[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Help with Perl security update
From: |
Leo Famulari |
Subject: |
Help with Perl security update |
Date: |
Mon, 25 Jul 2016 16:00:09 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
I'm trying to patch our Perl package against CVE-2016-1238 and
CVE-2016-6185:
<https://www.debian.org/security/2016/dsa-3628>
This patch uses a graft to apply new patches which are composed of
commits from the 'maint-5.22' branch of
<http://perl5.git.perl.org/perl.git>.
Unfortunately, some of the changes related to CVE-2016-1238 don't apply
to our Perl source code. There are several '.rej' files that look like
this:
--- dist/PathTools/lib/File/Spec.pm
+++ dist/PathTools/lib/File/Spec.pm
@@ -3,7 +3,7 @@ package File::Spec;
use strict;
use vars qw(@ISA $VERSION);
-$VERSION = '3.56_01';
+$VERSION = '3.56_02';
$VERSION =~ tr/_//;
my %module = (MacOS => 'Mac',
Any advice?
By the way, I found that we never removed (replacement #f) from
perl-boot0 after removing the previous Perl graft.
Leo Famulari (1):
gnu: perl: Fix CVE-2016-{1238,6185}.
gnu/local.mk | 2 +
gnu/packages/patches/perl-CVE-2016-1238.patch | 3673 +++++++++++++++++++++++++
gnu/packages/patches/perl-CVE-2016-6185.patch | 208 ++
gnu/packages/perl.scm | 24 +
4 files changed, 3907 insertions(+)
create mode 100644 gnu/packages/patches/perl-CVE-2016-1238.patch
create mode 100644 gnu/packages/patches/perl-CVE-2016-6185.patch
0001-gnu-perl-Fix-CVE-2016-1238-6185.patch
Description: Text Data
- Help with Perl security update,
Leo Famulari <=