Bug#867279: marked as done (duck: Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.)

Thu, 10 Aug 2017 14:37:27 -0700 

Your message dated Thu, 10 Aug 2017 21:34:18 +0000
with message-id <e1dfv5u-0009qc...@fasolo.debian.org>
and subject line Bug#867279: fixed in duck 0.13
has caused the Debian Bug report #867279,
regarding duck: Use of uninitialized value in string ne at 
/usr/share/duck/DUCK.pm line 649.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: duck
Version: 0.12
Severity: normal

If I check the lynx 2.8.9dev14-2 package (currently in testing and
unstable) with duck, I get the following perl warnings:

---------------------------------------------------------------------------
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 649.
I: debian/copyright:47: URL: http://www.haible.de/bruno/packages-libutf8.html: 
INFORMATION (Certainty:possible)
   URL schema changed from HTTP to HTTPS during redirect(s): 
http://www.haible.de -> https://www.haible.de
   Please investigate and update the URL eventually, to avoid unneccesary 
redirects!

I: debian/copyright:49: URL: http://fedoraproject.org/wiki/Nss_compat_ossl: 
INFORMATION (Certainty:possible)
   The web page at http://fedoraproject.org/wiki/Nss_compat_ossl works, but is 
also available via https://fedoraproject.org/wiki/Nss_compat_ossl, please 
consider switching to HTTPS urls.
---------------------------------------------------------------------------

Adding some debug output to DUCK.pm reveals that it's always the domain
fedoraproject.org:

---------------------------------------------------------------------------
→ diff -Bbu /usr/share/duck/DUCK.pm.backup /usr/share/duck/DUCK.pm
--- /usr/share/duck/DUCK.pm.backup      2017-01-15 20:26:16.000000000 +0100
+++ /usr/share/duck/DUCK.pm     2017-07-05 12:46:30.391670509 +0200
@@ -646,6 +646,7 @@
     if ($startscheme && $finalscheme)
     {
     
+    print "*** DEBUG '$startdomain' vs '$finaldomain'\n";
     if ($startdomainsuffix->get_root_domain($startdomain) ne 
$finaldomainsuffix->get_root_domain($finaldomain))
     {
 
---------------------------------------------------------------------------

With that patch, the output looks like this:

---------------------------------------------------------------------------
~/lynx/lynx → duck
*** DEBUG 'www.bzip.org' vs 'www.bzip.org'
*** DEBUG 'www.gzip.org' vs 'www.gzip.org'
*** DEBUG 'www.openssl.org' vs 'www.openssl.org'
*** DEBUG 'www.bzip.org' vs 'www.bzip.org'
*** DEBUG 'www.haible.de' vs 'www.haible.de'
*** DEBUG 'lynx.invisible-island.net' vs 'lynx.invisible-island.net'
*** DEBUG 'invisible-mirror.net' vs 'invisible-mirror.net'
*** DEBUG 'www.debian.org' vs 'www.debian.org'
*** DEBUG 'anonscm.debian.org' vs 'anonscm.debian.org'
*** DEBUG 'libbsd.freedesktop.org' vs 'libbsd.freedesktop.org'
*** DEBUG 'savannah.nongnu.org' vs 'savannah.nongnu.org'
*** DEBUG 'savannah.nongnu.org' vs 'savannah.nongnu.org'
*** DEBUG 'lynx.invisible-island.net' vs 'lynx.invisible-island.net'
*** DEBUG 'fedoraproject.org' vs 'fedoraproject.org'
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
*** DEBUG 'www.haible.de' vs 'www.haible.de'
*** DEBUG 'invisible-mirror.net' vs 'invisible-mirror.net'
*** DEBUG 'bugs.debian.org' vs 'bugs.debian.org'
*** DEBUG 'fedoraproject.org' vs 'fedoraproject.org'
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
Use of uninitialized value in string ne at /usr/share/duck/DUCK.pm line 650.
*** DEBUG 'www.gzip.org' vs 'www.gzip.org'
I: debian/copyright:47: URL: http://www.haible.de/bruno/packages-libutf8.html: 
INFORMATION (Certainty:possible)
   URL schema changed from HTTP to HTTPS during redirect(s): 
http://www.haible.de -> https://www.haible.de
   Please investigate and update the URL eventually, to avoid unneccesary 
redirects!

