| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Modules and Pragmata
** Updated Modules and Pragmata
B::Deparse has been upgraded from version 1.56 to 1.57.
Encode has been upgraded from version 3.08 to 3.08_01.
GDBM_File has been upgraded from version 1.19 to 1.19_01.
Module::CoreList has been upgraded from version 5.20210520 to 5.20220313.
perl5db.pl has been upgraded from version 1.60 to 1.60_01.
* Testing
Tests were added and changed to reflect the other additions and changes in this
release.
* Selected Bug Fixes
B::Deparse now correctly handles try/catch blocks with more complex scopes.
|
|
|
|
This was to work around pdksh bugs, but we have mksh now.
|
|
|
|
PR pkg/55997
Internal stat() function for perl stores inode number as string, if it
cannot be represented by host's integer. However, unfortunately, some
components compare them as integer.
Therefore, if 64-bit integers are not supported, files cannot be handled,
whose inode number is larger than UINT32_MAX.
Usually, inode numbers on real filesystems are well below UINT32_MAX. But,
inode numbers larger than UINT32_MAX are assigned for tmpfs on LP64 kernels.
This results in build failures for perl on COMPAT_NETBSD32 if working
directory is tmpfs, and perl-64bitint and friends are not specified.
Now, inode numbers are compared as string, which works just fine even if
64-bit integers are not supported.
Cherry-picked from upstream. See https://github.com/Perl/perl5/pull/18788
and related pull-requests for more details.
|
|
|
|
|
|
Incompatible Changes
There are no changes intentionally incompatible with Perl 5.32.0.
If any exist, they are bugs, and we request that you submit a
report. See "Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
Data::Dumper has been upgraded from version 2.174 to 2.174_01.
A number of memory leaks have been fixed.
DynaLoader has been upgraded from version 1.47 to 1.47_01.
Module::CoreList has been upgraded from version 5.20200620 to
5.20210123.
Opcode has been upgraded from version 1.47 to 1.48.
A warning has been added about evaluating untrusted code with
the perl interpreter.
Safe has been upgraded from version 2.41 to 2.41_01.
A warning has been added about evaluating untrusted code with
the perl interpreter.
Documentation
New Documentation
perlgov
Documentation of the newly formed rules of governance for Perl.
perlsecpolicy
Documentation of how the Perl security team operates and how the
team evaluates new security reports.
Changes to Existing Documentation
We have attempted to update the documentation to reflect the changes
listed in this document. If you find any we have missed, open an
issue at https://github.com/Perl/perl5/issues.
Additionally, the following selected changes have been made:
perlop
Document range op behaviour change.
Diagnostics
The following additions or changes have been made to diagnostic
output, including warnings and fatal error messages. For the complete
list of diagnostic messages, see perldiag.
Changes to Existing Diagnostics
\K not permitted in lookahead/lookbehind in regex; marked by
<-- HERE in m/%s/
This error was incorrectly produced in some cases involving
nested lookarounds. This has been fixed.
[GH #18123]
Configuration and Compilation
Newer 64-bit versions of the Intel C/C++ compiler are now
recognized and have the correct flags set.
We now trap SIGBUS when Configure checks for va_copy.
On several systems the attempt to determine if we need va_copy
or similar results in a SIGBUS instead of the expected SIGSEGV,
which previously caused a core dump.
[GH #18148]
Testing
Tests were added and changed to reflect the other additions and
changes in this release.
Platform Support
Platform-Specific Notes
MacOS (Darwin)
The hints file for darwin has been updated to handle future
macOS versions beyond 10. Perl can now be built on macOS Big
Sur.
[GH #17946, GH #18406] Minix
Build errors on Minix have been fixed.
[GH #17908]
Selected Bug Fixes
Some list assignments involving undef on the left-hand side
were over-optimized and produced incorrect results.
[GH #16685, GH #17816]
Fixed a bug in which some regexps with recursive subpatterns
matched incorrectly.
[GH #18096]
Fixed a deadlock that hung the build when Perl is compiled for
debugging memory problems and has PERL_MEM_LOG enabled.
[GH #18341]
Fixed a crash in the use of chained comparison operators when
run under "no warnings 'uninitialized'".
[GH #17917, GH #18380]
Exceptions thrown from destructors during global destruction
are no longer swallowed.
[GH #18063]
|
|
The perl modules install into the vendor_perl subdirectory, so there is no
actual conflict.
Bump PKGREVISION.
|
|
|
|
part of perl
|
|
|
|
https://perldoc.perl.org/5.32.0/perldelta.html
Core Enhancements
The isa Operator
Unicode 13.0 is supported
Chained comparisons capability
New Unicode properties Identifier_Status and Identifier_Type supported
It is now possible to write qr/\p{Name=...}/, or qr!\p{na=/(SMILING|GRINNING) FACE/}!
