[Bug 1242980] New: Compiler warnings in hv_func.h
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1242980
Bug ID: 1242980
Summary: Compiler warnings in hv_func.h
Product: Fedora
Version: rawhide
Component: perl
Assignee: jplesnik(a)redhat.com
Reporter: jsafrane(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cweyl(a)alumni.drew.edu, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
I get following warnings when compiling net-snmp with -Wall:
gcc -c -I../../include -DNETSNMP_ENABLE_IPV6 -fno-strict-aliasing -g -O2
-Ulinux -Dlinux=linux -D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing
-pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/lib64/perl5/CORE -Wall -Wstrict-prototypes
-Wwrite-strings -Wcast-qual -I. -I/usr/local/include -D_REENTRANT -D_GNU_SOURCE
-fwrapv -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64
-mtune=generic -DVERSION=\"5.08\" -DXS_VERSION=\"5.08\" -fPIC
"-I/usr/lib64/perl5/CORE" default_store.c
In file included from /usr/lib64/perl5/CORE/hv.h:629:0,
from /usr/lib64/perl5/CORE/perl.h:3344,
from default_store.xs:6:
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_siphash_2_4’:
/usr/lib64/perl5/CORE/hv_func.h:201:23: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U64TYPE k0 = ((U64TYPE*)seed)[0];
^
/usr/lib64/perl5/CORE/hv_func.h:202:23: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U64TYPE k1 = ((U64TYPE*)seed)[1];
^
In file included from /usr/lib64/perl5/CORE/hv.h:629:0,
from /usr/lib64/perl5/CORE/perl.h:3344,
from default_store.xs:6:
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_superfast’:
/usr/lib64/perl5/CORE/hv_func.h:260:18: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U32 hash = *((U32*)seed) + len;
^
In file included from /usr/lib64/perl5/CORE/hv.h:629:0,
from /usr/lib64/perl5/CORE/perl.h:3344,
from default_store.xs:6:
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_murmur3’:
/usr/lib64/perl5/CORE/hv_func.h:364:16: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U32 h1 = *((U32*)seed);
^
In file included from /usr/lib64/perl5/CORE/hv.h:629:0,
from /usr/lib64/perl5/CORE/perl.h:3344,
from default_store.xs:6:
/usr/lib64/perl5/CORE/hv_func.h:401:21: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
k1 = U8TO32_LE(ptr);
^
/usr/lib64/perl5/CORE/hv_func.h:408:24: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
carry = U8TO32_LE(ptr);
^
/usr/lib64/perl5/CORE/hv_func.h:416:24: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
carry = U8TO32_LE(ptr);
^
/usr/lib64/perl5/CORE/hv_func.h:424:24: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
carry = U8TO32_LE(ptr);
^
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_djb2’:
/usr/lib64/perl5/CORE/hv_func.h:458:18: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U32 hash = *((U32*)seed + len);
^
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_sdbm’:
/usr/lib64/perl5/CORE/hv_func.h:468:18: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U32 hash = *((U32*)seed + len);
^
In file included from /usr/lib64/perl5/CORE/hv.h:629:0,
from /usr/lib64/perl5/CORE/perl.h:3344,
from default_store.xs:6:
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_one_at_a_time’:
/usr/lib64/perl5/CORE/hv_func.h:494:18: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U32 hash = *((U32*)seed) + len;
^
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_one_at_a_time_hard’:
/usr/lib64/perl5/CORE/hv_func.h:509:18: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U32 hash = *((U32*)seed) + len;
^
/usr/lib64/perl5/CORE/hv_func.h: In function ‘S_perl_hash_old_one_at_a_time’:
/usr/lib64/perl5/CORE/hv_func.h:544:18: warning: cast discards ‘const’
qualifier from pointer target type [-Wcast-qual]
U32 hash = *((U32*)seed);
^
This pollutes build logs and we may miss some useful warning. What about this?
