subject:"Bug#867490\: stretch\-pu\: package perl\/5.24.1\-3\+deb9u1"

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

2017-07-15 Thread Adam D. Barratt

Control: tags -1 + pending

On Tue, 2017-07-11 at 17:46 +0100, Dominic Hargreaves wrote:
> On Mon, Jul 10, 2017 at 09:41:00PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Thu, 2017-07-06 at 20:52 +0100, Dominic Hargreaves wrote:
> > > We would like to apply the following fixes to perl in stretch for the
> > > next point release:
> > > 
> > >   * Backport various Getopt-Long fixes from upstream 2.49..2.51.
> > > (Closes: #855532, #864544)
> > >   * Backport upstream patch fixing regexp "Malformed UTF-8 character"
> > > crashes. (Closes: #864782)
> > >   * Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
> > > (Closes: #867170)
> > 
> > Please go ahead.
> 
> Thanks, done.

Flagged for acceptance.

Regards,

Adam

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

2017-07-11 Thread Dominic Hargreaves

On Mon, Jul 10, 2017 at 09:41:00PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2017-07-06 at 20:52 +0100, Dominic Hargreaves wrote:
> > We would like to apply the following fixes to perl in stretch for the
> > next point release:
> > 
> >   * Backport various Getopt-Long fixes from upstream 2.49..2.51.
> > (Closes: #855532, #864544)
> >   * Backport upstream patch fixing regexp "Malformed UTF-8 character"
> > crashes. (Closes: #864782)
> >   * Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
> > (Closes: #867170)
> 
> Please go ahead.

Thanks, done.

Dominic.

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

2017-07-10 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Thu, 2017-07-06 at 20:52 +0100, Dominic Hargreaves wrote:
> We would like to apply the following fixes to perl in stretch for the
> next point release:
> 
>   * Backport various Getopt-Long fixes from upstream 2.49..2.51.
> (Closes: #855532, #864544)
>   * Backport upstream patch fixing regexp "Malformed UTF-8 character"
> crashes. (Closes: #864782)
>   * Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
> (Closes: #867170)

Please go ahead.

Regards,

Adam

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

2017-07-06 Thread Dominic Hargreaves

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

We would like to apply the following fixes to perl in stretch for the
next point release:

  * Backport various Getopt-Long fixes from upstream 2.49..2.51.
(Closes: #855532, #864544)
  * Backport upstream patch fixing regexp "Malformed UTF-8 character"
crashes. (Closes: #864782)
  * Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
(Closes: #867170)

Hopefully the bug reports provide all the relevant context. The
jessie-pu bug #864745 is somewhat related as the third change above
is also being proposed there; the others are regressions from jessie
which appeared in stretch.

Thanks,
Dominic.
diff --git a/MANIFEST b/MANIFEST
index e4331f1..e6a3dd9 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -3007,6 +3007,7 @@ dist/base/t/fields-5_6_0.tSee if fields work
 dist/base/t/fields-5_8_0.t See if fields work
 dist/base/t/fields-base.t  See if fields work
 dist/base/t/fields.t   See if fields work
+dist/base/t/incdot.t   Test how base.pm handles '.' in @INC
 dist/base/t/isa.t  See if base's behaviour doesn't change
 dist/base/t/lib/Broken.pm  Test module for base.pm
 dist/base/t/lib/Dummy.pm   Test module for base.pm
diff --git a/cpan/Getopt-Long/lib/Getopt/Long.pm 
b/cpan/Getopt-Long/lib/Getopt/Long.pm
index fdc96bd..e71fee8 100644
--- a/cpan/Getopt-Long/lib/Getopt/Long.pm
+++ b/cpan/Getopt-Long/lib/Getopt/Long.pm
@@ -1110,10 +1110,29 @@ sub FindOption ($) {
 
