August 2014 - perl-devel - Fedora Mailing-Lists

[Bug 839612] New: FTBFS perl-Unix-Statgrab-0.04-14.fc18

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=839612 Bug ID: 839612 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified URL: https://koji.fedoraproject.org/koji/taskinfo?taskID=42 36283 Version: rawhide Priority: unspecified CC: oliver(a)linux-kernel.at, perl-devel(a)lists.fedoraproject.org, steve(a)silug.org Assignee: steve(a)silug.org Summary: FTBFS perl-Unix-Statgrab-0.04-14.fc18 Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: ppisar(a)redhat.com Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: perl-Unix-Statgrab Product: Fedora perl-Unix-Statgrab-0.04-14.fc18 does not build in F18: Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.FI62R4 + umask 022 + cd /builddir/build/BUILD + cd Unix-Statgrab-0.04 + unset DISPLAY + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/0_pod.t ........... ok t/0_pod_coverage.t .. ok t/Unix-Statgrab.t ... Failed 1/22 subtests Test Summary Report ------------------- t/Unix-Statgrab.t (Wstat: 11 Tests: 21 Failed: 0) Non-zero wait status: 11 Parse errors: Bad plan. You planned 22 tests but ran 21. Files=3, Tests=23, 0 wallclock secs ( 0.04 usr 0.00 sys + 0.15 cusr 0.03 csys = 0.22 CPU) Result: FAIL Failed 1/3 test programs. 0/23 subtests failed. make: *** [test_dynamic] Error 255 This happens with perl 5.16.0. I guess the test plan is wrong or the perl segfaults. -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 7 months

1
12
0 / 0

[Bug 1128978] New: perl-Plack: trailing slashes removed leading to source code disclosure

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1128978 Bug ID: 1128978 Summary: perl-Plack: trailing slashes removed leading to source code disclosure Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mmcallis(a)redhat.com CC: jose.p.oliveira.oss(a)gmail.com, perl-devel(a)lists.fedoraproject.org, rc040203(a)freenet.de Plack 1.0031 fixes the following security issue: - Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files (avar) #446 Upstream fix: https://github.com/avar/Plack/commit/bc1731dbb53850c380875ad683cd87c8ec99... References: https://github.com/plack/Plack/issues/405 http://seclists.org/oss-sec/2014/q3/345 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3o7im6lCPi&a=cc_unsubscribe

8 years, 9 months

1
8
0 / 0

[Bug 1110723] New: CVE-2014-0477 perl-Email-Address: Denial-of-Service in Email::Address::parse

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1110723 Bug ID: 1110723 Summary: CVE-2014-0477 perl-Email-Address: Denial-of-Service in Email::Address::parse Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: perl-devel(a)lists.fedoraproject.org, rob.myers(a)gtri.gatech.edu, tcallawa(a)redhat.com It was discovered [1] that there's a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation[2]. Email::Address::parse uses significant time on parsing empty quoted string, as allowed by RFC 2822. Suggested fix was applied upstream as [3] contained in a new upstream version 1.905[4] which contain additional commits to avoid slowdowns. External References: [1] http://seclists.org/oss-sec/2014/q2/563 [2] https://metacpan.org/release/Email-Address [3] https://github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762... [4] https://github.com/rjbs/Email-Address/blob/master/Changes -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=O6OgIb7i9P&a=cc_unsubscribe

8 years, 9 months

1
16
0 / 0

[Bug 1131085] New: perl-Task-Kensho-Toolchain-0.37 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1131085 Bug ID: 1131085 Summary: perl-Task-Kensho-Toolchain-0.37 is available Product: Fedora Version: rawhide Component: perl-Task-Kensho-Toolchain Keywords: FutureFeature, Triaged Assignee: jplesnik(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com Latest upstream release: 0.37 Current version/release in Fedora Rawhide: 0.36-2.fc21 URL: http://search.cpan.org/dist/Task-Kensho-Toolchain/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dzwL4bX8pS&a=cc_unsubscribe