I: debian/copyright:49: URL: http://fedoraproject.org/wiki/Nss_compat_ossl: 
INFORMATION (Certainty:possible)
   The web page at http://fedoraproject.org/wiki/Nss_compat_ossl works, but is 
also available via https://fedoraproject.org/wiki/Nss_compat_ossl, please 
consider switching to HTTPS urls.
---------------------------------------------------------------------------

There are only two places in the packaging where fedoraproject.org is
mentioned:

---------------------------------------------------------------------------
~/lynx/lynx → git grep fedoraproject.org
COPYHEADER:        nss_compat_ossl      
http://fedoraproject.org/wiki/Nss_compat_ossl
debian/copyright:        nss_compat_ossl      
http://fedoraproject.org/wiki/Nss_compat_ossl
---------------------------------------------------------------------------

I though yet haven't found out why these perl warnings appear. I don't
see any unexpected difference when requesting this URL with and without
HTTPS:

---------------------------------------------------------------------------
→ diff <(GET -SUsed http://fedoraproject.org/wiki/Nss_compat_ossl) <(GET -SUsed 
https://fedoraproject.org/wiki/Nss_compat_ossl)
1c1
< GET http://fedoraproject.org/wiki/Nss_compat_ossl
---
> GET https://fedoraproject.org/wiki/Nss_compat_ossl
19,21c19,21
< AppTime: D=586
< Client-Date: Wed, 05 Jul 2017 11:00:42 GMT
< Client-Peer: 67.219.144.68:80
---
> AppTime: D=547
> Client-Date: Wed, 05 Jul 2017 11:00:43 GMT
> Client-Peer: 67.219.144.68:443
22a23,26
> Client-SSL-Cert-Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert 
> SHA2 High Assurance Server CA
> Client-SSL-Cert-Subject: /C=US/ST=North Carolina/L=Raleigh/O=Red Hat 
> Inc./CN=*.fedoraproject.org
> Client-SSL-Cipher: ECDHE-RSA-AES128-GCM-SHA256
> Client-SSL-Socket-Class: IO::Socket::SSL
39c43
< X-Varnish: 15863735 15060655
---
> X-Varnish: 15357973 15060655

---------------------------------------------------------------------------

Maybe it's related to fedoraproject.org using a wildcard certificate?
(Really just guessing.)

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), 
(111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), 
(105, 'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages duck depends on:
ii  devscripts                           2.17.6
ii  dpkg-dev                             1.18.24
ii  libconfig-inifiles-perl              2.94-1
ii  libconfig-simple-perl                4.59-6
ii  libdomain-publicsuffix-perl          0.14.1-1
ii  libfile-which-perl                   1.21-1
ii  libmailtools-perl                    2.18-1
ii  libnet-dns-perl                      1.10-1
ii  libparallel-forkmanager-perl         1.19-1
ii  libparse-debcontrol-perl             2.005-4
ii  libpath-class-perl                   0.37-1
ii  libregexp-common-email-address-perl  1.01-4
ii  libregexp-common-perl                2017060201-1
ii  libstring-similarity-perl            1.04-1+b4
ii  libwww-curl-perl                     4.17-4
ii  libxml-xpath-perl                    1.40-1
ii  libyaml-libyaml-perl                 0.63-2
ii  lynx                                 2.8.9dev14-2
ii  perl                                 5.24.1-6
ii  publicsuffix                         20170622.1007-1

duck recommends no packages.

