All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit branch/2018.02.x] package/perl: security bump to version 5.26.3
@ 2019-02-25  7:54 Peter Korsgaard
  0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2019-02-25  7:54 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=6bece12dffaf9a3300a3f8c57661750df585bd1a
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2018.02.x

Fixes the following security issues:

- [CVE-2018-12015] Directory traversal in module Archive::Tar
- [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
- [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
- [CVE-2018-18313] Heap-buffer-overflow read in S_grok_bslash_N (regcomp.c)
- [CVE-2018-18314] Heap-buffer-overflow write in S_regatom (regcomp.c)

For more details, see perldelta:
https://metacpan.org/changes/release/SHAY/perl-5.26.3

Bump perlcross to 1.2.2 for perl 5.26.3 support.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/perl/perl.hash | 12 ++++++------
 package/perl/perl.mk   |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package/perl/perl.hash b/package/perl/perl.hash
index 210f6d581b..502f0db9df 100644
--- a/package/perl/perl.hash
+++ b/package/perl/perl.hash
@@ -1,7 +1,7 @@
-# Hashes from: http://www.cpan.org/src/5.0/perl-5.26.2.tar.xz.{md5,sha1,sha256}.txt
-md5    1fa1b53eeff76aa37b17bfc9b2771671                                 perl-5.26.2.tar.xz
-sha1   bfa5c7921ed7bf5e035dbf2f7ff81367b81e372c                         perl-5.26.2.tar.xz
-sha256 0f8c0fb1b0db4681adb75c3ba0dd77a0472b1b359b9e80efd79fc27b4352132c perl-5.26.2.tar.xz
+# Hashes from: http://www.cpan.org/src/5.0/perl-5.26.3.tar.xz.{md5,sha1,sha256}.txt
+md5    218d73f2334d2f3fdaff5a1f35358247                                 perl-5.26.3.tar.xz
+sha1   ca73432ac07288fdce2063f5e09c642e28584226                         perl-5.26.3.tar.xz
+sha256 e0a17cdaed5304aea1783e507e56bb0001dd72c46f211553ead3a580c3f38135 perl-5.26.3.tar.xz
 
-# Hashes from: http://github.com/arsv/perl-cross/releases/download/1.1.9/perl-cross-1.1.9.hash
-sha256	0bbb450e48d07e7fdf867d578b1780ac8f0e8dc284d52301dac4d763b42f6041  perl-cross-1.1.9.tar.gz
+# Hashes from: http://github.com/arsv/perl-cross/releases/download/1.2.2/perl-cross-1.2.2.hash
+sha256	e6987838f27d8cd3368ea68fc56a68cc52371505950927b8b7c5cb76e3a94caa  perl-cross-1.2.2.tar.gz
diff --git a/package/perl/perl.mk b/package/perl/perl.mk
index 7b4a2710b1..023ef4f776 100644
--- a/package/perl/perl.mk
+++ b/package/perl/perl.mk
@@ -6,14 +6,14 @@
 
 # When updating the version here, also update utils/scancpan
 PERL_VERSION_MAJOR = 26
-PERL_VERSION = 5.$(PERL_VERSION_MAJOR).2
+PERL_VERSION = 5.$(PERL_VERSION_MAJOR).3
 PERL_SITE = http://www.cpan.org/src/5.0
 PERL_SOURCE = perl-$(PERL_VERSION).tar.xz
 PERL_LICENSE = Artistic or GPL-1.0+
 PERL_LICENSE_FILES = Artistic Copying README
 PERL_INSTALL_STAGING = YES
 
-PERL_CROSS_VERSION = 1.1.9
+PERL_CROSS_VERSION = 1.2.2
 # DO NOT refactor with the github helper (the result is not the same)
 PERL_CROSS_SITE = https://github.com/arsv/perl-cross/releases/download/$(PERL_CROSS_VERSION)
 PERL_CROSS_SOURCE = perl-cross-$(PERL_CROSS_VERSION).tar.gz

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2019-02-25  7:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-25  7:54 [Buildroot] [git commit branch/2018.02.x] package/perl: security bump to version 5.26.3 Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.