From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: Perl CVE-2017-6512 Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 Jun 2017 03:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 27263@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.14967181668738 (code B ref -1); Tue, 06 Jun 2017 03:03:01 +0000 Received: (at submit) by debbugs.gnu.org; 6 Jun 2017 03:02:46 +0000 Received: from localhost ([127.0.0.1]:58360 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4lV-0002Go-BZ for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:02:46 -0400 Received: from eggs.gnu.org ([208.118.235.92]:37894) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4kf-0002FQ-Si for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:02:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dI4kV-0007hO-Ky for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:01:44 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_DNS_FOR_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:53127) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dI4kP-0007de-UN for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:01:39 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56902) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dI4kM-0004ex-Lf for guix-patches@gnu.org; Mon, 05 Jun 2017 23:01:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dI4kG-0007Yn-WC for guix-patches@gnu.org; Mon, 05 Jun 2017 23:01:30 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54597) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dI4k7-0007QW-Ld for guix-patches@gnu.org; Mon, 05 Jun 2017 23:01:24 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 238DB2084E; Mon, 5 Jun 2017 23:01:13 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 05 Jun 2017 23:01:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=ZaB iCx9jeuFZXZpRNxZdzOkaNCjMiACyV8CE4eROTAk=; b=Rlr8bpaD68D6ZSFgfWR uGo5pxX2kB+0pcCGuCyuzbT9bytrLZkDY7JTIROAnRGazyuJouvdmy3lIqKEzCq8 MLuyuDQTGxImy6pv/ScF61QIGBLoC3iqRK15jJ8XvPGfSZfmAhu2IS63vWvyIjeV UlCnlIIXiS/Fx2ujPJZ5iWeg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=ZaBiCx9jeuFZXZpRNxZdzOkaNCjMiACyV8CE4eROT Ak=; b=EM+6uN5vnmO+oOnmdqWhIQztFPh7VPh9D+Suc+CuUjlEVkRd+TA4MCzFo 1qMgnkoLwpgQJ8UW9ITuNgFUEnJ75jOTewiledmhHw4jK4R680Xvo712IrSttCGP Hp5Z9DxcUxtnrq/PQWNCtSKN4iwYgRNeKoQG7dsk7QVdONk4a6bG66uAAApclfE8 pbqhI52j+iUing0NV56e5/FZHKRObnF/UP974p4qIhnOs7CVjut26QWhyJJ4YIf8 ye9ov5wgUK+RUBITUEU5Ypt85k8legg1Hk7fezWnXZP7wfe5BZjR1KMRIPX7Rdnu 3o8aPr3AvtWJsdPtfMmh5pirvW7yw== X-ME-Sender: X-Sasl-enc: 7KPUl+MdDaw1pt8B7FwVgN/KJ8XB2TdfoDCiV/nrz5N2 1496718072 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id D559B7E7C6 for ; Mon, 5 Jun 2017 23:01:12 -0400 (EDT) Date: Mon, 5 Jun 2017 23:01:08 -0400 From: Leo Famulari Message-ID: <20170606030108.GA13200@jasmine> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline These patches fix CVE-2017-6512 in perl-file-path and the copy of File::Path in perl itself. --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlk2GvQACgkQJkb6MLrK fwgd9A/+JglcBR+Or4jyVpHiVPQk1AR0/67vO7Q5gbfE7EMkApfdgmCBT2cmXu7/ nDaPdiY7sVqa9KLZRP8Yc0sJL8lA5KpCdYd685A1FHrq9Y5m6VkyJDOd2k+S8n2o 3KbhfiNUX9I5c86UG5uUwAuGrqNXshBtWSvQE5ACpMyH0iMarDFE87tmxP5bK66N kwsmAs7CZRO6aXg2KGix1PU/KrbZSEeDcK3kJmMwQp5XoU2oOQzH0krM/g1EuQZ/ 9/2bDp9BcgtD3P/8cU8WmiE0j07GZUVUz4ESGD1TWzZfIoVquoolaepSRJ61LtTo 2ZUKVGYda1+FK5m63aIcYP42jvkhski7rMfsXe6rmsysx6oSegG+Ta53ETrMaBg7 mmYfYmQYv2xpIaG/ukNprPhQKB2TiCG+4nMgJ9JrnZycFBaP+nRaU59KZfn/W9Lw aQD5wM9I04RQUYfsqPQFLzQKwnGIDPGHjU3FJBAvHOPZTgOljR8YZA8hgvQJa+Sp Z94q6Fz2aLgQ0Sh5pkv6sYkSbP/PEB5v48aeY2g/mEcrR68td4S6C9dvdO0NUSBh ffWjBmRMfPRUohut2fkxKiD5kPMPMRkBT9kMtYJ2dEI17/DZJh5YTzHcE1A2r2qU KF/P5PwkqT+p3F1n2gh9HtT/9vqM3gH/Y2GVOFgar3QeNBF1e04= =WlAT -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: [PATCH 1/2] gnu: perl-file-path: Update to 2.13. References: <20170606030108.GA13200@jasmine> In-Reply-To: <20170606030108.GA13200@jasmine> Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 Jun 2017 03:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 27263@debbugs.gnu.org Received: via spool by 27263-submit@debbugs.gnu.org id=B27263.14967183108982 (code B ref 27263); Tue, 06 Jun 2017 03:06:01 +0000 Received: (at 27263) by debbugs.gnu.org; 6 Jun 2017 03:05:10 +0000 Received: from localhost ([127.0.0.1]:58368 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4nu-0002Kn-F0 for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:05:10 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60075) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4n2-0002JO-Pw for 27263@debbugs.gnu.org; Mon, 05 Jun 2017 23:05:09 