PaulHowarth/Blog/2013-09-03

Tuesday 3rd September 2013

Fedora Project

  • Petr Šabata kindly reviewed and approved my perl-Unicode-UTF8 package submission

  • Imported and built perl-Unicode-UTF8 (0.59) for F-18, F-19, F-20, Rawhide and EPEL-6

  • Jitka Plesnikova kindly reviewed and approved my perl-Hash-StoredIterator package submission

  • Imported and built perl-Hash-StoredIterator (0.007) for F-19, F-20 and Rawhide

  • Petr Šabata kindly reviewed and approved my perl-Path-Tiny package submission

  • Imported and built perl-Path-Tiny (0.031) for F-19, F-20 and Rawhide

  • Updated perl-Config-Tiny to 2.15 in F-20 and Rawhide:

    • Clean up the shambolic dates in the Changes file

    • Add a note under Caveats about setting options more that once - only the first case is respected (CPAN RT#69795)

    • Add a $encoding parameter to read_file() and write_file(), and add t/04.utf8.t and t/04.utf8.txt (CPAN RT#71029, CPAN RT#85571)

    • Fix temporary directory creation in tests for BSD-based systems
    • Rename t/*.t files

    • Add MANIFEST.SKIP, Changelog.ini, Build.PL, META.json

    • Add a FAQ to the docs
    • Clean up the docs
  • Updated perl-Crypt-DSA in EPEL-5, EPEL-6, F-18, F-19, F-20 and Rawhide to disable the fall back to using Data::Random if /dev/random is unavailable (Bug #743567, CPAN RT#71421, CVE-2011-3599)

  • It might seem that this would not affect Fedora since /dev/random is always available and so the fall back to Data::Random would never happen. However, if an application is confined using a MAC system such as SELinux then access to /dev/random could be denied by policy and the fall back would be triggered. Data::Random uses rand(), about which the perldoc says "rand() is not cryptographically secure. You should not rely on it in security-sensitive situations." In the case of DSA, this is even worse. Using improperly secure randomness sources can compromise the signing key upon signature of a message - see: http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

  • Updated perl-ExtUtils-Depends to 0.305 in F-20 and Rawhide:

    • Makefile.PL: converted to CPAN::Meta::Spec v2

    • Updated license in RPM spec file (CPAN RT#88196)

    • Updated contact info and added git repo info to POD
    • Add comments for find_extra_libs method (CPAN RT#43900)

    • Fixed typo (CPAN RT#86572)

Local Packages

  • Updated perl-ExtUtils-Depends to 0.305 as per the Fedora version

  • Updated perl-version to 0.9904


Recent