- U32 hash = *((U32*)seed) + len;
+ U32 hash = (U32) *seed + len;
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1224727] New: perl-Server-Starter-0.27-1.fc23 FTBFS: races in tests
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1224727
Bug ID: 1224727
Summary: perl-Server-Starter-0.27-1.fc23 FTBFS: races in tests
Product: Fedora
Version: rawhide
Component: perl-Server-Starter
Assignee: rc040203(a)freenet.de
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de
External Bug ID: CPAN 73711
External Bug ID: CPAN 73711
perl-Server-Starter-0.27-2.fc23 fails to build randomly because there are race
conditions in tests:
t/05-killolddelay.t .. ok
start_server (pid:11873) starting now...
starting new worker 11874
autorestart triggered (interval=6)
starting new worker 11881
new worker is now running, sending TERM to old workers:11874
sleeping 2 secs before killing old workers
killing old workers
old worker 11874 died, status:0
# Failed test 'status after auto-restart'
# at t/06-autorestart.t line 55.
# '1:11874
# 2:11881
# '
# doesn't match '(?^s:^2:\d+\n$)'
received TERM, sending TERM to all workers:11881
worker 11881 died, status:0
exiting
[Test::TCP] Child process does not block(PID: 11873, PPID: 11872) at
/usr/share/perl5/vendor_perl/Test/TCP.pm line 94.
start_server (pid:11882) starting now...
starting new worker 11883
autorestart triggered (interval=6)
starting new worker 11884
new worker is now running, sending USR1 to old workers:11883
sleeping 2 secs before killing old workers
killing old workers
old worker 11883 died, status:0
received TERM, sending TERM to all workers:11884
worker 11884 died, status:0
exiting
[Test::TCP] Child process does not block(PID: 11882, PPID: 11872) at
/usr/share/perl5/vendor_perl/Test/TCP.pm line 94.
# Looks like you failed 1 test of 28.
t/06-autorestart.t ...
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/28 subtests
This bug was fixed by Fedora patches which you dropped when rebasing the
package.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 3 months
[Bug 1204870] New: perl-Gearman-Client-Async-0.94-19.fc23 FTBFS: t/async.t fails randomly
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1204870
Bug ID: 1204870
Summary: perl-Gearman-Client-Async-0.94-19.fc23 FTBFS:
t/async.t fails randomly
Product: Fedora
Version: rawhide
Component: perl-Gearman-Client-Async
Assignee: ppisar(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
perl-Gearman-Client-Async-0.94-19.fc23 sometimes fails to build in F23:
+ make test
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness"
"-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')"
t/*.t
Use of "goto" to jump into a construct is deprecated at
/usr/share/perl5/vendor_perl/Gearman/Util.pm line 164.
Use of "goto" to jump into a construct is deprecated at
/usr/share/perl5/vendor_perl/Gearman/Util.pm line 164.
t/allinone.t ...... ok
Use of "goto" to jump into a construct is deprecated at
/usr/share/perl5/vendor_perl/Gearman/Util.pm line 164.
Use of "goto" to jump into a construct is deprecated at
/usr/share/perl5/vendor_perl/Gearman/Util.pm line 164.
# Failed test 'alternating status'
# at t/async.t line 75.
# '21211221122222'
# doesn't match '(?^:1212)'
# Looks like you failed 1 test of 2.
t/async.t .........
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/2 subtests
This looks like a race in the test because it expects that tasks complete
regularly in time which does not have to be true if CPU scheduler delays some
processes.
See Koschei
<http://koschei.cloud.fedoraproject.org/package/perl-Gearman-Client-Async> for
the failure frequency.
