Debian Patches

Status for perl/5.32.1-4+deb11u4

Patch Description Author Forwarded Bugs Origin Last update
debian/cpan_definstalldirs.diff Provide a sensible INSTALLDIRS default for modules installed from CPAN.

Some modules which are included in core set INSTALLDIRS => 'perl'
explicitly in Makefile.PL or Build.PL. This makes sense for the normal @INC
ordering, but not ours.
Brendan O'Dea <bod@debian.org> no 2005-03-08
debian/db_file_ver.diff Remove overly restrictive DB_File version check.

Package dependencies ensure the correct library is linked at run-time.
Brendan O'Dea <bod@debian.org> no debian 2005-12-16
debian/doc_info.diff Replace generic man(1) instructions with Debian-specific information.

Indicate that the user needs to install the perl-doc package.
Brendan O'Dea <bod@debian.org> no 2005-03-18
debian/enc2xs_inc.diff Tweak enc2xs to follow symlinks and ignore missing @INC directories.

- ignore missing directories,
- follow symlinks (/usr/share/perl/5.8 -> 5.8.4).
- filter "." out when running "enc2xs -C", it's unnecessary and causes
issues with follow => 1 (see #603686 and [rt.cpan.org #64585])
Brendan O'Dea <bod@debian.org> no debian 2005-03-08
debian/errno_ver.diff Remove Errno version check due to upgrade problems with long-running processes.


Remove version check which can cause problems for long running
processes embedding perl when upgrading to a newer version,
compatible, but built on a different machine.
Brendan O'Dea <bod@debian.org> no debian 2005-12-16
debian/libperl_embed_doc.diff Note that libperl-dev package is required for embedded linking Brendan O'Dea <bod@debian.org> no debian 2005-03-08
fixes/respect_umask.diff Respect umask during installation
This is needed to satisfy Debian policy regarding group-writable
site directories.
Brendan O'Dea <bod@debian.org> no 2005-03-08
debian/writable_site_dirs.diff Set umask approproately for site install directories
Policy requires group writable site directories
Brendan O'Dea <bod@debian.org> no 2005-03-08
debian/extutils_set_libperl_path.diff EU:MM: set location of libperl.a under /usr/lib
The Debian packaging moves libperl.a a couple of levels up from the
CORE directory to match other static libraries.
Niko Tyni <ntyni@debian.org> no 2014-05-10
debian/no_packlist_perllocal.diff Don't install .packlist or perllocal.pod for perl or vendor Brendan O'Dea <bod@debian.org> no 2005-03-08
debian/fakeroot.diff Postpone LD_LIBRARY_PATH evaluation to the binary targets.
Modify the setting of LD_LIBRARY_PATH to append pre-existing values at the
time the rule is evaluated rather than when the Makefile is created.

This is required when building packages with dpkg-buildpackage and fakeroot,
since fakeroot (which now sets LD_LIBRARY_PATH) is not used for the "build"
rule where the Makefile is created, but is for the clean/binary* targets.
Brendan O'Dea <bod@debian.org> no 2005-03-18
debian/instmodsh_doc.diff Debian policy doesn't install .packlist files for core or vendor. Brendan O'Dea <bod@debian.org> no 2005-03-08
debian/ld_run_path.diff Remove standard libs from LD_RUN_PATH as per Debian policy. Brendan O'Dea <bod@debian.org> no 2005-03-18
debian/libnet_config_path.diff Set location of libnet.cfg to /etc/perl/Net as /usr may not be writable. Brendan O'Dea <bod@debian.org> no 2005-03-08
debian/perlivp.diff Make perlivp skip include directories in /usr/local

On Sat, Jan 10, 2009 at 12:37:18AM +1100, Brendan O'Dea wrote:
> On Wed, Jan 7, 2009 at 12:21 AM, Niko Tyni <ntyni@debian.org> wrote:

> > We could create the directories in a postinst script, but I'm not sure
> > I see the point. They will be created automatically when installing
> > CPAN modules.
>
> The directories are intentionally not created, as this way they are
> excluded from the search path at start-up, saving a bunch of wasted
> stats at use/require time in the common case that the user has not
> installed any local packages. As Niko points out, they will be
> created as required.
Niko Tyni <ntyni@debian.org> no debian 2009-01-09
debian/squelch-locale-warnings.diff Squelch locale warnings in Debian package maintainer scripts

The system locales are rather frequently out of sync with the C library
during package upgrades, causing a huge amount of useless Perl locale
warnings. Squelch them when running package maintainer scripts, detected
by the DPKG_RUNNING_VERSION environment variable.