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DF527209AD; Mon, 5 Jun 2017 23:04:15 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 05 Jun 2017 23:04:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=Q8ZrJY8yg4LieW2bnd/YmJZS2DJ 5wzcG0KDveaJgyS8=; b=utXFPlmahBCRNLnoXBWP3rwxFKBmn53euDv1mxvqCXY dozJVli6TQnlxyfonwjQrJl7qwQ3mgPEWjKFgy5rJa8l8AZN2Ieyro49SgOoRz8u CD18uzH+aS/u+YNWBHsi79lLHqsDUs39aHxaTjLWccGQNwX8pF/q8/wBbsUgeChA = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=Q8ZrJY 8yg4LieW2bnd/YmJZS2DJ5wzcG0KDveaJgyS8=; b=ok0Nqj8QgAm3mxumzhoYDF 05g9PfNGyyOiq5rqJwXP7ZbjAH4H4ZVtOVgiqpoXSbi8k7M11EvyCWaWm9HfCOb8 O5+Wqo00D6qK61KWvrByQNSIWWfyojCM4ikoVPMgg/3KLGfm1iwWKcyOPoMsIkJG nIZoooGfugFDyFo+y5CkFqmWosOYGv7yNldsA7JOmPKA7NWDQqDJF2AUS5bncyOE 8THXE7rG43593X1S1VOrhPiG0U9Fb04eUgwgiAXZQX2Sh3vHbV5ttllhnOGb0rUA R2Sw61s8s+tuxfbSfuB8N5mhL004l6mLuqwWFuz8yn5RdIgtUF13xaUf+zvjlLVA == X-ME-Sender: X-Sasl-enc: WJBvuCU9I2p9TTA1MOryHAJdpHfAtCBn6o39SHD/1oQy 1496718255 Received: from localhost.localdomain (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 993337E800 for <27263@debbugs.gnu.org>; Mon, 5 Jun 2017 23:04:15 -0400 (EDT) From: Leo Famulari Date: Mon, 5 Jun 2017 23:04:09 -0400 Message-Id: X-Mailer: git-send-email 2.13.0 X-Spam-Score: -0.3 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) This fixes CVE-2017-6512. * gnu/packages/perl.scm (perl-file-path): Update to 2.13. --- gnu/packages/perl.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 812d7548c..e56c80609 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -2986,17 +2986,17 @@ platforms.") (define-public perl-file-path (package (name "perl-file-path") - (version "2.12") + (version "2.13") (source (origin (method url-fetch) (uri (string-append - "mirror://cpan/authors/id/R/RI/RICHE/File-Path-" + "mirror://cpan/authors/id/J/JK/JKEENAN/File-Path-" version ".tar.gz")) (sha256 (base32 - "0znihrlcnlpa0ziml0hkq9s59p1bjd2a6khgx2accdf16w6imxmv")))) + "039gc0i5cbdmidl8j8x195yykwcdmzwawmpapnysvljl8l33jqwj")))) (build-system perl-build-system) (home-page "http://search.cpan.org/dist/File-Path") (synopsis "Create or remove directory trees") -- 2.13.0 From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: [PATCH 2/2] gnu: perl: Fix CVE-2017-6512 in File::Path. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 Jun 2017 03:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 27263@debbugs.gnu.org Received: via spool by 27263-submit@debbugs.gnu.org id=B27263.14967183178994 (code B ref 27263); Tue, 06 Jun 2017 03:06:02 +0000 Received: (at 27263) by debbugs.gnu.org; 6 Jun 2017 03:05:17 +0000 Received: from localhost ([127.0.0.1]:58370 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4nu-0002Kp-Mw for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:05:17 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60987) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4n2-0002JP-Pw for 27263@debbugs.gnu.org; Mon, 05 Jun 2017 23:05:09 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 169F820ADE; Mon, 5 Jun 2017 23:04:16 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 05 Jun 2017 23:04:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:in-reply-to:in-reply-to:message-id:references :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=Xsgp37Lfy8hDonvjN0NAOSSA1/wuEeK1d0kt+i ah3+4=; b=SvD4621AHSGouzId8DhFlLuqZojxIghcdNqxcrRt0wxpQcmClxt3ta 2JIuka5JlEOCSq12iSyUw8Ql9QuduD/U0awhhNyvC7cz+39O75mpuT2fn5x2P1q1 6fUPO5PR/7m5C4V9WqskQChWKsZtxhRQeyYn0YxDFdPGqqiwzVmhg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:in-reply-to:in-reply-to :message-id:references:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=Xsgp37Lfy8hDonvjN0 NAOSSA1/wuEeK1d0kt+iah3+4=; b=Keq6NsBTPBuvroauxdRbFSW/TKXNXx4Nb1 AlTqtTwWS8Gn8Ce1+NJVW14wq6rCHrIsrIP616pEaP3dVy/5rpQfmDKsttZa6HNR l243tTG0FuU8HrY5FKcaZwM+JQq8Zi+wNhm0syv6Bfisl9Cj/cJVlPNO64qjXGO8 YCJ1rHtKGmyKPhmAx7l20BC6YnJOV5ut+Zd//ePV2l9cuHkbiN443Zprf8+qRWt9 WSywN64+/aLJULMSE1i6yI/9pepwMlujWOP7b79yrkqS72xIfwC0Cje2GLb5BBPz H+onqvr1AjUGwyZa4gxRWMm1wQfpoTldCOZT8YraPivQwFFfxzrg== X-ME-Sender: X-Sasl-enc: WJBxvjo4Imp5XC05M+ryHAJdpHfAtCBn6o39SHD/1oQy 1496718255 Received: from localhost.localdomain (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id C0E657E815 for <27263@debbugs.gnu.org>; Mon, 5 Jun 2017 23:04:15 -0400 (EDT) From: Leo Famulari Date: Mon, 5 Jun 2017 23:04:10 -0400 Message-Id: <031e297c96cc7522ca42331605079a8462784466.1496718250.git.leo@famulari.name> X-Mailer: git-send-email 2.13.0 In-Reply-To: References: In-Reply-To: References: X-Spam-Score: -0.3 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) * gnu/packages/perl.scm (perl)[replacement]: New field. (perl/fixed): New variable. * gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + .../patches/perl-file-path-CVE-2017-6512.patch | 173 +++++++++++++++++++++ gnu/packages/perl.scm | 13 ++ 3 files changed, 187 insertions(+) create mode 100644 gnu/packages/patches/perl-file-path-CVE-2017-6512.patch diff --git a/gnu/local.mk b/gnu/local.mk index 4b2bdfe37..ab3fbb2d3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -884,6 +884,7 @@ dist_patch_DATA = \ %D%/packages/patches/pcre-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ + %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ diff --git a/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch b/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch new file mode 100644 index 000000000..28ab06759 --- /dev/null +++ b/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch @@ -0,0 +1,173 @@ +Fix CVE-2017-6512: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6512 +https://rt.cpan.org/Public/Bug/Display.html?id=121951 + +Patch copied from Debian, adapted to apply to the copy of File::Path in Perl +5.24.0. + +https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 +https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3 + +From d760748be0efca7c05454440e24f3df77bf7cf5d Mon Sep 17 00:00:00 2001 +From: John Lightsey +Date: Tue, 2 May 2017 12:03:52 -0500 +Subject: Prevent directory chmod race attack. + +CVE-2017-6512 is a race condition attack where the chmod() of directories +that cannot be entered is misused to change the permissions on other +files or directories on the system. This has been corrected by limiting +the directory-permission loosening logic to systems where fchmod() is +supported. + +[Backported (whitespace adjustments) to File-Path 2.12 / perl 5.24 by +Dominic Hargreaves for Debian.] + +Bug: https://rt.cpan.org/Public/Bug/Display.html?id=121951 +Bug-Debian: https://bugs.debian.org/863870 +Patch-Name: fixes/file_path_chmod_race.diff +--- + cpan/File-Path/lib/File/Path.pm | 39 +++++++++++++++++++++++++-------------- + cpan/File-Path/t/Path.t | 40 ++++++++++++++++++++++++++-------------- + 2 files changed, 51 insertions(+), 28 deletions(-) + +diff --git a/cpan/File-Path/lib/File/Path.pm b/cpan/File-Path/lib/File/Path.pm +index 034da1e..a824cc8 100644 +--- a/cpan/File-Path/lib/File/Path.pm ++++ b/cpan/File-Path/lib/File/Path.pm +@@ -354,21 +354,32 @@ sub _rmtree { + + # see if we can escalate privileges to get in + # (e.g. funny protection mask such as -w- instead of rwx) +- $perm &= oct '7777'; +- my $nperm = $perm | oct '700'; +- if ( +- !( +- $arg->{safe} +- or $nperm == $perm +- or chmod( $nperm, $root ) +- ) +- ) +- { +- _error( $arg, +- "cannot make child directory read-write-exec", $canon ); +- next ROOT_DIR; ++ # This uses fchmod to avoid traversing outside of the proper ++ # location (CVE-2017-6512) ++ my $root_fh; ++ if (open($root_fh, '<', $root)) { ++ my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1]; ++ $perm &= oct '7777'; ++ my $nperm = $perm | oct '700'; ++ local $@; ++ if ( ++ !( ++ $arg->{safe} ++ or $nperm == $perm ++ or !-d _ ++ or $fh_dev ne $ldev ++ or $fh_inode ne $lino ++ or eval { chmod( $nperm, $root_fh ) } ++ ) ++ ) ++ { ++ _error( $arg, ++ "cannot make child directory read-write-exec", $canon ); ++ next ROOT_DIR; ++ } ++ close $root_fh; + } +- elsif ( !chdir($root) ) { ++ if ( !chdir($root) ) { + _error( $arg, "cannot chdir to child", $canon ); + next ROOT_DIR; + } +diff --git a/cpan/File-Path/t/Path.t b/cpan/File-Path/t/Path.t +index ff52fd6..956ca09 100644 +--- a/cpan/File-Path/t/Path.t ++++ b/cpan/File-Path/t/Path.t +@@ -3,7 +3,7 @@ + + use strict; + +-use Test::More tests => 127; ++use Test::More tests => 126; + use Config; + use Fcntl ':mode'; + use lib 't/'; +@@ -18,6 +18,13 @@ BEGIN { + + my $Is_VMS = $^O eq 'VMS'; + ++my $fchmod_supported = 0; ++if (open my $fh, curdir()) { ++ my ($perm) = (stat($fh))[2]; ++ $perm &= 07777; ++ eval { $fchmod_supported = chmod( $perm, $fh); }; ++} ++ + # first check for stupid permissions second for full, so we clean up + # behind ourselves + for my $perm (0111,0777) { +@@ -299,16 +306,19 @@ is($created[0], $dir, "created directory (old style 3 mode undef) cross-check"); + + is(rmtree($dir, 0, undef), 1, "removed directory 3 verbose undef"); + +-$dir = catdir($tmp_base,'G'); +-$dir = VMS::Filespec::unixify($dir) if $Is_VMS; ++SKIP: { ++ skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported; ++ $dir = catdir($tmp_base,'G'); ++ $dir = VMS::Filespec::unixify($dir) if $Is_VMS; + +-@created = mkpath($dir, undef, 0200); ++ @created = mkpath($dir, undef, 0400); + +-is(scalar(@created), 1, "created write-only dir"); ++ is(scalar(@created), 1, "created read-only dir"); + +-is($created[0], $dir, "created write-only directory cross-check"); ++ is($created[0], $dir, "created read-only directory cross-check"); + +-is(rmtree($dir), 1, "removed write-only dir"); ++ is(rmtree($dir), 1, "removed read-only dir"); ++} + + # borderline new-style heuristics + if (chdir $tmp_base) { +@@ -450,26 +460,28 @@ SKIP: { + } + + SKIP : { +- my $skip_count = 19; ++ my $skip_count = 18; + # this test will fail on Windows, as per: + # http://perldoc.perl.org/perlport.html#chmod + + skip "Windows chmod test skipped", $skip_count + if $^O eq 'MSWin32'; ++ skip "fchmod() on directories is not supported on this platform", $skip_count ++ unless $fchmod_supported; + my $mode; + my $octal_mode; + my @inputs = ( +- 0777, 0700, 0070, 0007, +- 0333, 0300, 0030, 0003, +- 0111, 0100, 0010, 0001, +- 0731, 0713, 0317, 0371, 0173, 0137, +- 00 ); ++ 0777, 0700, 0470, 0407, ++ 0433, 0400, 0430, 0403, ++ 0111, 0100, 0110, 0101, ++ 0731, 0713, 0317, 0371, ++ 0173, 0137); + my $input; + my $octal_input; +- $dir = catdir($tmp_base, 'chmod_test'); + + foreach (@inputs) { + $input = $_; ++ $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input)); + # We can skip from here because 0 is last in the list. + skip "Mode of 0 means assume user defaults on VMS", 1 + if ($input == 0 && $Is_VMS); diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index e56c80609..6da4bb13f 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -51,6 +51,7 @@ ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package (name "perl") + (replacement perl/fixed) (version "5.24.0") (source (origin (method url-fetch) @@ -147,6 +148,18 @@ (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" +(define perl/fixed + (package + (inherit perl) + (replacement #f) + (source + (origin + (inherit (package-source perl)) + (patches + (append + (origin-patches (package-source perl)) + (search-patches "perl-file-path-CVE-2017-6512.patch"))))))) + (define-public perl-algorithm-c3 (package (name "perl-algorithm-c3") -- 2.13.0 From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: Perl CVE-2017-6512 Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 Jun 2017 18:55:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Leo Famulari , 27263@debbugs.gnu.org Received: via spool by 27263-submit@debbugs.gnu.org id=B27263.14967752465282 (code B ref 27263); Tue, 06 Jun 2017 18:55:01 +0000 Received: (at 27263) by debbugs.gnu.org; 6 Jun 2017 18:54:06 +0000 Received: from localhost ([127.0.0.1]:59859 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dIJcD-0001N7-5u for submit@debbugs.gnu.org; Tue, 06 Jun 2017 14:54:06 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:57793) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dIJc7-0001Md-5o for 27263@debbugs.gnu.org; Tue, 06 Jun 2017 14:54:04 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 22AB92085D; Tue, 6 Jun 2017 14:53:57 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Tue, 06 Jun 2017 14:53:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=QcPFSX7cWKHpBJa6kJXmCRkq3mRhQJSu2DUA73VCv a0=; b=wceoMlhCrl9i6k3MhTfMIvx9iPSUR4JKXeiY+IwSVltACU8KCxR49acji H2gJH5xHD12ZWHbU31jMipGFPXmtLS0iLX9CXLQZlNlD3IuIPUZfiisDo+QVm/Eq xeUtAzc5L3EGvKVvHizIfhMtdWnbTc0U7OpyJpl0HShKMF0ZQHqKTxSBV2nn8B8W o5bAdoLvyJ2xP2KUmGC3gft0JvUYES8e2Y8ov05MqJsjDeWFSlh8V93qhyUIJavU XbcXXc3H3Eb6Z/g/+1XifQ0bRS68K+ograIJr5DEQLuU1hs4NrZ2jB7zg8j64rI6 vIUKGvOyko8FeoeTpAXnUMSxSAxHA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=QcPFSX7cWKHpBJa6kJ XmCRkq3mRhQJSu2DUA73VCva0=; b=VBNMfBrxQsxCVq4vb0LkUZPvrJV4eDJZI7 uzyJgHcfDbn0n/qx6ae3MpT/r6zu3LufX9T1F94k6vs2ll8Nl6AwBGGXfgOYocjd BhOF1EXoaIoP9ccmK96jo2vAnxg0NelNwUx0W8XcO9FKftqItOOMR5VHfgIghimb xdydMCZoS5X3LLNJW9ekYL/XBAgw1+eI51tyfTeaNXwFlEKLkntTt9ZjXw0gFhcf tCMjK5OYsQo2e/SHomMNvZsdijfSULaeEtghNBZqrYyxQ79O8+mnOlrSrFRNPL5v BZFdGCfoX2a+qDjw/Tggl+Y65Yb1pyEcdF1MjarcG1R6JUsvf4hA== X-ME-Sender: X-Sasl-enc: LWpRhYjcUiPWFEKfiwcdKZy1e2K9QQHDN30qchknCRrz 1496775236 Received: from localhost (unknown [188.113.81.93]) by mail.messagingengine.com (Postfix) with ESMTPA id 98B337E8E5; Tue, 6 Jun 2017 14:53:56 -0400 (EDT) From: Marius Bakke In-Reply-To: <20170606030108.GA13200@jasmine> References: <20170606030108.GA13200@jasmine> User-Agent: Notmuch/0.24.2 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) Date: Tue, 06 Jun 2017 20:53:54 +0200 Message-ID: <87fufdx7zx.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Leo Famulari writes: > These patches fix CVE-2017-6512 in perl-file-path and the copy of > File::Path in perl itself. LGTM. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlk2+kMACgkQoqBt8qM6 VPoxpwf9GQ17kpKPEaooYWOiW1s06DbKWsE26hkwIPqEyF7O55sWCfcv48ibozS0 PEWq8VDqitcdRmmfELnKVn7dMXQ7mOeE9L2i1Obb/6En2ddkRiyBdj0mn0IFLzC4 fElL3ThfrLTBTlXv5PDI2nqBgTMSvMDYOjrAX3/jX5jgk3nqfXct2IRvAmT4eGoF Kbelp+VAtrOZwOLGVOY6PfythwCsF2jUhZVqEBNub2RuP/jjJm3MP+RcPDPhFZQi ER2AXNdebgs3/3/r3aqZUigL6mXqHJ9I1lCTboi2ou+ZN6ScU/bcZD8v6C7nAw+a x7YpR1Iy5d4diNZ+Mm28oEo1NipUAg== =nBoi -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: [PATCH 1/2] gnu: perl-file-path: Update to 2.13. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 Jun 2017 23:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Leo Famulari Cc: 27263@debbugs.gnu.org Received: via spool by 27263-submit@debbugs.gnu.org id=B27263.149679102613153 (code B ref 27263); Tue, 06 Jun 2017 23:18:02 +0000 Received: (at 27263) by debbugs.gnu.org; 6 Jun 2017 23:17:06 +0000 Received: from localhost ([127.0.0.1]:60038 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dINik-0003Q4-B5 for submit@debbugs.gnu.org; Tue, 06 Jun 2017 19:17:06 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52280) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dINig-0003PN-3T for 27263@debbugs.gnu.org; Tue, 06 Jun 2017 19:17:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dINiX-0004wn-CX for 27263@debbugs.gnu.org; Tue, 06 Jun 2017 19:16:56 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:39722) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dINiX-0004wh-96; Tue, 06 Jun 2017 19:16:53 -0400 Received: from astlambert-651-1-208-19.w92-151.abo.wanadoo.fr ([92.151.64.19]:37574 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dINiW-00080E-Kf; Tue, 06 Jun 2017 19:16:53 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170606030108.GA13200@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 19 Prairial an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Wed, 07 Jun 2017 01:16:44 +0200 In-Reply-To: (Leo Famulari's message of "Mon, 5 Jun 2017 23:04:09 -0400") Message-ID: <87wp8o671f.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > This fixes CVE-2017-6512. > > * gnu/packages/perl.scm (perl-file-path): Update to 2.13. OK. From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: [PATCH 2/2] gnu: perl: Fix CVE-2017-6512 in File::Path. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 Jun 2017 23:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Leo Famulari Cc: 27263@debbugs.gnu.org Received: via spool by 27263-submit@debbugs.gnu.org id=B27263.149679111513294 (code B ref 27263); Tue, 06 Jun 2017 23:19:02 +0000 Received: (at 27263) by debbugs.gnu.org; 6 Jun 2017 23:18:35 +0000 Received: from localhost ([127.0.0.1]:60042 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dINk7-0003SH-KO for submit@debbugs.gnu.org; Tue, 06 Jun 2017 19:18:35 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52674) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dINk2-0003Rz-BZ for 27263@debbugs.gnu.org; Tue, 06 Jun 2017 19:18:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dINjs-0005fk-Ry for 27263@debbugs.gnu.org; Tue, 06 Jun 2017 19:18:21 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:39733) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dINjs-0005fg-Ok; Tue, 06 Jun 2017 19:18:16 -0400 Received: from astlambert-651-1-208-19.w92-151.abo.wanadoo.fr ([92.151.64.19]:37576 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dINjs-00083O-5o; Tue, 06 Jun 2017 19:18:16 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <031e297c96cc7522ca42331605079a8462784466.1496718250.git.leo@famulari.name> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 19 Prairial an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Wed, 07 Jun 2017 01:18:09 +0200 In-Reply-To: <031e297c96cc7522ca42331605079a8462784466.1496718250.git.leo@famulari.name> (Leo Famulari's message of "Mon, 5 Jun 2017 23:04:10 -0400") Message-ID: <87shjc66z2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > * gnu/packages/perl.scm (perl)[replacement]: New field. > (perl/fixed): New variable. > * gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. OK too. I suppose we=E2=80=99ll have to apply it in core-updates too, right? Thank you! Ludo=E2=80=99. From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: [PATCH 2/2] gnu: perl: Fix CVE-2017-6512 in File::Path. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 07 Jun 2017 15:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 27263@debbugs.gnu.org Received: via spool by 27263-submit@debbugs.gnu.org id=B27263.149685006326362 (code B ref 27263); Wed, 07 Jun 2017 15:42:02 +0000 Received: (at 27263) by debbugs.gnu.org; 7 Jun 2017 15:41:03 +0000 Received: from localhost ([127.0.0.1]:33424 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dId4w-0006r8-TB for submit@debbugs.gnu.org; Wed, 07 Jun 2017 11:41:03 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dId4r-0006qS-Ro for 27263@debbugs.gnu.org; Wed, 07 Jun 2017 11:41:01 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A22F920A75; Wed, 7 Jun 2017 11:40:57 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Wed, 07 Jun 2017 11:40:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=oQpJ7chv9OeteqNeCZR9w8ZL+XWpP9gf3TNPVK lE1w0=; b=ONlRt2JpDs+chNZHXej9pD8DxyxmCxq0I03r6CL1k8QdVaiVDPFVuG nDyTlqMmdWiLj7UE+nKccZ/0Fi3BD7DpSnQ9lU2bW68zPAEqTG86cWlViZObvr1q PPhj7rwotsb26zgk2K2N1pqF2hGuuscX42/vVii8iSeJS83IjN4mE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=oQpJ7chv9OeteqNeCZ R9w8ZL+XWpP9gf3TNPVKlE1w0=; b=pCx6Z2UDJqvh8LEwOaGh0DVEF6rKmR9dyN 9XKaoyDRPT18sp5F01VnQx8P3yo+FSnrWvApm4aEtoH2GQJriCzX0P4oh144ZQy5 d6x7+wdBN1rJwAxLjMdO9wjRCrSrTNojIkGq73FKDgtcCMV9A9Ka3YG/m66I/Bzy wWrG8WMJVfLm6UtZb1N4xpK7YJxgxanLizEltGsyVvryYVFzR4EtRsnrxcbDmvdA yUYeoeoWUyoSKNmOz9CzpIdvYjg7NnezP1I1AYzYp2XqMPPHnxV/dC55I0ibz0Nm n7R0DlrwEi0gDCCdIuyu4Yn5nZmPxYbKtLPe9aBwE4VRXZ+W9JoA== X-ME-Sender: X-Sasl-enc: uLqewqgZqcP/comDhJPzoX4bCpfRtAo7vLknyqoxUgmO 1496850057 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 61DD07E8E4; Wed, 7 Jun 2017 11:40:57 -0400 (EDT) Date: Wed, 7 Jun 2017 11:40:56 -0400 From: Leo Famulari Message-ID: <20170607154056.GB16629@jasmine> References: <031e297c96cc7522ca42331605079a8462784466.1496718250.git.leo@famulari.name> <87shjc66z2.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Bn2rw/3z4jIqBvZU" Content-Disposition: inline In-Reply-To: <87shjc66z2.fsf@gnu.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --Bn2rw/3z4jIqBvZU Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 07, 2017 at 01:18:09AM +0200, Ludovic Court=C3=A8s wrote: > Leo Famulari skribis: >=20 > > * gnu/packages/perl.scm (perl)[replacement]: New field. > > (perl/fixed): New variable. > > * gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. >=20 > OK too. >=20 > I suppose we=E2=80=99ll have to apply it in core-updates too, right? Yes, I'm working on this today. --Bn2rw/3z4jIqBvZU Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlk4HogACgkQJkb6MLrK fwjNyw/+MUjoNeW7suH6sBm1DsezH8JuSG9idQPBGvB2ZwELqqyHIvwGvwg2DDdu j2WsHvXsxE9cCW3JccmLc+3FdRhVrehc0yoSQhDu3AGHamxycIzqZ95okfd1mdMv 8fcN+bSGm8yFCpdyNq9g1yCck6XcdTShJUzpwEUf6vinjpdoXBwJGxJh2QzcQOE4 t+WG+S01jyzyCIG9ZVQB72/5Ne1XHHe1uD3VcEVkRGgG10lPahngo47C27QR6v7A mH4VgkQmMikAZFggX0/ulcKEdcdgFjNfT4qWARX1O9KXC1Gp5diO9Bv+2UZ4r60Q eJQRS2N3CrMjNFEQeTNxOSYAjiJuPvZ31d+0HJSZSc/Mtve/vsbsQFU+Ya2RimSe M+ASsPZG33YGSIQfnsNqfQmebe5O3bvIdj/n2Qq/RS7O4yniuviFOYF4s+wyU2LV eWrmcnZD1mVtE8OLGGOfcKoogt2+wKQbrn66OC1LTvBYdniE3bAsQ/4QOH3jPdmP OrvdbWt/doMLZ/PyFAHYlV9mnCLaRtXR+t15UdW27tBKYnIz9mPA3/IY8PVPVDyx YCX0nPeT+AhQLoXTM1D5bieUtRNuxZtq0fniwRl5ZwpK61J1ZtgAhj3msLG3ijd5 rl1MEqgmB0/qCaoD+9lrwe03u4ix3ELUtYz8T3OK8Ac3Tjl/Wsg= =QCEK -----END PGP SIGNATURE----- --Bn2rw/3z4jIqBvZU-- From unknown Sat Sep 13 03:07:19 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Leo Famulari Subject: bug#27263: closed (Re: bug#27263: [PATCH 2/2] gnu: perl: Fix CVE-2017-6512 in File::Path.) Message-ID: References: <20170607161752.GA5750@jasmine> <20170606030108.GA13200@jasmine> X-Gnu-PR-Message: they-closed 27263 X-Gnu-PR-Package: guix-patches Reply-To: 27263@debbugs.gnu.org Date: Wed, 07 Jun 2017 16:18:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1496852282-29569-1" This is a multi-part message in MIME format... ------------=_1496852282-29569-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #27263: Perl CVE-2017-6512 which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 27263@debbugs.gnu.org. --=20 27263: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D27263 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1496852282-29569-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 27263-done) by debbugs.gnu.org; 7 Jun 2017 16:18:00 +0000 Received: from localhost ([127.0.0.1]:33451 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dIdeg-0007gg-9b for submit@debbugs.gnu.org; Wed, 07 Jun 2017 12:18:00 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:51393) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dIded-0007gW-0t for 27263-done@debbugs.gnu.org; Wed, 07 Jun 2017 12:17:57 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 353FA207AC; Wed, 7 Jun 2017 12:17:54 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Wed, 07 