https://bugzilla.redhat.com/show_bug.cgi?id=984185
Bug ID: 984185
Summary: perl should be a hardened build
Product: Fedora
Version: 18
Component: perl
Severity: unspecified
Priority: unspecified
Assignee: mmaslano(a)redhat.com
Reporter: h.reindl(a)thelounge.net
QA Contact: extras-qa(a)fedoraproject.org
CC: cweyl(a)alumni.drew.edu, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
perl is often used for long running services (mailgraph, smokeping, postgrey..)
as well as called from webservers with untrusted input
so it should be "Full RELRO" and PIE
http://fedoraproject.org/wiki/Packaging:Guidelines#PIE
______________________________________________________
If your package meets any of the following criteria you MUST enable the PIE
compiler flags:
Your package is long running. This means it's likely to be started and keep
running until the machine is rebooted, not start on demand and quit on idle.
Your package has suid binaries, or binaries with capabilities.
Your package runs as root.
If your package meets the following criteria you should consider enabling the
PIE compiler flags:
Your package accepts/processes untrusted input.
______________________________________________________
[root@srv-rhsoft:~]$ checksec --file /usr/bin/perl
RELRO STACK CANARY NX PIE RPATH
RUNPATH FILE
Partial RELRO Canary found NX enabled No PIE RPATH
RUNPATH /usr/bin/perl
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=YABEZK214w&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1265922
Bug ID: 1265922
Summary: amavisd and clamav dependencies
Product: Fedora EPEL
Version: epel7
Component: amavisd-new
Severity: low
Assignee: j.orti.alcaine(a)gmail.com
Reporter: sistemisti-posta(a)csi.it
QA Contact: extras-qa(a)fedoraproject.org
CC: janfrode(a)tanso.net, j.orti.alcaine(a)gmail.com,
perl-devel(a)lists.fedoraproject.org, steve(a)silug.org,
vanmeeuwen+fedora(a)kolabsys.com
Description of problem:
I have amavisd-new without local clamd server, because I configured it remotely
through instream protocol.
I very appreciate if you could leave clamav and altermime dependencies.
Version-Release number of selected component (if applicable):
amavisd-new-2.10.1-4.el7
Now I forcedly removed clamav, but it is not good:
** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows:
amavisd-new-2.10.1-4.el7.noarch has missing requires of altermime
amavisd-new-2.10.1-4.el7.noarch has missing requires of clamav-server
amavisd-new-2.10.1-4.el7.noarch has missing requires of clamav-server-systemd
Thanks a lot
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1331825
Bug ID: 1331825
Summary: perl-Net-Server should depend on perl-IO-Socket-INET6
Product: Fedora EPEL
Version: epel7
Component: perl-Net-Server
Assignee: lkundrak(a)v3.sk
Reporter: roy(a)karlsbakk.net
QA Contact: extras-qa(a)fedoraproject.org
CC: kevin(a)scrye.com, lkundrak(a)v3.sk,
perl-devel(a)lists.fedoraproject.org
Description of problem:
With systems like munin-node, it's unable to listen to IPv6 unless
perl-IO-Socket-INET6 is installed manually. There really isn't a good reason to
keep this out, since IPv6 is getting rather common these days
Version-Release number of selected component (if applicable):
Current RHEL/CentOS 7 as of 2016-04-29
How reproducible:
Every time
Steps to Reproduce:
1. Try to bind to IPv6 with perl-Net-Server
2.
3.
Actual results:
Fails
Expected results:
Succeeds
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1268828
Bug ID: 1268828
Summary: RFE: On 32 bit platforms, enable -Duse64bitint and
maybe also -Duselongdouble
Product: Fedora
Version: rawhide
Component: perl
Assignee: jplesnik(a)redhat.com
Reporter: rjones(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cweyl(a)alumni.drew.edu, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
Description of problem:
Perl on Fedora 32 bit platforms uses 32 bit ints, and on 64 bit
platforms uses 64 bit ints.