Unfortunately I cannot reproduce the failure.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 3 months
[Bug 1166064] New: CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1166064
Bug ID: 1166064
Summary: CVE-2012-6662 jquery-ui: XSS vulnerability in default
content in Tooltip widget
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: abaron(a)redhat.com, abokovoy(a)redhat.com,
andrew(a)topdog.za.net, andrewniemants(a)gmail.com,
aortega(a)redhat.com, apatters(a)redhat.com,
apevec(a)redhat.com, athmanem(a)gmail.com,
ayoung(a)redhat.com, bazanluis20(a)gmail.com,
bkabrda(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, brett.lentz(a)gmail.com,
bruno(a)wolff.to, casper(a)casperlefantom.net,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chat-to-me(a)raveit.de, chkr(a)plauener.de,
chrisw(a)redhat.com, comzeradd(a)fedoraproject.org,
cpelland(a)redhat.com, croberts(a)redhat.com,
dajohnso(a)redhat.com, dallan(a)redhat.com, dan(a)danny.cz,
david.r(a)ultracar.co.uk, dclarizi(a)redhat.com,
devrim(a)gunduz.org, dmcphers(a)redhat.com,
dridi.boukelmoune(a)gmail.com, echevemaster(a)gmail.com,
emmanuel(a)seyman.fr, erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, fabio(a)locati.cc,
fdc(a)fcami.net, fedora(a)famillecollet.com,
frankly3d(a)gmail.com, gbailey(a)lxpro.com,
gkotton(a)redhat.com, gmccullo(a)redhat.com,
herrold(a)owlriver.com, hhorak(a)redhat.com,
hobbes1069(a)gmail.com, home(a)trarbentley.net,
i(a)cicku.me, i(a)stingr.net, ian(a)ianweller.org,
iarnell(a)gmail.com, ipa-maint(a)redhat.com,
ivaxer(a)gmail.com, jamielinux(a)fedoraproject.org,
jaswinder(a)kernel.org, jdetiber(a)redhat.com,
jdornak(a)redhat.com, jhardy(a)redhat.com,
jialiu(a)redhat.com, jimi(a)sngx.net, jkeck(a)redhat.com,
jmlich(a)redhat.com, jochen(a)herr-schmitt.de,
joelsmith(a)redhat.com, jokajak(a)fedoraproject.org,
jokerman(a)redhat.com, jonathansteffan(a)gmail.com,
jorton(a)redhat.com, jprause(a)redhat.com,
jrafanie(a)redhat.com, jsmith.fedora(a)gmail.com,
jstribny(a)redhat.com, jvlcek(a)redhat.com,
karlthered(a)gmail.com, katello-bugs(a)redhat.com,
kevin(a)scrye.com, kseifried(a)redhat.com,
ktdreyer(a)ktdreyer.com, kwizart(a)gmail.com,
leigh123linux(a)googlemail.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, limburgher(a)gmail.com,
lmacken(a)redhat.com, lmeyer(a)redhat.com,
loganjerry(a)gmail.com, lpeer(a)redhat.com, luto(a)mit.edu,
markmc(a)redhat.com, matt(a)cs.wisc.edu,
mbarnes(a)redhat.com, mburns(a)redhat.com,
mcepl(a)redhat.com, mclasen(a)redhat.com,
metherid(a)gmail.com, mhroncok(a)redhat.com,
michel(a)michel-slm.name, mike(a)cchtml.com,
miketwebster(a)gmail.com, mkosek(a)redhat.com,
mmaslano(a)redhat.com, mmccomas(a)redhat.com,
mmccune(a)redhat.com, mmcgrath(a)redhat.com,
mrunge(a)redhat.com, nelsonab(a)red-tux.net,
nonamedotc(a)gmail.com, nushio(a)fedoraproject.org,
obarenbo(a)redhat.com, oliver(a)linux-kernel.at,
