| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
OK sthen@
|
| |
|
|
|
| |
All functional changes were committed already, this updates the
version number, Module::Corelist, and documentation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod
Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.
Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.
Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".
Proceed when you feel comfortable. deraadt@
|
| |
|
|
| |
Timing is good deraadt@, OK sthen@
|
| |
|
|
|
|
|
| |
Minor bugfixes and documentation improvments. See perldelta for details.
https://metacpan.org/pod/release/SHAY/perl-5.28.2/pod/perldelta.pod
OK bluhm@
|
| |
|
|
| |
looking good sthen@, Great! bluhm@
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
| |
OK bluhm@, Reads ok sthen@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem relates to Perl 5 ("perl") loading modules from the
includes directory array ("@INC") in which the last element is the
current directory ("."). That means that, when "perl" wants to
load a module (during first compilation or during lazy loading of
a module in run-time), perl will look for the module in the current
directory at the end, since '.' is the last include directory in
its array of include directories to seek. The issue is with requiring
libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts
a user at risk whenever they execute any Perl scripts from a directory
that is writable by other accounts on the system. For instance, if
a user is logged in as root and changes directory into /tmp or an
account's home directory, it is possible to now run any shell
commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl,
since a significant proportion of Perl scripts will execute code
in the current working directory whenever they are run. For example,
if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm,
and then I log in as root, change directory to /tmp, and run "perldoc
perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
| | |
|
| |
|
|
| |
OK bluhm@
|
| | |
|
| | |
|
| |
|
|
| |
ok deraadt@ sthen@ espie@ miod@
|
| |
|
|
| |
ok deraadt@ sthen@ espie@ miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Derived from Perl git commit http://perl5.git.perl.org/perl.git
19be3be6968e2337bcdfe480693fff795ecd1304
Add a configuration variable/option to limit recursion when dumping
deep data structures.
Defaults the limit to 1000, which can be reduced or increase, or
eliminated by setting it to 0.
This patch addresses CVE-2014-4330. This bug was found and
reported by: LSE Leading Security Experts GmbH employee Markus
Vervier.
From Maximilian Pascher; OK schwarze@ afresh1@
|
| |
|
|
|
|
| |
http://cpansearch.perl.org/src/SHAY/libnet-1.27/Changes
ok millert@
|
| |
|
|
| |
ok millert@
|
| |
|
|
| |
OK espie@ sthen@ deraadt@
|
| |
|
|
| |
(some more to do after this one)
|
| |
|
|
|
|
| |
For more information please refer to: http://code.activestate.com/lists/perl5-porters/191311/
ok millert@
|
| | |
|
| | |
|
| |
|
|
| |
ok espie@ millert@
|
| |
|
|
|
| |
Thanks Emeric Boit for reporting me this.
ok millert@ espie@
|
| |
|
|
|
|
|
|
|
|
| |
ucfirst(), uc() and lc() forget to set the tainted flag if input
was marked as tainted.
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99
ok millert@
|
| |
|
|
| |
ok millert@
|
| |
|
|
|
| |
tested in bulk build.
ok millert@
|
| |
|
|
|
| |
from Abel Abraham Camarillo Ojeda
ok espie@ millert@
|
| |
|
|
| |
"multipart_init()" HTTP Header Injection Vulnerability.
|
| |
|
|
|
|
|
| |
"multipart_init()" HTTP Header Injection Vulnerability.
- add a mention in patchlevel.h (reminded by millert@)
ok millert@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok millert@
|
| |
|
|
| |
it if setuid. Found by Kevin Finisterre, fix from perl developers.
|
| | |
|
| |
|
|
|
|
|
| |
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
@_ can't have junk in it even in the non-USE_ITHREADS case because
caller() wants to populate @DB::args with it (causes a coredump
in Carp::confess())
|
| | |
|
| | |
|
| | |
|
| | |
|
afresh1
millert
bluhm
jasper
sthen
rpointel
brad