https://bugzilla.redhat.com/show_bug.cgi?id=1467608
Bug ID: 1467608
Summary: CVE-2017-10788 CVE-2017-10789 perl-DBD-MySQL: various
flaws [fedora-all]
Product: Fedora
Version: 25
Component: perl-DBD-MySQL
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jplesnik(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1098012
Bug ID: 1098012
Summary: autoclass has been replaced by Class-AutoClass
Product: Fedora
Version: rawhide
Component: perl-AutoClass
Assignee: alexl(a)users.sourceforge.net
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alexl(a)users.sourceforge.net,
perl-devel(a)lists.fedoraproject.org
The autoclass-v1.01 CPAN distribution in Fedora is old. Upstream has been
replaces by Class-AutoClass CPAN distribution. Please package
perl-Class-AutoClass and obsolete this perl-autoclass package.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VmbYCqw8qI&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1499505
Bug ID: 1499505
Summary: perl XS files including /usr/include/gtk-2.0/gtk/gtk.h
fail with ATK_MINOR_VERSION redefined
Product: Fedora
Version: 26
Component: perl-Gtk2
Severity: medium
Assignee: tcallawa(a)redhat.com
Reporter: trevor(a)tecnopolis.ca
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
tcallawa(a)redhat.com
Description of problem:
I have a perl script that has an XS component and it calls:
#include <gtk/gtk.h>
and that fails on cpan make with a version mismatch (see error at bottom).
So it looks like Fedora has moved to version 22 but the perl cpan module
included with Fedora is stuck at the old version. I checked and it seems
upstream is still the old version too. Should I take this upstream with the
cpan author? I'm not sure why the module is even defining this constant at
all, but it worked fine in older Fedoras.
Version-Release number of selected component (if applicable):
atk-devel-2.24.0-1.fc26.x86_64
perl-Gtk2-1.2499-2.fc26.x86_64
How reproducible:
always
Steps to Reproduce:
1. Have a perl XS file that has the line:
#include <gtk/gtk.h>
2. have that script run
3. (I use Gtk2::CV to reproduce this bug if you use cpan to install/build that
you'll see the problem)
Actual results:
In file included from
/usr/lib64/perl5/vendor_perl/Gtk2/Install/gtk2perl.h:31:0,
from CV.xs:17:
/usr/lib64/perl5/vendor_perl/Gtk2/Install/gtk2perl-versions.h:2:0: warning:
"ATK_MINOR_VERSION" redefined
#define ATK_MINOR_VERSION (22)
In file included from /usr/include/atk-1.0/atk/atkobject.h:29:0,
from /usr/include/atk-1.0/atk/atk.h:25,
from /usr/include/gtk-2.0/gtk/gtkwidget.h:40,
from /usr/include/gtk-2.0/gtk/gtkcontainer.h:35,
from /usr/include/gtk-2.0/gtk/gtkbin.h:35,
from /usr/include/gtk-2.0/gtk/gtkwindow.h:36,
from /usr/include/gtk-2.0/gtk/gtkdialog.h:35,
from /usr/include/gtk-2.0/gtk/gtkaboutdialog.h:32,
from /usr/include/gtk-2.0/gtk/gtk.h:33,
from CV.xs:13:
/usr/include/atk-1.0/atk/atkversion.h:53:0: note: this is the location of the
previous definition
#define ATK_MINOR_VERSION (24)
Expected results:
no error, file compiles in cpan
Additional info:
Worked fine in Fedora 24
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1410774
Bug ID: 1410774
Summary: perl-PDL-Graphics-PLplot-0.71-3.fc26 FTBFS
Product: Fedora
Version: rawhide
Component: perl-PDL-Graphics-PLplot
Assignee: ppisar(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: i(a)cicku.me, perl-devel(a)lists.fedoraproject.org,
ppisar(a)redhat.com
perl-PDL-Graphics-PLplot-0.71-3.fc26 fails to build in F26 because tests fail
on 64-bit PowerPC:
t/plplot.t ................
All 15 subtests passed
sh: line 1: 28335 Segmentation fault (core dumped) perl -Mblib ./t/x09.pl
-dev svg -o x09p.svg -fam > /dev/null 2>&1
# Failed test 'Script ./t/x09.pl ran successfully'
# at t/plplot_library_tests.t line 68.
# Failed test 'Output file x09p.svg.2 matches C output'
# at t/plplot_library_tests.t line 74.
sh: line 1: 28730 Segmentation fault (core dumped) perl -Mblib ./t/x22.pl
-dev svg -o x22p.svg -fam > /dev/null 2>&1
# Failed test 'Script ./t/x22.pl ran successfully'
# at t/plplot_library_tests.t line 68.
# Failed test 'Output file x22p.svg.1 matches C output'
# at t/plplot_library_tests.t line 74.
# Looks like you failed 4 tests of 221.
t/plplot_library_tests.t ..
