Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
We would like to apply the following fixes to perl in stretch for the
next point release:
* Backport various Getopt-Long fixes from upstream 2.49..2.51.
(Closes: #855532, #864544)
* Backport upstream patch fixing regexp "Malformed UTF-8 character"
crashes. (Closes: #864782)
* Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
(Closes: #867170)
Hopefully the bug reports provide all the relevant context. The
jessie-pu bug #864745 is somewhat related as the third change above
is also being proposed there; the others are regressions from jessie
which appeared in stretch.
Thanks,
Dominic.
diff --git a/MANIFEST b/MANIFEST
index e4331f1..e6a3dd9 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -3007,6 +3007,7 @@ dist/base/t/fields-5_6_0.tSee if fields work
dist/base/t/fields-5_8_0.t See if fields work
dist/base/t/fields-base.t See if fields work
dist/base/t/fields.t See if fields work
+dist/base/t/incdot.t Test how base.pm handles '.' in @INC
dist/base/t/isa.t See if base's behaviour doesn't change
dist/base/t/lib/Broken.pm Test module for base.pm
dist/base/t/lib/Dummy.pm Test module for base.pm
diff --git a/cpan/Getopt-Long/lib/Getopt/Long.pm
b/cpan/Getopt-Long/lib/Getopt/Long.pm
index fdc96bd..e71fee8 100644
--- a/cpan/Getopt-Long/lib/Getopt/Long.pm
+++ b/cpan/Getopt-Long/lib/Getopt/Long.pm
@@ -1110,10 +1110,29 @@ sub FindOption ($) {
# Check if there is an option argument available.
if ( $gnu_compat ) {
- my $optargtype = 0; # 0 = none, 1 = empty, 2 = nonempty
- $optargtype = ( !defined($optarg) ? 0 : ( (length($optarg) == 0) ? 1 :
2 ) );
- return (1, $opt, $ctl, undef)
- if (($optargtype == 0) && !$mand);
+ my $optargtype = 0; # none, 1 = empty, 2 = nonempty, 3 = aux
+ if ( defined($optarg) ) {
+ $optargtype = (length($optarg) == 0) ? 1 : 2;
+ }
+ elsif ( defined $rest || @$argv > 0 ) {
+ # GNU getopt_long() does not accept the (optional)
+ # argument to be passed to the option without = sign.
+ # We do, since not doing so breaks existing scripts.
+ $optargtype = 3;
+ }
+ if(($optargtype == 0) && !$mand) {
+ if ( $type eq 'I' ) {
+ # Fake incremental type.
+ my @c = @$ctl;
+ $c[CTL_TYPE] = '+';
+ return (1, $opt, \@c, 1);
+ }
+ my $val
+ = defined($ctl->[CTL_DEFAULT]) ? $ctl->[CTL_DEFAULT]
+ : $type eq 's' ? ''
+ :0;
+ return (1, $opt, $ctl, $val);
+ }
return (1, $opt, $ctl, $type eq 's' ? '' : 0)
if $optargtype == 1; # --foo= -> return nothing
}
@@ -2322,11 +2341,14 @@ do. Without C, C<--opt=> gives an error.
With C,
C<--opt=> will give option C and empty value.
This is the way GNU getopt_long() does it.
+Note that C<--opt value> is still accepted, even though GNU
+getopt_long() doesn't.
+
=item gnu_getopt
This is a short way of setting C C C
C. With C, command line handling should be
-fully compatible with GNU getopt_long().
+reasonably compatible with GNU getopt_long().
=item require_order
diff --git a/debian/.git-dpm b/debian/.git-dpm
index e62f968..28b4395 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-641936971e243d39e8eee510824e076c75965fc6
-641936971e243d39e8eee510824e076c75965fc6
+ceaa6f3d1fd7942ad1de321197030bb2306bd7ec
+ceaa6f3d1fd7942ad1de321197030bb2306bd7ec
13beb365bfa6ab6c49c061bd55769bf272a5e1bf
13beb365bfa6ab6c49c061bd55769bf272a5e1bf
perl_5.24.1.orig.tar.xz
diff --git a/debian/changelog b/debian/changelog
index c48cff7..d05b73a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+perl (5.24.1-3+deb9u1) UNRELEASED; urgency=medium
+
+ * Backport various Getopt-Long fixes from upstream 2.49..2.51.
+(Closes: #855532, #864544)
+ * Backport upstream patch fixing regexp "Malformed UTF-8 character"
+crashes. (Closes: #864782)
+ * Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
+(Closes: #867170)
+
+ -- Dominic Hargreaves Fri, 23 Jun 2017 21:31:26 +0100
+
perl (5.24.1-3) unstable; urgency=high
* [CVE-2017-6512] Fix file permissions race condition in File-Path;
diff --git a/debian/patches/debian/CVE-2016-1238/base-pm-amends-pt2.diff
b/debian/patches/debian/CVE-2016-1238/base-pm-amends-pt2.diff
new file mode 100644
index 000..fd44d21
--- /dev/null
+++ b/debian/patches/debian/CVE-2016-1238/base-pm-amends-pt2.diff
@@ -0,0 +1,206 @@
+From ceaa6f3d1fd7942ad1de321197030bb2306bd7ec Mon Sep 17 00:00:00 2001
+From: Aristotle Pagaltzis
+Date: Mon, 13 Feb 2017 01:28:14 +0100
+Subject: wip
+
+[latest version of