This causes some problems when we express size-in-bytes in some
programs -- it is easy for these kind of programs to work fine on
the common 64 bit platform, but to fail to work in bad ways (rounding
errors or overflows) on 32 bit. Since 32 bit is comparatively rare,
these bugs can go unnoticed. An example of a program that will fail
like this is: http://git.annexia.org/?p=import-to-ovirt.git;a=tree
Also, Debian (since Wheezy) has enabled this option, so by making
this change we would be consistent with Debian & Ubuntu.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310995
Some pros and cons described here:
http://www.nntp.perl.org/group/perl.perl5.porters/2010/04/msg158984.html
There is also interaction with another option (-Duselongdouble).
Version-Release number of selected component (if applicable):
perl-5.22.0-350.fc24
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1309675
Bug ID: 1309675
Summary: perl-DBD-SQLite-1.50-1.fc24 FTBFS: t/43_fts3.t test
fails
Product: Fedora
Version: rawhide
Component: perl-DBD-SQLite
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
steve(a)silug.org
perl-DBD-SQLite-1.50-1.fc24 fails to build in F24 because of rebased sqlite
that disabled ENABLE_FTS3_TOKENIZER:
t/42_primary_key_info.t ............................... ok
DBD::SQLite::db do failed: unknown tokenizer: perl at t/43_fts3.t line 87.
# Failed test 'no warnings'
# at inc/Test/NoWarnings.pm line 38.
# There were 1 warning(s)
# Previous test 1 'An object of class 'DBI::db' isa 'DBI::db''
# DBD::SQLite::db do failed: unknown tokenizer: perl at t/43_fts3.t line
87.
# at t/43_fts3.t line 87.
#
# Looks like you planned 35 tests but ran 2.
# Looks like you failed 1 test of 2 run.
# Looks like your test exited with 255 just after 2.
t/43_fts3.t ...........................................
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 34/35 subtests
Difference between working and failing build root:
sqlite-devel 3.10.2-3.fc24 > 3.11.0-1.fc24
glibc 2.22.90-35.fc24 > 2.22.90-36.fc24
sqlite 3.10.2-3.fc24 > 3.11.0-1.fc24
sqlite-libs 3.10.2-3.fc24 > 3.11.0-1.fc24
glibc-common 2.22.90-35.fc24 > 2.22.90-36.fc24
krb5-libs 1.14-20.fc24 > 1.14-21.fc24
glibc-devel 2.22.90-35.fc24 > 2.22.90-36.fc24
systemd-libs 229-1.fc24 > 229-2.fc24
gdb 7.10.90.20160211-52.fc24 > 7.10.90.20160216-54.fc24
libicu 56.1-1.fc24 > 56.1-3.fc24
kernel-headers 4.5.0-0.rc3.git3.1.... > 4.5.0-0.rc4.git0.1....
binutils 2.26-10.fc24 > 2.26-11.fc24
glibc-headers 2.22.90-35.fc24 > 2.22.90-36.fc24
lzo 2.08-6.fc24 > 2.08-7.fc24
systemd 229-1.fc24 > 229-2.fc24
gnupg2 2.1.10-4.fc24 > 2.1.11-1.fc24
python3-pyparsing 2.1.0-1.fc24 > 2.1.0-2.fc24
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1267962
Bug ID: 1267962
Summary: perl-IPTables-Parse: Use of predictable names for
temporary files
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: mitr(a)redhat.com, perl-devel(a)lists.fedoraproject.org,
tremble(a)tremble.org.uk
A vulnerability in perl-IPTables-Parse was found, when using predictable file
names for its temporary files. This vulnerability allows attacker on a
multi-user system to set up symlinks to overwrite any file the current user has
write access to.
Note that perl-IPTables-Parse is also used by fwsnort and
perl-IPTables-ChainMgr, which is used by psad.
Upstream patch:
https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1267964
Bug ID: 1267964
Summary: perl-IPTables-Parse: Use of predictable names for
temporary files [epel-5]
Product: Fedora EPEL
Version: el5
Component: perl-IPTables-Parse
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: tremble(a)tremble.org.uk
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
tremble(a)tremble.org.uk
Blocks: 1267962
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug for perl-IPTables-Parse: see blocks bug list for full
details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1267962
[Bug 1267962] perl-IPTables-Parse: Use of predictable names for temporary
files
--
You are receiving this mail because:
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Missing Dependencies postgresql-plperl and perl-BDB-Pg > 2.0
https://bugzilla.redhat.com/show_bug.cgi?id=570321
Summary: Missing Dependencies postgresql-plperl and perl-BDB-Pg
> 2.0
Product: Fedora EPEL
Version: el5
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: bucardo
AssignedTo: itamar(a)ispbrasil.com.br
ReportedBy: james.t.saint-rossy(a)nasa.gov
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-perl-devel-list(a)redhat.com,
itamar(a)ispbrasil.com.br
Classification: Fedora
Description of problem:
Installing bucardo-4.4.0-2.el5 fails with missing dependencies.
postgresql-plperl and perl-bdb-pg >= 2.0 do not exist in either the default or
epel repositories.
