[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help with Perl security update
|
From: |
Tomáš Čech |
|
Subject: |
Re: Help with Perl security update |
|
Date: |
Mon, 25 Jul 2016 23:23:37 +0200 |
|
User-agent: |
Mutt/1.6.1-neo (2016-06-11) |
On Mon, Jul 25, 2016 at 04:00:09PM -0400, Leo Famulari wrote:
I'm trying to patch our Perl package against CVE-2016-1238 and
CVE-2016-6185:
<https://www.debian.org/security/2016/dsa-3628>
This patch uses a graft to apply new patches which are composed of
commits from the 'maint-5.22' branch of
<http://perl5.git.perl.org/perl.git>.
Unfortunately, some of the changes related to CVE-2016-1238 don't apply
to our Perl source code. There are several '.rej' files that look like
this:
--- dist/PathTools/lib/File/Spec.pm
+++ dist/PathTools/lib/File/Spec.pm
@@ -3,7 +3,7 @@ package File::Spec;
use strict;
use vars qw(@ISA $VERSION);
-$VERSION = '3.56_01';
+$VERSION = '3.56_02';
$VERSION =~ tr/_//;
my %module = (MacOS => 'Mac',
Any advice?
This looks like we're missing some patches. My guess is that this is
consequence of the fact that upstream is on 5.22.2 already and we're
on 5.22.1. I'm not sure what value to choose here as the result won't
be neither 3.56_01 nor 3.56_02. Maybe add extra suffix?
Or we can just skip bfe2dd1e9c3296bebf3ab9adc2ca48d3eb8d105d and let
the version same. Someone with deeper perl experience should decide.
I just verified that source code in 5.22.2 has the version strings
patch expects (I haven't checked them all).
S_W
signature.asc
Description: Digital signature