Any real locale problem will show up after the system upgrade too, and
the warning will be triggered normally again at that point.
Niko Tyni <ntyni@debian.org> no debian 2010-10-03
debian/patchlevel.diff List packaged patches in patchlevel.h

The list of packaged patches is in patchlevel-debian.h, which is generated
from the debian/patches/ directory when building the package.
Niko Tyni <ntyni@debian.org> no debian vendor 2011-05-15
fixes/document_makemaker_ccflags.diff Document that CCFLAGS should include $Config{ccflags}

Compiling XS extensions without $Config{ccflags} can break the
binary interface on some platforms.
Niko Tyni <ntyni@debian.org> yes debian upstream 2011-05-30
debian/find_html2text.diff Configure CPAN::Distribution with correct name of html2text

If you use cpan from Debian you usually wind up trying to read online
documentation through it. Unfortunately cpan can't find the
html2text.pl script even though it is installed using the Debian
package 'html2text'.

Please see the attached patch for a quick fix of this issue.

[Maintainer's note: html2text in Debian is not the same implementation
as the html2text.pl which is expected, but should provide similar
functionality].
Andreas Marschke <andreas.marschke@googlemail.com> no debian 2011-09-17
debian/perl5db-x-terminal-emulator.patch Invoke x-terminal-emulator rather than xterm in perl5db.pl
In Debian systems, xterm might not exist or might not be the preferred
terminal emulator. Use x-terminal-emulator instead
Dominic Hargreaves <dom@earth.li> not-needed debian 2012-04-14
debian/cpan-missing-site-dirs.diff Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is writable

The site directories do not exist on a typical Debian system. The build
systems will create them when necessary, so there's no need for a prompt
suggesting local::lib if the first existing parent directory is writable.

Also, writability of the core directories is not interesting as we
explicitly tell CPAN not to touch those with INSTALLDIRS=site.
Niko Tyni <ntyni@debian.org> no debian 2012-10-16
fixes/memoize_storable_nstore.diff Memoize::Storable: respect 'nstore' option not respected
Memoize(3perl) says:

tie my %cache => 'Memoize::Storable', $filename, 'nstore';
memoize 'function', SCALAR_CACHE => [HASH => \%cache];

Include the ‘nstore’ option to have the "Storable" database
written in ‘network order’. (See Storable for more details
about this.)

In fact the "nstore" option does no such thing. Option parsing looks
like this:

@options{@_} = ();

$self->{OPTIONS}{'nstore'} is accordingly set to undef. Later
Memoize::Storable checks if the option is true, and since undef is
not true, the "else" branch is always taken.

if ($self->{OPTIONS}{'nstore'}) {
Storable::nstore($self->{H}, $self->{FILENAME});
} else {
Storable::store($self->{H}, $self->{FILENAME});
}

Correcting the condition to (exists $self->{OPTIONS}{'nstore'}) fixes
it.

Noticed because git-svn, which uses the 'nstore' option for its
on-disk caches, was producing

Byte order is not compatible at ../../lib/Storable.pm

when run using a perl with a different integer size (and hence
byteorder).

Reported by Tim Retout (RT#77790)
Jonathan Nieder <jrnieder@gmail.com> yes debian upstream 2012-07-27
debian/makemaker-pasthru.diff Pass LD settings through to subdirectories
[rt.cpan.org #28632] fixed most issues with passing LD down to
subdirectory Makefile.PL files. However, there are some distributions
(including Wx, Par::Packer, and Verilog-Perl) that explicitly set
LD. Those still can't be overridden from the command line. Adding LD to
the PASTHRU list fixes this.
Niko Tyni <ntyni@debian.org> no debian 2014-08-24
debian/makemaker-manext.diff Make EU::MakeMaker honour MANnEXT settings in generated manpage headers

This was inherited from early changes by Brendan O'Dea, previously
(accidentally) in debian/prefix_changes.diff and before that in
debian/extutils_hacks.diff
Niko Tyni <ntyni@debian.org> no debian 2015-07-01
debian/kfreebsd-softupdates.diff Work around Debian Bug#796798
kFreeBSD 10 (possibly only with softupdates enabled) may defer
calculating the mtime for more than 2 seconds. Work around this
with a stat() call to calculate the mtime immediately.

