confusion, the link I mentioned before doesn't work any more.

Comment 15 Swamp Workflow Management 2012-04-23 10:10:36 UTC

openSUSE-RU-2012:0549-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 755377
CVE References: 
Sources used:
openSUSE 12.1 (src):    expat-2.0.1-109.7.1
openSUSE 11.4 (src):    expat-2.0.1-102.108.1

Comment 16 Андрей Кувшинов 2012-04-23 11:30:39 UTC

(In reply to comment #8)
> Андрей, you can get the fixed packages from:
> http://download.opensuse.org/repositories/home:/vdziewiecki/
> Sorry for the confusion, the link I mentioned before doesn't work any more.

Sorry for the time you've waited. Tested your package libexpat1-2.0.1-1.1 (it has version lower than libexpat1 in OSS).
Works fine.

Comment 17 Vojtech Dziewiecki 2012-04-23 12:19:42 UTC

Thanks!

Comment 19 Bernhard Wiedemann 2012-04-26 06:00:08 UTC

This is an autogenerated message for OBS integration:
This bug (755377) was mentioned in
https://build.opensuse.org/request/show/115562 Evergreen:11.2 / expat

Comment 20 Vojtech Dziewiecki 2012-04-26 06:40:14 UTC

Ok, I guess we are done with this :)

Comment 21 Bernhard Wiedemann 2012-04-27 08:03:44 UTC

This is an autogenerated message for OBS integration:
This bug (755377) was mentioned in
https://build.opensuse.org/request/show/115789 Evergreen:11.2 / expat

Comment 22 Swamp Workflow Management 2012-06-20 18:51:28 UTC

Update released for: expat, expat-debuginfo, expat-debuginfo-32bit, expat-debuginfo-64bit, expat-debuginfo-x86, expat-debugsource, libexpat-devel, libexpat1, libexpat1-32bit, libexpat1-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)