8 years, 9 months

1
6
0 / 0

[Bug 750805] New: Fails to build on ARM, needs to use default setjmp not ucontext

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: Fails to build on ARM, needs to use default setjmp not ucontext https://bugzilla.redhat.com/show_bug.cgi?id=750805 Summary: Fails to build on ARM, needs to use default setjmp not ucontext Product: Fedora Version: 15 Platform: Unspecified OS/Version: Unspecified Status: NEW Severity: unspecified Priority: unspecified Component: perl-Coro AssignedTo: ppisar(a)redhat.com ReportedBy: henrik(a)henriknordstrom.net QAContact: extras-qa(a)fedoraproject.org CC: fedora-perl-devel-list(a)redhat.com, mmaslano(a)redhat.com, kwizart(a)gmail.com, bochecha(a)fedoraproject.org, ppisar(a)redhat.com Classification: Fedora Story Points: --- Type: --- Description of problem: ARM do not implement the needed ucontext functions, and need to use the default setjmp method. This is normally the default, except that fedora patches it to hardwire ucontext as default method.. Version-Release number of selected component (if applicable): perl-Coro-5.372-3.fc15 How reproducible: always Steps to Reproduce: 1. Try to rebuild perl-Coro on arm 2. 3. Actual results: failed build, crashing in testsuite Expected results: successful build Additional info: Trivial spec file patch attached. Please apply patch and sumbit a F15 koji build from which arm can pull the srpm. update request is not stricty needed if the only change relative to current F15 build is this patch. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

8 years, 9 months

1
18
0 / 0

[Bug 1068706] New: Password prompt matching requires colon, which may be missing

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1068706 Bug ID: 1068706 Summary: Password prompt matching requires colon, which may be missing Product: Fedora Version: 20 Component: perl-Net-SFTP-Foreign Severity: low Assignee: fedorapkg(a)rule.lv Reporter: ejtr(a)layer3.co.uk QA Contact: extras-qa(a)fedoraproject.org CC: fedorapkg(a)rule.lv, perl-devel(a)lists.fedoraproject.org Description of problem: Net::SFTP::Foreign's password prompt matching code goes into a permanent loop when the remote server supplies a prompt without a trailing colon. Version-Release number of selected component (if applicable): perl-Net-SFTP-Foreign-1.75-3.fc20.noarch.rpm How reproducible: When testing Net::SFTP::Foreign against an "unusual" host which supported keyboard-interactive authentication, and thus generated a server-supplied password prompt, it was found that the host in question had a prompt of the form "username's password", rather than the more usual "username@host's password: " as seen from OpenSSH client code supporting the password authentication mode. As a consequence, the Net::SFTP::Foreign module simply sulked waiting for a colon. Looking at the relevant /usr/share/perl5/vendor_perl/Net/SFTP/Foreign/Backend/Unix.pm code file, we find the following code fragment: ..... debug and $debug & 65536 and _debug "looking for user/password prompt"; my $re = ( defined $password_prompt ? $password_prompt : qr/(user|name|login)?[:?]\s*$/i ); $debug and $debug & 65536 and _debug "matching against $re"; if (substr($buffer, $at) =~ $re) { if ($ask_for_username_at_login and ($ask_for_username_at_login ne 'auto' or defined $1)) { $debug and $debug & 65536 and _debug "sending username"; print $pty "$user\n"; undef $ask_for_username_at_login; } else { $debug and $debug & 65536 and _debug "sending password"; print $pty "$pass\n"; $password_sent = 1; } $at = length $buffer; } ..... In the absence of the $password_prompt setting, $re only matches a password prompt containing the string "password" if it contains a colon or question-mark after the word "password". The code is also questionable in being capable of sending a password in response to a prompt which contains only a colon followed by whitespace; I feel it ought to at least see the word "password" or "passphrase". The code also uses the $password_prompt variable to match against a potential username prompt, which is questionable. I believe it would be better to more completely separate the user and password prompt matching with different Regex's, and avoid being able to match against the short ":" string alone, and cope with the unusual condition of a missing colon. This recoding of the relevant block is a potential solution: ..... $debug and $debug & 65536 and _debug "looking for user/password prompt"; my $reuser = qr/(user|name|login)([:?])?\s*$/i; my $repass = ( defined $password_prompt ? $password_prompt : qr/(password|passphrase)([:?])?\s*$/i ); if (substr($buffer, $at) =~ $reuser) { $debug and $debug & 65536 and _debug "matched against $reuser"; if ($ask_for_username_at_login and ($ask_for_username_at_login ne 'auto' or defined $1)) { $debug and $debug & 65536 and _debug "sending username"; print $pty "$user\n"; undef $ask_for_username_at_login; } $at = length $buffer; } elsif (substr($buffer, $at) =~ $repass) { $debug and $debug & 65536 and _debug "matched against $repass"; $debug and $debug & 65536 and _debug "sending password"; print $pty "$pass\n"; $password_sent = 1; $at = length $buffer; } .... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SXtN9EENTL&a=cc_unsubscribe

