[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help with Perl security update

From: Tomáš Čech
Subject: Re: Help with Perl security update
Date: Mon, 25 Jul 2016 23:23:37 +0200
User-agent: Mutt/1.6.1-neo (2016-06-11)

On Mon, Jul 25, 2016 at 04:00:09PM -0400, Leo Famulari wrote:
I'm trying to patch our Perl package against CVE-2016-1238 and


This patch uses a graft to apply new patches which are composed of
commits from the 'maint-5.22' branch of

Unfortunately, some of the changes related to CVE-2016-1238 don't apply
to our Perl source code. There are several '.rej' files that look like

--- dist/PathTools/lib/File/
+++ dist/PathTools/lib/File/
@@ -3,7 +3,7 @@ package File::Spec;
use strict;
use vars qw(@ISA $VERSION);

-$VERSION = '3.56_01';
+$VERSION = '3.56_02';
$VERSION =~ tr/_//;

my %module = (MacOS   => 'Mac',

Any advice?

This looks like we're missing some patches. My guess is that this is
consequence of the fact that upstream is on 5.22.2 already and we're
on 5.22.1. I'm not sure what value to choose here as the result won't
be neither 3.56_01 nor 3.56_02. Maybe add extra suffix?

Or we can just skip bfe2dd1e9c3296bebf3ab9adc2ca48d3eb8d105d and let
the version same. Someone with deeper perl experience should decide.

I just verified that source code in 5.22.2 has the version strings
patch expects (I haven't checked them all).


Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]