 # Check if there is an option argument available.
 if ( $gnu_compat ) {
-   my $optargtype = 0; # 0 = none, 1 = empty, 2 = nonempty
-   $optargtype = ( !defined($optarg) ? 0 : ( (length($optarg) == 0) ? 1 : 
2 ) );
-   return (1, $opt, $ctl, undef)
- if (($optargtype == 0) && !$mand);
+   my $optargtype = 0; # none, 1 = empty, 2 = nonempty, 3 = aux
+   if ( defined($optarg) ) {
+   $optargtype = (length($optarg) == 0) ? 1 : 2;
+   }
+   elsif ( defined $rest || @$argv > 0 ) {
+   # GNU getopt_long() does not accept the (optional)
+   # argument to be passed to the option without = sign.
+   # We do, since not doing so breaks existing scripts.
+   $optargtype = 3;
+   }
+   if(($optargtype == 0) && !$mand) {
+   if ( $type eq 'I' ) {
+   # Fake incremental type.
+   my @c = @$ctl;
+   $c[CTL_TYPE] = '+';
+   return (1, $opt, \@c, 1);
+   }
+   my $val
+ = defined($ctl->[CTL_DEFAULT]) ? $ctl->[CTL_DEFAULT]
+ : $type eq 's' ? ''
+ :0;
+   return (1, $opt, $ctl, $val);
+   }
return (1, $opt, $ctl, $type eq 's' ? '' : 0)
  if $optargtype == 1;  # --foo=  -> return nothing
 }
@@ -2322,11 +2341,14 @@ do. Without C, C<--opt=> gives an error. 
With C,
 C<--opt=> will give option C and empty value.
 This is the way GNU getopt_long() does it.
 
+Note that C<--opt value> is still accepted, even though GNU
+getopt_long() doesn't.
+
 =item gnu_getopt
 
 This is a short way of setting C C C
 C. With C, command line handling should be
-fully compatible with GNU getopt_long().
+reasonably compatible with GNU getopt_long().
 
 =item require_order
 
diff --git a/debian/.git-dpm b/debian/.git-dpm
index e62f968..28b4395 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-641936971e243d39e8eee510824e076c75965fc6
-641936971e243d39e8eee510824e076c75965fc6
+ceaa6f3d1fd7942ad1de321197030bb2306bd7ec
+ceaa6f3d1fd7942ad1de321197030bb2306bd7ec
 13beb365bfa6ab6c49c061bd55769bf272a5e1bf
 13beb365bfa6ab6c49c061bd55769bf272a5e1bf
 perl_5.24.1.orig.tar.xz
diff --git a/debian/changelog b/debian/changelog
index c48cff7..d05b73a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+perl (5.24.1-3+deb9u1) UNRELEASED; urgency=medium
+
+  * Backport various Getopt-Long fixes from upstream 2.49..2.51.
+(Closes: #855532, #864544)
+  * Backport upstream patch fixing regexp "Malformed UTF-8 character"
+crashes. (Closes: #864782)
+  * Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
+(Closes: #867170)
+
+ -- Dominic Hargreaves   Fri, 23 Jun 2017 21:31:26 +0100
+
 perl (5.24.1-3) unstable; urgency=high
 
   * [CVE-2017-6512] Fix file permissions race condition in File-Path;
diff --git a/debian/patches/debian/CVE-2016-1238/base-pm-amends-pt2.diff 
b/debian/patches/debian/CVE-2016-1238/base-pm-amends-pt2.diff
new file mode 100644
index 000..fd44d21
--- /dev/null
+++ b/debian/patches/debian/CVE-2016-1238/base-pm-amends-pt2.diff
@@ -0,0 +1,206 @@
+From ceaa6f3d1fd7942ad1de321197030bb2306bd7ec Mon Sep 17 00:00:00 2001
+From: Aristotle Pagaltzis 
+Date: Mon, 13 Feb 2017 01:28:14 +0100
+Subject: wip
+
+[latest version of

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

Bug#867490: stretch-pu: package perl/5.24.1-3+deb9u1

4 matches

Site Navigation

Mail list logo

Footer information