Version-Release number of selected component (if applicable):
bucardo-4.4.0-2.el5
How reproducible:
Always
Steps to Reproduce:
1. yum install bucardo
Actual results:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: mirror.skiplink.com
* base: mirror.cogentco.com
* epel: mirrors.tummy.com
* extras: mirrors.serveraxis.net
* updates: mirror.san.fastserv.com
addons | 951 B 00:00
base | 2.1 kB 00:00
epel | 3.4 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bucardo.noarch 0:4.4.0-2.el5 set to be updated
--> Processing Dependency: perl(DBD::Pg) >= 2.0 for package: bucardo
--> Processing Dependency: postgresql-plperl for package: bucardo
--> Processing Dependency: perl(DBD::Pg) for package: bucardo
--> Processing Dependency: perl(DBIx::Safe) for package: bucardo
--> Running transaction check
---> Package bucardo.noarch 0:4.4.0-2.el5 set to be updated
--> Processing Dependency: perl(DBD::Pg) >= 2.0 for package: bucardo
--> Processing Dependency: postgresql-plperl for package: bucardo
---> Package perl-DBD-Pg.i386 0:1.49-2.el5_3.1 set to be updated
---> Package perl-DBIx-Safe.noarch 0:1.2.5-6.el5 set to be updated
--> Finished Dependency Resolution
bucardo-4.4.0-2.el5.noarch from epel has depsolving problems
--> Missing Dependency: postgresql-plperl is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
bucardo-4.4.0-2.el5.noarch from epel has depsolving problems
--> Missing Dependency: perl(DBD::Pg) >= 2.0 is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
Error: Missing Dependency: postgresql-plperl is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
Error: Missing Dependency: perl(DBD::Pg) >= 2.0 is needed by package
bucardo-4.4.0-2.el5.noarch (epel)
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest
Expected results:
Package successfully installs
Additional info:
Tested on Centos 5.4 and RHEL 5.4
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: missing dependancy on perl-Email-Simple-Creator
https://bugzilla.redhat.com/show_bug.cgi?id=783468
Summary: missing dependancy on perl-Email-Simple-Creator
Product: Fedora EPEL
Version: el5
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: perl-Email-MIME-Creator
AssignedTo: tcallawa(a)redhat.com
ReportedBy: carl.johnstone(a)onthebeach.co.uk
QAContact: extras-qa(a)fedoraproject.org
CC: tcallawa(a)redhat.com, fedora-perl-devel-list(a)redhat.com
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Description of problem:
The perl-Email-MIME-Creator package has a missing dependency on
Email::Simple::Creator / perl-Email-Simple-Creator
Version-Release number of selected component (if applicable):
perl-Email-MIME-Creator.noarch 0:1.453-2.el5
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Missing Requires: perl(Clone)
https://bugzilla.redhat.com/show_bug.cgi?id=706721
Summary: Missing Requires: perl(Clone)
Product: Fedora EPEL
Version: el5
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: perl-Hash-Merge
AssignedTo: tcallawa(a)redhat.com
ReportedBy: redhat-bugzilla(a)camperquake.de
QAContact: extras-qa(a)fedoraproject.org
CC: tcallawa(a)redhat.com, iarnell(a)gmail.com,
fedora-perl-devel-list(a)redhat.com
Classification: Fedora
Story Points: ---
Description of problem:
perl-Hash-Merge requires perl(Clone), but the spec does not reflect this.
Version-Release number of selected component (if applicable):
perl-Hash-Merge-0.11-2.el5
How reproducible:
Look at /usr/lib/perl5/vendor_perl/5.8.8/Hash/Merge.pm, line 231
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.