(Modified to only stat() on kfreebsd by Niko Tyni)
Steven Chamberlain <steven@pyro.eu.org> no debian 2015-12-17
fixes/memoize-pod.diff Fix POD errors in Memoize Dominic Hargreaves <dom@cpan.org> yes upstream 2016-02-06
debian/hurd-softupdates.diff Fix t/op/stat.t failures on hurd
We already do this on GNU/kFreeBSD, and GNU/Hurd seems to need same
treatment.
Niko Tyni <ntyni@debian.org> no debian 2016-04-28
fixes/math_complex_doc_great_circle.diff Math::Trig: clarify definition of great_circle_midpoint Dominic Hargreaves <dom@earth.li> yes debian upstream 2016-04-30
fixes/math_complex_doc_see_also.diff Math::Trig: add missing SEE ALSO Dominic Hargreaves <dom@earth.li> yes debian upstream 2016-04-30
fixes/math_complex_doc_angle_units.diff Math::Trig: document angle units Dominic Hargreaves <dom@earth.li> yes debian upstream 2016-04-30
fixes/cpan_web_link.diff CPAN: Add link to main CPAN web site Dominic Hargreaves <dom@earth.li> yes debian upstream 2016-04-30
debian/hppa_op_optimize_workaround.diff Temporarily lower the optimization of op.c on hppa due to gcc-6 problems

This fixes a crash in ext/XS-APItest/t/customop.t

It's currently unclear if the problem is with the code or the
gcc-6 optimizer.
Niko Tyni <ntyni@debian.org> no debian 2016-09-25
debian/installman-utf8.diff Generate man pages with UTF-8 characters
This fixes totally incorrectly rendered manual pages like
perlunicook and perltw.
Niko Tyni <ntyni@debian.org> no debian 2016-11-19
debian/hppa_opmini_optimize_workaround.diff Lower the optimization level of opmini.c on hppa
This further amends debian/hppa_op_optimize_workaround.diff to affect
miniperl too.
Niko Tyni <ntyni@debian.org> yes debian upstream 2017-07-29
debian/sh4_op_optimize_workaround.diff Also lower the optimization level of op.c and opmini.c on sh4
This amends
debian/hppa_op_optimize_workaround.diff
debian/hppa_opmini_optimize_workaround.diff
Niko Tyni <ntyni@debian.org> no debian 2017-07-29
debian/perldoc-pager.diff Fix perldoc terminal escapes when sensible-pager is less
This is a temporary fix while upstream is reworking the
pager handling.
Niko Tyni <ntyni@debian.org> yes debian upstream 2017-10-13
debian/prune_libs.diff Prune the list of libraries wanted to what we actually need.

We want to keep the dependencies on perl-base as small as possible,
and some of the original list may be present on buildds (see Bug#128355).

(Backported to metaconfig unit probes by Niko Tyni)
Brendan O'Dea <bod@debian.org> no debian 2005-03-18
debian/mod_paths.diff Tweak @INC ordering for Debian
Our order is:

etc (Debian specific, for config files)
site (5.8.1)
vendor (all)
core in perl-base (Debian specific, via APPLLIB_EXP)
core (5.8.1)
site (version-indep)
site (pre-5.8.1)

The rationale being that an admin (via site), or module packager
(vendor) can chose to shadow core modules when there is a newer
version than is included in core.

(later updates by Niko Tyni)
Brendan O'Dea <bod@debian.org> no 2005-03-18
debian/configure-regen.diff Regenerate Configure et al. after probe unit changes Niko Tyni <ntyni@debian.org> no debian 2017-10-14
debian/deprecate-with-apt.diff Point users to Debian packages of deprecated core modules Dominic Hargreaves <dom@earth.li> no debian 2010-05-17
debian/disable-stack-check.diff Disable debugperl stack extension checks for binary compatibility with perl

When an XS module is built without -DDEBUGGING but the interpreter is,
the debugging stack high-water mark checking on the interpreter side
doesn't work properly. This makes /usr/bin/debugperl less useful than
it could be as it can no longer use many XS module packages.

