Bug 14098

Summary: Text::Wrap 2012.0818 incorrectly parses strings when $Text::Wrap::huge = 'wrap'
Product: Mageia Reporter: Frédéric "LpSolit" Buclin <LpSolit>
Component: RPM PackagesAssignee: Jerome Quelin <jquelin>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: jquelin, qa-bugs
Version: 4Keywords: PATCH, Triaged
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: https://bugzilla.mozilla.org/show_bug.cgi?id=1067285#c2
Whiteboard:
Source RPM: perl-5.18.1-3.mga4 CVE:
Status comment:
Bug Depends on: 14170    
Bug Blocks:    
Attachments: patch for Text::Wrap 2012.0818

Description Frédéric "LpSolit" Buclin 2014-09-15 18:35:40 CEST 
Created attachment 5416 [details]
patch for Text::Wrap 2012.0818

Mageia 4 provides Text::Wrap 2012.0818 via its perl-5.18.1-3.mga4 RPM. But this version of Text::Wrap is bogus. If you execute this command from the shell:

perl -MText::Wrap -wE 'say wrap("", "", "http://193.35.206.163/issues/clients/index.php?issue=6239&order=issue_id&sort=desc")'

you get the error "This shouldn't happen at /usr/lib/perl5/5.18.1/Text/Wrap.pm line 84."

This is a known bug in Text::Wrap 2012.0818 which has been fixed in Text::Wrap 2013.0426, see https://rt.cpan.org/Public/Bug/Display.html?id=79766.

The fix is trivial, see the attachment. This is the fix which has been applied upstream.

Bugzilla may crash on Mageia 4 due to this bug (this happened to me earlier today).
Manuel Hiebel 2014-09-21 15:26:29 CEST

Keywords: (none) => PATCH, Triaged
Assignee: bugsquad => jquelin

Comment 1 Jerome Quelin 2014-09-26 09:46:46 CEST 
perl-5.18.1-3.1.mga4 now available in mga4's core/updates_testing (currently being indexed.
Please test (procedure above) & push.

Advisory (feel free to change it to better wording)
========================================
The Text::Wrap version provided in perl contains a bug that can lead to a code path that shouldn't be hit. This can lead to crashes in other software, such as bugzilla.
This new perl package fixes the problem.
========================================

thanks.

CC: (none) => jquelin

Jerome Quelin 2014-09-26 09:47:14 CEST

QA Contact: (none) => qa-bugs

Comment 2 Jerome Quelin 2014-09-26 09:48:31 CEST 
oops, I've put QA team in the wrong field. Fixed & sorry for the noise.

Assignee: jquelin => qa-bugs

Comment 3 David Walser 2014-09-26 14:53:33 CEST 
Please fix security Bug 14170 first.  Thanks.

CC: (none) => qa-bugs
Depends on: (none) => 14170
Assignee: qa-bugs => jquelin
QA Contact: qa-bugs => (none)

Comment 4 claire robinson 2014-10-09 16:08:43 CEST 
perl pushed in bug 14170 so closing this one now.

Status: NEW => RESOLVED
Resolution: (none) => FIXED