Skip Menu |
 

This queue is for tickets about the AnyEvent CPAN distribution.

Report information
The Basics
Id: 98357
Status: rejected
Priority: 0/
Queue: AnyEvent

People
Owner: Nobody in particular
Requestors: npetevn [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



MIME-Version: 1.0
X-Spam-Status: No, score=-2.698 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
X-Spam-Flag: NO
Content-Type: multipart/alternative; boundary="089e0158b09e27477505019b7d9b"
Message-ID: <CACseKrDTrsCv=9ztbhYZup3hmPSUpYpYvhftx6ghWpN00AWyzQ [...] mail.gmail.com>
X-Received: by 10.182.28.66 with SMTP id z2mr33665903obg.19.1409142214836; Wed, 27 Aug 2014 05:23:34 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: -2.698
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 49A28240448 for <cpan-bug+AnyEvent [...] hipster.bestpractical.com>; Wed, 27 Aug 2014 08:23:43 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJ-GRPbKpVpv for <cpan-bug+AnyEvent [...] hipster.bestpractical.com>; Wed, 27 Aug 2014 08:23:42 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id D4968240407 for <bug-AnyEvent [...] rt.cpan.org>; Wed, 27 Aug 2014 08:23:41 -0400 (EDT)
Received: (qmail 15301 invoked by alias); 27 Aug 2014 12:23:40 -0000
Received: from mail-oa0-f53.google.com (HELO mail-oa0-f53.google.com) (209.85.219.53) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Wed, 27 Aug 2014 05:23:38 -0700
Received: by mail-oa0-f53.google.com with SMTP id j17so83204oag.26 for <bug-AnyEvent [...] rt.cpan.org>; Wed, 27 Aug 2014 05:23:34 -0700 (PDT)
Received: by 10.60.157.97 with HTTP; Wed, 27 Aug 2014 05:23:34 -0700 (PDT)
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Delivered-To: cpan-bug+AnyEvent [...] hipster.bestpractical.com
Subject: AnyEvent::DNS opens a listening UDP port
Return-Path: <npetevn [...] gmail.com>
X-RT-Mail-Extension: anyevent
X-Original-To: cpan-bug+AnyEvent [...] hipster.bestpractical.com
X-Spam-Check-BY: la.mx.develooper.com
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=e7l2HO+qM3L+2vV0L5gwvmL2ygEtK2wkicGWeNxicMw=; b=MX8YdLrb/+bd8aN4glWKdPwJJ9YGlZR5tbMZIbOrBH8ADVXvD/CPOhBiPXnRDE0ZgQ Fdeay95NRiqLSI8FQHWy4GXK5ETxJ/Lpm7tiiuOJRTElyc0UZqB4kd2AUsUDgO1zsaOD /7ybKZZR3dAOFNcAQpXn3mG9scioDyQeMSdnb+JqDKXOm6pD9Gwf1y9pjI2ijXeHWzXu jjZeQYVzCPofOdih+Rf3j/WtUIS15cpbjjL4SuwrFuRKmFxmhW+XyHPGpoYLA0CJ4QAy AqhIJu6n5SvLhPBwU7R7OFFJeuMT1OMlPWAEMwyhq/AF88FWw58AiXwR2iz716O64y56 VuvA==
Date: Wed, 27 Aug 2014 15:23:34 +0300
X-Spam-Level:
To: bug-AnyEvent [...] rt.cpan.org
From: N N <npetevn [...] gmail.com>
X-RT-Interface: Email
Content-Length: 0
content-type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Content-Length: 587
Download (untitled) / with headers
text/plain 587b
Hello, Seems like AnyEvent::DNS is opening a random UDP port used to receive the query results. However, that port stays open for the whole execution time and anyone can connect to it from the outside. That can be easily fixed in lib/AnyEvent/DNS.pm with the following one-line patch: @@ -1195,6 +1195,7 @@ ? $self->{fh4} : $self->{fh6} or return &$do_retry; + connect $fh, $sa; send $fh, $req->[0], 0, $sa; }; Is this just a bug or is there a reason for doing it without connect that I might be missing? Thanks in advance, Nikolay Nikolov
content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Content-Length: 837
MIME-Version: 1.0
X-Spam-Status: No, score=-4.774 tagged_above=-99.9 required=10 tests=[AWL=1.127, BAYES_00=-1.9, FROM_OUR_RT=-4, SPF_HELO_PASS=-0.001] autolearn=ham
In-Reply-To: <rt-4.0.18-16602-1409142224-1160.98357-4-0 [...] rt.cpan.org>
Content-Disposition: inline
X-Spam-Flag: NO
X-RT-Interface: API
References: <RT-Ticket-98357 [...] rt.cpan.org> <CACseKrDTrsCv=9ztbhYZup3hmPSUpYpYvhftx6ghWpN00AWyzQ [...] mail.gmail.com> <rt-4.0.18-16602-1409142224-1160.98357-4-0 [...] rt.cpan.org>
X-PGP: "1024D/DA743396 1999-01-26 Marc Alexander Lehmann <schmorp [...] schmorp.de> Key fingerprint = 475A FE9B D1D4 039E 01AC C217 A1E8 0270 DA74 3396"
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20140827135930.GB3327 [...] schmorp.de>
content-type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -4.774
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id E2D952401C0 for <cpan-bug+AnyEvent [...] hipster.bestpractical.com>; Wed, 27 Aug 2014 09:59:42 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ve9jAT4EkE0e for <cpan-bug+AnyEvent [...] hipster.bestpractical.com>; Wed, 27 Aug 2014 09:59:40 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 92F172401BE for <bug-AnyEvent [...] rt.cpan.org>; Wed, 27 Aug 2014 09:59:40 -0400 (EDT)
