perl vunlnerabilities

Wesley Shields wxs at
Wed Nov 7 12:14:42 PST 2007

On Wed, Nov 07, 2007 at 08:22:23AM -0500, Andy Greenwood wrote:
> I got the notice this morning like I'm sure a lot of others did, but I had 
> a question. My home computer didn't show anything even after running 
> portaudit -Fa, and I wondered if this is because I'm running perl-threaded 
> on that box. It seems that I should have been notified, since I find it 
> rather unlikely that defining WITH_THREADS changes the regex engine it 
> uses. I have not looked at any code, so this is a wild guess. I'm updating 
> all my perls just in case, but I thought someone should know in case the 
> portaudit db needs to be updated.

The package name changes if you're using threads...

 92 .if defined(WITH_THREADS)
 93 #XXX .if ${ARCH} == "amd64"
 94 #XXX IGNORE=    Threaded perl does not pass tests on ${ARCH}
 95 #XXX .endif
 96 CONFIGURE_ARGS+=        -Dusethreads=y
 97 PKGNAMESUFFIX=          -threaded
 98 # it seems perl malloc has problems with threaded perl on FreeBSD
100 .else
101 CONFIGURE_ARGS+=        -Dusethreads=n
102 .endif

Not knowing how portaudit, vuxml, and friends work... Could this be the

-- WXS

More information about the freebsd-ports mailing list