Fedora 10 Update: perl-5.10.0-73.fc10
Posted by Benjamin D. Thomas   
Fedora This security update fixes an off-by-one overflow in Compress::Raw::Zlib (CVE-2009-1391) Moreover, it contains a subtle change to the configuration that does not affect the Perl interpreter itself, but fixes the propagation of the chosen options to the modules. For example, a rebuild of perl-Wx against perl-5.10.0-73 will fix bug 508496.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-7680
2009-07-15 20:00:47
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 10
Version     : 5.10.0
Release     : 73.fc10
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

This security update fixes an off-by-one overflow in Compress::Raw::Zlib
(CVE-2009-1391)  Moreover, it contains a subtle change to the configuration that
does not affect the Perl interpreter itself, but fixes the propagation of the
chosen options to the modules.  For example, a rebuild of perl-Wx against
perl-5.10.0-73 will fix bug 508496.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  7 2009 Stepan Kasal  - 4:5.10.0-73
- re-enable tests
* Tue Jul  7 2009 Stepan Kasal  - 4:5.10.0-72
- move -DPERL_USE_SAFE_PUTENV to ccflags (#508496)
* Mon Jun  8 2009 Marcela Mašláňová  - 4:5.10.0-71
- #504386 update of Compress::Raw::Zlib 2.020
* Thu Jun  4 2009 Marcela Mašláňová  - 4:5.10.0-70
- update File::Spec (PathTools) to 3.30
* Wed Jun  3 2009 Stepan Kasal  - 4:5.10.0-69
- fix #221113, $! wrongly set when EOF is reached
* Fri Apr 10 2009 Marcela Mašláňová  - 4:5.10.0-68
- do not use quotes in patchlevel.h; it breaks installation from cpan (#495183)
* Tue Apr  7 2009 Stepan Kasal  - 4:5.10.0-67
- update CGI to 3.43, dropping upstreamed perl-CGI-escape.patch
* Tue Apr  7 2009 Stepan Kasal  - 4:5.10.0-66
- fix CGI::escape for all strings (#472571)
- perl-CGI-t-util-58.patch: Do not distort lib/CGI/t/util-58.t
  http://rt.perl.org/rt3/Ticket/Display.html?id=64502
* Fri Mar 27 2009 Stepan Kasal  - 4:5.10.0-65
- Move the gargantuan Changes* collection to -devel (#492605)
* Tue Mar 24 2009 Stepan Kasal  - 4:5.10.0-64
- update module autodie
* Mon Mar 23 2009 Stepan Kasal  - 4:5.10.0-63
- update Digest::SHA (fixes 489221)
* Wed Mar 11 2009 Tom "spot" Callaway  - 4:5.10.0-62
- drop 26_fix_pod2man_upgrade (don't need it)
- fix typo in %define ExtUtils_CBuilder_version
* Wed Mar 11 2009 Tom "spot" Callaway  - 4:5.10.0-61
- apply Change 34507: Fix memory leak in single-char character class optimization
- Reorder @INC, based on b9ba2fadb18b54e35e5de54f945111a56cbcb249
- fix Archive::Extract to fix test failure caused by tar >= 1.21
- Merge useful Debian patches
* Tue Mar 10 2009 Stepan Kasal  - 4:5.10.0-60
- remove compatibility obsolete sitelib directories
- use a better BuildRoot
- drop a redundant mkdir in %install
- call patchlevel.h only once; rm patchlevel.bak
- update modules Sys::Syslog, Module::Load::Conditional, Module::CoreList,
  Test::Harness, Test::Simple, CGI.pm (dropping the upstreamed patch),
  File::Path (that includes our perl-5.10.0-CVE-2008-2827.patch),
  constant, Pod::Simple, Archive::Tar, Archive::Extract, File::Fetch,
  File::Temp, IPC::Cmd, Time::HiRes, Module::Build, ExtUtils::CBuilder
- standardize the patches for updating embedded modules
- work around a bug in Module::Build tests bu setting TMPDIR to a directory
  inside the source tree
* Sun Mar  8 2009 Robert Scheck  - 4:5.10.0-59
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Feb 16 2009 Tom "spot" Callaway  - 4:5.10.0-58
- add /usr/lib/perl5/site_perl to otherlibs (bz 484053)
* Mon Feb 16 2009 Dennis Gilmore  - 4:5.10.0-57
- build sparc64 without _smp_mflags
* Sat Feb  7 2009 Dennis Gilmore  - 4:5.10.0-56
- limit sparc builds to -j12
* Tue Feb  3 2009 Marcela Mašláňová  - 4:5.10.0-55
- update IPC::Cmd to v 0.42
* Mon Jan 19 2009 Marcela Mašláňová  - 4:5.10.0-54
- 455410 http://rt.perl.org/rt3/Public/Bug/Display.html?id=54934
  Attempt to free unreferenced scalar fiddling with the symbol table
  Keep the refcount of the globs generated by PerlIO::via balanced.
* Mon Dec 22 2008 Marcela Mašláňová  - 4:5.10.0-53
- add missing XHTML.pm into Pod::Simple
* Fri Dec 12 2008 Marcela Mašláňová  - 4:5.10.0-52
- 295021 CVE-2007-4829 perl-Archive-Tar directory traversal flaws
- add another source for binary files, which test untaring links
* Fri Nov 28 2008 Tom "spot" Callaway  - 4:5.10.0-51
- to fix Fedora bz 473223, which is really perl bug #54186 (http://rt.perl.org/rt3//Public/Bug/Display.html?id=54186)
  we apply Changes 33640, 33881, 33896, 33897
* Mon Nov 24 2008 Marcela Mašláňová  - 4:5.10.0-50
- change summary according to RFC fix summary discussion at fedora-devel :)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #504386 - Buffer overflow in Compress::Raw::Zlib
        https://bugzilla.redhat.com/show_bug.cgi?id=504386
  [ 2 ] Bug #508496 - Perl: symbol lookup error: .../Wx.so: undefined symbol: Perl_Guse_safe_putenv_ptr
        https://bugzilla.redhat.com/show_bug.cgi?id=508496
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce