Re: SECURITY release: MARC::File::XML 1.0.2
On Tue, Jan 21, 2014 at 12:38 PM, Galen Charlton wrote: > Hi, > > I have uploaded [1] version 1.0.2 of MARC::File::XML. This is a > security release that repairs an XML external entity (XXE) > vulnerability. I recommend that all uses of MARC::File::XML upgrade > promptly. > > Here is the change log entry: > > 1.0.2 Tue Jan 21 17:18:37 UTC 2014 >- MARC::File::XML will now die upon parsing a record that > declares an external entity and tries to use it. This > prevents the potential unwanted disclosure of the contents > of files on the server by applications that embed this module. > If, for some reason, an application needs to process MARCXML > records that contain external entities, set_parser() can be > used to force the use of an XML::LibXML parser that is > configured to process external entities. > > The issue was reported by John Lightsey. > > [1] https://metacpan.org/release/GMCHARLT/MARC-XML-1.0.2 RPMs are available for manual download for Fedora 19 [a] and Fedora 20 [b], but will not be available through the normal updates process until sufficient testing karma has been granted. If you have a Fedora account and can test the packages & grant them karma, please do so! a. https://admin.fedoraproject.org/updates/perl-MARC-XML-1.0.2-1.fc19 b. https://admin.fedoraproject.org/updates/perl-MARC-XML-1.0.2-1.fc20 Thanks, Dan
Re: MARC::Record 2.0.4
On Sat, Feb 9, 2013 at 11:06 PM, Galen Charlton wrote: > Hi, > > I have uploaded version 2.0.4 of MARC::Record to CPAN. This is a minor > functionality and bugfix release. Thanks Galen - I'm in the process of getting the Fedora packages pushed to rawhide, Fedora 18, and Fedora 17 now. Dan
Also packaging Library::CallNumber::LC for Fedora
As the subject says: https://bugzilla.redhat.com/show_bug.cgi?id=830221 is the bug I opened in hopes of getting Library::CallNumber::LC packaged for Fedora. Fingers crossed. -- Dan Scott Laurentian University
Packaging MARC::XML, MARC::Charset, and updating MARC::Record for Fedora
Hey folks: As a Fedora user for a number of years now, I'm tired of hitting CPAN for the basic Perl packages we need for our day-to-day MARC work, so I've filed the following bugs with new or updated SPEC files and SRC RPMs. * Update MARC::Record to 2.0.3: https://bugzilla.redhat.com/show_bug.cgi?id=827801 * Package MARC::Charset: https://bugzilla.redhat.com/show_bug.cgi?id=829860 * Package MARC::XML: https://bugzilla.redhat.com/show_bug.cgi?id=829865 I'm hopeful that I will 1) make it through the gauntlet of package review and 2) get sponsored as a Fedora maintainer of these packages. I'll let you know when / if I have good news :) -- Dan Scott Laurentian University
Packaging MARC::XML, MARC::Charset, and updating MARC::Record for Fedora
Hey folks: As a Fedora user for a number of years now, I'm tired of hitting CPAN for the basic Perl packages we need for our day-to-day MARC work, so I've filed the following bugs with new or updated SPEC files and SRC RPMs. * Update MARC::Record to 2.0.3: https://bugzilla.redhat.com/show_bug.cgi?id=827801 * Package MARC::Charset: https://bugzilla.redhat.com/show_bug.cgi?id=829860 * Package MARC::XML: https://bugzilla.redhat.com/show_bug.cgi?id=829865 I'm hopeful that I will 1) make it through the gauntlet of package review and 2) get sponsored as a Fedora maintainer of these packages. I'll let you know when / if I have good news :) -- Dan Scott Laurentian University
Re: File open head scratcher
On Sat, Mar 17, 2012 at 3:09 PM, Doran, Michael D wrote: > I am migrating a perl script from a server running perl v5.8.5 on Solaris 9 > to a server running perl v5.12.2 on Redhat Linux 5.5. The new environment > doesn't seem to like the syntax I'm using to open a file, and I'm scratching > my head over why that is the case. > > That part that is not working appears to be where it opens and reads a file > (a file which it will later append to). The file that is being opened for > read and appending exists and contains data. > > This appears to be the relevant code: > > open (my $DATEFILE, "+>>$date_file") > || die "Cannot open $date_file: $!"; The head-scratching behaviour you describe, where only the system call outputs results, matches mine with perl 5.14.2. Maybe there's a difference in the versions of perl on your two systems? For what it's worth, "Mixing reads and writes" in perlopentut says that you probably want: open (my $DATEFILE, "+<", $date_file) ... (and making that change to my copy of your script makes it work for me). -- Dan Scott Laurentian University
Re: Moose based Perl library for MARC records
Gah. Replying to all this time instead of just Galen, as I did three hours ago, for my $0.02... 2010/11/11 Galen Charlton : > Hi, > > 2010/11/11 Frédéric DEMIANS : >> Thanks all for your suggestions. I have to choose another name for sure. >> Marc::Moose seems to be a reasonable choice. But I'm very tempted by a >> shorter option: MarcX, MarcX::Record, MarcX::Parser, MarcX::Reader::Isis, >> etc. Any objection? > > Not from me, but I'm not sure if the CPAN folks will want yet another > top-level namespace. I was going to express the same concern. Keeping everything under MARC:: may also make it a tiny bit easier to find the existing alternatives for, well, parsing MARC records. I would +1 MARC::Moose. Also, to be purely pedantic, "MARC" is an acronym for "MAchine-Readable Cataloguing", while "Marc" is a person's name, so where-ever it ends up, please keep it uppercase. -- Dan Scott Laurentian University
Re: [Patch] Escape marc tag/code/indicators in Marc::File::XML
2009/7/22 Galen Charlton : > Hi, > > Nope, just haven't gotten around to pushing it. Soon, I promise! > > Funny you should mention CVS. I have a general question for the > MARC/Perl hackers: Ed mentioned a while back moving from CVS to a more > modern VCS such as Subversion or (my preference) Git. I'm willing to > do the legwork to get the repositories moved. Thoughts? > As long as the priority is patch & release first, VCS infrastructure second, I'm all for it (and relatively agnostic about modern VCS). Any contributions from me in the near term are likely to be in the area of cleaning up copyright statements (2004, eh?) and general documentation, so the VCS doesn't matter much to my (potential) workflow. -- Dan Scott Laurentian University
Re: [Patch] Escape marc tag/code/indicators in Marc::File::XML
Was it decided that Bill's escaping output patch would be dropped? I don't see it in CVS yet. It would be nice to see the 0.91 release get pushed out the door, in any case. 0.88 was a long time ago. Dan 2009/4/14 Galen Charlton : > Hi, > > On Tue, Apr 14, 2009 at 3:57 PM, Dan Scott wrote: >> 2008/10/29 Bill Erickson : >> Is anyone planning on applying this patch? It would be a shame to drop >> it on the floor. > > I'll take a look at it and apply it, unless somebody beats me to the > punch in the next day or two. > > Regards, > > Galen > -- > Galen Charlton > VP, Research & Development, LibLime > galen.charl...@liblime.com > p: 1-888-564-2457 x709 > skype: gmcharlt > -- Dan Scott Laurentian University
Re: [Patch] Escape marc tag/code/indicators in Marc::File::XML
2008/10/29 Bill Erickson : > Hi all, > > I ran across some gnarly MARC data today, which contained, among other > things, MARC codes of "<". I realized that Marc::File::XML outputs the MARC > tags, codes, and indicators without escaping them. This results, in my > case, in invalid XML like: > > France > > It seems reasonable that, regardless of the (horrible) content of the MARC, > marc::file::xml should produce valid XML. > > Attached is a patch to explicitly escape the values before inserting them > into the XML document under construction. I'm not sure if it's the best > approach, but it got me up and running again. > > Thanks, Is anyone planning on applying this patch? It would be a shame to drop it on the floor. -- Dan Scott Laurentian University
Re: [Patch] Escape marc tag/code/indicators in Marc::File::XML
2008/10/29 Bill Erickson <[EMAIL PROTECTED]>: > Hi all, > > I ran across some gnarly MARC data today, which contained, among other > things, MARC codes of "<". I realized that Marc::File::XML outputs the MARC > tags, codes, and indicators without escaping them. This results, in my > case, in invalid XML like: > > France > > It seems reasonable that, regardless of the (horrible) content of the MARC, > marc::file::xml should produce valid XML. > > Attached is a patch to explicitly escape the values before inserting them > into the XML document under construction. I'm not sure if it's the best > approach, but it got me up and running again. Any chance of including a sample (horrible) MARC record to include in a testcase? I'm not saying I would build a testcase for MARC::File::XML, but I might build one for File_MARC (PHP)... and a nice horrible MARC record from the wild would help. -- Dan Scott Laurentian University
Re: MARC.pm - Perl extension to manipulate MAchine Readable Cataloging records.
2008/9/9 <[EMAIL PROTECTED]>: > Hi Jeffrey, > > In a message dated 9/9/2008 10:09:39 AM Eastern Daylight Time, > [EMAIL PROTECTED] writes: > >> I was looking over this perl module and am curious if there is an support >> for MARC to Unicode character conversions. A prompt response would be much >> appreciated. > > Unicode was not supported in the original MARC.pm and related code. We had > limited XML support and some character mappings to maintain compatibility with > the older MS-DOS based USMARC programs. I think the later MARC::Record family > of modules does have at least some Unicode support. > > The place to ask is the perl_for_librarians mailing list, so I have copied my > reply to them. In a nutshell, MARC8 to UTF8 (Unicode) conversions are supported by MARC::Charset (http://search.cpan.org/dist/MARC-Charset/) -- Dan Scott Laurentian University
Re: File::XML small improvement for unimarc guys
On 22/06/07, Paul POULAIN <[EMAIL PROTECTED]> wrote: Hello world, at line 503 is written : die "Unsupported UNIMARC charater encoding [$enc] for XML output"; could we set instead : die "Unsupported UNIMARC charater encoding [$enc] for XML output for $f, field 100 being ".$r->subfield(100 => 'a'); And while you're at it, s/charater/character/ please :) -- Dan Scott Laurentian University
Re: MARC::File::XML 0.85
With MARC::Charset 0.96, MARC::Record 2.0.0, and MARC::File::XML from CVS, I get failed tests for 7 out of 8 of Joshua's tests. Test STDIN and STDOUT output attached. Dan Scott On 16/04/07, Joshua M. Ferraro <[EMAIL PROTECTED]> wrote: - "Mike Rylander" <[EMAIL PROTECTED]> wrote: > CVS is updated with that now, and after anyone willing makes sure > it's not breaking anything I think we should release again. Just updated and ran make test successfully. I'm happy to roll a release today if there are no objections. This may be a good opportunity to raise awareness again regarding a few unresolved issues that some have found with M:F:X. There are a few tests I created here: http://kados.org/stuff/marc_tests.tgz If someone where willing to verify that these tests fail on systems other than mine, that'd be much appreciated. Should be as easy as: $ wget http://kados.org/stuff/marc_tests.tgz $ tar -xzvf marc_tests.tgz $ cd marc_tests $ perl Record_tests.pl Cheers, -- Joshua Ferraro SUPPORT FOR OPEN-SOURCE SOFTWARE President, Technology migration, training, maintenance, support LibLimeFeaturing Koha Open-Source ILS [EMAIL PROTECTED] |Full Demos at http://liblime.com/koha |1(888)KohaILS marc_tests.out Description: Binary data