[Bug 1821879] New: CVE-2013-7488 perl-Convert-ASN1: allows remote
attackers to cause an infinite loop via unexpected input
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1821879
Bug ID: 1821879
Summary: CVE-2013-7488 perl-Convert-ASN1: allows remote
attackers to cause an infinite loop via unexpected
input
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: caillon+fedoraproject(a)gmail.com, caolanm(a)redhat.com,
john.j5live(a)gmail.com, jplesnik(a)redhat.com,
kasal(a)ucw.cz, perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, ppisar(a)redhat.com,
psabata(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com
Target Milestone: ---
Classification: Other
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows
remote attackers to cause an infinite loop via unexpected input.
Reference:
https://github.com/gbarr/perl-Convert-ASN1/issues/14
--
You are receiving this mail because:
You are on the CC list for the bug.
3 weeks, 5 days
[Bug 1716324] New: perl-Text-Xslate-3.5.6-5.fc30 is not linked to
libperl.so
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1716324
Bug ID: 1716324
Summary: perl-Text-Xslate-3.5.6-5.fc30 is not linked to
libperl.so
Product: Fedora
Version: 30
Status: NEW
Component: perl-Text-Xslate
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: i(a)cicku.me, jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
perl-Text-Xslate-3.5.6-5.fc30 lost a dependency on libperl.so since
-Wl,--as-needed was added to distribution-wide linker flags:
$ scanelf -n blib/arch/auto/Text/Xslate/Xslate.so
TYPE NEEDED FILE
ET_DYN libc.so.6 blib/arch/auto/Text/Xslate/Xslate.so
$ ldd -r blib/arch/auto/Text/Xslate/Xslate.so
linux-vdso.so.1 (0x00007fff0d5cb000)
libc.so.6 => /lib64/libc.so.6 (0x00007f948b9a1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f948bb8f000)
undefined symbol: Perl_sv_cmp (blib/arch/auto/Text/Xslate/Xslate.so)
undefined symbol: PL_ppaddr (blib/arch/auto/Text/Xslate/Xslate.so)
[...]
Xslate.so is built like this:
gcc -lpthread -shared -Wl,-z,relro -Wl,--as-needed -Wl,-z,now
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L/usr/local/lib
-fstack-protector-strong -lperl -o blib/arch/auto/Text/Xslate/Xslate.so
lib/Text/Xslate.o src/xslate_methods.o
The cause is that -Wl,--as-needed takes effect when library is supplied and
considering only preceding object files and ignoring and following object
files. A correct linker command must list all object files before -l flags.
Like this:
gcc lib/Text/Xslate.o src/xslate_methods.o -lpthread -shared -Wl,-z,relro
-Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
-L/usr/local/lib -fstack-protector-strong -lperl -o
blib/arch/auto/Text/Xslate/Xslate.so
Either there is bug in perl-Text-Xslate build script or in
Module::Build::XSUtil that it uses.
--
You are receiving this mail because:
You are on the CC list for the bug.
1 month, 1 week
[Bug 2053941] New: The Fedora BuildRequires is missing an the
license files are listed as %doc
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2053941
Bug ID: 2053941
Summary: The Fedora BuildRequires is missing an the license
files are listed as %doc
Product: Fedora
Version: 34
Status: NEW
Component: cpanspec
Assignee: psabata(a)redhat.com
Reporter: bugzilla(a)terrortux.de
QA Contact: extras-qa(a)fedoraproject.org
CC: ktdreyer(a)ktdreyer.com,
perl-devel(a)lists.fedoraproject.org,
psabata(a)redhat.com, steve(a)silug.org,
strobert(a)strobe.net
Target Milestone: ---
Classification: Fedora
Description of problem:
In the generated spec file, this line is missing:
# needes by all perl packages
BuildRequires: perl-generators perl-interpreter perl-devel perl
And the license files of the generated spec file are marked as %doc instant of
%license
Version-Release number of selected component (if applicable):
cpanspec-1.78-39.fc34.noarch
How reproducible:
Every time
Steps to Reproduce:
1. Call cpanspec Sort::Versions for example
Actual results:
See above
Expected results:
Correct spec file
Additional info:
Also the old %setup macro is used.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2053941
1 month, 1 week
[Bug 1936241] New: Compiled @INC in 5.32 No longer Includes Suitable
Path For Custom System-Wide Modules
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1936241
Bug ID: 1936241
Summary: Compiled @INC in 5.32 No longer Includes Suitable Path
For Custom System-Wide Modules
Product: Fedora
Version: 33
Hardware: All
OS: Linux
Status: NEW
Component: perl
Severity: medium
Assignee: jplesnik(a)redhat.com
Reporter: claywj(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: caillon+fedoraproject(a)gmail.com, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rhughes(a)redhat.com,
sandmann(a)redhat.com, spotrh(a)gmail.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Removing /usr/local/share/perl5 for the version specific dir with 5.32 from the
compiled @INC makes it difficult to maintain custom system wide modules apart
from the standard rpm/CPAN locations when upgrading.
As this is done during build, is it possible to get it added back in the next
version?
Version-Release number of selected component (if applicable):
5.32
How reproducible:
perl -e 'print "@INC\n"'
Steps to Reproduce:
1. Using CVS/SCM software to update a custom module, it goes to the expected
old location no longer part of @INC and the changes are not seen.
Actual results:
See above
Expected results:
The path would remain and the changes seen
Additional info:
Yes, CVS/SCM can be changed but in this case the update came across on "Thu 25
Feb 2021 04:46:53 PM CST" during updates. The installer did relocate the
existing custom modules to ./5.32 but the change was not noticed until an
update to one of the custom modules took place
--
You are receiving this mail because:
You are on the CC list for the bug.
4 months, 2 weeks
[Bug 1731721] New: perl-Font-AFM depends on files/directories from
non-standard locations
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1731721
Bug ID: 1731721
Summary: perl-Font-AFM depends on files/directories from
non-standard locations
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-Font-AFM
Assignee: rc040203(a)freenet.de
Reporter: i.gnatenko.brain(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: lxtnow(a)gmail.com, perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de, rob.myers(a)gtri.gatech.edu,
tcallawa(a)redhat.com, tremble(a)tremble.org.uk
Blocks: 1731683
Target Milestone: ---
Classification: Fedora
Hello,
Fedora Packaging Guidelines allow dependencies only on files/directories from
/usr/bin, /usr/sbin and /etc directories[0].
Your package depends on files/directories outside of those. See below for more
information about package/dependencies.
---
perl-Font-AFM-1.20-30.fc31.src:
- /usr/share/a2ps/afm/phvr.afm
---
Please correct those or provide reason why is it correct.
It is very important to not download huge filelists.xml just because few
packages in distribution depend on non-standard paths.
Thanks for cooperation!
[0]
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_dire...
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1731683
[Bug 1731683] Packages which are not following Packaging Guidelines
--
You are receiving this mail because:
You are on the CC list for the bug.
4 months, 2 weeks