Improvement of POSIX::mblen(), mbtowc, and wctomb
Alpha assertions are no longer experimental
Script runs are no longer experimental
Feature checks are now faster
Perl is now developed on GitHub
Compiled patterns can now be dumped before optimization
Security
[CVE-2020-10543] Buffer overflow caused by a crafted regular expression
[CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression
[CVE-2020-12723] Buffer overflow caused by a crafted regular expression
Additional Note
Incompatible Changes
Certain pattern matching features are now prohibited in compiling Unicode property value wildcard subpatterns
Unused functions POSIX::mbstowcs and POSIX::wcstombs are removed
A bug fix for (?[...]) may have caused some patterns to no longer compile
\p{_user-defined_} properties now always override official Unicode ones
Modifiable variables are no longer permitted in constants
Use of perlfunc/vec EXPR,OFFSET,BITS on strings with code points above 0xFF is forbidden
Use of code points over 0xFF in string bitwise operators
Sys::Hostname::hostname() does not accept arguments
Plain "0" string now treated as a number for range operator
\K now disallowed in look-ahead and look-behind assertions
Performance Enhancements
Modules and Pragmata
Updated Modules and Pragmata
Removed Modules and Pragmata
Documentation
Changes to Existing Documentation
Diagnostics
New Diagnostics
Changes to Existing Diagnostics
Utility Changes
the perlbug manpage
the streamzip manpage
|
|
This makes it at least link miniperl, but it still fails during the
build with:
panic: MUTEX_UNLOCK (1) [util.c:2616] at make_ext.pl line 613.
panic: MUTEX_LOCK (22) [op.c:864].
panic: MUTEX_UNLOCK (1) [util.c:2616] at make_ext.pl line 513.
panic: MUTEX_LOCK (22) [op.c:864].
|
|
These did not have any effect since the files have changed meanwhile.
|
|
AUTOFIX: Makefile:267: Replacing "${PKGSRC_COMPILER} == \"xlc\"" with "${PKGSRC_COMPILER:Mxlc}".
|
|
what is new for perl v5.30.1
Incompatible Changes
There are no changes intentionally incompatible with 5.30.1. If any
exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
o Module::CoreList has been upgraded from version 5.20190522 to
5.20191110.
Documentation
Changes to Existing Documentation
We have attempted to update the documentation to reflect the changes
listed in this document. If you find any we have missed, send email to
perlbug@perl.org <mailto:perlbug@perl.org>.
Additionally, documentation has been updated to reference GitHub as the
new canonical repository and to describe the new GitHub pull request
workflow.
Configuration and Compilation
o The "ECHO" macro is now defined. This is used in a "dtrace" rule
that was originally changed for FreeBSD, and the FreeBSD make
apparently predefines it. The Solaris make does not predefine
"ECHO" which broke this rule on Solaris.
Testing
Tests were added and changed to reflect the other additions and changes
in this release.
Platform Support
Platform-Specific Notes
Win32
The locale tests could crash on Win32 due to a Windows bug, and
separately due to the CRT throwing an exception if the locale name
wasn't validly encoded in the current code page.
For the second we now decode the locale name ourselves, and always
decode it as UTF-8.
Selected Bug Fixes
o Setting $) now properly sets supplementary group ids, if you have
the necessary privileges.
o "readline @foo" now evaluates @foo in scalar context. Previously,
it would be evaluated in list context, and since readline() pops
only one argument from the stack, the stack could underflow, or be
left with unexpected values on it.
o sv_gets() now recovers better if the target SV is modified by a
signal handler.
o Matching a non-"SVf_UTF8" string against a regular expression
containing Unicode literals could leak an SV on each match attempt.
o "sprintf("%.*a", -10000, $x)" would cause a buffer overflow due to
mishandling of the negative precision value.
o "scalar()" on a reference could cause an erroneous assertion
failure during compilation.
|
|
use a unicode 'tr///' instead.
Fixes Bugzilla checksetup.pl, which uses Safe.
Thanks to many on #perl on freenode.
PR pkg/54625
Bump PKGREVISION
|
|
pkglint -Wall -F --only aligned --only indent -r
No manual corrections.
|
|
unaligned accesses are OK.
Remove relevant hacks.mk entry to disable optimizations.
PR pkg/53568
|
|
what is new for perl v5.30.0
Core Enhancements
Limited variable length lookbehind in regular expression pattern matching is now experimentally supported
Using a lookbehind assertion (like "(?<=foo?)" or "(?<!ba{1,9}r)" previously would generate an error and
refuse to compile. Now it compiles (if the maximum lookbehind is at most 255 characters), but raises a
warning in the new "experimental::vlb" warnings category. This is to caution you that the precise behavior
is subject to change based on feedback from use in the field.
See "(?<=pattern)" in perlre and "(?<!pattern)" in perlre.
The upper limit "n" specifiable in a regular expression quantifier of the form "{m,n}" has been doubled to 65534
The meaning of an unbounded upper quantifier "{m,}" remains unchanged. It matches 2**31 - 1 times on most
platforms, and more on ones where a C language short variable is more than 4 bytes long.
Unicode 12.1 is supported
Because of a change in Unicode release cycles, Perl jumps from Unicode 10.0 in Perl 5.28 to Unicode 12.1 in
Perl 5.30.
For details on the Unicode changes, see <https://www.unicode.org/versions/Unicode11.0.0/> for 11.0;
<https://www.unicode.org/versions/Unicode12.0.0/> for 12.0; and
<https://www.unicode.org/versions/Unicode12.1.0/> for 12.1. (Unicode 12.1 differs from 12.0 only in the
addition of a single character, that for the new Japanese era name.)
The Word_Break property, as in past Perl releases, remains tailored to behave more in line with expectations
of Perl users. This means that sequential runs of horizontal white space characters are not broken apart,
but kept as a single run. Unicode 11 changed from past versions to be more in line with Perl, but it left
several white space characters as causing breaks: TAB, NO BREAK SPACE, and FIGURE SPACE (U+2007). We have
decided to continue to use the previous Perl tailoring with regards to these.
