Summary: | <dev-perl/Net-Netmask-2.0.100: octal type confusion with leading zeros in IP octets | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hank Leininger <hlein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://metacpan.org/changes/distribution/Net-Netmask | ||
See Also: |
https://github.com/gentoo/gentoo/pull/20189 https://bugs.gentoo.org/show_bug.cgi?id=779373 https://bugs.gentoo.org/show_bug.cgi?id=815865 https://github.com/gentoo/gentoo/pull/22470 |
||
Whiteboard: | B4 [glsa?] | ||
Package list: |
dev-perl/Net-Netmask-2.0.100 ppc x86
dev-perl/Test2-Suite-0.0.140
dev-perl/Term-Table-0.15.0
dev-perl/Module-Pluggable-5.200.0-r1
dev-perl/Scope-Guard-0.210.0-r1
|
Runtime testing required: | --- |
Bug Depends on: | 789978 | ||
Bug Blocks: |
Description
Hank Leininger
2021-03-29 21:06:41 UTC
*** This bug has been marked as a duplicate of bug 779172 *** (In reply to Sam James from comment #1) > > *** This bug has been marked as a duplicate of bug 779172 *** Thanks, but I think you meant to mark 779373 as a dup of 779172, both of which concern Net-CIDR-Lite. This one, alone, concerns Net-Netmask, though the nature of the vulnerability is the same. (In reply to Kerin Millar from comment #2) > (In reply to Sam James from comment #1) > > > > *** This bug has been marked as a duplicate of bug 779172 *** > > Thanks, but I think you meant to mark 779373 as a dup of 779172, both of > which concern Net-CIDR-Lite. This one, alone, concerns Net-Netmask, though > the nature of the vulnerability is the same. Oh man, yes, you are right. Too tired. Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a56f6a5aa63c9154db93a17e57927fb8ac9211bc commit a56f6a5aa63c9154db93a17e57927fb8ac9211bc Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-05-13 14:32:31 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-05-13 14:33:48 +0000 dev-perl/Net-Netmask: Version bump, needs rekeywording Bug: https://bugs.gentoo.org/779163 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> dev-perl/Net-Netmask/Manifest | 1 + dev-perl/Net-Netmask/Net-Netmask-2.0.100.ebuild | 28 +++++++++++++++++++++++++ 2 files changed, 29 insertions(+) Sanity check failed:
> dev-perl/Net-Netmask-2.0.100
> bdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-perl/Test-UseAllModules-0.170.0
> >=dev-perl/Test2-Suite-0.0.111
> bdepend amd64 stable profile default/linux/amd64/17.1 (26 total)
> >=dev-perl/Test-UseAllModules-0.170.0
> >=dev-perl/Test2-Suite-0.0.111
Sanity check failed:
> dev-perl/Net-Netmask-2.0.100
> bdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-perl/Test-UseAllModules-0.170.0
> >=dev-perl/Test2-Suite-0.0.111
> bdepend amd64 stable profile default/linux/amd64/17.1 (36 total)
> >=dev-perl/Test-UseAllModules-0.170.0
> >=dev-perl/Test2-Suite-0.0.111
Unable to check for sanity:
> no match for package: dev-perl/Test-UseAllModules-0.170.0
Unable to check for sanity:
> no match for package: dev-perl/Test-UseAllModules-0.170.0
Sanity check failed:
> dev-perl/Test2-Suite-0.0.140
> bdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-perl/Term-Table-0.13.0
> >=virtual/perl-Test-Simple-1.302.176
> bdepend amd64 stable profile default/linux/amd64/17.1 (36 total)
> >=dev-perl/Term-Table-0.13.0
> >=virtual/perl-Test-Simple-1.302.176
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-perl/Term-Table-0.13.0
> >=virtual/perl-Test-Simple-1.302.176
> rdepend amd64 stable profile default/linux/amd64/17.1 (36 total)
> >=dev-perl/Term-Table-0.13.0
> >=virtual/perl-Test-Simple-1.302.176
Sanity check failed:
> virtual/perl-Test-Simple-1.302.183
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> ~perl-core/Test-Simple-1.302.183
> rdepend amd64 stable profile default/linux/amd64/17.1 (36 total)
> ~perl-core/Test-Simple-1.302.183
Unable to check for sanity:
> package masked: virtual/perl-Test-Simple-1.302.183
Sanity check failed:
> virtual/perl-Test-Simple-1.302.183
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> =dev-lang/perl-5.34*
> ~perl-core/Test-Simple-1.302.183
> rdepend amd64 stable profile default/linux/amd64/17.1 (36 total)
> =dev-lang/perl-5.34*
> ~perl-core/Test-Simple-1.302.183
This needs perl@ help to figure out if the deps are bogus. (In reply to Sam James from comment #13) > This needs perl@ help to figure out if the deps are bogus. Unfortunately they are not. There might be a set of module versions that makes stabilization with Perl 5.32 easily possible, but introducing them now into the tree untested is also counterproductive. I'm going to stable-mask the test useflag for this package, then the problem goes away (and tests are not run for this one package, compared to adding an untested test framework to 1599 others). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82608536951e6ffc2e3f801c648d84a70404f6ea commit 82608536951e6ffc2e3f801c648d84a70404f6ea Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-05-30 20:59:56 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-05-30 21:01:00 +0000 package.use.stable.mask: Mask test for dev-perl/Net-Netmask Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> Bug: https://bugs.gentoo.org/779163 profiles/base/package.use.stable.mask | 8 ++++++++ 1 file changed, 8 insertions(+) Now I'm curious if Nattka can handle that. amd64 done Adding dev-perl/Test2-Suite-0.0.140 now that Perl 5.34 is stable. Sanity check failed:
> dev-perl/Test2-Suite-0.0.140
> bdepend amd64 dev profile default/linux/amd64/17.0/x32 (37 total)
> >=dev-perl/Term-Table-0.13.0
> bdepend amd64 stable profile default/linux/amd64/17.1 (73 total)
> >=dev-perl/Term-Table-0.13.0
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (37 total)
> >=dev-perl/Term-Table-0.13.0
> rdepend amd64 stable profile default/linux/amd64/17.1 (73 total)
> >=dev-perl/Term-Table-0.13.0
> bdepend hppa stable profile default/linux/hppa/17.0 (3 total)
> >=dev-perl/Module-Pluggable-2.700.0
> >=dev-perl/Term-Table-0.13.0
> dev-perl/Scope-Guard
> rdepend hppa stable profile default/linux/hppa/17.0 (3 total)
> >=dev-perl/Module-Pluggable-2.700.0
> >=dev-perl/Term-Table-0.13.0
> dev-perl/Scope-Guard
arm done arm64 done amd64 done sparc done ppc64 stable hppa done Unable to check for sanity:
> no match for package: dev-perl/Scope-Guard-0.210.0
All sanity-check issues have been resolved ppc done x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a9766702dad06585559635a8135691fedd101a7 commit 1a9766702dad06585559635a8135691fedd101a7 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-10-16 20:03:06 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-10-16 20:03:13 +0000 dev-perl/Net-Netmask: Remove old Bug: https://bugs.gentoo.org/779163 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> dev-perl/Net-Netmask/Manifest | 1 - dev-perl/Net-Netmask/Net-Netmask-1.902.200.ebuild | 19 ------------------- 2 files changed, 20 deletions(-) Unable to check for sanity:
> no match for package: dev-perl/Test2-Suite-0.0.140
|