May 2022 - perl-devel - Fedora Mailing-Lists

[Bug 2041430] New: [RFC] Drop support for mod_perl in F36+/EL9+

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2041430 Bug ID: 2041430 Summary: [RFC] Drop support for mod_perl in F36+/EL9+ Product: Fedora Version: rawhide Status: NEW Component: perl-Plack Assignee: rc040203(a)freenet.de Reporter: xavier(a)bachelot.org QA Contact: extras-qa(a)fedoraproject.org CC: emmanuel(a)seyman.fr, jose.p.oliveira.oss(a)gmail.com, perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com, rc040203(a)freenet.de, xavier(a)bachelot.org Target Milestone: --- Classification: Fedora Hi Ralf, As you know, I'll take care of building perl-Plack in EPEL 9. One of the dependency is mod_perl, which won't make it to EPEL 9 and is marked as abandoned/unsupported for Fedora in the specfile. I'd like to suggest the following tuning to the rawhide branch specfile. It disables mod_perl support for both el9+, but I thought it might make sense to also disable it in F36+. I'd like to get this or a variation of this in rawhide so one can keep a non-diverging history in the epel9 branch. I'll submit a proper PR once you gave me your thoughts on this approach. """ # Build with mod_perl support for Apache HTTP server version 2. # Abandoned/Unsupported in Fedora. +%if 0%{?rhel} >= 9 || 0%{?fedora} >= 36 +%bcond_with perl_Plack_enables_httpd2 +%else %bcond_without perl_Plack_enables_httpd2 +%endif # Recommends IPv6 support to HTTP::Server::PSGI embedded web server %bcond_without perl_Plack_enables_ipv6 """ Regards, Xavier -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2041430

6 days, 15 hours

1
8
0 / 0

[Bug 1975700] New: start_server (or Server::Starter) should depend on Net::Server::SS::PreFork

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1975700 Bug ID: 1975700 Summary: start_server (or Server::Starter) should depend on Net::Server::SS::PreFork Product: Fedora Version: 34 Status: NEW Component: perl-Server-Starter Severity: low Assignee: rc040203(a)freenet.de Reporter: kas(a)fi.muni.cz QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, rc040203(a)freenet.de Target Milestone: --- Classification: Fedora Description of problem: The start_server script uses Net::Server::SS::PreFork personality of Net::Server, so it should explicitly depend on it. Version-Release number of selected component (if applicable): perl-Server-Starter-0.35-5.fc34.noarch perl-Server-Starter-start_server-0.35-5.fc34.noarch How reproducible: Steps to Reproduce: 1. yum -y install perl-Server-Starter-start_server perl-Starman 2. cat > app.psgi <<'EOF' #!/usr/bin/perl use strict; my $app = sub { my $env = shift; return [ '200', [ 'Content-Type' => 'text/plain' ], [ "Hello World\n" ], # or IO::Handle-like object ]; }; EOF 3. start_server --port 0.0.0.0:5000 -- starman --workers 4 app.psgi Actual results: start_server (pid:5091) starting now... starting new worker 5092 Can't locate Net/Server/SS/PreFork.pm in @INC (you may need to install the Net::Server::SS::PreFork module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/share/perl5/vendor_perl/Plack/Handler/Starman.pm line 14. new worker 5092 seems to have failed to start, exit status:512 Expected results: starman should be up and running Additional info: The dependency on Net::Server::SS::PreFork is described here: https://metacpan.org/pod/Server::Starter -- You are receiving this mail because: You are on the CC list for the bug.

6 days, 15 hours

1
4
0 / 0

[Bug 2064174] New: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2064174 Bug ID: 2064174 Summary: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mrehak(a)redhat.com CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Other An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Reference: https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2064174

6 days, 16 hours

1
5
0 / 0

[Bug 2064175] New: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2064175 Bug ID: 2064175 Summary: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure [fedora-all] Product: Fedora Version: 35 Status: NEW Component: slic3r Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mhroncok(a)redhat.com Reporter: mrehak(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2064175

6 days, 16 hours

1
6
0 / 0

[Bug 2046366] New: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2046366 Bug ID: 2046366 Summary: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Other A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute. Reference: https://github.com/slic3r/Slic3r/issues/5117 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2046366

6 days, 16 hours

1
5
0 / 0

[Bug 2046367] New: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2046367 Bug ID: 2046367 Summary: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document [fedora-all] Product: Fedora Version: 35 Status: NEW Component: slic3r Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mhroncok(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2046367

6 days, 16 hours

1
6
0 / 0

[Bug 2053165] New: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2053165 Bug ID: 2053165 Summary: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, mspacek(a)redhat.com, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Other When one sets validation to 1 without also setting load_ext_dtd to 1, the document is always regarded as valid. References: https://github.com/shlomif/perl-XML-LibXML/issues/71 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2053165

6 days, 17 hours

1
5
0 / 0

[Bug 2053166] New: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2053166 Bug ID: 2053166 Summary: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded [fedora-all] Product: Fedora Version: 35 Status: NEW Component: perl-XML-LibXML Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jplesnik(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: caillon+fedoraproject(a)gmail.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, mspacek(a)redhat.com, perl-devel(a)lists.fedoraproject.org, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2053166

6 days, 17 hours

1
6
0 / 0

[Bug 2026907] New: Time to retire this package

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2026907 Bug ID: 2026907 Summary: Time to retire this package Product: Fedora Version: rawhide Status: NEW Component: perl-WWW-Google-Contacts Assignee: avibrazil(a)gmail.com Reporter: ppisar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: avibrazil(a)gmail.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Does perl-WWW-Google-Contacts-0:0.39-18.fc35 actually work? According to an upstream bug <https://rt.cpan.org/Public/Bug/Display.html?id=113292> it does work since 2015. This package is also the only user of perl-Crypt-SSLeay which does not work with OpenSSL 3 (bug #2007247) which now in Fedora 36. Could you please consider removing perl-WWW-Google-Contacts from Fedora? -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2026907

6 days, 18 hours

1
2
0 / 0

[Bug 1729976] New: Please package perl-LWP-Protocol-connect

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1729976 Bug ID: 1729976 Summary: Please package perl-LWP-Protocol-connect Product: Fedora EPEL Version: epel7 Status: NEW Component: perl-LWP-Protocol-https Assignee: extras-orphan(a)fedoraproject.org Reporter: clem.oudot(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: extras-orphan(a)fedoraproject.org, perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: Some HTTP proxies require to use the CONNECT method. This is possible with Perl using LWP-Protocol-connect, but this module is not packaged in EPEL. Would it be possible to do it? -- You are receiving this mail because: You are on the CC list for the bug.

3 weeks, 5 days

1
20
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel May 2022