From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?B?VG9tw6HFoSDEjGVjaA==?= Subject: Re: Help with Perl security update Date: Mon, 25 Jul 2016 23:23:37 +0200 Message-ID: <20160725212337.hd2d75pz5rls2w5r@venom> References: <20160725200009.GA1175@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="e663rnaghdf2bx2o" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45005) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRnLl-0003xw-9g for guix-devel@gnu.org; Mon, 25 Jul 2016 17:23:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bRnLh-0007Kq-2a for guix-devel@gnu.org; Mon, 25 Jul 2016 17:23:44 -0400 Received: from mx2.suse.de ([195.135.220.15]:35456) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRnLg-0007Kc-S5 for guix-devel@gnu.org; Mon, 25 Jul 2016 17:23:41 -0400 Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id ADC44AAF1 for ; Mon, 25 Jul 2016 21:23:39 +0000 (UTC) Content-Disposition: inline In-Reply-To: <20160725200009.GA1175@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --e663rnaghdf2bx2o Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline On Mon, Jul 25, 2016 at 04:00:09PM -0400, Leo Famulari wrote: >I'm trying to patch our Perl package against CVE-2016-1238 and >CVE-2016-6185: > > > >This patch uses a graft to apply new patches which are composed of >commits from the 'maint-5.22' branch of >. > >Unfortunately, some of the changes related to CVE-2016-1238 don't apply >to our Perl source code. There are several '.rej' files that look like >this: > >--- dist/PathTools/lib/File/Spec.pm >+++ dist/PathTools/lib/File/Spec.pm >@@ -3,7 +3,7 @@ package File::Spec; > use strict; > use vars qw(@ISA $VERSION); > >-$VERSION = '3.56_01'; >+$VERSION = '3.56_02'; > $VERSION =~ tr/_//; > > my %module = (MacOS => 'Mac', > >Any advice? This looks like we're missing some patches. My guess is that this is consequence of the fact that upstream is on 5.22.2 already and we're on 5.22.1. I'm not sure what value to choose here as the result won't be neither 3.56_01 nor 3.56_02. Maybe add extra suffix? Or we can just skip bfe2dd1e9c3296bebf3ab9adc2ca48d3eb8d105d and let the version same. Someone with deeper perl experience should decide. I just verified that source code in 5.22.2 has the version strings patch expects (I haven't checked them all). S_W --e663rnaghdf2bx2o Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXloNTAAoJEEoj40+gM0Nt6zkP/2MWJLDdPwhXgVxvrxeE+LJ5 L7PaGjXRQY7akV05227L1h//iSJpLiJhJ4GNh6+Kn91WUGze4TeS+YSdONBgeCpl cWIGt0ZTvHTFQuq6mCvZc5Cxmb3ckOkI40hDbWvEAMnPloIndVt5ynZn9NzPXSZO sPLH2n1IWWfPX1d65RuvnLDOjX92dkOzFTR80BZNnBeR+ktc0JT/cHJcSEF0EECC EYw3MqaAbXuoiVO+a/8HZL1ZTOh+xs4jEhlJRqJClIp2rBZMDUPZ54mjJCm6aBiJ 4PpeN1F91k47/UqA1r/yVxSyjIyT4GBByj/GfufIlXzA9mGqsBU3s5+UdqZBG/Ki H8k+GH55LDPp3xPTakLOSE47O6Dq2LRokg4P1WX3RuGCM+rxOd/MIHuhUbka2pPG jHgcRkJvQJRuHFRVMpDruAzLHoXUWFXfTmOHVMFnz/zowJ7YvAldGFLRjsDl8/4Y Hk+Rq0CVo4CX7zL94m7B2VUtbW+FtfPt6aJc0rra+Y0Wg2/QmNlvJ/onAUKw5xHT 7Vrl6y1ygVCvbxI/AmlsCHjlfV2U4lJPV0GZMyTgxlB1KHyuann/IhEZJ6h4PzTt YVMPczl1qAp/JyEHhBY4ImdpQGowIGOyJJ04g7WVxmgwG3ujnMNnTZMulxboBXdC VDIfEj868qJ3LPQMZ84T =0a6s -----END PGP SIGNATURE----- --e663rnaghdf2bx2o--