Bug 147465
Summary: | XML::XQL not taint-safe by default and warnings if $ENV{TERM} unset. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Timothy Hinchcliffe <tim> |
Component: | perl-libxml-enno | Assignee: | Warren Togami <wtogami> |
Status: | CLOSED CANTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | mattdm, perl-devel |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-04-17 17:26:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Timothy Hinchcliffe
2005-02-08 10:01:48 UTC
I suggest changing line 510 ($^O test of sub tput) of /usr/lib/perl5/vendor_perl/5.8.5/XML/XQL.pm to test if $ENV{TERM} is set and return undef if it is not set or is "" (which is what it would do on a Windows or MacOS platform anyway). Ie: if ($^O =~ /Win|MacOS/) becomes if ($^O =~ /Win|MacOS/ and $ENV{TERM}) That should of course read: if ($^O =~ /Win|MacOS/ or not $ENV{TERM}) FYI, I've fixed these issues in the upcoming FE5 perl-XML-XQL package (bug 172332). Also fixed in upstream XML::XQL 0.68. Same fix now applied in perl-libxml-enno-1.0.2-33 in CVS (but then I found out this package is now "deprecated" and I can't build it in FC5 ...) Will try to fix in FC-4. perl-libxml-enno has been removed from FC5, and the needed bits have already been split from it and packaged in Extras, see bug 128879. See also http://cvs.fedora.redhat.com/viewcvs/rpms/perl-XML-XQL/devel/perl-XML-XQL-tput-147465.patch?root=extras&rev=1.1&view=auto for the taint fix applied in Extras. Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you! |