https://bugzilla.redhat.com/show_bug.cgi?id=2272636
Bug ID: 2272636
Summary: perl-SDL-2.548-22.fc41 FTBFS: t/core_events.t fails
Product: Fedora
Version: rawhide
URL: https://koschei.fedoraproject.org/package/perl-SDL
Status: NEW
Component: perl-SDL
Assignee: hdegoede(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: hdegoede(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
Blocks: 2260875 (F41FTBFS,RAWHIDEFTBFS)
Target Milestone: ---
Classification: Fedora
perl-SDL-2.548-22.fc41 fails to build in Fedora 41 because a test fails:
t/core_error.t .................. ok
Can't use an undefined value as a subroutine reference during global
destruction.
t/core_events.t .................
Dubious, test returned 22 (wstat 5632, 0x1600)
All 697 subtests passed
(less 1 skipped subtest: 696 okay)
A difference between passing and failing build root is at
<https://koschei.fedoraproject.org/build/17643376>. An upgrade of SDL2 from
2.28.5-3.fc40
to 2.30.1-1.fc41 is suspicious.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2260875
[Bug 2260875] Fedora 41 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2272636
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2230255
Bug ID: 2230255
Summary: perl-HTTP-Tiny: a ton of new dependencies all of a
sudden?
Product: Fedora
Version: 38
Hardware: All
OS: Linux
Status: NEW
Component: perl-HTTP-Tiny
Assignee: jplesnik(a)redhat.com
Reporter: aros(a)gmx.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mspacek(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
Target Milestone: ---
Classification: Fedora
Why does a new version of perl-HTTP-Tiny now depend on a ton of new Perl
subpackages?
Could this please be made optional?
# dnf update perl-HTTP-Tiny
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Upgrading:
perl-HTTP-Tiny noarch 0.086-2.fc38 updates 55 k
Installing dependencies:
perl-AutoLoader noarch 5.74-497.fc38 updates 22 k
perl-Digest noarch 1.20-490.fc38 fedora 25 k
perl-Digest-MD5 x86_64 2.58-490.fc38 fedora 36 k
perl-IO-Socket-IP noarch 0.41-492.fc38 fedora 41 k
perl-IO-Socket-SSL noarch 2.081-1.fc38 fedora 227 k
perl-Mozilla-CA noarch 20221114-2.fc38 fedora 12 k
perl-Net-SSLeay x86_64 1.92-5.fc38 fedora 361 k
perl-URI noarch 5.17-2.fc38 fedora 120 k
perl-base noarch 2.27-497.fc38 updates 17 k
perl-libnet noarch 3.15-1.fc38 fedora 128 k
Transaction Summary
================================================================================
Install 10 Packages
Upgrade 1 Package
Total download size: 1.0 M
Is this ok [y/N]:
Operation aborted.
This looks totally excessive and unnecessary.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2230255
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2074940
Bug ID: 2074940
Summary: Remove usage of gethostbyname() and inet_addr() from
perl-FCGI package
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-FCGI
Assignee: emmanuel(a)seyman.fr
Reporter: mspacek(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bstinson(a)redhat.com, emmanuel(a)seyman.fr,
iarnell(a)gmail.com, jwboyer(a)redhat.com,
mspacek(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com,
rhel-cs-apps-subsystem-qe(a)redhat.com
Depends On: 1979848
Target Milestone: ---
Classification: Fedora
+++ This bug was initially created as a clone of Bug #1979848 +++
Description of problem:
rpminspect is failing in gating
Version-Release number of selected component (if applicable):
perl-FCGI-0.79-7.el9
Actual results:
Forbidden function symbols found:
gethostbyname
inet_addr
Expected results:
no forbidden functions
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1979848
[Bug 1979848] Remove usage of gethostbyname() and inet_addr() from perl-FCGI
package
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2074940
https://bugzilla.redhat.com/show_bug.cgi?id=2063919
Bug ID: 2063919
Summary: Packages Perl tests should not generate Provides
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-generators
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mspacek(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
Target Milestone: ---
Classification: Fedora
I noticed that packaged tests in /usr/libexec/... generates Provides because
they are matched by perllib.attr:
$ cat /usr/lib/rpm/fileattrs/perllib.attr
%__perllib_provides %{_rpmconfigdir}/perl.prov
%__perllib_requires %{_rpmconfigdir}/perl.req
%__perllib_magic ^Perl[[:digit:]] module source.*
%__perllib_path \\.pm$
%__perllib_flags magic_and_path
I think they were meant to be only covered with perltest.attr:
# cat /usr/lib/rpm/fileattrs/perltest.attr
%__perltest_requires %{_rpmconfigdir}/perl.req
%__perltest_magic ^.*[Pp]erl[[:digit:]]* .*$
%__perltest_path /usr/libexec/.*\\.(pl|pm|t)$
%__perltest_flags magic_and_path
But perltest.attr is more similar to perl.attr, it's about scripts:
$ cat /usr/lib/rpm/fileattrs/perl.attr
%__perl_requires %{_rpmconfigdir}/perl.req
%__perl_magic ^.*[Pp]erl .*$
%__perl_flags exeonly
Would it be possible to change perllib.attr to match only files under
/usr/{share,lib,lib64}/perl?
