On Mon, Jul 25, 2016 at 04:00:09PM -0400, Leo Famulari wrote:
>I'm trying to patch our Perl package against CVE-2016-1238 and
>CVE-2016-6185:
>
><https://www.debian.org/security/2016/dsa-3628>
>
>This patch uses a graft to apply new patches which are composed of
>commits from the 'maint-5.22' branch of
><http://perl5.git.perl.org/perl.git>.
>
>Unfortunately, some of the changes related to CVE-2016-1238 don't apply
>to our Perl source code. There are several '.rej' files that look like
>this:
>
>--- dist/PathTools/lib/File/Spec.pm
>+++ dist/PathTools/lib/File/Spec.pm
>@@ -3,7 +3,7 @@ package File::Spec;
> use strict;
> use vars qw(@ISA $VERSION);
>
>-$VERSION = '3.56_01';
>+$VERSION = '3.56_02';
> $VERSION =~ tr/_//;
>
> my %module = (MacOS   => 'Mac',
>
>Any advice?

This looks like we're missing some patches. My guess is that this is
consequence of the fact that upstream is on 5.22.2 already and we're
on 5.22.1. I'm not sure what value to choose here as the result won't
be neither 3.56_01 nor 3.56_02. Maybe add extra suffix?

Or we can just skip bfe2dd1e9c3296bebf3ab9adc2ca48d3eb8d105d and let
the version same. Someone with deeper perl experience should decide.

I just verified that source code in 5.22.2 has the version strings
patch expects (I haven't checked them all).

S_W