Bug#841078: libfcgi-perl: use libfcgi-dev instead of the bundled version
Damyan Ivanov
dmn at debian.org
Mon Oct 23 14:38:56 UTC 2017
-=| Florian Schlichting, 17.10.2016 15:31:55 +0200 |=-
> I closed #815840 with the upload that fixed CVE-2012-6687, but
> Tianon
> rightly suggests that the best solution would be to use libfcgi-dev and
> ignore the bundled version of libfcgi.
>
> This doesn't seem to be so simple, though; he is running into undefined
> symbols, and I noticed that the RCS version header for os_unix.c is
> _newer_ in libfcgi-perl than what's in libfcgi-dev. Plus libfgi upstream
> seems dead as in "after many quiet years, the mailing list address
> boundes"...
libfcgi-perl seems to be pretty heavily used (popcon 121595; 4129
vote; 11826 recent), so removing it (as was my first reaction after
reading this bug report) does not seem feasible.
However, I managed to make it compile with the system-wide libfcgi
after removing the two routines that are not present in Debian's
libfcgi API: Attach and Detach.
Their description is:
=item $req->Detach()
Temporarily detaches filehandles on an accepted connection.
=item $req->Attach()
Re-attaches filehandles on an accepted connection.
What do others think, is this, together with documenting the removal
in a Debian.NEWS entry, a feasible approach?
More information about the pkg-perl-maintainers
mailing list