Skip to content

Bump Perl versions to fix various CVE's in perl 5.3[468] #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zakame merged 2 commits into from
Nov 30, 2023
Merged

Bump Perl versions to fix various CVE's in perl 5.3[468] #149

zakame merged 2 commits into from
Nov 30, 2023

Conversation

@waterkip
Copy link
Contributor

@waterkip waterkip commented Nov 27, 2023

@zakame
Copy link
Member

zakame commented Nov 27, 2023

Not quite yet, waiting for Perl/perl5#21671

zakame
zakame requested changes Nov 27, 2023
View reviewed changes
Copy link
Member

@zakame zakame left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will need updated SHA256s per http://nntp.perl.org/group/perl.perl5.porters/267365 (once they're available at the primary CPAN site, they're currently hosted at Paul's server.)

@waterkip
Copy link
Contributor Author

waterkip commented Nov 27, 2023

It seems we go to: 5.34.3, 5.36.3 and 5.38.2.

See https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267372.html

@waterkip
Bump versions for CVE updates
98679ec 
Signed-off-by: Wesley Schwengle <waterkip@cpan.org>
@waterkip
Copy link
Contributor Author

waterkip commented Nov 29, 2023

We have the updated SHA's and version numbers from https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267400.html but we cannot download them yet from cpan.org:

Downloading https://www.cpan.org/src/5.0/perl-5.34.3.tar.xz
tar: downloads/perl-5.34.3.tar.xz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
Couldn't create a temp git repo for 5.34.3 at ./generate.pl line 140.

@waterkip
⚙️ Regenerate Dockerfiles
4b0ac4e 
Signed-off-by: Wesley Schwengle <waterkip@cpan.org>
@waterkip waterkip requested a review from zakame November 29, 2023 21:58
@zakame
Copy link
Member

zakame commented Nov 30, 2023

Thanks for the updates @waterkip! We can drop the eol renames - only the oldest previous release is moved there (e.g. 5.32.1,) and this directory is really used only for forced rebuilds like in #101

zakame
zakame approved these changes Nov 30, 2023
View reviewed changes
Copy link
Member

@zakame zakame left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, will drop eol changes in next commit

@zakame zakame merged commit 8bbadd2 into Perl:master Nov 30, 2023
zakame added a commit to zakame/docker-library-official-images that referenced this pull request Nov 30, 2023
@zakame
library/perl: Fix multiple Perls for CVEs
f979d67 
- https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267400.html
- Perl/docker-perl#149
@zakame zakame mentioned this pull request Nov 30, 2023
Merged
@waterkip waterkip deleted the perl-cve-nov2023 branch November 30, 2023 22:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zakame zakame zakame approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waterkip @zakame