Jun 2017 12:17:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=2VjYU4hxATHATNfpmaaYF4Rh68+konzh704cgO MB96w=; b=rQoZ8LJVL3M4bh687pXf1ZmI0B3lranfzLvjxkvA78sd9andTWE2FO HsFp0nC44G6T4P/7wNwnw5U1X1J/oeluKKR0wTt3WgxU6USsr+tc0t17skoEM7UW PZwkZBCegKc8B/D4NagDrbmrAUtYnthfIf6yuFBq9TiROlccbNn5k= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=2VjYU4hxATHATNfpma aYF4Rh68+konzh704cgOMB96w=; b=UR2Tdrfv7EVYNtFvNmuILt8YNPSVBnQjXf S4dx1t9SAs4OjxMu4hbjcXfJXTFHRsd0NgMBjERVdiN4LPMsR3qXb9yK+bc0AjLb 5jfSXdO2EjeWlwx0Sqr8rcXH0P67cxG9d8qoWihhXzNIz7UhQJxmAR5GK1Tk9ev3 EZUmTuKjFQDXef5VvGM7zXds8OFLYRzMI8wb0N8SATVdHSEWtdn8ZVZKEo995RqG Zze4m1/y6prBFEiK/Tx2yWghAdj/qK+dBef6pXEQwj9357NmxGgkisaNvAmNkJyw LvktsA9/zN1JljAOT0EkYozpJv40iNVuPAmPKpH0bqGMth3JLYIA== X-ME-Sender: X-Sasl-enc: 6Y6JObDWuF/nwn26h0bKMQPWGlUeT6oN+pTm3oTiF39F 1496852273 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id EEB7C7E962; Wed, 7 Jun 2017 12:17:53 -0400 (EDT) Date: Wed, 7 Jun 2017 12:17:53 -0400 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: bug#27263: [PATCH 2/2] gnu: perl: Fix CVE-2017-6512 in File::Path. Message-ID: <20170607161752.GA5750@jasmine> References: <031e297c96cc7522ca42331605079a8462784466.1496718250.git.leo@famulari.name> <87shjc66z2.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline In-Reply-To: <87shjc66z2.fsf@gnu.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27263-done Cc: 27263-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --KsGdsel6WgEHnImy Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 07, 2017 at 01:18:09AM +0200, Ludovic Court=C3=A8s wrote: > Leo Famulari skribis: >=20 > > * gnu/packages/perl.scm (perl)[replacement]: New field. > > (perl/fixed): New variable. > > * gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. >=20 > OK too. >=20 > I suppose we=E2=80=99ll have to apply it in core-updates too, right? And, done as c67d587f94173fd42d65097165afc5c512935646. I tested that this packaging of Perl 5.26.0 builds on master, then I "ported" the package to core-updates. I don't have the resources to build the Perl package on core-updates in a timely manner. --KsGdsel6WgEHnImy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlk4JzAACgkQJkb6MLrK fwhgbg//Re5AUMVXFYU4tUIEmuyddrFVUgeorCnW2nGEEMXvRn8cCCapsHsj2J/8 roZfRTErEnoCwg8IA/pzBgXhTbO8QlgUeWLc0T/xjUW2wQ0EPUOOOth9kVuV2Eci bCXzKyXIoQqoUS7WJqYljHWN2DW2pc8xQq442qfJkNz9EsVz7R9FCgtcmE1TdEXG TiWYVOA8z3tpt4pnf6Co2hoG2Ew2mcnzBJ0mIDqDe7X83yVhp5szpANXn4y9r4zm q7JAQqo1ViBn4GOxa7riC5DdnOUTs39khufsVcbMdK8B8THQpCr6c4mzs1+Q38q2 oy8b/eTgEyAjin4XMc85M98H5uow+/F+kM0UmPg6JEvsQ3eF1pVPWp9NKpcScxcQ 8ngWT4dDBE6ZVpWNNF7PtPm9xws77cN8hbm2dWqUK6Iuu5FyNzkRCAObIanBWy0I iJ6yK3r96IQdH9dL85293h0uHypjdpfXyOb2pcauMhIwt4ON8L/ixXExTWuzE0tu Fk1kPKOHfv6QHu6JmOWCYCDhYe/CvepuRJ4tLyfWTp5zFptlw/2Spjlwe+eFJg9w NKlJAZZLzuxpAgLhxLgeDuw3goRLe4PWfo9eK9lFwZCgdhRlCTvnb1+htZuGdu3V x9ROazsJEBqjoV9UJSJhrbO7BZq2WuLs42wOGDTTZoUKs4TbMJE= =4vHI -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- ------------=_1496852282-29569-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 6 Jun 2017 03:02:46 +0000 Received: from localhost ([127.0.0.1]:58360 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4lV-0002Go-BZ for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:02:46 -0400 Received: from eggs.gnu.org ([208.118.235.92]:37894) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dI4kf-0002FQ-Si for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:02:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dI4kV-0007hO-Ky for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:01:44 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_DNS_FOR_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:53127) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dI4kP-0007de-UN for submit@debbugs.gnu.org; Mon, 05 Jun 2017 23:01:39 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56902) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dI4kM-0004ex-Lf for guix-patches@gnu.org; Mon, 05 Jun 2017 23:01:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dI4kG-0007Yn-WC for guix-patches@gnu.org; Mon, 05 Jun 2017 23:01:30 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54597) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dI4k7-0007QW-Ld for guix-patches@gnu.org; Mon, 05 Jun 2017 23:01:24 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 238DB2084E; Mon, 5 Jun 2017 23:01:13 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 05 Jun 2017 23:01:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=ZaB iCx9jeuFZXZpRNxZdzOkaNCjMiACyV8CE4eROTAk=; b=Rlr8bpaD68D6ZSFgfWR uGo5pxX2kB+0pcCGuCyuzbT9bytrLZkDY7JTIROAnRGazyuJouvdmy3lIqKEzCq8 