GNU bug report logs - #31163
[PATCH] gnu: perl: Replace with 5.26.2 [fixes CVE-2018-{6797, 6798, 6913}].

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Sun, 15 Apr 2018 15:35:01 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 31163 in the body.
You can then email your comments to 31163 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#31163; Package guix-patches. (Sun, 15 Apr 2018 15:35:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Marius Bakke <mbakke <at> fastmail.com>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sun, 15 Apr 2018 15:35:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: guix-patches <at> gnu.org
Cc: Marius Bakke <mbakke <at> fastmail.com>
Subject: [PATCH] gnu: perl: Replace with 5.26.2 [fixes CVE-2018-{6797, 6798,
 6913}].
Date: Sun, 15 Apr 2018 17:34:05 +0200

* gnu/packages/perl.scm (perl-5.26.2): New public variable.
(perl)[replacement]: New field.
---
 gnu/packages/perl.scm | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 50273d31e..34eef565b 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben <at> gmail.com>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke <at> gnu.org>
 ;;; Copyright © 2017 Raoul J.P. Bonnal <ilpuccio.febo <at> gmail.com>
-;;; Copyright © 2017 Marius Bakke <mbakke <at> fastmail.com>
+;;; Copyright © 2017, 2018 Marius Bakke <mbakke <at> fastmail.com>
 ;;; Copyright © 2017 Adriano Peluso <catonano <at> gmail.com>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me <at> tobias.gr>
 ;;; Copyright © 2017 Leo Famulari <leo <at> famulari.name>
@@ -59,6 +59,7 @@
   (package
     (name "perl")
     (version "5.26.1")
+    (replacement perl-5.26.2)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://cpan/src/5.0/perl-"
@@ -155,6 +156,19 @@
     (home-page "http://www.perl.org/")
     (license gpl1+)))                          ; or "Artistic"
 
+;; Fixes CVE-2018-6797, CVE-2018-6798, and CVE-2018-6913.
+;; See <https://metacpan.org/changes/release/SHAY/perl-5.26.2>.
+(define-public perl-5.26.2
+  (package/inherit perl
+    (version "5.26.2")
+    (source (origin
+              (inherit (package-source perl))
+              (uri (string-append "mirror://cpan/src/5.0/perl-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp"))))))
+
 (define-public perl-algorithm-c3
   (package
     (name "perl-algorithm-c3")
-- 
2.17.0
Information forwarded to guix-patches <at> gnu.org:
bug#31163; Package guix-patches. (Tue, 17 Apr 2018 18:00:01 GMT) Full text and rfc822 format available.

Message #8 received at 31163 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 31163 <at> debbugs.gnu.org
Subject: Re: [bug#31163] [PATCH] gnu: perl: Replace with 5.26.2 [fixes
 CVE-2018-{6797, 6798, 6913}].
Date: Tue, 17 Apr 2018 13:59:21 -0400

[Message part 1 (text/plain, inline)]
On Sun, Apr 15, 2018 at 05:34:05PM +0200, Marius Bakke wrote:
> * gnu/packages/perl.scm (perl-5.26.2): New public variable.
> (perl)[replacement]: New field.

I tested this by reconfiguring my GuixSD x86_64 system and everything
seems to work. LGTM

[signature.asc (application/pgp-signature, inline)]
Reply sent to Marius Bakke <mbakke <at> fastmail.com>:
You have taken responsibility. (Tue, 17 Apr 2018 22:36:02 GMT) Full text and rfc822 format available.
Notification sent to Marius Bakke <mbakke <at> fastmail.com>:
bug acknowledged by developer. (Tue, 17 Apr 2018 22:36:02 GMT) Full text and rfc822 format available.

Message #13 received at 31163-done <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 31163-done <at> debbugs.gnu.org
Subject: Re: [bug#31163] [PATCH] gnu: perl: Replace with 5.26.2 [fixes
 CVE-2018-{6797, 6798, 6913}].
Date: Wed, 18 Apr 2018 00:35:26 +0200

[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:

> On Sun, Apr 15, 2018 at 05:34:05PM +0200, Marius Bakke wrote:
>> * gnu/packages/perl.scm (perl-5.26.2): New public variable.
>> (perl)[replacement]: New field.
>
> I tested this by reconfiguring my GuixSD x86_64 system and everything
> seems to work. LGTM

I pushed it.  Thanks for checking!

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 16 May 2018 11:24:09 GMT) Full text and rfc822 format available.
This bug report was last modified 7 years and 41 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.