Bug 198196 (CVE-2007-5116)

Comment 1 Robert Buchholz (RETIRED) 2007-11-05 19:41:42 UTC

Perl, please advise. A patch can be found at URL, I don't know the upstream status of it.

Comment 2 Robert Buchholz (RETIRED) 2007-11-07 13:53:31 UTC

Perl, please advise.

Comment 3 Antoine Raillon (RETIRED) 2007-11-07 23:12:45 UTC

We are aware of it, however there's no status upstream yet. I'll handle it anyway =)

Comment 4 Robert Buchholz (RETIRED) 2007-11-12 02:44:42 UTC

What's the status here?

Comment 5 Antoine Raillon (RETIRED) 2007-11-12 17:20:47 UTC

- still nothing upstream
- I have an ebuild ready to be released but I'm waiting for some feedback from the security team :)

Comment 6 Antoine Raillon (RETIRED) 2007-11-12 19:27:28 UTC

patch commited in perl-5.8.8-r3

Comment 7 Pierre-Yves Rofes (RETIRED) 2007-11-12 19:41:49 UTC

Thanks Antoine.
Arches, please test and mark stable perl-5.8.8-r3.
Target keywords: "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"

Comment 8 Ferris McCormick (RETIRED) 2007-11-12 20:44:24 UTC

Stable for sparc.  All tests run cleanly, autotools work, ....

Comment 9 Jeroen Roovers (RETIRED) 2007-11-13 06:50:24 UTC

Stable for HPPA.

Comment 10 Dawid Węgliński (RETIRED) 2007-11-13 09:26:41 UTC

Tested on amd64, please mark stable

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.19-rc1-git3 x86_64)
=================================================================
System uname: 2.6.19-rc1-git3 x86_64 AMD Opteron(tm) Processor 842
Timestamp of tree: Tue, 13 Nov 2007 00:02:01 +0000
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.61-r1
sys-devel/automake:  1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=opteron -O2 -fomit-frame-pointer -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=opteron -O2 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl amd64 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv ipv6 isdnlog midi mmx mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl sse sse2 ssl tcpd test truetype-fonts type1-fonts unicode vim-syntax xorg zlib zsh-completion" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i810 mach64 mga neomagic nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 11 Markus Meier 2007-11-13 10:55:09 UTC

x86 stable

Comment 12 Raúl Porcel (RETIRED) 2007-11-13 13:46:00 UTC

alpha/ia64 stable

Comment 13 Markus Rothe (RETIRED) 2007-11-13 18:08:08 UTC

ppc64 stable

Comment 14 Tobias Scherbaum (RETIRED) 2007-11-13 19:53:56 UTC

ppc stable

Comment 15 Chris Gianelloni (RETIRED) 2007-11-14 01:11:09 UTC

amd64 done...

Comment 16 Robert Buchholz (RETIRED) 2007-11-14 01:27:22 UTC

request filed.

Comment 17 Jakub Moc (RETIRED) 2007-11-18 13:43:07 UTC

Back to ebuild, this patch broke the thing on any 64bit arch (Bug 199518)

  18 Nov 2007; <solar@gentoo.org> -files/perl-5.8.8-lib64.patch,
  +files/perl-5.8.8-libbits.patch, perl-5.8.8-r2.ebuild,
  perl-5.8.8-r3.ebuild:
  - fixed the lib64 patch that was breaking on amd64 32ul.

Comment 18 Christian Hartmann (RETIRED) 2007-11-19 09:57:31 UTC

Revbump to -r4 to clean up the mess in bug #199518 (see suggestion in comment 22). 

Comment 19 Robert Buchholz (RETIRED) 2007-11-19 11:54:02 UTC

(In reply to comment #18)
> Revbump to -r4 to clean up the mess in bug #199518 (see suggestion in comment
> 22). 

Is that our target to be stabled?

Comment 20 Christian Hartmann (RETIRED) 2007-11-19 14:11:28 UTC

(In reply to comment #19)
> Is that our target to be stabled?

Yes. -r4 is what -r3 was before the mess introduced by the patch in the bug mentioned above.

Comment 21 Robert Buchholz (RETIRED) 2007-11-19 14:23:25 UTC

Ah, it's already stable. Thanks.

Comment 22 Pierre-Yves Rofes (RETIRED) 2007-11-19 21:12:34 UTC

GLSA 200711-28, sorry for the delay.

Comment 23 Peter Volkov (RETIRED) 2008-03-06 09:46:26 UTC

Does not affect current (2008.0) release. Removing release.