Bug#867279: duck: Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.

Wed, 05 Jul 2017 05:33:37 -0700 

Package: duck
Version: 0.12
Severity: normal

If I check the lynx 2.8.9dev14-2 package (currently in testing and
unstable) with duck, I get the following perl warnings:

---------------------------------------------------------------------------
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
I: debian/copyright:47: URL: http://www.haible.de/bruno/packages-libutf8.html: 
INFORMATION (Certainty:possible)
   URL schema changed from HTTP to HTTPS during redirect(s): 
http://www.haible.de -> https://www.haible.de
   Please investigate and update the URL eventually, to avoid unneccesary 
redirects!

I: debian/copyright:49: URL: http://fedoraproject.org/wiki/Nss_compat_ossl: 
INFORMATION (Certainty:possible)
   The web page at http://fedoraproject.org/wiki/Nss_compat_ossl works, but is 
also available via https://fedoraproject.org/wiki/Nss_compat_ossl, please 
consider switching to HTTPS urls.
---------------------------------------------------------------------------

Adding some debug output to DUCK.pm reveals that it's always the domain
fedoraproject.org:

---------------------------------------------------------------------------
→ diff -Bbu /usr/share/duck/DUCK.pm.backup /usr/share/duck/DUCK.pm
--- /usr/share/duck/DUCK.pm.backup      2017-01-15 20:26:16.000000000 +0100
+++ /usr/share/duck/DUCK.pm     2017-07-05 12:46:30.391670509 +0200
@@ -646,6 +646,7 @@
     if ($startscheme && $finalscheme)
     {
     
+    print "*** DEBUG '$startdomain' vs '$finaldomain'\n";
     if ($startdomainsuffix->get_root_domain($startdomain) ne 
$finaldomainsuffix->get_root_domain($finaldomain))
     {
 
---------------------------------------------------------------------------

With that patch, the output looks like this:

---------------------------------------------------------------------------
~/lynx/lynx → duck
*** DEBUG 'www.bzip.org' vs 'www.bzip.org'
*** DEBUG 'www.gzip.org' vs 'www.gzip.org'
*** DEBUG 'www.openssl.org' vs 'www.openssl.org'
*** DEBUG 'www.bzip.org' vs 'www.bzip.org'
*** DEBUG 'www.haible.de' vs 'www.haible.de'
*** DEBUG 'lynx.invisible-island.net' vs 'lynx.invisible-island.net'
*** DEBUG 'invisible-mirror.net' vs 'invisible-mirror.net'
*** DEBUG 'www.debian.org' vs 'www.debian.org'
*** DEBUG 'anonscm.debian.org' vs 'anonscm.debian.org'
*** DEBUG 'libbsd.freedesktop.org' vs 'libbsd.freedesktop.org'
*** DEBUG 'savannah.nongnu.org' vs 'savannah.nongnu.org'
*** DEBUG 'savannah.nongnu.org' vs 'savannah.nongnu.org'
*** DEBUG 'lynx.invisible-island.net' vs 'lynx.invisible-island.net'
*** DEBUG 'fedoraproject.org' vs 'fedoraproject.org'
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
*** DEBUG 'www.haible.de' vs 'www.haible.de'
*** DEBUG 'invisible-mirror.net' vs 'invisible-mirror.net'
*** DEBUG 'bugs.debian.org' vs 'bugs.debian.org'
*** DEBUG 'fedoraproject.org' vs 'fedoraproject.org'
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
*** DEBUG 'www.gzip.org' vs 'www.gzip.org'
I: debian/copyright:47: URL: http://www.haible.de/bruno/packages-libutf8.html: 
INFORMATION (Certainty:possible)
   URL schema changed from HTTP to HTTPS during redirect(s): 
http://www.haible.de -> https://www.haible.de
   Please investigate and update the URL eventually, to avoid unneccesary 
redirects!

I: debian/copyright:49: URL: http://fedoraproject.org/wiki/Nss_compat_ossl: 
INFORMATION (Certainty:possible)
   The web page at http://fedoraproject.org/wiki/Nss_compat_ossl works, but is 
also available via https://fedoraproject.org/wiki/Nss_compat_ossl, please 
consider switching to HTTPS urls.
---------------------------------------------------------------------------

There are only two places in the packaging where fedoraproject.org is
mentioned:

---------------------------------------------------------------------------
~/lynx/lynx → git grep fedoraproject.org
COPYHEADER:        nss_compat_ossl      
http://fedoraproject.org/wiki/Nss_compat_ossl
debian/copyright:        nss_compat_ossl      
http://fedoraproject.org/wiki/Nss_compat_ossl
---------------------------------------------------------------------------

I though yet haven't found out why these perl warnings appear. I don't
see any unexpected difference when requesting this URL with and without
HTTPS:

---------------------------------------------------------------------------
→ diff <(GET -SUsed http://fedoraproject.org/wiki/Nss_compat_ossl) <(GET -SUsed 
https://fedoraproject.org/wiki/Nss_compat_ossl)
1c1
< GET http://fedoraproject.org/wiki/Nss_compat_ossl
---
> GET https://fedoraproject.org/wiki/Nss_compat_ossl
19,21c19,21
< AppTime: D=586
< Client-Date: Wed, 05 Jul 2017 11:00:42 GMT
< Client-Peer: 67.219.144.68:80
---
> AppTime: D=547
> Client-Date: Wed, 05 Jul 2017 11:00:43 GMT
> Client-Peer: 67.219.144.68:443
22a23,26
> Client-SSL-Cert-Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert 
> SHA2 High Assurance Server CA
> Client-SSL-Cert-Subject: /C=US/ST=North Carolina/L=Raleigh/O=Red Hat 
> Inc./CN=*.fedoraproject.org
> Client-SSL-Cipher: ECDHE-RSA-AES128-GCM-SHA256
> Client-SSL-Socket-Class: IO::Socket::SSL
39c43
< X-Varnish: 15863735 15060655
---
> X-Varnish: 15357973 15060655

---------------------------------------------------------------------------

Maybe it's related to fedoraproject.org using a wildcard certificate?
(Really just guessing.)

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), 
(111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), 
(105, 'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages duck depends on:
ii  devscripts                           2.17.6
ii  dpkg-dev                             1.18.24
ii  libconfig-inifiles-perl              2.94-1
ii  libconfig-simple-perl                4.59-6
ii  libdomain-publicsuffix-perl          0.14.1-1
ii  libfile-which-perl                   1.21-1
ii  libmailtools-perl                    2.18-1
ii  libnet-dns-perl                      1.10-1
ii  libparallel-forkmanager-perl         1.19-1
ii  libparse-debcontrol-perl             2.005-4
ii  libpath-class-perl                   0.37-1
ii  libregexp-common-email-address-perl  1.01-4
ii  libregexp-common-perl                2017060201-1
ii  libstring-similarity-perl            1.04-1+b4
ii  libwww-curl-perl                     4.17-4
ii  libxml-xpath-perl                    1.40-1
ii  libyaml-libyaml-perl                 0.63-2
ii  lynx                                 2.8.9dev14-2
ii  perl                                 5.24.1-6
ii  publicsuffix                         20170622.1007-1

duck recommends no packages.

Versions of packages duck suggests:
ii  bzr         2.7.0+bzr6622-3
ii  git         1:2.13.2-3
ii  mercurial   4.0-1
ii  subversion  1.9.5-1

-- no debconf information

Reply via email to