orion(a)cora.nwra.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
pavel(a)zhukoff.net, perl-devel(a)lists.fedoraproject.org,
peter.borsa(a)gmail.com, phalliday(a)excelsiorsystems.net,
pmyers(a)redhat.com, praiskup(a)redhat.com,
promac(a)gmail.com, puiterwijk(a)redhat.com,
pviktori(a)redhat.com, pvoborni(a)redhat.com,
python-maint(a)redhat.com, rbean(a)redhat.com,
rbryant(a)redhat.com, rcritten(a)redhat.com,
relrod(a)redhat.com, rhos-maint(a)redhat.com,
rnovacek(a)redhat.com, robinlee.sysu(a)gmail.com,
satya.komaragiri(a)gmail.com, sclewis(a)redhat.com,
scott(a)foolishpride.org, sdodson(a)sdodson.com,
shawn.iwinski(a)gmail.com, smparrish(a)gmail.com,
ssorce(a)redhat.com, stickster(a)gmail.com, sven(a)lank.es,
tadej.janez(a)tadej.hicsalta.si,
tchollingsworth(a)gmail.com, thomas.moschny(a)gmx.de,
thozza(a)redhat.com, tim4dev(a)gmail.com, tjay(a)redhat.com,
tmckay(a)redhat.com, tomckay(a)redhat.com,
vanmeeuwen+fedora(a)kolabsys.com, volker27(a)gmx.at,
vondruch(a)redhat.com, vonsch(a)gmail.com,
wojdyr(a)gmail.com, wtogami(a)gmail.com,
xlecauch(a)redhat.com, yeylon(a)redhat.com,
yohangraterol92(a)gmail.com, zbyszek(a)in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery Tooltip widget.
>From [1]:
...
WIDGETS
Tooltip
Fixed: XSS vulnerability in default content. (#8861, f285440)
...
The issue was initially reported in [2], and then actually fixed in [3] by
commit [4].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/8859
[3]: http://bugs.jqueryui.com/ticket/8861
[4]:
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf867676190...
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nLGeAqRwc8&a=cc_unsubscribe
6 years, 3 months
[Bug 1166041] New: CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1166041
Bug ID: 1166041
Summary: CVE-2010-5312 jquery-ui: XSS vulnerability in
jQuery.ui.dialog title option
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: abaron(a)redhat.com, abokovoy(a)redhat.com,
andrew(a)topdog.za.net, andrewniemants(a)gmail.com,
aortega(a)redhat.com, apatters(a)redhat.com,
apevec(a)redhat.com, athmanem(a)gmail.com,
ayoung(a)redhat.com, bazanluis20(a)gmail.com,
bkabrda(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, brett.lentz(a)gmail.com,
bruno(a)wolff.to, casper(a)casperlefantom.net,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chat-to-me(a)raveit.de, chkr(a)plauener.de,
chrisw(a)redhat.com, comzeradd(a)fedoraproject.org,
cpelland(a)redhat.com, croberts(a)redhat.com,
dajohnso(a)redhat.com, dallan(a)redhat.com, dan(a)danny.cz,
david.r(a)ultracar.co.uk, dclarizi(a)redhat.com,
devrim(a)gunduz.org, dmcphers(a)redhat.com,
dridi.boukelmoune(a)gmail.com, echevemaster(a)gmail.com,
emmanuel(a)seyman.fr, erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, fabio(a)locati.cc,
fdc(a)fcami.net, fedora(a)famillecollet.com,
frankly3d(a)gmail.com, gbailey(a)lxpro.com,
gkotton(a)redhat.com, gmccullo(a)redhat.com,
herrold(a)owlriver.com, hhorak(a)redhat.com,
hobbes1069(a)gmail.com, home(a)trarbentley.net,
i(a)cicku.me, i(a)stingr.net, ian(a)ianweller.org,
iarnell(a)gmail.com, ipa-maint(a)redhat.com,
ivaxer(a)gmail.com, jamielinux(a)fedoraproject.org,
jaswinder(a)kernel.org, jdetiber(a)redhat.com,
jdornak(a)redhat.com, jhardy(a)redhat.com,
jialiu(a)redhat.com, jimi(a)sngx.net, jkeck(a)redhat.com,
jmlich(a)redhat.com, jochen(a)herr-schmitt.de,
joelsmith(a)redhat.com, jokajak(a)fedoraproject.org,
jokerman(a)redhat.com, jonathansteffan(a)gmail.com,
jorton(a)redhat.com, jprause(a)redhat.com,
jrafanie(a)redhat.com, jsmith.fedora(a)gmail.com,
jstribny(a)redhat.com, jvlcek(a)redhat.com,
karlthered(a)gmail.com, katello-bugs(a)redhat.com,
kevin(a)scrye.com, kseifried(a)redhat.com,
ktdreyer(a)ktdreyer.com, kwizart(a)gmail.com,
leigh123linux(a)googlemail.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, limburgher(a)gmail.com,
lmacken(a)redhat.com, lmeyer(a)redhat.com,
loganjerry(a)gmail.com, lpeer(a)redhat.com, luto(a)mit.edu,
markmc(a)redhat.com, matt(a)cs.wisc.edu,
mbarnes(a)redhat.com, mburns(a)redhat.com,
mcepl(a)redhat.com, mclasen(a)redhat.com,
metherid(a)gmail.com, mhroncok(a)redhat.com,
michel(a)michel-slm.name, mike(a)cchtml.com,
miketwebster(a)gmail.com, mkosek(a)redhat.com,
mmaslano(a)redhat.com, mmccomas(a)redhat.com,
mmccune(a)redhat.com, mmcgrath(a)redhat.com,
mrunge(a)redhat.com, nelsonab(a)red-tux.net,
nonamedotc(a)gmail.com, nushio(a)fedoraproject.org,
obarenbo(a)redhat.com, oliver(a)linux-kernel.at,
orion(a)cora.nwra.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
pavel(a)zhukoff.net, perl-devel(a)lists.fedoraproject.org,
peter.borsa(a)gmail.com, phalliday(a)excelsiorsystems.net,
pmyers(a)redhat.com, praiskup(a)redhat.com,
promac(a)gmail.com, puiterwijk(a)redhat.com,
pviktori(a)redhat.com, pvoborni(a)redhat.com,
python-maint(a)redhat.com, rbean(a)redhat.com,
rbryant(a)redhat.com, rcritten(a)redhat.com,
relrod(a)redhat.com, rhos-maint(a)redhat.com,
rnovacek(a)redhat.com, robinlee.sysu(a)gmail.com,
satya.komaragiri(a)gmail.com, sclewis(a)redhat.com,
scott(a)foolishpride.org, sdodson(a)sdodson.com,
shawn.iwinski(a)gmail.com, smparrish(a)gmail.com,
ssorce(a)redhat.com, stickster(a)gmail.com, sven(a)lank.es,
tadej.janez(a)tadej.hicsalta.si,
tchollingsworth(a)gmail.com, thomas.moschny(a)gmx.de,
thozza(a)redhat.com, tim4dev(a)gmail.com, tjay(a)redhat.com,
tmckay(a)redhat.com, tomckay(a)redhat.com,
vanmeeuwen+fedora(a)kolabsys.com, volker27(a)gmx.at,
vondruch(a)redhat.com, vonsch(a)gmail.com,
wojdyr(a)gmail.com, wtogami(a)gmail.com,
xlecauch(a)redhat.com, yeylon(a)redhat.com,
yohangraterol92(a)gmail.com, zbyszek(a)in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery.ui.dialog title option.
>From [1]:
...
WIDGETS
Dialog
Fixed: Title XSS Vulnerability. (#6016, 7e9060c)
...
Upstream commit that fixes this:
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17b...
