https://bugzilla.redhat.com/show_bug.cgi?id=1163295
Bug ID: 1163295
Summary: perl-Sort-Key-1.33 is available
Product: Fedora
Version: rawhide
Component: perl-Sort-Key
Keywords: FutureFeature, Triaged
Assignee: psabata(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: iarnell(a)gmail.com, perl-devel(a)lists.fedoraproject.org,
psabata(a)redhat.com
Latest upstream release: 1.33
Current version/release in Fedora Rawhide: 1.32-7.fc22
URL: http://search.cpan.org/dist/Sort-Key/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://github.com/fedora-infra/anitya/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ViBSSor8nd&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1150091
Bug ID: 1150091
Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla:
security fixes release
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br, mcepl(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Upstream has issued an advisory today (October 6):
http://www.bugzilla.org/security/4.0.14/
Class: Unauthorized Account Creation
Versions: 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: An attacker creating a new Bugzilla account can override certain
parameters when finalizing the account creation that can lead to
the
user being created with a different email address than originally
requested. The overridden login name could be automatically added
to groups based on the group's regular expression setting.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
CVE Number: CVE-2014-1572
Class: Cross-Site Scripting
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: During an audit of the Bugzilla code base, several places
were found where cross-site scripting exploits could occur which
could allow an attacker to access sensitive information.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
CVE Number: CVE-2014-1573
Class: Information Leak
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: If a new comment was marked private to the insider group, and a
flag
was set in the same transaction, the comment would be visible to
flag recipients even if they were not in the insider group.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE Number: CVE-2014-1571
Class: Social Engineering
Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: Search results can be exported as a CSV file which can then be
imported into external spreadsheet programs. Specially formatted
field values can be interpreted as formulas which can be executed
and used to attack a user's computer.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0XmWcvadmK&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1029710
Bug ID: 1029710
Summary: Amavisd fails to identify attached zipped files with
.exe extensions
Product: Fedora EPEL
Version: el6
Component: amavisd-new
Severity: medium
Assignee: steve(a)silug.org
Reporter: s10dal(a)elrepo.org
QA Contact: extras-qa(a)fedoraproject.org
CC: janfrode(a)tanso.net, kanarip(a)kanarip.com,
perl-devel(a)lists.fedoraproject.org, steve(a)silug.org
Description of problem:
Mail attachments containing zipped files with .exe extensions are not properly
identified due to a failure of 7za (p7zip) as called by amavisd to correctly
list the contents of the zipped file. Based on maillog errors, the failure
appears to be due to an improperly composed 7za option, specifically -w not
being separated from the target by a separator (e.g., space character).
Manually executing 7za using the options noted in the maillog error (see below)
demonstrates the need to insert a separator between the -w option and the
target.
Fails: $ 7za l -slt -w./contains_exe.zip
Works: $ 7za l -slt -w ./contains_exe.zip
Also, this issue may be specific to EL6. This issue came to my attention
because an EL6 mail server acting as a Backup MX for an EL5 mail server was
forwarding zipped exe attachments, which were correctly identified and
quarantined on the EL5 system.
Version-Release number of selected component (if applicable):
# uname -rpmi
2.6.32-358.23.2.el6.i686 i686 i686 i386
# rpm -q amavisd-new p7zip
amavisd-new-2.8.0-4.el6.noarch
p7zip-9.20.1-2.el6.i686
How reproducible:
Very. Observed on 3 EL6 mail servers.
Steps to Reproduce:
1. Install/configure postfix, amavisd-new, clam\*, etc.
2. Create a test attachment:
$ touch test.exe
$ 7za a -tzip test_exe.zip test.exe
3. Send a mail with test_exe.zip attached
4. Check /var/log/maillog for the specific error
Actual results:
From /var/log/maillog:
Nov 12 17:17:46 Mail amavis[1568]: (28807-12) (!)run_command: child process
[1568]: run_command: failed to exec /usr/bin/7za l -slt
-w/var/spool/amavisd/tmp/amavis-20131112T051218-28807-HPbWePoN/parts --
/var/spool/amavisd/tmp/amavis-20131112T051218-28807-HPbWePoN/parts/p002: 13 at
/usr/sbin/amavisd line 4062.
Nov 12 17:17:46 Mail amavis[28807]: (28807-12) (!)Decoding of p002 (Zip archive
data, at least v1.0 to extract) failed, leaving it unpacked: do_7zip: can't get
a list of archive members: exit 6; at (eval 117) line 781.