Wildcards in Unicode property value specifications are now partially supported
You can now do something like this in a regular expression pattern
qr! \p{nv= /(?x) \A [0-5] \z / }!
which matches all Unicode code points whose numeric value is between 0 and 5 inclusive. So, it could match
the Thai or Bengali digits whose numeric values are 0, 1, 2, 3, 4, or 5.
This marks another step in implementing the regular expression features the Unicode Consortium suggests.
Most properties are supported, with the remainder planned for 5.32. Details are in "Wildcards in Property
Values" in perlunicode.
qr'\N{name}' is now supported
Previously it was an error to evaluate a named character "\N{...}" within a single quoted regular expression
pattern (whose evaluation is deferred from the normal place). This restriction is now removed.
Turkic UTF-8 locales are now seamlessly supported
Turkic languages have different casing rules than other languages for the characters "i" and "I". The
uppercase of "i" is LATIN CAPITAL LETTER I WITH DOT ABOVE (U+0130); and the lowercase of "I" is LATIN SMALL
LETTER DOTLESS I (U+0131). Unicode furnishes alternate casing rules for use with Turkic languages.
Previously, Perl ignored these, but now, it uses them when it detects that it is operating under a Turkic
UTF-8 locale.
It is now possible to compile perl to always use thread-safe locale operations.
Previously, these calls were only used when the perl was compiled to be multi-threaded. To always enable
them, add
-Accflags='-DUSE_THREAD_SAFE_LOCALE'
to your Configure flags.
Eliminate opASSIGN macro usage from core
This macro is still defined but no longer used in core
"-Drv" now means something on "-DDEBUGGING" builds
Now, adding the verbose flag ("-Dv") to the "-Dr" flag turns on all possible regular expression debugging.
Incompatible Changes
Assigning non-zero to $[ is fatal
Setting $[ to a non-zero value has been deprecated since Perl 5.12 and now throws a fatal error. See
"Assigning non-zero to $[ is fatal" in perldeprecation.
Delimiters must now be graphemes
See "Use of unassigned code point or non-standalone grapheme for a delimiter." in perldeprecation
Some formerly deprecated uses of an unescaped left brace "{" in regular expression patterns are now illegal
But to avoid breaking code unnecessarily, most instances that issued a deprecation warning, remain legal and
now have a non-deprecation warning raised. See "Unescaped left braces in regular expressions" in
perldeprecation.
Previously deprecated sysread()/syswrite() on :utf8 handles is now fatal
Calling sysread(), syswrite(), send() or recv() on a ":utf8" handle, whether applied explicitly or
implicitly, is now fatal. This was deprecated in perl 5.24.
There were two problems with calling these functions on ":utf8" handles:
o All four functions only paid attention to the ":utf8" flag. Other layers were completely ignored, so a
handle with ":encoding(UTF-16LE)" layer would be treated as UTF-8. Other layers, such as compression
are completely ignored with or without the ":utf8" flag.
o sysread() and recv() would read from the handle, skipping any validation by the layers, and do no
validation of their own. This could lead to invalidly encoded perl scalars.
my() in false conditional prohibited
Declarations such as "my $x if 0" are no longer permitted.
Fatalize $* and $#
These special variables, long deprecated, now throw exceptions when used.
Fatalize unqualified use of dump()
The "dump()" function, long discouraged, may no longer be used unless it is fully qualified, i.e.,
"CORE::dump()".
Remove File::Glob::glob()
The "File::Glob::glob()" function, long deprecated, has been removed and now throws an exception which
advises use of "File::Glob::bsd_glob()" instead.
"pack()" no longer can return malformed UTF-8
It croaks if it would otherwise return a UTF-8 string that contains malformed UTF-8. This protects against
potential security threats. This is considered a bug fix as well.
Any set of digits in the Common script are legal in a script run of another script
There are several sets of digits in the Common script. "[0-9]" is the most familiar. But there are also
"[\x{FF10}-\x{FF19}]" (FULLWIDTH DIGIT ZERO - FULLWIDTH DIGIT NINE), and several sets for use in
mathematical notation, such as the MATHEMATICAL DOUBLE-STRUCK DIGITs. Any of these sets should be able to
appear in script runs of, say, Greek. But the design of 5.30 overlooked all but the ASCII digits "[0-9]",
so the design was flawed. This has been fixed, so is both a bug fix and an incompatibility.
All digits in a run still have to come from the same set of ten digits.
JSON::PP enables allow_nonref by default
As JSON::XS 4.0 changed its policy and enabled allow_nonref by default, JSON::PP also enabled allow_nonref
by default.
Deprecations
In XS code, use of various macros dealing with UTF-8.
This deprecation was scheduled to become fatal in 5.30, but has been delayed to 5.32 due to problems that
showed up with some CPAN modules. For details of what's affected, see perldeprecation.
Performance Enhancements
o Translating from UTF-8 into the code point it represents now is done via a deterministic finite
automaton, speeding it up. As a typical example, "ord("\x7fff")" now requires 12% fewer instructions
than before. The performance of checking that a sequence of bytes is valid UTF-8 is similarly improved,
again by using a DFA.
o Eliminate recursion from finalize_op().
o A handful of small optimizations related to character folding and character classes in regular
expressions.
o Optimization of "IV" to "UV" conversions.
o Speed up of the integer stringification algorithm by processing two digits at a time instead of one.
o Improvements based on LGTM analysis and recommendation.
o Code optimizations in regcomp.c, regcomp.h, regexec.c.
o Regular expression pattern matching of things like "qr/[^a]/" is significantly sped up, where a is any
ASCII character. Other classes can get this speed up, but which ones is complicated and depends on the
underlying bit patterns of those characters, so differs between ASCII and EBCDIC platforms, but all case
pairs, like "qr/[Gg]/" are included, as is "[^01]".
|
|
|
|
Do not use -delete option of find(1). It is not supported on Solaris's
native find(1) reported by Sad Clouds.
|
|
NAME
perldelta - what is new for perl v5.28.2
DESCRIPTION
This document describes differences between the 5.28.1 release and the 5.28.2 release.