More info can be found in the upstream bugtracker [2].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/6016
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=j1lcnw4yn1&a=cc_unsubscribe
6 years, 3 months
[Bug 874942] New: Net-DNS: system configuration is used instead of user's
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=874942
Bug ID: 874942
QA Contact: extras-qa(a)fedoraproject.org
Severity: high
External Bug URL: http://rt.cpan.org/Public/
Version: rawhide
Priority: unspecified
CC: mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, psabata(a)redhat.com
Assignee: mmaslano(a)redhat.com
Summary: Net-DNS: system configuration is used instead of
user's
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: mmaslano(a)redhat.com
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: perl-Net-DNS
Product: Fedora
External Bug ID: CPAN 67602
If I define my own configuration file, system files are used, which could be
security issue. Example: My configuration file is defined as: my $res =
Net::DNS::Resolver->new(config_file => '/my/dns.conf'); These files are read
even if I defined my own file: /etc/resolv.conf $HOME/.resolv.conf
./.resolv.conf Last 2 files shouldn't be read by default since it's possible
security issue - user can drop .resolv.conf pointing to malicious dns server.
This issue was found during testing spamassassin with selinux. For details see:
https://bugzilla.redhat.com/sh ow_bug.cgi?id=628866#c2
I'm reporting this error back into our bugzilla because of last comment in rt:
I think the level of this PR should be elevated to 'security'.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 3 months
[Bug 831716] New: Moving legacy code out of perl-JSON-RPC breaks Bugzilla
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=831716
Bug ID: 831716
QA Contact: extras-qa(a)fedoraproject.org
Severity: high
Version: 17
Priority: unspecified
CC: emmanuel.seyman(a)club-internet.fr,
perl-devel(a)lists.fedoraproject.org
Assignee: emmanuel.seyman(a)club-internet.fr
Summary: Moving legacy code out of perl-JSON-RPC breaks
Bugzilla
Regression: ---
Story Points: ---
Classification: Fedora
OS: Linux
Reporter: lpsolit(a)netscape.net
Type: Bug
Documentation: ---
Hardware: All
Mount Type: ---
Status: NEW
Component: perl-JSON-RPC
Product: Fedora
Bugzilla still uses legacy code from JSON::RPC and despite the perl-JSON-RPC
package is installed, which makes checksetup.pl happy, the JSON-RPC feature of
Bugzilla fails because it cannot find the legacy code. This also prevents
Apache from starting when mod_perl is enabled:
httpd[1938]: Can't locate JSON/RPC/Legacy/Server/CGI.pm in @INC
So the legacy code is still required by Bugzilla, and checksetup.pl and
Bugzilla re confused by this package split.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 3 months
[Bug 1054061] New: Segfault in Perl_gv_fetchpvn_flags when trying to initialize back_perl openldap backend
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1054061
Bug ID: 1054061
Summary: Segfault in Perl_gv_fetchpvn_flags when trying to
initialize back_perl openldap backend
Product: Red Hat Enterprise Linux 7
Version: 7.0
Component: perl
Assignee: perl-maint-list(a)redhat.com
Reporter: jsynacek(a)redhat.com
QA Contact: qe-baseos-apps(a)redhat.com
CC: cweyl(a)alumni.drew.edu, hyc(a)symas.com,
iarnell(a)gmail.com, jplesnik(a)redhat.com, kasal(a)ucw.cz,
lkundrak(a)v3.sk, mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
Depends On: 967719
Group: devel
External Bug ID: OpenLDAP ITS 7573
+++ This bug was initially created as a clone of Bug #967719 +++
Description of problem:
When trying to initialize back_perl, a segfault occurs deep in perl itself.
Version-Release number of selected component (if applicable):
perl-5.16.3-264.fc19.x86_64
openldap-2.4.35-4.fc19.x86_64
How reproducible:
Almost always.
Steps to Reproduce:
1. Install fresh F19
2. If you try the reproducer here, all goes well
3. yum install perl-A* (I have no idea why I needed to do this to get it to
segfault)
4. Try reproducer
5. Observe the segfault
6. From now on, reproducer works *without* producing any segfaults. I had to
reboot the machine to be able to reproduce the issue again.
