Need discussion, Re: Latest contrib perl
Michael Mansour
mic at npgx.com.au
Wed Dec 28 21:23:49 UTC 2005
Hi David,
> > Hi John,
> >
> > > Michael Mansour wrote:
> > > > The perl versions I'm currently using on FC1 are from that directory:
> > > >
> > > > # rpm -q perl perl-suidperl
> > > > perl-5.8.3-18.1.legacy
> > > > perl-suidperl-5.8.3-18.1.legacy
> > >
> > > I built these versions for FC1; however, they are actually older
> > > than the -17.3.legacy versions. I didn't realize at the time that
> > > FC2 already had a -18 version. You should install the -17.3.legacy
> > > versions for the latest FC1 update. RPM will require that you give
> > > it the --oldpackage option because of the version numbering. I
> > > guess we could bump the epoch but it would really be preferable if
> > > we could avoid that. John
> >
> > Where do I pickup the -17.3.legacy versions from? looking here:
> >
> > http://www.fedoralegacy.org/contrib/perl/
> >
> > I only see the perl-5.8.3-17.3.legacy.src.rpm file, but I need both the perl
> > binary rpm and the perl-suidperl binary rpm.
>
> Michael,
>
> Okay. I just today have built binary rpms for FC1's perl on FL's build
> server. They are now up to version "perl-5.8.3-17.4.legacy". The
> changelog is below. I will post these to the
> fedoralegacy.org/contrib directory since you seem to need them,
> Michael. Just be aware that the perl-5.8.3-17.4.legacy packagers
> do not cover the CVE-2005-3962 "Integer overflow in the format
> string functionality...." vulnerability.
Yes that's fine and many thanks for doing this.
> SHA1SUM PACKAGE NAME
> 1cb9e9361e3834ff0ceba92a149ae04bb81bb9da perl-5.8.3-17.4.legacy.src.rpm
>
> 8cbc8bcf70441aec5ae9d5c56a550ac6fb6a328d perl-5.8.3-17.4.legacy.i386.rpm
> 0af21553a7c40aac057d1ca7400485199eb6adae
perl-suidperl-5.8.3-17.4.legacy.i386.rpm
>
> Note that these are *not* signed, but these are probably going to be
> the packages that will be pushed to updates testing. No testing at
> all has been done on these binary packages, but the 5.8.3-17.3
> packages that they come from has been running on my own FC1 machine
> for months now with nary a glitch.
I implemented them on two test servers, and just applied the packages to one
production server. So far so good.
> Also note that no new security patches have been added in this
> package since the one you've downloaded and installed (perl-5.8.3-
> 18.1.legacy). But there is some code cleanup and a bug was fixed
> that affects CGI.pm.
Again, thanks for this David, I appreciate it.
Michael.
> -David
>
> Changelog for perl-5.8.3-17.4.legacy:
> - -------------------------------------
>
> * Tue Dec 27 2005 David Eisenstein <deisenst at ...> 3:5.8.3-17.4.legacy
> - - Added BuildRequires: byacc, groff
>
> * Sun Sep 19 2005 David Eisenstein <deisenst at ...> 3:5.8.3-17.3.legacy
> - - Remove patch1005: perl-5.8.3-cgi.pm.patch introduces a bug and is
> unnecessary. See bug # 152845 comment 9.
>
> * Tue Sep 13 2005 David Eisenstein <deisenst at ...> 3:5.8.3-17.2.legacy
> - - Re-do version number for FC1 release so as not to conflict with FC2.
> - - Put whitespace back to make an easier compare with 5.8.3-16
> - - Remove patch for CAN-2005-0077 since it patches perl-DBI package,
> not this one.
>
> * Thu Jul 14 2005 John Dalbec <jpdalbec at ...> 3:5.8.3-18.1.legacy
> - - integrate fixes for CAN-2004-0452 CAN-2005-0077 CAN-2005-0155
> CAN-2005-0156 CAN-2005-0448 and a CGI.pm DoS.
>
> * Thu Dec 9 2004 John Dalbec <jpdalbec at ...> 3:5.8.3-17.1.legacy
> - - integrate tmpfile patch from OWL/solar designer
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFDsfE6xou1V/j9XZwRAph9AJ9hb2Q8EEumVbI7iORzNS3Z+vmgrQCeKFli
> CYOY8hzFJg0BFA84lUetASs=
> =3WX+
> -----END PGP SIGNATURE-----
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list
------- End of Original Message -------
More information about the fedora-legacy-list
mailing list