If you are upgrading from an earlier release such as 5.28.0, first read perl5281delta, which describes
differences between 5.28.0 and 5.28.1.
Incompatible Changes
Any set of digits in the Common script are legal in a script run of another script
There are several sets of digits in the Common script. "[0-9]" is the most familiar. But there are also
"[\x{FF10}-\x{FF19}]" (FULLWIDTH DIGIT ZERO - FULLWIDTH DIGIT NINE), and several sets for use in
mathematical notation, such as the MATHEMATICAL DOUBLE-STRUCK DIGITs. Any of these sets should be able to
appear in script runs of, say, Greek. But the previous design overlooked all but the ASCII digits "[0-9]",
so the design was flawed. This has been fixed, so is both a bug fix and an incompatibility.
All digits in a run still have to come from the same set of ten digits.
Modules and Pragmata
Updated Modules and Pragmata
o Module::CoreList has been upgraded from version 5.20181129_28 to 5.20190419.
o PerlIO::scalar has been upgraded from version 0.29 to 0.30.
o Storable has been upgraded from version 3.08 to 3.08_01.
Platform Support
Platform-Specific Notes
Windows
The Windows Server 2003 SP1 Platform SDK build, with its early x64 compiler and tools, was accidentally
broken in Perl 5.27.9. This has now been fixed.
Mac OS X
Perl's build and testing process on Mac OS X for "-Duseshrplib" builds is now compatible with Mac OS X
System Integrity Protection (SIP).
SIP prevents binaries in /bin (and a few other places) being passed the "DYLD_LIBRARY_PATH" environment
variable. For our purposes this prevents "DYLD_LIBRARY_PATH" from being passed to the shell, which
prevents that variable being passed to the testing or build process, so running "perl" couldn't find
libperl.dylib.
To work around that, the initial build of the perl executable expects to find libperl.dylib in the build
directory, and the library path is then adjusted during installation to point to the installed library.
Selected Bug Fixes
o If an in-place edit is still in progress during global destruction and the process exit code (as stored
in $?) is zero, perl will now treat the in-place edit as successful, replacing the input file with any
output produced.
This allows code like:
perl -i -ne 'print "Foo"; last'
to replace the input file, while code like:
perl -i -ne 'print "Foo"; die'
will not.
o A regression in Perl 5.28 caused the following code to fail
close(STDIN); open(CHILD, "|wc -l")'
because the child's stdin would be closed on exec. This has now been fixed.
o "pack "u", "invalid uuencoding"" now properly NUL terminates the zero-length SV produced.
o Failing to compile a format now aborts compilation. Like other errors in sub-parses this could leave
the parser in a strange state, possibly crashing perl if compilation continued.
o See "Any set of digits in the Common script are legal in a script run of another script".
|
|
what is new for perl v5.28.1:
Security
[CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
Integer arithmetic in "Perl_my_setenv()" could wrap when the combined length of the environment variable
name and value exceeded around 0x7fffffff. This could lead to writing beyond the end of an allocated buffer
with attacker supplied data.
[CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
A crafted regular expression could cause heap-buffer-overflow write during compilation, potentially allowing
arbitrary code execution.
Incompatible Changes
There are no changes intentionally incompatible with 5.28.0. If any exist, they are bugs, and we request
that you submit a report. See "Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
o Module::CoreList has been upgraded from version 5.20180622 to 5.20181129_28.
Selected Bug Fixes
o Perl 5.28 introduced an "index()" optimization when comparing to -1 (or indirectly, e.g. >= 0). When
this optimization was triggered inside a "when" clause it caused a warning ("Argument %s isn't numeric
in smart match"). This has now been fixed.
o Matching of decimal digits in script runs, introduced in Perl 5.28, had a bug that led to "1\N{THAI
DIGIT FIVE}" matching "/^(*sr:\d+)$/" when it should not. This has now been fixed.
o The new in-place editing code no longer leaks directory handles.
|
|
|
|
Apply 03b94aa47e981af3c7b0118bfb11facda2b95251 from upstream make $^X
fallback work when platform-specific technique fails.
Bump PKGREVISION.
|
|
Back-port perl commit 3d5e9c119db6b727684fe75dfcfe5831c4351bec to
fix a file descriptor leak in in-place editing which is breaking
the build of xentools48. Should fix PR 53578. Bump PKGREVISION.
|
|
Removed some ancient patches. Fix a pkglint warning.