MLuyuDQTGxImy6pv/ScF61QIGBLoC3iqRK15jJ8XvPGfSZfmAhu2IS63vWvyIjeV UlCnlIIXiS/Fx2ujPJZ5iWeg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=ZaBiCx9jeuFZXZpRNxZdzOkaNCjMiACyV8CE4eROT Ak=; b=EM+6uN5vnmO+oOnmdqWhIQztFPh7VPh9D+Suc+CuUjlEVkRd+TA4MCzFo 1qMgnkoLwpgQJ8UW9ITuNgFUEnJ75jOTewiledmhHw4jK4R680Xvo712IrSttCGP Hp5Z9DxcUxtnrq/PQWNCtSKN4iwYgRNeKoQG7dsk7QVdONk4a6bG66uAAApclfE8 pbqhI52j+iUing0NV56e5/FZHKRObnF/UP974p4qIhnOs7CVjut26QWhyJJ4YIf8 ye9ov5wgUK+RUBITUEU5Ypt85k8legg1Hk7fezWnXZP7wfe5BZjR1KMRIPX7Rdnu 3o8aPr3AvtWJsdPtfMmh5pirvW7yw== X-ME-Sender: X-Sasl-enc: 7KPUl+MdDaw1pt8B7FwVgN/KJ8XB2TdfoDCiV/nrz5N2 1496718072 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id D559B7E7C6 for ; Mon, 5 Jun 2017 23:01:12 -0400 (EDT) Date: Mon, 5 Jun 2017 23:01:08 -0400 From: Leo Famulari To: guix-patches@gnu.org Subject: Perl CVE-2017-6512 Message-ID: <20170606030108.GA13200@jasmine> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline These patches fix CVE-2017-6512 in perl-file-path and the copy of File::Path in perl itself. --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlk2GvQACgkQJkb6MLrK fwgd9A/+JglcBR+Or4jyVpHiVPQk1AR0/67vO7Q5gbfE7EMkApfdgmCBT2cmXu7/ nDaPdiY7sVqa9KLZRP8Yc0sJL8lA5KpCdYd685A1FHrq9Y5m6VkyJDOd2k+S8n2o 3KbhfiNUX9I5c86UG5uUwAuGrqNXshBtWSvQE5ACpMyH0iMarDFE87tmxP5bK66N kwsmAs7CZRO6aXg2KGix1PU/KrbZSEeDcK3kJmMwQp5XoU2oOQzH0krM/g1EuQZ/ 9/2bDp9BcgtD3P/8cU8WmiE0j07GZUVUz4ESGD1TWzZfIoVquoolaepSRJ61LtTo 2ZUKVGYda1+FK5m63aIcYP42jvkhski7rMfsXe6rmsysx6oSegG+Ta53ETrMaBg7 mmYfYmQYv2xpIaG/ukNprPhQKB2TiCG+4nMgJ9JrnZycFBaP+nRaU59KZfn/W9Lw aQD5wM9I04RQUYfsqPQFLzQKwnGIDPGHjU3FJBAvHOPZTgOljR8YZA8hgvQJa+Sp Z94q6Fz2aLgQ0Sh5pkv6sYkSbP/PEB5v48aeY2g/mEcrR68td4S6C9dvdO0NUSBh ffWjBmRMfPRUohut2fkxKiD5kPMPMRkBT9kMtYJ2dEI17/DZJh5YTzHcE1A2r2qU KF/P5PwkqT+p3F1n2gh9HtT/9vqM3gH/Y2GVOFgar3QeNBF1e04= =WlAT -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- ------------=_1496852282-29569-1-- From unknown Sat Sep 13 03:07:19 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27263: [PATCH 2/2] gnu: perl: Fix CVE-2017-6512 in File::Path. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 08 Jun 2017 12:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27263 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Leo Famulari Cc: 27263-done@debbugs.gnu.org Received: via spool by 27263-done@debbugs.gnu.org id=D27263.149692366316805 (code D ref 27263); Thu, 08 Jun 2017 12:08:01 +0000 Received: (at 27263-done) by debbugs.gnu.org; 8 Jun 2017 12:07:43 +0000 Received: from localhost ([127.0.0.1]:34189 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dIwE3-0004Mz-2d for submit@debbugs.gnu.org; Thu, 08 Jun 2017 08:07:43 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58178) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dIwDz-0004Mj-0B for 27263-done@debbugs.gnu.org; Thu, 08 Jun 2017 08:07:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dIwDo-0006H0-KG for 27263-done@debbugs.gnu.org; Thu, 08 Jun 2017 08:07:33 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50642) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIwDo-0006Gw-Gs; Thu, 08 Jun 2017 08:07:28 -0400 Received: from wifi-eduroam-161098.inria.fr ([128.93.161.98]:45956 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dIwDn-0007Ke-SM; Thu, 08 Jun 2017 08:07:28 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <031e297c96cc7522ca42331605079a8462784466.1496718250.git.leo@famulari.name> <87shjc66z2.fsf@gnu.org> <20170607161752.GA5750@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 20 Prairial an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Thu, 08 Jun 2017 14:07:24 +0200 In-Reply-To: <20170607161752.GA5750@jasmine> (Leo Famulari's message of "Wed, 7 Jun 2017 12:17:53 -0400") Message-ID: <877f0mznr7.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Wed, Jun 07, 2017 at 01:18:09AM +0200, Ludovic Court=C3=A8s wrote: >> Leo Famulari skribis: >>=20 >> > * gnu/packages/perl.scm (perl)[replacement]: New field. >> > (perl/fixed): New variable. >> > * gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file. >> > * gnu/local.mk (dist_patch_DATA): Add it. >>=20 >> OK too. >>=20 >> I suppose we=E2=80=99ll have to apply it in core-updates too, right? > > And, done as c67d587f94173fd42d65097165afc5c512935646. Great! > I tested that this packaging of Perl 5.26.0 builds on master, then I > "ported" the package to core-updates. I don't have the resources to > build the Perl package on core-updates in a timely manner. That=E2=80=99s a reasonable approach. We=E2=80=99ll let Hydra build it any= way and adjust if needed. Thank you! Ludo=E2=80=99.