| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
OK sthen@
|
| |
|
|
| |
OK sthen@
|
| |
|
|
| |
OK sthen@
|
| |
|
|
|
|
|
| |
This reapplies commit e0lLUzj1XNW7pJMh and moves libperl to 21.0
The ABI change appears to be fine after XS modules are rebuilt.
OK sthen@
|
| |
|
|
| |
Unintentionally changes ABI and breaks perl ports
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Different flags triggering new compiler optimizations means that
luck has run out on this working by chance with the strict alignment
of octeon.
Upstream issue:
https://github.com/Perl/perl5/issues/18555
This is a combination of three commits from upstream.
https://github.com/Perl/perl5/commit/d18575f18c6ee61ce80492e82cae7361358d570a
https://github.com/Perl/perl5/commit/6027b190154088fbbcbde08a80c49531e4e4c012
https://github.com/Perl/perl5/commit/f43079cb514e3d0be0036424695438ae3fb58451
works on all arch deraadt@
|
| |
|
|
|
|
|
|
|
|
|
| |
Found by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup),
Hugo van der Sanden, Slaven Rezic, and Sergey Aleynikov
Fixed by: John Lightsey, Hugo van der Sanden, and Karl Williamson
Addresses:
* CVE-2020-10543
* CVE-2020-10878
* CVE-2020-12723
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod
Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.
Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.
Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".
Proceed when you feel comfortable. deraadt@
|
| |
|
|
| |
Timing is good deraadt@, OK sthen@
|
| |
|
|
| |
Timing is good deraadt@, OK sthen@
|
| |
|
|
| |
Timing is good deraadt@, OK sthen@
|
| |
|
|
|
|
|
| |
Minor bugfixes and documentation improvments. See perldelta for details.
https://metacpan.org/pod/release/SHAY/perl-5.28.2/pod/perldelta.pod
OK bluhm@
|
| |
|
|
| |
looking good sthen@, Great! bluhm@
|
| |
|
|
| |
looking good sthen@, Great! bluhm@
|
| |
|
|
| |
looking good sthen@, Great! bluhm@
|
| |
|
|
|
|
|
|
| |
Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
Reported by GwanYeong Kim, fixed by Tony Cook.
* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)
Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.
* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)
Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.
Many thanks to deraadt@ tj@ bluhm@ tb@ robert@
|
| |
|
|
| |
OK bluhm@
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
| |
OK bluhm@, Reads ok sthen@
|
| |
|
|
| |
OK bluhm@, Reads ok sthen@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem relates to Perl 5 ("perl") loading modules from the
includes directory array ("@INC") in which the last element is the
current directory ("."). That means that, when "perl" wants to
load a module (during first compilation or during lazy loading of
a module in run-time), perl will look for the module in the current
directory at the end, since '.' is the last include directory in
its array of include directories to seek. The issue is with requiring
libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts
a user at risk whenever they execute any Perl scripts from a directory
that is writable by other accounts on the system. For instance, if
a user is logged in as root and changes directory into /tmp or an
account's home directory, it is possible to now run any shell
commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl,
since a significant proportion of Perl scripts will execute code
in the current working directory whenever they are run. For example,
if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm,
and then I log in as root, change directory to /tmp, and run "perldoc
perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
| |
|
|
| |
OK bluhm@
|
| |
|
|
|
| |
It can cause certain regular expressions with malformed UTF8 inputs
to go into a forever loop and consume 100% CPU. OK afresh1@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok deraadt@ sthen@ espie@ miod@
|
| |
|
|
| |
ok deraadt@ sthen@ espie@ miod@
|
| | |
|
| |
|
|
| |
OK espie@ sthen@ deraadt@
|
| |
|
|
| |
OK espie@ sthen@ deraadt@
|
| | |
|
| |
|
|
| |
(some more to do after this one)
|
| | |
|
| |
|
|
|
|
| |
For more information please refer to: http://code.activestate.com/lists/perl5-porters/191311/
ok millert@
|
| |
|
|
|
|
|
|
|
|
| |
ucfirst(), uc() and lc() forget to set the tainted flag if input
was marked as tainted.
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99
ok millert@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok millert@
|
| |
|
|
| |
ok millert@
|
afresh1
millert
sthen
jasper
bluhm
simon