Core Enhancements
Unicode 10.0 is supported
delete on key/value hash slices
Experimentally, there are now alphabetic synonyms for some regular expression assertions
Mixed Unicode scripts are now detectable
In-place editing with perl -i is now safer
Initialisation of aggregate state variables
Full-size inode numbers
The sprintf %j format size modifier is now available with pre-C99 compilers
Close-on-exec flag set atomically
String- and number-specific bitwise ops are no longer experimental
Locales are now thread-safe on systems that support them
New read-only predefined variable ${^SAFE_LOCALES}
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
[CVE-2017-12883] Buffer over-read in regular expression parser
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
Default Hash Function Change
Incompatible Changes
Subroutine attribute and signature order
Comma-less variable lists in formats are no longer allowed
The :locked and :unique attributes have been removed
\N{} with nothing between the braces is now illegal
Opening the same symbol as both a file and directory handle is no longer allowed
Use of bare << to mean <<"" is no longer allowed
Setting $/ to a reference to a non-positive integer no longer allowed
Unicode code points with values exceeding IV_MAX are now fatal
The B::OP::terse method has been removed
Use of inherited AUTOLOAD for non-methods is no longer allowed
Use of strings with code points over 0xFF is not allowed for bitwise string operators
Setting ${^ENCODING} to a defined value is now illegal
Backslash no longer escapes colon in PATH for the -S switch
the -DH (DEBUG_H) misfeature has been removed
Yada-yada is now strictly a statement
Sort algorithm can no longer be specified
Over-radix digits in floating point literals
Return type of unpackstring()
Deprecations
Use of vec on strings with code points above 0xFF is deprecated
Some uses of unescaped "{" in regexes are no longer fatal
Use of unescaped "{" immediately after a "(" in regular expression patterns is deprecated
Assignment to $[ will be fatal in Perl 5.30
hostname() won't accept arguments in Perl 5.32
Module removals
Performance Enhancements
Modules and Pragmata
Removal of use vars
Use of DynaLoader changed to XSLoader in many modules
Updated Modules and Pragmata
Removed Modules and Pragmata
More details are in the included perldelta.pod.
|
|
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
|
|
5.26.2:
Security
[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written.
[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure.
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
pack() could cause a heap buffer write overflow with a large item count.
Assertion failure in Perl__core_swash_init (utf8.c)
Control characters in a supposed Unicode property name could cause perl to crash. This has been fixed.
Updated Modules and Pragmata
Module::CoreList has been upgraded from version 5.20170922_26 to 5.20180414_26.
PerlIO::via has been upgraded from version 0.16 to 0.17.
Term::ReadLine has been upgraded from version 1.16 to 1.17.
Unicode::UCD has been upgraded from version 0.68 to 0.69.
Selected Bug Fixes
The readpipe() built-in function now checks at compile time that it has only one parameter expression, and puts it in scalar context, thus ensuring that it doesn't corrupt the stack at runtime.
Fixed a use after free bug in pp_list introduced in Perl 5.27.1.
Parsing a sub definition could cause a use after free if the sub keyword was followed by whitespace including newlines (and comments).
The tokenizer now correctly adjusts a parse pointer when skipping whitespace in an ${identifier} construct.
Accesses to ${^LAST_FH} no longer assert after using any of a variety of I/O operations on a non-glob.
sort now performs correct reference counting when aliasing $a and $b, thus avoiding premature destruction and leakage of scalars if they are re-aliased during execution of the sort comparator.
Some convoluted kinds of regexp no longer cause an arithmetic overflow when compiled.
Fixed a duplicate symbol failure with -flto -mieee-fp builds. pp.c defined _LIB_VERSION which -lieee already defines.
A NULL pointer dereference in the S_regmatch() function has been fixed.
Failures while compiling code within other constructs, such as with string interpolation and the right part of s///e now cause compilation to abort earlier.
|
|
We need to remove -std=c89 so that compilers which default to C99 don't fail,
and don't automatically add -fstack-protector flags, leave it to the user to
decide via PKGSRC_USE_SSP. Fixes clang on SmartOS. Bump PKGREVISION.
|
|
This patch is a workaround for a perl core problem.
The patch has not been accepted upstream, and in its current form
introduces other bugs, see https://rt.perl.org/Ticket/Display.html?id=132448
Bump PKGREVISION.
|
|
Pkgsrc changes:
* Remove patch which has been integrated upstream
Upstream changes:
NAME
perldelta - what is new for perl v5.26.1
DESCRIPTION
This document describes differences between the 5.26.0 release and the
5.26.1 release.
If you are upgrading from an earlier release such as 5.24.0, first read
perl5260delta, which describes differences between 5.24.0 and 5.26.0.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
<https://rt.perl.org/Public/Bug/Display.html?id=131582>
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598] <https://rt.perl.org/Public/Bug/Display.html?id=131598>
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous
anyway. [perl #131665]
<https://rt.perl.org/Public/Bug/Display.html?id=131665>
Incompatible Changes
There are no changes intentionally incompatible with 5.26.0. If any
exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
* base has been upgraded from version 2.25 to 2.26.
The effects of dotless @INC on this module have been limited by the
introduction of a more refined and accurate solution for removing
'.' from @INC while reducing the false positives.
* charnames has been upgraded from version 1.44 to 1.45.
* Module::CoreList has been upgraded from version 5.20170530 to
5.20170922_26.
Platform Support
Platform-Specific Notes
FreeBSD
* Building with g++ on FreeBSD-11.0 has been fixed. [perl
#131337]
<https://rt.perl.org/Public/Bug/Display.html?id=131337>
Windows
* Support for compiling perl on Windows using Microsoft Visual
Studio 2017 (containing Visual C++ 14.1) has been added.
