perl-devel January 2006

perl-devel@lists.fedoraproject.org

6 participants
47 discussions

[Bug 171111] (libperl) could not run system-config-printer
by Red Hat Bugzilla 13 Jan '06

13 Jan '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: (libperl) could not run system-config-printer https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171111 ------- Additional Comments From rgarciasuarez(a)mandriva.com 2006-01-13 07:25 EST ------- This patch needed another core patch to work properly, I'm not sure why. See : https://rt.perl.org/rt3/Ticket/Display.html?id=38223 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 173793] New: CAN-2005-0448 perl File::Path.pm rmtree race condition
by Red Hat Bugzilla 09 Jan '06

09 Jan '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173793 Summary: CAN-2005-0448 perl File::Path.pm rmtree race condition Product: Fedora Core Version: fc4 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: normal Component: perl AssignedTo: jvdias(a)redhat.com ReportedBy: mjc(a)redhat.com QAContact: dkl(a)redhat.com CC: fedora-perl-devel-list@redhat.com,wtogami@redhat.com +++ This bug was initially created as a clone of Bug #157695 +++ Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CAN-2004-0452. http://marc.theaimsgroup.com/?l=bugtraq&m=111039131424834&w=2 attachment 114350 contains the ubuntu patch (it needs some cleaning up) -- Additional comment from wtogami(a)redhat.com on 2005-05-28 02:05 EST -- "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries" 5.8.4 means FC3 is unaffected because we have perl-5.8.5? Can someone confirm? -- Additional comment from bressers(a)redhat.com on 2005-05-28 08:41 EST -- Warren, I just took a look at the latest perl source, this issue has not been fixed by upstream. It's proving very hard to do right, which is probably why upstream hasn't done it yet. -- Additional comment from wtogami(a)redhat.com on 2005-05-31 06:40 EST -- https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=114350 Attachment to fix this security bug is from Ubuntu, but we require help cleaning it up and testing before issuing a FC3 update. Apparently this is a difficult problem to fix, and this is our second attempt doing so. =( -- Additional comment from prockai(a)redhat.com on 2005-06-15 14:01 EST -- Created an attachment (id=115494) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=115494&action=view) debian's 03_fix_file_path Why not just use the debian patch? (attached) -- Additional comment from prockai(a)redhat.com on 2005-06-16 04:22 EST -- Assigning to self. -- Additional comment from prockai(a)redhat.com on 2005-06-16 08:15 EST -- Patched in CVS. Testing requested - if anyone has an exploit or something like that, please try out. The testsuite passes exactly like before patching, but regression testing is welcome as well. -- Additional comment from prockai(a)redhat.com on 2005-07-28 09:07 EST -- Fixed in FC3 update perl-5.8.5-14.FC3 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 2

[Bug 157695] CAN-2005-0448 perl File::Path.pm rmtree race condition
by Red Hat Bugzilla 09 Jan '06

09 Jan '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CAN-2005-0448 perl File::Path.pm rmtree race condition https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157695 bressers(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |impact=low,public=20050309,s | |ource=cve,reported=20050314 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 176154] New: Possible memory corruption: ioctl overflowed 3rd argument
by Red Hat Bugzilla 09 Jan '06

09 Jan '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176154 Summary: Possible memory corruption: ioctl overflowed 3rd argument Product: Fedora Core Version: fc4 Platform: i386 URL: http://www.livejournal.com/users/gkra/23220.html OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: perl AssignedTo: jvdias(a)redhat.com ReportedBy: gkra(a)ucsd.edu QAContact: dkl(a)redhat.com CC: fedora-perl-devel-list(a)redhat.com >From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7 Description of problem: When using the CDDB_get perl module to extract the CD ID from the compact disc in a CD or DVD drive (IDE, SCSI or FireWire), I get the error "Possible memory corruption: ioctl overflowed 3rd argument at /usr/lib/perl5/site_perl/5.8.5/CDDB_get.pm line 135". This is in a perl script I wrote to rip & tag MP3s from my CD collection. I installed the CDDB_get module from CPAN via the cpan2rpm package, which was itself installed via yum from the default Fedora Core 4 repositories. This operation worked without error on the non-updated FC4 (fresh install). I realized I hadn't done an update in quite some time, and after using "up2date --update" and restarting the system to boot into the new kernel, this error presented itself. Version-Release number of selected component (if applicable): perl-5.8.6-22 How reproducible: Always Steps to Reproduce: 1. Install FC4 and all latest updates 2. Install cpan2rpm via up2date or yum 3. Install CDDB_get using cpan2rpm 4. Boot system into init level 3 (to keep X & desktop environs from interfering) 5. Insert an audio CD into the CD drive. 6. Download my cddbtest.pl script (http://www.unnerving.org/projects/bugreports/fc4_perl_ioctl/cddbtest.pl) Actual Results: script gives this error message: Possible memory corruption: ioctl overflowed 3rd argument at /usr/lib/perl5/site_perl/5.8.5/CDDB_get.pm line 135. Expected Results: Successful read of the CD, followed by output of CDDB info for the inserted audio CD. Additional info: Test script, script output and strace: http://www.unnerving.org/projects/bugreports/fc4_perl_ioctl/ Some additional information was provided in one of the comments to my journal entry regarding this issue: http://www.livejournal.com/users/gkra/23220.html -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 6

[Bug 167354] Review Request: amavisd-new
by Red Hat Bugzilla 08 Jan '06

08 Jan '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: amavisd-new https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167354 ------- Additional Comments From Nicolas.Mailhot(a)laPoste.net 2006-01-08 07:51 EST ------- A new perl-Net-Server will be pushed to FE soonish. Please test -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 176902] New: whitelist_from doesn't work.
by Red Hat Bugzilla 04 Jan '06

04 Jan '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176902 Summary: whitelist_from doesn't work. Product: Fedora Core Version: devel Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: spamassassin AssignedTo: wtogami(a)redhat.com ReportedBy: davej(a)redhat.com CC: fedora-perl-devel- list@redhat.com,felicity@kluge.net,jm@jmason.org,parkerm @pobox.com,reg+redhat@sidney.com,wtogami@redhat.com my ~/.spamassassin/user_prefs contains .. whitelist_from davem(a)davemloft.net yet for some reason, SA ignores this, and still files davem's mails as spam. X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on nwo.kernelslacker.org X-Spam-Level: ***** X-Spam-Status: Yes, score=5.9 required=5.0 tests=HELO_DYNAMIC_DHCP, HELO_DYNAMIC_HCC autolearn=no version=3.1.0 X-Spam-Report: * 2.7 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) * 3.3 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) No mention of whitelisting in the header at all. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 10

Remove perl-RPM2 from FC
by Warren Togami 02 Jan '06

02 Jan '06

Can we remove perl-RPM2 from FC? AFAICT nothing depends on it and I haven't seen anyone actually rely on it. Any objections from the Fedora Perl Devel team? Warren Togami wtogami(a)redhat.com

3 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel January 2006