Received: (qmail 25266 invoked by alias); 27 Aug 2014 13:59:39 -0000
Received: from mail.plan9.de (HELO mail.nethype.de) (176.9.46.152) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Wed, 27 Aug 2014 06:59:35 -0700
Received: from [10.0.0.5] (helo=doom.schmorp.de) by mail.nethype.de with esmtp (Exim 4.80) (envelope-from <schmorp [...] schmorp.de>) id 1XMdl5-0007Ge-0r for bug-AnyEvent [...] rt.cpan.org; Wed, 27 Aug 2014 13:59:31 +0000
Received: from [10.0.0.2] (helo=fuji.laendle) by doom.schmorp.de with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from <schmorp [...] schmorp.de>) id 1XMdl4-0001R6-Ru for bug-AnyEvent [...] rt.cpan.org; Wed, 27 Aug 2014 13:59:30 +0000
Received: from root by fuji.laendle with local (Exim 4.80) (envelope-from <root [...] schmorp.de>) id 1XMdl4-0000tY-NC for bug-AnyEvent [...] rt.cpan.org; Wed, 27 Aug 2014 13:59:30 +0000
Delivered-To: cpan-bug+AnyEvent [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #98357] AnyEvent::DNS opens a listening UDP port
Return-Path: <schmorp [...] schmorp.de>
X-Spam-Check-BY: la.mx.develooper.com
X-Original-To: cpan-bug+AnyEvent [...] hipster.bestpractical.com
X-RT-Mail-Extension: anyevent
Date: Wed, 27 Aug 2014 15:59:30 +0200
X-Spam-Level:
To: N N via RT <bug-AnyEvent [...] rt.cpan.org>
From: Marc Lehmann <schmorp [...] schmorp.de>
RT-Message-ID: <rt-4.0.18-14413-1409147983-897.98357-0-0 [...] rt.cpan.org>
Content-Length: 3087
Hi! Please send your bug report it to the official contact/author address for the module in question (or send it to rt.cpan.org@schmorp.de, that's fine as well). What follows is the rationale for this request, you don't have to read it if you don't care. Why is this necessary? rt.cpan.org has many deficiencies which makes it tedious and hard to use, increasing the workload on the people who provide all the perl modules you probably appreciate (and that is really to be avoided - module authors should be able to invest all their time into improving their modules and not fighting with rt.cpan.org's bugs). Still, for some people, rt.cpan.org is useful to have, and some people even like it and really want to use it. That is fine, too. Unfortunately, the designers of rt.cpan.org didn't make their "service" optional - you can neither opt-in nor opt-out of rt.cpan.org as a module author. Just like a spammer, rt.cpan.org forces its "service" (whether wanted or unwanted) on everybody. Just like a spammer, they don't care for the people they actively hurt. Just like a spammer, they don't don't care to fix these issues and make their "service" ethically acceptable. You cannot even configure it to redirect tickets to somewhere else. Unfortunately, ignoring rt.cpan.org is not an option either: for people reporting possible bugs there is no indication that their report will be ignored, and for module authors it means they miss potentially vital bug reports such as yours (and of course it's a great impression if rt.cpan.org has lots of bug reports that are unanswered, making a module look unmaintained when in fact the opposite might be true). I am sorry that this wasted a bit of your time, but please understand that I am just as much a victim as you are - the problem is the unethical stance of the rt.cpan.org providers who force their "service" on everybody. Please redirect your bug report as stated in the beginning of this mail, and please consider petitioning the rt.cpan.org providers to stop their unethical behaviour and allow opt-in, opt-out, or some redirect option. One last issue: many people mail me that this can be "fixed" by including the bugtracker element in my module meta file. This is not true: 1. This field only affects search.cpan.org and maybe similar services. (Many people confuse rt.cpan.org with search.cpan.org for some reason). 2. It doesn't even work (there are still links to rt.cpan.org displayed). 3. Even if search.cpan.org does no longer display the link, it doesn't actually affect rt.cpan.org (and tests have shown that people go to rt.cpan.org regardless) Even *iff* rt.cpan.org would start listening on the bugtracker field, however, it's still wrong. I have a lot of modules, and each time a service like rt.cpan.org comes out, I would have to make dummy releases for all my modules. This not only creates a lot of extra work for me (I take releases very seriously) but also users, who would wonder why there is a new release. Thanks a lot, Marc Lehmann <rt.cpan.org@schmorp.de> Last updated: 2012-04-22


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.