* Building XS modules with GCC 6 in a 64-bit build of Perl failed
due to incorrect mapping of "strtoll" and "strtoull". This has
now been fixed. [perl #131726]
<https://rt.perl.org/Public/Bug/Display.html?id=131726> [cpan
#121683]
<https://rt.cpan.org/Public/Bug/Display.html?id=121683> [cpan
#122353]
<https://rt.cpan.org/Public/Bug/Display.html?id=122353>
Selected Bug Fixes
* Several built-in functions previously had bugs that could cause
them to write to the internal stack without allocating room for the
item being written. In rare situations, this could have led to a
crash. These bugs have now been fixed, and if any similar bugs are
introduced in future, they will be detected automatically in
debugging builds. [perl #131732]
<https://rt.perl.org/Public/Bug/Display.html?id=131732>
* Using a symbolic ref with postderef syntax as the key in a hash
lookup was yielding an assertion failure on debugging builds.
[perl #131627]
<https://rt.perl.org/Public/Bug/Display.html?id=131627>
* List assignment ("aassign") could in some rare cases allocate an
entry on the mortal stack and leave the entry uninitialized. [perl
#131570] <https://rt.perl.org/Public/Bug/Display.html?id=131570>
* Attempting to apply an attribute to an "our" variable where a
function of that name already exists could result in a NULL pointer
being supplied where an SV was expected, crashing perl. [perl
#131597] <https://rt.perl.org/Public/Bug/Display.html?id=131597>
* The code that vivifies a typeglob out of a code ref made some false
assumptions that could lead to a crash in cases such as $::{"A"} =
sub {}; \&{"A"}. This has now been fixed. [perl #131085]
<https://rt.perl.org/Public/Bug/Display.html?id=131085>
* "my_atof2" no longer reads beyond the terminating NUL, which
previously occurred if the decimal point is immediately before the
NUL. [perl #131526]
<https://rt.perl.org/Public/Bug/Display.html?id=131526>
* Occasional "Malformed UTF-8 character" crashes in "s//" on utf8
strings have been fixed. [perl #131575]
<https://rt.perl.org/Public/Bug/Display.html?id=131575>
* "perldoc -f s" now finds "s///". [perl #131371]
<https://rt.perl.org/Public/Bug/Display.html?id=131371>
* Some erroneous warnings after utf8 conversion have been fixed.
[perl #131190]
<https://rt.perl.org/Public/Bug/Display.html?id=131190>
* The "jmpenv" frame to catch Perl exceptions is set up lazily, and
this used to be a bit too lazy. The catcher is now set up earlier,
preventing some possible crashes. [perl #105930]
<https://rt.perl.org/Public/Bug/Display.html?id=105930>
* Spurious "Assuming NOT a POSIX class" warnings have been removed.
[perl #131522]
<https://rt.perl.org/Public/Bug/Display.html?id=131522>
Acknowledgements
Perl 5.26.1 represents approximately 4 months of development since Perl
5.26.0 and contains approximately 8,900 lines of changes across 85
files from 23 authors.
Excluding auto-generated files, documentation and release tools, there
were approximately 990 lines of changes to 38 .pm, .t, .c and .h files.
Perl continues to flourish into its third decade thanks to a vibrant
community of users and developers. The following people are known to
have contributed the improvements that became Perl 5.26.1:
Aaron Crane, Andy Dougherty, Aristotle Pagaltzis, Chris 'BinGOs'
Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David Mitchell, E.
Choroba, Eric Herman, Father Chrysostomos, Jacques Germishuys, James E
Keenan, John SJ Anderson, Karl Williamson, Ken Brown, Lukas Mai,
Matthew Horsfall, Ricardo Signes, Sawyer X, Steve Hay, Tony Cook, Yves
Orton, Zefram.
The list above is almost certainly incomplete as it is automatically
generated from version control history. In particular, it does not
include the names of the (very much appreciated) contributors who
reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN
modules included in Perl's core. We're grateful to the entire CPAN
community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors,
please see the AUTHORS file in the Perl source distribution.
Reporting Bugs
If you find what you think is a bug, you might check the perl bug
database at <https://rt.perl.org/> . There may also be information at
<http://www.perl.org/> , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down to a
tiny but sufficient test case. Your bug report, along with the output
of "perl -V", will be sent off to perlbug@perl.org to be analysed by
the Perl porting team.
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then see
"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
how to report the issue.
Give Thanks
If you wish to thank the Perl 5 Porters for the work we had done in
Perl 5, you can do so by running the "perlthanks" program:
perlthanks
This will send an email to the Perl 5 Porters list with your show of
thanks.
SEE ALSO
The Changes file for an explanation of how to view exhaustive details
on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
|
|
CVE-2017-12837: heap buffer overflow in regular expression compiler
CVE-2017-12883: buffer over-read in regular expression parser
From upstream commits:
https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f
https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
bump PKGREVISION
|
|
Allow -Wl,-z arguments into lddlflags.
Fixes RELRO build.
Bump PKGREVISION.
While here, remove bogus comment from patch and remove reference
to two non-existing files.
|
|
|
|
Changelog:
NAME
perldelta - what is new for perl v5.22.2
DESCRIPTION
This document describes differences between the 5.22.1 release and the
5.22.2 release.
If you are upgrading from an earlier release such as 5.22.0, first read
perl5221delta, which describes differences between 5.22.0 and 5.22.1.
Security
Fix out of boundary access in Win32 path handling
This is CVE-2015-8608. For more information see [perl #126755]
<https://rt.perl.org/Ticket/Display.html?id=126755>.