Patch the check away for now. We hope upstream will provide a Configure
option for this in the future.
Niko Tyni <ntyni@debian.org> yes debian upstream 2018-07-16
debian/perlbug-editor.diff Use "editor" as the default perlbug editor, as per Debian policy Niko Tyni <ntyni@debian.org> no debian 2019-02-24
debian/eu-mm-perl-base.diff Suppress an ExtUtils::MakeMaker warning about our non-default @INC
Config.pm gets loaded from a different path than archlibexp on Debian.
Niko Tyni <ntyni@debian.org> no debian 2020-06-06
fixes/hurd-cachepropagate-test-fix.diff GNU/Hurd doesn't support SO_PROTOCOL Samuel Thibault <sthibault@debian.org> no debian https://github.com/Perl/perl5/pull/17873 2020-06-18
fixes/io_socket_ip_ipv6.diff Disable getaddrinfo(3) AI_ADDRCONFIG for localhost and IPv4 numeric addresses

I_ADDRCONFIG can be a bad default for systems with a dual protocol
loopback device but just IPv6 connectivity. In such a case,
getaddrinfo(3) on 127.0.0.1 or 0.0.0.0 will fail with EAI_ADDRFAMILY
even though the loopback device is able to handle them.
Niko Tyni <ntyni@debian.org> yes 2020-07-04
fixes/encode-CVE-2021-36770.diff mitigate @INC pollution when loading ConfigLocal Ricardo Signes <rjbs@semiotic.systems> no 2021-07-17
fixes/regcomp-memleak.diff regcomp.c: Remove memory leak
This fixes GH #18604. There was a path through the code where a
particular SV did not get its reference count decremented.

I did an audit of the function and came up with several other
possiblities that are included in this commit.

Further, there would be leaks for some instances of finding syntax
errors in the input pattern, or when warnings are fatalized. Those
would require mortalizing some SVs, but that is beyond the scope of this
commit.
Karl Williamson <khw@cpan.org> yes debian upstream backport, https://github.com/Perl/perl5/commit/5f41fa466a67b5535aa8bcf4b814f242545ac7bd 2021-02-27
fixes/CVE-2023-47038.diff Fix read/write past buffer end: perl-security#140
A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.

In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.

This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.

What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.

The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.

This commit also does white-space adjustment so that things align
vertically for readability.

This can be easily backported to earlier Perl releases.
Karl Williamson <khw@cpan.org> no debian backport, https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 2023-09-09
CVE-2020-16156/01-b27c51a.patch bugfix: signature verification type CANNOT_VERIFY was not recognized Andreas Koenig <andk@cpan.org> yes debian upstream https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c 2021-11-21
CVE-2020-16156/02-bcbf6d6.patch Add two new failure modes based on cpan_path Andreas Koenig <andk@cpan.org> yes debian upstream https://github.com/andk/cpanpm/commit/bcbf6d608e48d25306ecfd273118b4d6ba1c5df6 2021-11-21
CVE-2020-16156/03-46fe910.patch use gpg --verify --output ... to disentangle data and signature Andreas Koenig <andk@cpan.org> yes debian upstream https://github.com/andk/cpanpm/commit/46fe910becd5746adca92e18660567c9e8d37eb5 2021-11-21
CVE-2020-16156/04-7f9e5e8.patch replacing die with mydie in three spots Andreas Koenig <andk@cpan.org> yes debian upstream https://github.com/andk/cpanpm/commit/7f9e5e8c52f535c1c13e177595a5ef4710c72058 2021-11-22
CVE-2020-16156/05-c03257d.patch disambiguate the call to gpg --output by adding --verify
-- thanks to Stig Palmquist for the suggestion
Andreas Koenig <andk@cpan.org> yes debian upstream https://github.com/andk/cpanpm/commit/c03257dbebccd4deeff1987d5efd98113643f717 2021-11-22
CVE-2020-16156/06-7d4d5e3.patch s/gpg/$gpg/ in system, add quotes where needed
- thanks to Tomas Hoger for spotting the missing sigil
Andreas Koenig <andk@cpan.org> yes debian upstream https://github.com/andk/cpanpm/commit/7d4d5e32bcd9b75f7bf70a395938a48ca4a06d25 2022-01-10
CVE-2020-16156/07-89b13ba.patch s,/dev/null,$devnull,
- another thanks to Tomas Hoger for spotting that
Andreas Koenig <andk@cpan.org> yes debian upstream https://github.com/andk/cpanpm/commit/89b13baf1d46e4fb10023af30ef305efec4fd603 2022-01-12
CVE-2023-31484.patch Add verify_SSL=>1 to HTTP::Tiny to verify https server identity Stig Palmquist <git@stig.io> yes debian upstream https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 2023-02-28

All known versions for source package 'perl'

Links