Need discussion, Re: Latest contrib perl

David Eisenstein deisenst at gtw.net
Wed Dec 28 01:58:13 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 28 Dec 2005, Michael Mansour wrote:

> Hi John,
> 
> > Michael Mansour wrote:
> > > The perl versions I'm currently using on FC1 are from that directory:
> > > 
> > > # rpm -q perl perl-suidperl
> > > perl-5.8.3-18.1.legacy
> > > perl-suidperl-5.8.3-18.1.legacy
> > 
> > I built these versions for FC1; however, they are actually older 
> > than the -17.3.legacy versions.  I didn't realize at the time that 
> > FC2 already had a -18 version.  You should install the -17.3.legacy 
> > versions for the latest FC1 update.  RPM will require that you give 
> > it the --oldpackage option because of the version numbering.  I 
> > guess we could bump the epoch but it would really be preferable if 
> > we could avoid that. John
> 
> Where do I pickup the -17.3.legacy versions from? looking here:
> 
> http://www.fedoralegacy.org/contrib/perl/
> 
> I only see the perl-5.8.3-17.3.legacy.src.rpm file, but I need both the perl
> binary rpm and the perl-suidperl binary rpm.

Michael,

Okay.  I just today have built binary rpms for FC1's perl on FL's build
server.  They are now up to version "perl-5.8.3-17.4.legacy".  The
changelog is below.  I will post these to the fedoralegacy.org/contrib
directory since you seem to need them, Michael.  Just be aware that the
perl-5.8.3-17.4.legacy packagers do not cover the CVE-2005-3962 "Integer
overflow in the format string functionality...." vulnerability.

SHA1SUM					  PACKAGE NAME
1cb9e9361e3834ff0ceba92a149ae04bb81bb9da  perl-5.8.3-17.4.legacy.src.rpm

8cbc8bcf70441aec5ae9d5c56a550ac6fb6a328d  perl-5.8.3-17.4.legacy.i386.rpm
0af21553a7c40aac057d1ca7400485199eb6adae  perl-suidperl-5.8.3-17.4.legacy.i386.rpm

Note that these are *not* signed, but these are probably going to be the
packages that will be pushed to updates testing.  No testing at all has
been done on these binary packages, but the 5.8.3-17.3 packages that they
come from has been running on my own FC1 machine for months now with nary a
glitch.

Also note that no new security patches have been added in this package
since the one you've downloaded and installed (perl-5.8.3-18.1.legacy).
But there is some code cleanup and a bug was fixed that affects CGI.pm.

	-David

Changelog for perl-5.8.3-17.4.legacy:
- -------------------------------------

* Tue Dec 27 2005 David Eisenstein <deisenst at ...> 3:5.8.3-17.4.legacy
- - Added BuildRequires:  byacc, groff

* Sun Sep 19 2005 David Eisenstein <deisenst at ...> 3:5.8.3-17.3.legacy
- - Remove patch1005: perl-5.8.3-cgi.pm.patch introduces a bug and is
  unnecessary.  See bug # 152845 comment 9.

* Tue Sep 13 2005 David Eisenstein <deisenst at ...> 3:5.8.3-17.2.legacy
- - Re-do version number for FC1 release so as not to conflict with FC2.
- - Put whitespace back to make an easier compare with 5.8.3-16
- - Remove patch for CAN-2005-0077 since it patches perl-DBI package,
  not this one.

* Thu Jul 14 2005 John Dalbec <jpdalbec at ...> 3:5.8.3-18.1.legacy
- - integrate fixes for CAN-2004-0452 CAN-2005-0077 CAN-2005-0155 CAN-2005-0156
  CAN-2005-0448 and a CGI.pm DoS.

* Thu Dec 9 2004 John Dalbec <jpdalbec at ...> 3:5.8.3-17.1.legacy
- - integrate tmpfile patch from OWL/solar designer


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDsfE6xou1V/j9XZwRAph9AJ9hb2Q8EEumVbI7iORzNS3Z+vmgrQCeKFli
CYOY8hzFJg0BFA84lUetASs=
=3WX+
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list