8 years, 10 months

1
4
0 / 0

[Bug 1135624] New: perl-Clipboard: insecure temporary file usage

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1135624 Bug ID: 1135624 Summary: perl-Clipboard: insecure temporary file usage Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vdanen(a)redhat.com CC: iarnell(a)gmail.com, mkreder(a)gmail.com, perl-devel(a)lists.fedoraproject.org It was reported [1],[2] that the clipedit program as shipped with perl-Clipboard uses temporary files insecurely (based on the PID of the running program). Using symlink attacks, an attacker could cause the deletion of arbitrary files that the user running clipedit has write access to. [...] 7 my $tmpfilename = "/tmp/clipedit$$"; 8 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!"; 9 print $tmpfile $orig; 10 close $tmpfile; [...] 13 system($ed, $tmpfilename); 14 15 open $tmpfile, $tmpfilename or die "Failure to open $tmpfilename: $!"; 16 my $edited = join '', <$tmpfile>; [...] 49 unlink($tmpfilename) or die "Couldn't remove $tmpfilename: $!"; [1] http://seclists.org/oss-sec/2014/q3/467 [2] https://rt.cpan.org/Public/Bug/Display.html?id=98435 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=71pk61Zg6T&a=cc_unsubscribe

8 years, 10 months

1
6
0 / 0

[Bug 1135625] New: perl-Clipboard: insecure temporary file usage [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1135625 Bug ID: 1135625 Summary: perl-Clipboard: insecure temporary file usage [fedora-all] Product: Fedora Version: 20 Component: perl-Clipboard Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: iarnell(a)gmail.com Reporter: vdanen(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: iarnell(a)gmail.com, mkreder(a)gmail.com, perl-devel(a)lists.fedoraproject.org Blocks: 1135624 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1135624 [Bug 1135624] perl-Clipboard: insecure temporary file usage -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=c5n8dVtB1G&a=cc_unsubscribe

8 years, 10 months

1
6
0 / 0

[Bug 1129583] New: perl-OpenOffice-UNO: tests fails on s390(x)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1129583 Bug ID: 1129583 Summary: perl-OpenOffice-UNO: tests fails on s390(x) Product: Fedora Version: 20 Component: perl-OpenOffice-UNO Assignee: lkundrak(a)v3.sk Reporter: jcajka(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: filip(a)andresovi.net, lkundrak(a)v3.sk, perl-devel(a)lists.fedoraproject.org, scenek(a)gmail.com Blocks: 467765 (ZedoraTracker) Package fails to build due tests failure on s390(x). Failing tests are not always the same. Most of the time is failing test t/14.t, but some times tests pass successfully, different test is failing, or even multiple tests are failing. It seems as some kind of race condition. Changing time of sleep(even omitting it) in spec file seems to have no effect on test results. Except from failing build log: Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.X8oFGj + umask 022 + cd /builddir/build/BUILD + cd OpenOffice-UNO-0.07 + trap 'kill -- -18437 ||:' EXIT + setsid ooffice --headless '--accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager' ++ expr '(' 64 - 30 ')' '*' 6 + sleep 204 + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01.t .. ok t/02.t .. ok t/03.t .. ok t/04.t .. ok t/05.t .. ok t/06.t .. ok t/07.t .. ok t/08.t .. ok t/09.t .. ok t/10.t .. ok t/11.t .. ok t/12.t .. ok t/13.t .. ok t/14.t .. All 1 subtests passed t/15.t .. ok t/16.t .. ok Test Summary Report ------------------- t/14.t (Wstat: 11 Tests: 1 Failed: 0) Non-zero wait status: 11 Files=16, Tests=16, 6 wallclock secs ( 0.08 usr 0.03 sys + 1.31 cusr 0.25 csys = 1.67 CPU) Result: FAIL Failed 1/16 test programs. 0/16 subtests failed. make: *** [test_dynamic] Error 255 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=467765 [Bug 467765] Fedora for System z (s390): Bug Tracker -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=TZMIsoFQMr&a=cc_unsubscribe