Fix loss of taint in "canonpath()"
This is CVE-2015-8607. For more information see [perl #126862]
<https://rt.perl.org/Ticket/Display.html?id=126862>.
Set proper umask before calling mkstemp(3)
In 5.22.0 perl started setting umask to 0600 before calling mkstemp(3)
and restoring it afterwards. This wrongfully tells open(2) to strip
the owner read and write bits from the given mode before applying it,
rather than the intended negation of leaving only those bits in place.
Systems that use mode 0666 in mkstemp(3) (like old versions of glibc)
create a file with permissions 0066, leaving world read and write
permissions regardless of current umask.
This has been fixed by using umask 0177 instead.
[perl #127322] <https://rt.perl.org/Ticket/Display.html?id=127322>
Avoid accessing uninitialized memory in Win32 "crypt()"
Validation that will detect both a short salt and invalid characters in
the salt has been added.
://rt.perl.org/Ticket/Display.html?id=126922>
Remove duplicate environment variables from "environ"
Previously, if an environment variable appeared more than once in
"environ[]", %ENV would contain the last entry for that name, while a
typical "getenv()" would return the first entry. We now make sure %ENV
contains the same as what "getenv()" returns.
Secondly, we now remove duplicates from "environ[]", so if a setting
with that name is set in %ENV we won't pass an unsafe value to a child
process.
This is CVE-2016-2381.
Incompatible Changes
There are no changes intentionally incompatible with Perl 5.22.1. If
any exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
• File::Spec has been upgraded from version 3.56 to 3.56_01.
"canonpath()" now preserves taint. See "Fix loss of taint in
"canonpath()"".
• Module::CoreList has been upgraded from version 5.20151213 to
5.20160429.
The version number of Digest::SHA listed for Perl 5.18.4 was wrong
and has been corrected. Likewise for the version number of Config
in 5.18.3 and 5.18.4. [perl #127624]
<https://rt.perl.org/Ticket/Display.html?id=127624>
Documentation
Changes to Existing Documentation
perldiag
• The explanation of the warning "unable to close filehandle %s
properly: %s" which can occur when doing an implicit close of a
filehandle has been expanded and improved.
perlfunc
• The documentation of "hex()" has been revised to clarify valid
inputs.
Configuration and Compilation
• Dtrace builds now build successfully on systems with a newer dtrace
that require an input object file that uses the probes in the .d
file.
Previously the probe would fail and cause a build failure.
[perl #122287] <https://rt.perl.org/Ticket/Display.html?id=122287>
• Configure no longer probes for libnm by default. Originally this
was the "New Math" library, but the name has been re-used by the
GNOME NetworkManager.
[perl #127131] <https://rt.perl.org/Ticket/Display.html?id=127131>
• Configure now knows about gcc 5.
• Compiling perl with -DPERL_MEM_LOG now works again.
Platform Support
Platform-Specific Notes
Darwin
Compiling perl with -Dusecbacktrace on Darwin now works again.
[perl #127764] <https://rt.perl.org/Ticket/Display.html?id=127764>
OS X/Darwin
Builds with both -DDEBUGGING and threading enabled would fail with
a "panic: free from wrong pool" error when built or tested from
Terminal on OS X. This was caused by perl's internal management of
the environment conflicting with an atfork handler using the libc
"setenv()" function to update the environment.
Perl now uses "setenv()"/"unsetenv()" to update the environment on
OS X.
[perl #126240] <https://rt.perl.org/Ticket/Display.html?id=126240>
ppc64el
The floating point format of ppc64el (Debian naming for little-
endian PowerPC) is now detected correctly.
Tru64
A test failure in t/porting/extrefs.t has been fixed.
Internal Changes
• An unwarranted assertion in "Perl_newATTRSUB_x()" has been removed.
If a stub subroutine definition with a prototype has been seen,
then any subsequent stub (or definition) of the same subroutine
with an attribute was causing an assertion failure because of a
null pointer.
[perl #126845] <https://rt.perl.org/Ticket/Display.html?id=126845>
Selected Bug Fixes
• Calls to the placeholder &PL_sv_yes used internally when an
"import()" or "unimport()" method isn't found now correctly handle
scalar context. [perl #126042]
<https://rt.perl.org/Ticket/Display.html?id=126042>
• The "pipe()" operator would assert for "DEBUGGING" builds instead
of producing the correct error message. The condition asserted on
is detected and reported on correctly without the assertions, so
the assertions were removed. [perl #126480]
<https://rt.perl.org/Ticket/Display.html?id=126480>
• In some cases, failing to parse a here-doc would attempt to use
freed memory. This was caused by a pointer not being restored
correctly. [perl #126443]
<https://rt.perl.org/Ticket/Display.html?id=126443>
• Perl now reports more context when it sees an array where it
expects to see an operator, and avoids an assertion failure. [perl
#123737] <https://rt.perl.org/Ticket/Display.html?id=123737>
• If a here-doc was found while parsing another operator, the parser
had already read end of file, and the here-doc was not terminated,
perl could produce an assertion or a segmentation fault. This now
reliably complains about the unterminated here-doc. [perl #125540]
<https://rt.perl.org/Ticket/Display.html?id=125540>
• Parsing beyond the end of the buffer when processing a "#line"
directive with no filename is now avoided. [perl #127334]
<https://rt.perl.org/Ticket/Display.html?id=127334>
• Perl 5.22.0 added support for the C99 hexadecimal floating point
notation, but sometimes misparsed hex floats. This has been fixed.