Note on how to use the reproducer:
1. Unpack
2. Run go.sh (warning: it will wipe your /var/lib/ldap/* and your
/etc/openldap/*, so don't run if you use openldap in production)
This will run slapd in debug mode, so you will need another console to run
the rest.
3. Run try.sh
4. If you want to repeat, go to 2.
You can modify go.sh to run slapd through a debugger. However, you will
probably need to set LD_PRELOAD=/usr/lib64/perl5/CORE/libperl.so to be able to
run try.sh.
Actual results:
Perl segfaults.
Expected results:
The back_perl gets initialized without any problems.
Additional info:
This also happens on my production F18, but it happens always. It looks like it
might have something to do with Bug 960048.
--- Additional comment from Jan Synacek on 2013-05-28 08:53:11 CEST ---
Note that in the frame #3, the my_perl variable changes from a (probably valid)
pointer to 0x0.
--- Additional comment from Petr Pisar on 2013-07-03 14:38:09 CEST ---
What's expected output on the client site?
I have patched perl so that it links all XS modules to libperl.so explicitly in
my private F20 machine, and I do not get any segfaults. Instead I just get an
error message from the second command:
$ sh try.sh
SASL/EXTERNAL authentication started
SASL username: gidNumber=500+uidNumber=500,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
ldap_add: Insufficient access (50)
SASL/EXTERNAL authentication started
SASL username: gidNumber=500+uidNumber=500,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=perl,cn=config"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
I guess this is how to should work.
If this is the real fix, than this issue will be fixed in F20.
--- Additional comment from Jan Synacek on 2013-07-03 14:57:38 CEST ---
All LDAP operations should succeed without any errors. You don't have
sufficient access rights to modify the LDAP database. Running the script as
root should do it.
You should see something like this:
# ./try.sh
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=perl,cn=config"
ldap_result: Can't contact LDAP server (-1)
The last line indicates the termination (you can see that slapd segfaulted in
the console where you ran go.sh). Expected output would look like the one above
minus the 'ldap_result: ...' line. Plus there may be one additional 'adding new
entry' line.
--- Additional comment from Petr Pisar on 2013-07-03 16:07:01 CEST ---
I run it as a non-root. I get much better results as a root:
# ./try.sh
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=perl,cn=config"
adding new entry "dc=perl-example,dc=com"
However the server sometimes segfaults as you reported.
--- Additional comment from Jan Synacek on 2013-07-04 07:54:23 CEST ---
(In reply to Petr Pisar from comment #4)
> I run it as a non-root. I get much better results as a root:
Yes, that's how the output is supposed to look.
> However the server sometimes segfaults as you reported.
Ok, it's strange that it segfaults only sometimes. Does this mean that you can
reproduce it even with all the perl modules linked to libperl.so explicitly?
--- Additional comment from Petr Pisar on 2013-07-04 09:07:56 CEST ---
I recompiled only modules in perl binary package and openldap for the test. Not
yet all modules that exist. I also reverted the RTLD_GLOBAL patch and checked
slapd does not crashes on linkage error. So the test does not use any
not-yet-rebuild modules.
I conclude this issue is independent on the linking bug #960048. But we will
see more after rebuilding everything.
--- Additional comment from Fedora Admin XMLRPC Client on 2013-08-12 13:50:07
CEST ---
This package has changed ownership in the Fedora Package Database. Reassigning
to the new owner of this component.
--- Additional comment from Howard Chu on 2013-10-13 02:20:16 CEST ---
Please also followup to OpenLDAP ITS#7573 with any conclusions you reach,
thanks.
--- Additional comment from Jan Synacek on 2013-10-16 08:13:38 CEST ---
This problem still occurs in F20.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=967719
[Bug 967719] Segfault in Perl_gv_fetchpvn_flags when trying to initialize
back_perl openldap backend
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RTtoq7IB5n&a=cc_unsubscribe
6 years, 3 months