8 years, 10 months

1
2
0 / 0

[Bug 1085704] New: tests failing on big endians

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1085704 Bug ID: 1085704 Summary: tests failing on big endians Product: Fedora Version: 20 Component: slic3r Assignee: mhroncok(a)redhat.com Reporter: dan(a)danny.cz QA Contact: extras-qa(a)fedoraproject.org CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Blocks: 467765 (ZedoraTracker), 1071880 (PPCTracker) A test is failing in big endian arches like s390(x) and ppc/ppc64 from build.log: ... + cd - /builddir/build/BUILD/Slic3r-1.0.0 + SLIC3R_NO_AUTO=1 + perl Build.PL installdirs=vendor t/angles.t ........... ok t/arcs.t ............. skipped: arcs are currently disabled t/clean_polylines.t .. ok t/clipper.t .......... ok t/collinear.t ........ ok t/combineinfill.t .... ok t/cooling.t .......... ok t/custom_gcode.t ..... ok t/dynamic.t .......... skipped: variable-width paths are currently disabled # Failed test 'no missing parts in solid shell when fill_density is 0' # at t/fill.t line 252. # got: '12' # expected: '0' # Looks like you failed 1 test of 42. t/fill.t ............. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/42 subtests t/gcode.t ............ ok t/geometry.t ......... ok t/layers.t ........... ok t/loops.t ............ skipped: temporarily disabled t/multi.t ............ ok t/perimeters.t ....... ok t/polyclip.t ......... ok t/print.t ............ ok t/retraction.t ....... ok t/shells.t ........... ok t/skirt_brim.t ....... ok t/slice.t ............ skipped: temporarily disabled t/support.t .......... ok t/svg.t .............. ok t/thin.t ............. ok t/threads.t .......... ok t/vibrationlimit.t ... ok Test Summary Report ------------------- t/fill.t (Wstat: 256 Tests: 42 Failed: 1) Failed test: 42 Non-zero exit status: 1 Files=27, Tests=241, 55 wallclock secs ( 0.09 usr 0.03 sys + 55.73 cusr 0.67 csys = 56.52 CPU) Result: FAIL Some tests failed. Please report the failure to the author! error: Bad exit status from /var/tmp/rpm-tmp.4roGD8 (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.4roGD8 (%check) Child return code was: 1 for full logs please see http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=1374201 http://ppc.koji.fedoraproject.org/koji/taskinfo?taskID=1767561 Version-Release number of selected component (if applicable): slic3r-1.0.0-0.3.RC2.fc21 is OK slic3r-1.0.0-0.4.RC3.fc21 is BROKEN, newer are broken too Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=467765 [Bug 467765] Fedora for System z (s390): Bug Tracker https://bugzilla.redhat.com/show_bug.cgi?id=1071880 [Bug 1071880] (PPCTracker) Fedora for PowerPC architectures (ppc,ppc64): Bug Tracker -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=9rKa2d72oi&a=cc_unsubscribe

8 years, 10 months

1
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel August 2014