[perl #127183] <https://rt.perl.org/Ticket/Display.html?id=127183>
• Certain regex patterns involving a complemented posix class in an
inverted bracketed character class, and matching something else
optionally would improperly fail to match. An example of one that
could fail is "qr/_?[^\Wbar]\x{100}/". This has been fixed. [perl
#127537] <https://rt.perl.org/Ticket/Display.html?id=127537>
• Fixed an issue with "pack()" where "pack "H"" (and "pack "h"")
could read past the source when given a non-utf8 source and a utf8
target. [perl #126325]
<https://rt.perl.org/Ticket/Display.html?id=126325>
• Fixed some cases where perl would abort due to a segmentation
fault, or a C-level assert. [perl #126193]
<https://rt.perl.org/Ticket/Display.html?id=126193> [perl #126257]
<https://rt.perl.org/Ticket/Display.html?id=126257> [perl #126258]
<https://rt.perl.org/Ticket/Display.html?id=126258> [perl #126405]
<https://rt.perl.org/Ticket/Display.html?id=126405> [perl #126602]
<https://rt.perl.org/Ticket/Display.html?id=126602> [perl #127773]
<https://rt.perl.org/Ticket/Display.html?id=127773> [perl #127786]
<https://rt.perl.org/Ticket/Display.html?id=127786>
• A memory leak when setting $ENV{foo} on Darwin has been fixed.
[perl #126240] <https://rt.perl.org/Ticket/Display.html?id=126240>
• Perl now correctly raises an error when trying to compile patterns
with unterminated character classes while there are trailing
backslashes. [perl #126141]
<https://rt.perl.org/Ticket/Display.html?id=126141>
• "NOTHING" regops and "EXACTFU_SS" regops in "make_trie()" are now
handled properly. [perl #126206]
<https://rt.perl.org/Ticket/Display.html?id=126206>
• Perl now only tests "semctl()" if we have everything needed to use
it. In FreeBSD the "semctl()" entry point may exist, but it can be
disabled by policy. [perl #127533]
<https://rt.perl.org/Ticket/Display.html?id=127533>
• A regression that allowed undeclared barewords as hash keys to work
despite strictures has been fixed. [perl #126981]
<https://rt.perl.org/Ticket/Display.html?id=126981>
• As an optimization (introduced in Perl 5.20.0), "uc()", "lc()",
"ucfirst()" and "lcfirst()" sometimes modify their argument in-
place rather than returning a modified copy. The criteria for this
optimization has been made stricter to avoid these functions
accidentally modifying in-place when they should not, which has
been happening in some cases, e.g. in List::Util.
• Excessive memory usage in the compilation of some regular
expressions involving non-ASCII characters has been reduced. A
more complete fix is forthcoming in Perl 5.24.0.
Acknowledgements
Perl 5.22.2 represents approximately 5 months of development since Perl
5.22.1 and contains approximately 3,000 lines of changes across 110
files from 24 authors.
Excluding auto-generated files, documentation and release tools, there
were approximately 1,500 lines of changes to 52 .pm, .t, .c and .h
files.
Perl continues to flourish into its third decade thanks to a vibrant
community of users and developers. The following people are known to
have contributed the improvements that became Perl 5.22.2:
Aaron Crane, Abigail, Andreas Koenig, Aristotle Pagaltzis, Chris
'BinGOs' Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David
Golden, David Mitchell, H.Merijn Brand, James E Keenan, Jarkko
Hietaniemi, Karen Etheridge, Karl Williamson, Matthew Horsfall, Niko
Tyni, Ricardo Signes, Sawyer X, Stevan Little, Steve Hay, Todd Rinaldo,
Tony Cook, Vladimir Timofeev, Yves Orton.
The list above is almost certainly incomplete as it is automatically
generated from version control history. In particular, it does not
include the names of the (very much appreciated) contributors who
reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN
modules included in Perl's core. We're grateful to the entire CPAN
community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors,
please see the AUTHORS file in the Perl source distribution.
|
|
Bump pkgrev
Reviewed by wiz@
|
|
|
|
Add a Configure test to verify that including <fenv.h> doesn't produce
a build error, as it will in quite few cases on NetBSD on archs which
are not amd64, i386 or sparc in NetBSD 6.x. If the test build fails,
pretend we don't have fenv.h.
Validated that the result builds on NetBSD/evbarm 6.0 and NetBSD/i386 6.1.5.
Build fix, so no need to bump PKGREVISION.
OK by wiz@
|
|
|
|
|
|
|
|
Changes include performance enhancements and various bug fixes.
Perl 5.20.1 represents approximately 4 months of development since Perl 5.20.0 and contains approximately 12,000 lines of changes across 170 files from 36 authors.
|
|
https://www.lsexperts.de/advisories/lse-2014-06-10.txt,
a stack overflow vulnerability in Data::Dumper
Patches taken from
http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304,
to be removed when updating to 5.20.1 (or later).
perl-5.20.0nb2 is fit for pkg_add -u replacement of perl-5.20.0nb1
|
|
|
|
leak .buildlink into the final build and create a broken p5-gdbm.
Bump revision.
|
|
|
|
/boot/common/lib.
Undef it for Haiku and COMPILER_LIB_DIRS instead (also for other platforms
not set here).
XXX: all platforms should be SYSLIBPATH=${COMPILER_LIB_DIRS}, or
XXX: _OPSYS_LIB_DIRS for such platforms should be fixed.
|