Expected results:
Identify zipped exe file as such.
Additional info:
It may not be relevant to the observed error, but 8 months ago, amavisd-new and
clam\* were converted from RepoForge/RPMforge versions to EPEL versions. Except
for a few initial hiccups, the mail servers have been running without apparent
issues until the current 7za issue was observed.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=KMKdGzsZdn&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=984185
Bug ID: 984185
Summary: perl should be a hardened build
Product: Fedora
Version: 18
Component: perl
Severity: unspecified
Priority: unspecified
Assignee: mmaslano(a)redhat.com
Reporter: h.reindl(a)thelounge.net
QA Contact: extras-qa(a)fedoraproject.org
CC: cweyl(a)alumni.drew.edu, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
perl is often used for long running services (mailgraph, smokeping, postgrey..)
as well as called from webservers with untrusted input
so it should be "Full RELRO" and PIE
http://fedoraproject.org/wiki/Packaging:Guidelines#PIE
______________________________________________________
If your package meets any of the following criteria you MUST enable the PIE
compiler flags:
Your package is long running. This means it's likely to be started and keep
running until the machine is rebooted, not start on demand and quit on idle.
Your package has suid binaries, or binaries with capabilities.
Your package runs as root.
If your package meets the following criteria you should consider enabling the
PIE compiler flags:
Your package accepts/processes untrusted input.
______________________________________________________
[root@srv-rhsoft:~]$ checksec --file /usr/bin/perl
RELRO STACK CANARY NX PIE RPATH
RUNPATH FILE
Partial RELRO Canary found NX enabled No PIE RPATH
RUNPATH /usr/bin/perl
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=YABEZK214w&a=cc_unsubscribe
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Missing Dependencies postgresql-plperl and perl-BDB-Pg > 2.0
https://bugzilla.redhat.com/show_bug.cgi?id=570321
Summary: Missing Dependencies postgresql-plperl and perl-BDB-Pg
> 2.0
Product: Fedora EPEL
Version: el5
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: bucardo
AssignedTo: itamar(a)ispbrasil.com.br
ReportedBy: james.t.saint-rossy(a)nasa.gov
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-perl-devel-list(a)redhat.com,
itamar(a)ispbrasil.com.br
Classification: Fedora
Description of problem:
Installing bucardo-4.4.0-2.el5 fails with missing dependencies.
postgresql-plperl and perl-bdb-pg >= 2.0 do not exist in either the default or
epel repositories.
Version-Release number of selected component (if applicable):
bucardo-4.4.0-2.el5
How reproducible:
Always
Steps to Reproduce:
1. yum install bucardo
Actual results:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: mirror.skiplink.com
* base: mirror.cogentco.com
* epel: mirrors.tummy.com
* extras: mirrors.serveraxis.net
* updates: mirror.san.fastserv.com
addons | 951 B 00:00
base | 2.1 kB 00:00
epel | 3.4 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bucardo.noarch 0:4.4.0-2.el5 set to be updated
--> Processing Dependency: perl(DBD::Pg) >= 2.0 for package: bucardo
--> Processing Dependency: postgresql-plperl for package: bucardo
--> Processing Dependency: perl(DBD::Pg) for package: bucardo
--> Processing Dependency: perl(DBIx::Safe) for package: bucardo
--> Running transaction check
---> Package bucardo.noarch 0:4.4.0-2.el5 set to be updated
--> Processing Dependency: perl(DBD::Pg) >= 2.0 for package: bucardo
--> Processing Dependency: postgresql-plperl for package: bucardo
---> Package perl-DBD-Pg.i386 0:1.49-2.el5_3.1 set to be updated
---> Package perl-DBIx-Safe.noarch 0:1.2.5-6.el5 set to be updated
--> Finished Dependency Resolution
bucardo-4.4.0-2.el5.noarch from epel has depsolving problems
--> Missing Dependency: postgresql-plperl is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
bucardo-4.4.0-2.el5.noarch from epel has depsolving problems
--> Missing Dependency: perl(DBD::Pg) >= 2.0 is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
Error: Missing Dependency: postgresql-plperl is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
Error: Missing Dependency: perl(DBD::Pg) >= 2.0 is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest
Expected results:
Package successfully installs
Additional info:
Tested on Centos 5.4 and RHEL 5.4
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: missing dependancy on perl-Email-Simple-Creator
https://bugzilla.redhat.com/show_bug.cgi?id=783468
Summary: missing dependancy on perl-Email-Simple-Creator
Product: Fedora EPEL
Version: el5
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: perl-Email-MIME-Creator
AssignedTo: tcallawa(a)redhat.com
ReportedBy: carl.johnstone(a)onthebeach.co.uk
QAContact: extras-qa(a)fedoraproject.org
CC: tcallawa(a)redhat.com, fedora-perl-devel-list(a)redhat.com
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Description of problem:
The perl-Email-MIME-Creator package has a missing dependency on
Email::Simple::Creator / perl-Email-Simple-Creator
Version-Release number of selected component (if applicable):
perl-Email-MIME-Creator.noarch 0:1.453-2.el5
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Missing Requires: perl(Clone)
https://bugzilla.redhat.com/show_bug.cgi?id=706721
Summary: Missing Requires: perl(Clone)
Product: Fedora EPEL
Version: el5
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: perl-Hash-Merge
AssignedTo: tcallawa(a)redhat.com
ReportedBy: redhat-bugzilla(a)camperquake.de
QAContact: extras-qa(a)fedoraproject.org
CC: tcallawa(a)redhat.com, iarnell(a)gmail.com,
fedora-perl-devel-list(a)redhat.com
Classification: Fedora
Story Points: ---
Description of problem:
perl-Hash-Merge requires perl(Clone), but the spec does not reflect this.
Version-Release number of selected component (if applicable):
perl-Hash-Merge-0.11-2.el5
How reproducible:
Look at /usr/lib/perl5/vendor_perl/5.8.8/Hash/Merge.pm, line 231
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: [PATCH] DateTime should be rebuilt on tzdata updates
https://bugzilla.redhat.com/show_bug.cgi?id=703101
Summary: [PATCH] DateTime should be rebuilt on tzdata updates
Product: Fedora EPEL
Version: el5
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: perl-DateTime
AssignedTo: tremble(a)tremble.org.uk
ReportedBy: lkundrak(a)v3.sk
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-perl-devel-list(a)redhat.com,
tremble(a)tremble.org.uk
Classification: Fedora
Story Points: ---
Description of problem:
tzdata package updates and new time zones are added from time to time (such as
Asia/Kolkata). As DateTime contains files generated from it, it should be
rebuilt on each such update.
The patch attached adds an explicit dependency on specific version of tzdata,
so that it would disallow updates in case of tzdata rebuild w/o DateTime
rebuilt, so that it would no go unnoticed.
Additional info:
At the very least, even if the patch is rejected, please trigger a DateTime
rebuild. Maybe coordinate with tzdata maintainer on future updates.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: cpanspec error: Dest dir longer than base dir is not supported
https://bugzilla.redhat.com/show_bug.cgi?id=757089
Summary: cpanspec error: Dest dir longer than base dir is not
supported
Product: Fedora
Version: 16
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: cpanspec
AssignedTo: steve(a)silug.org
ReportedBy: kas(a)fi.muni.cz
QAContact: extras-qa(a)fedoraproject.org
CC: steve(a)silug.org, fedora-perl-devel-list(a)redhat.com
Classification: Fedora
Story Points: ---
Type: ---
Description of problem:
I am trying to build some CPAN modules as RPMs (namely Env::C and
IO::Socket::Multicast), but the build fails with the following error:
[...]
extracting debug info from
/root/rpmbuild/BUILDROOT/perl-Env-C-0.08-1.fc16.x86_64/usr/lib64/perl5/vendor_perl/auto/Env/C/C.so
Dest dir longer than base dir is not supported
error: Bad exit status from /var/tmp/rpm-tmp.LI9AHv (%install)
I am not sure why the length of both paths should matter at all, but the cause
of the problem is that cpanspec sets up too long buildroot.
Taking the generated spec file, shortening the buildroot path, and rebuilding
the package using the modified spec file works for me
Before:
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
After:
BuildRoot: %{_tmppath}/%{name}
Version-Release number of selected component (if applicable):
cpanspec-1.78-9.fc16.noarch
How reproducible:
100 %
Steps to Reproduce:
1. cpanspec --build Env::C
Actual results:
build fails with the above error message
Expected results:
perl-Env-C binary and source RPMs should be built
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.