Versions of packages duck suggests:
ii  bzr         2.7.0+bzr6622-3
ii  git         1:2.13.2-3
ii  mercurial   4.0-1
ii  subversion  1.9.5-1

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: duck
Source-Version: 0.13

We believe that the bug you reported is fixed in the latest version of
duck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Kainz <ska...@debian.org> (supplier of updated duck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Aug 2017 22:29:31 +0200
Source: duck
Binary: duck
Architecture: source all
Version: 0.13
Distribution: unstable
Urgency: low
Maintainer: Simon Kainz <ska...@debian.org>
Changed-By: Simon Kainz <ska...@debian.org>
Description:
 duck       - checks URLs in debian/control and debian/upstream files
Closes: 838168 851847 859249 867279
Changes:
 duck (0.13) unstable; urgency=low
 .
   * Fix no-color display on some terminals
     (Thanks to gregoa)
 .
   * Add regex "may now be found", "no longer.* maintain",
     "future development will", "now hosted" regexes
     (Thanks to pabs)
 .
   * Do not mention lynx in the error message when dget fails
     The command being run is dget not lynx.
     (Thanks to pabs)
 .
    * warn about obsolete/read-only sites
      Add new section [obsolete_sites] in duck.conf
      (Closes: #851847)
 .
    * warn about codeplex becoming obsolete. (Closes: #859249)
 .
    * Fix "Use of uninitialized value" on domain redirection
      check. (Closes: #867279)
 .
    * Add new option -l <filename> which allows checking all
      urls, email domains, git:// and svn:// entries in said file.
      (Closes: #838168)
Checksums-Sha1:
 f6db62199ac63e726b345b63870375cf70e87d4a 1882 duck_0.13.dsc
 d7fcd8071dcef2c5765dda39146d16d5ef357541 389416 duck_0.13.tar.xz
 8df4268c79feacefa9adc95b5bde4ed7cd762ff7 23506 duck_0.13_all.deb
Checksums-Sha256:
 f2efd200d0cb81c4e619138cce6db2619c9928d402039a8557ecc143509bebdf 1882 
duck_0.13.dsc
 47f5ad436e5dc3cc3c92c4283cadf4d98828d0debf1a71a0e9b962d8da3e19d1 389416 
duck_0.13.tar.xz
 06a35fcf26590b041f757b2007396338fa17c812c036b46b4920227eae8268b6 23506 
duck_0.13_all.deb
Files:
 5440c1260ac7e83b5ff4d5b7688d201d 1882 devel optional duck_0.13.dsc
 cb26f2c15eafd11fb84fad6336fbede3 389416 devel optional duck_0.13.tar.xz
 dab6ece1df4a25a1ecaf85e49064d103 23506 devel optional duck_0.13_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZjMlVAAoJEImBKIjpheFZJCcQALuzUJUFQjmAskH7dpfZ3EUd
cbQ1yZuPGquEZY4D9euBdd9zeTtzFRldxMfdA0o3DQC+dGi3eT8ed2VzNWFxarZA
p0VJVX16N+LCNVCBxppqKh7VqhhggyX7BHxCq/lzNCdu1hltCOGTosGQuJWv1xBZ
tm1VCV9NMefTk2qf61XqTEo00ADs9jWsFtDwAVO8j8u3hbO8xnZlLt/JkB0mQhVl
iV13W1UpGzuexL1fxkxwy9+L1d66NKXVJZC1JIuKHOW8ctckOT3YmLE0qqDdQn0G
49uTavx3SGbxW4IotfjIyYswG8uwya/p1zRSdpWCHSOhC9RkFHcsZZFgAIHU4GmO
XPZXJVeyXBVOIG456FpKtvLxHQe6L/QGtNI6aQ0v9pN4sBks8XBOuBXTHSqHiEtH
7kjVhQbRpCrmlaofZJqizVExkJHWA3jUHBz5J/qgh489LLtRxdG0I8mO2axCQObd
55fhUW0BAMRkVRz1FEJ4T154VDm0YEjLs/RGP9DBEJnbrApAMT95AldbPBom6/8B
wBWMIqZi4WYNTfUY8wlEqipqYovuigPIRc+R2atO8gWbirlVLBvMRA9W76RTq7JX
AaKirFuNARvV4cQr/XAKAqWO++II7dxSFdkNzMRRzNDHO3Qo8Yh485ZXIJAYrmR9
+BKTL0MLFXpxzMf70uhr
=/qFP
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to