Dubious, test returned 4 (wstat 1024, 0x400)
Failed 4/221 subtests
Test Summary Report
-------------------
t/plplot.t (Wstat: 139 Tests: 15 Failed: 0)
Non-zero wait status: 139
Parse errors: No plan found in TAP output
t/plplot_library_tests.t (Wstat: 1024 Tests: 221 Failed: 4)
Failed tests: 67, 69, 122-123
Non-zero exit status: 4
Files=2, Tests=236, 41 wallclock secs ( 0.05 usr 0.01 sys + 13.73 cusr 1.06
csys = 14.85 CPU)
Result: FAIL
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1384434
Bug ID: 1384434
Summary: perl-Audio-Beep build is interactive
Product: Fedora
Version: rawhide
Component: perl-Audio-Beep
Assignee: jan.klepek(a)gmail.com
Reporter: rjones(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jan.klepek(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
Description of problem:
The perl-Audio-Beep package fails to build from source unless
stdin is /dev/null. This is because the build interactively
asks questions:
$ fedpkg local
Downloading Audio-Beep-0.11.tar.gz
######################################################################## 100.0%
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.DDaXlx
+ umask 022
+ cd /home/rjones/d/fedora/perl-Audio-Beep/master
+ cd /home/rjones/d/fedora/perl-Audio-Beep/master
+ rm -rf Audio-Beep-0.11
+ /usr/bin/gzip -dc
/home/rjones/d/fedora/perl-Audio-Beep/master/Audio-Beep-0.11.tar.gz
+ /usr/bin/tar -xof -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd Audio-Beep-0.11
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ chmod -x music/beep_player.pl
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.1IrEhL
+ umask 022
+ cd /home/rjones/d/fedora/perl-Audio-Beep/master
+ cd Audio-Beep-0.11
+ /usr/bin/perl Makefile.PL INSTALLDIRS=vendor 'OPTIMIZE=-O2 -g -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
Would you like to install Japanese documentation?
If you enter 'y' then i will try to install Japanese docs alongside
English ones. On platforms using 'man' manpages (typically on UN*X)
Japanese documentation will be available transparently to users whose
locale language is set to Japanese.
On other platforms the documentation will be available as Audio::Beep_jp
Default is to not install Japanese docs. [N/y]
(At this point the build hangs)
Version-Release number of selected component (if applicable):
perl-Audio-Beep-0.11-17.fc26
How reproducible:
100%
Steps to Reproduce:
1. Run 'fedpkg local', 'rpmbuild' etc.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1414996
Bug ID: 1414996
Summary: please stop sending email to root in build tests
Product: Fedora
Version: rawhide
Component: perl-Log-Dispatch
Assignee: tcallawa(a)redhat.com
Reporter: kevin(a)scrye.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de, tcallawa(a)redhat.com
In tests perl-Log-Dispatch seems to send an email to root(a)localhost.localdomain
saying something a test passing.
It's from "LogDispatch(a)foo.bar" to "root(a)localhost.localdomain"
Due to our setup this email tries to bound, but foo.bar isn't found so it just
gets dropped. It would be nice to not send it at all. :)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1210614
Bug ID: 1210614
Summary: Shell command injection in c2ph tool
Product: Fedora
Version: 21
Component: perl
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cweyl(a)alumni.drew.edu, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
The c2ph suffers from shell command injection:
$ c2ph -n '; id; x.c'
cc: fatal error: no input files
compilation terminated.
uid=500(petr) gid=500(petr) groups=500(petr),63(audio),100(users),478(mock)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh: x.c: command not found
Tested with perl-5.18.4-308.fc21.x86_64.
Reported to upstream <https://rt.perl.org/Ticket/Display.html?id=124275>.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1081559
Bug ID: 1081559
Summary: perl-YAML-LibYAML bundler yaml-1.0.4
Product: Fedora
Version: rawhide
Component: perl-YAML-LibYAML
Severity: high
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, paul(a)city-fan.org,
perl-devel(a)lists.fedoraproject.org
perl-YAML-LibYAML bundles yaml sources. yaml-1.0.4 with two small modifications
in emmiter.c and scanner.c.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NQ1kUHtESn&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1380082
Bug ID: 1380082
Summary: perl-Time-HiRes-1.9740 is available
Product: Fedora
Version: rawhide
Component: perl-Time-HiRes
Keywords: FutureFeature, Triaged
Assignee: ppisar(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
Latest upstream release: 1.9740
Current version/release in rawhide: 1.9725-3.el7
URL: http://search.cpan.org/dist/Time-HiRes/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/3466/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1409342
Bug ID: 1409342
Summary: perl-threads-2.12 is available
Product: Fedora
Version: rawhide
Component: perl-threads
Keywords: FutureFeature, Triaged
Assignee: ppisar(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
Latest upstream release: 2.12
Current version/release in rawhide: 2.09-1.fc25
URL: http://search.cpan.org/dist/threads/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/3457/
--
You are receiving this mail because:
You are on the CC list for the bug.