Page MenuHomeSolus

Update perl to 5.26.1 to address multiple CVEs
ClosedPublic

Authored by sunnyflunk on Jun 1 2017, 1:13 PM.
Tags
Referenced Files
F11068726: D299.id624.diff
Fri, Aug 11, 10:11 PM
F11068725: D299.id2569.diff
Fri, Aug 11, 10:11 PM
F11068724: D299.id4639.diff
Fri, Aug 11, 10:11 PM
F11050846: D299.diff
Thu, Aug 10, 7:29 PM
F11039657: D299.diff
Thu, Aug 10, 12:53 AM
F11021391: D299.diff
Mon, Aug 7, 2:02 PM
F10967908: D299.id624.diff
Thu, Jul 20, 1:21 PM
F10913761: D299.id4629.diff
Jul 7 2023, 11:25 PM

Details

Summary

Bump to latest stable version of Perl

Addresses the following vulnerabilities:

  • CVE-2017-12837
  • CVE-2017-12883

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Ran a few .pl scripts

Diff Detail

Repository
R2316 perl
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

FWIW this isn't a simple bump, it requires rebuilding every Perl package in the repo

In D299#4303, @ikey wrote:

FWIW this isn't a simple bump, it requires rebuilding every Perl package in the repo

I know, that's why I added the Requires Rebuilds tag (but I have no clue how many packages are impacted)
As usual, I drop this here so it's available if/when you need it, but if you think it's too much work for too few benefits, just abandon it !

No no - we're not avoiding updates cuz its easy :P It'll need to wait until post-sync though

I wouldn't do this till at least after ferryd... It was about 120 packages last time (took a whole day waiting for eopkgs to filter through) and will be even more now. Though creating some form of system to do python and Perl upgrades will be pretty essential if we want to update Perl every point release

kyrios123 retitled this revision from Update perl to 5.26.0 to Update perl to 5.26.1.

bump to 5.26.1

kyrios123 retitled this revision from Update perl to 5.26.1 to Update perl to 5.26.1 to address multiple CVEs.Sep 26 2017, 7:02 PM
kyrios123 edited the summary of this revision. (Show Details)
kyrios123 added a project: Restricted Project.
sunnyflunk added a reviewer: kyrios123.

I'm going to hack up perl a bit so it's easier to maintain

Use 5.26 for version so each point release doesn't require full rebuilds

Files are not being installed in $PATH

This restores the 5.24.1 behaviour of files being installed in /usr/bin

To change directory, these will need to be added to $PATH otherwise they won't function

Use 5.26 for version so each point release doesn't require full rebuilds

Here is a nice tip I used in some other packages to do the same : ${version%.*}

${string%substring} : Deletes shortest match of $substring from back of $string.

This revision was automatically updated to reflect the committed changes.

https://packages.solus-project.com/shannon/p/ and https://packages.solus-project.com/unstable/p/ show 152 packages with perl in the name.
The unstable link shows 24 of those perl-related packages which still show a 2017 date stamp, so I guess they're almost done rebuilding.

The unstable link shows 24 of those perl-related packages which still show a 2017 date stamp, so I guess they're almost done rebuilding.

Are you sure? I saw one and that's now rebuilt (it missed my search criteria as the pspec showed it was last built with perl 5.22.1 (so missed my 5.24.1 scan).

I'll need examples (and go into the directory to check to ensure that you don't have an old cache of the directory page).

@sunnyflunk yes now all of them show 2018.
I counted 24 with the 2017 date a few minutes before posting that comment yesterday 17th Jan at 2:19am haha!