Observed with perl-generators-1.13-5.fc36.noarch.
(I find out that filtering those Provides with %__exclude_provides is a problem
when the tests involve symlinks to modules in the main package. See
perl-Module-Install-TestBase-tests-0.86-24.fc36 which erroneously provides
perl(Module::Install::TestBase)
<https://koji.fedoraproject.org/koji/buildinfo?buildID=1892296>. I will try to
work it around on packaged file level in perl-Module-Install-TestBase.)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2063919
https://bugzilla.redhat.com/show_bug.cgi?id=1666098
Bug ID: 1666098
Summary: Overspecification in perl -MExtUtils::Embed -e ldopts
Product: Fedora
Version: rawhide
Status: NEW
Component: perl
Assignee: jplesnik(a)redhat.com
Reporter: bugs.michael(a)gmx.net
QA Contact: extras-qa(a)fedoraproject.org
CC: caillon+fedoraproject(a)gmail.com, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
mbarnes(a)fastmail.com, mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rhughes(a)redhat.com,
sandmann(a)redhat.com, tcallawa(a)redhat.com
Target Milestone: ---
Classification: Fedora
The following command is supposed to return the ldflags that are needed to link
with libperl. Instead, it returns everything that has been specified when
building libperl itself. Not limited to Fedora's global flags and several
libraries that aren't needed when linking shared. As a result, programs relink
also with those libs instead of just libperl.
$ perl -MExtUtils::Embed -e ldopts
-Wl,--enable-new-dtags -Wl,-z,relro -Wl,-z,now
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,relro -Wl,-z,now
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld -fstack-protector-strong
-L/usr/local/lib -L/usr/lib64/perl5/CORE -lperl -lpthread -lresolv -ldl -lm
-lcrypt -lutil -lc
Please clean up the flags and return only -L/usr/lib64/perl5/CORE -lperl.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2355705
Bug ID: 2355705
Summary: CVE-2024-13939 perl-String-Compare-ConstantTime:
String::Compare::ConstantTime for Perl through 0.321
is vulnerable to timing attacks that allow an attacker
to guess the length of a secret string [fedora-41]
Product: Fedora
Version: 41
Status: NEW
Whiteboard: {"flaws": ["da725ec8-9b41-4a44-8936-c21c330ab0cf"]}
Component: perl-String-Compare-ConstantTime
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ppisar(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
Blocks: 2355663
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2355663
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2355705
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2355245
Bug ID: 2355245
Summary: CVE-2025-27552 perl-DBIx-Class-EncodedColumn:
DBIx::Class::EncodedColumn until 0.00032 for Perl uses
insecure rand() function for salting password hashes
in Crypt/Eksblowfish/Bcrypt.pm [fedora-41]
Product: Fedora
Version: 41
Status: NEW
Whiteboard: {"flaws": ["c7185397-7db4-4534-a645-2ac875052cf1"]}
Component: perl-DBIx-Class-EncodedColumn
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jplesnik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: iarnell(a)gmail.com, jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Blocks: 2355041
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2355041
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2355245
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2355243
Bug ID: 2355243
Summary: CVE-2025-27551 perl-DBIx-Class-EncodedColumn:
DBIx::Class::EncodedColumn until 0.00032 for Perl uses
insecure rand() function for salting password hashes
in Digest.pm [fedora-41]
Product: Fedora
Version: 41
Status: NEW
Whiteboard: {"flaws": ["900c86bc-36d1-4941-89a7-d095f888098d"]}
Component: perl-DBIx-Class-EncodedColumn
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jplesnik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: iarnell(a)gmail.com, jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Blocks: 2355043
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2355043
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2355243
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…