PaulHowarth/Blog/2010-11-02

Tuesday 2nd November 2010

Fedora Project

  • Updated perl-IO-Socket-SSL to 1.34 in Rawhide:

    • Schema http for certificate verification changed to wildcards_in_cn=1

    • If upgrading socket from inet to ssl fails due to handshake problems, the socket gets downgraded back again but is still open (CPAN RT#61466)

    • Deprecate kill_socket: just use close()

  • Updated proftpd for Rawhide, Fedora 13 and 14, and EPEL-6 to 1.3.3c, and also added the unbundled module mod_geoip:

    • Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)

    • Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)

    • Fixed SQLite authentication using "SQLAuthType Backend"

Local Packages

  • Updated perl-IO-Socket-SSL to 1.34 as per the Fedora version

  • Updated perl-Moose to 1.19:

    • There was still one use of Test::Exception rather than Test::Fatal

  • I've now dropped perl(Test::Exception) as a buildreq as it's no longer needed

  • Updated perl-NetAddr-IP (4.035) to address CPAN RT#62521, which leads to spamassassin generating these error messages:

  • netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
    netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
    netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
    netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
    netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
    netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
  • The patch was simple and adds an additional test case to check for the problem; of course, the rest of the test suite still passes and I sent the patch upstream
  • diff -up NetAddr-IP-4.035/Lite/Lite.pm.orig NetAddr-IP-4.035/Lite/Lite.pm
    --- NetAddr-IP-4.035/Lite/Lite.pm.orig  2010-11-02 10:46:29.642163120 +0000
    +++ NetAddr-IP-4.035/Lite/Lite.pm       2010-11-02 10:59:54.746161443 +0000
    @@ -740,7 +740,7 @@ sub _xnew($$;$$) {
            if ($mval == 128) {                     # cidr 128
              $mask = Ones;
            }
    -       elsif ($ip =~ /^\d+\.\d+\.\d+\.\d+$/) { # corner case of ipV4 with new6
    +       elsif (index($ip,':') < 0) {    # corner case of ipV4 with new6
              $mask = shiftleft(Ones,32 -$mval);
            }
            elsif ($mask < 128) {                   # small cidr
    diff -up NetAddr-IP-4.035/Lite/t/bug62521.t.orig NetAddr-IP-4.035/Lite/t/bug62521.t
    --- NetAddr-IP-4.035/Lite/t/bug62521.t.orig     2010-10-28 22:25:20.000000000 +0100
    +++ NetAddr-IP-4.035/Lite/t/bug62521.t  2010-11-02 10:53:04.666124405 +0000
    @@ -1,5 +1,5 @@
     
    -BEGIN { $| = 1; print "1..2\n"; }
    +BEGIN { $| = 1; print "1..3\n"; }
     END {print "not ok 1\n" unless $loaded;}
     
     $loaded = 1;
    @@ -21,3 +21,7 @@ my $ip = new6 NetAddr::IP::Lite('127.0.0
     print "exp $exp\ngot ", $ip, "\nnot "
            unless $ip eq $exp;
     &ok;
    +$ip = new6 NetAddr::IP::Lite('127/8');
    +print "exp $exp\ngot ", $ip, "\nnot "
    +       unless $ip eq $exp;
    +&ok;


Recent