Next | Query returned 411 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:

   2018-07-04 15:40:45 by Jonathan Perkin | Files touched by this commit (423)
Log message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
   2018-04-27 11:44:27 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
perl5: updated to 5.26.2


[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
A crafted regular expression could cause a heap buffer write overflow, with \ 
control over the bytes written.
[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
Matching a crafted locale dependent regular expression could cause a heap buffer \ 
read overflow and potentially information disclosure.
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
pack() could cause a heap buffer write overflow with a large item count.
Assertion failure in Perl__core_swash_init (utf8.c)
Control characters in a supposed Unicode property name could cause perl to \ 
crash. This has been fixed.

Updated Modules and Pragmata
Module::CoreList has been upgraded from version 5.20170922_26 to 5.20180414_26.
PerlIO::via has been upgraded from version 0.16 to 0.17.
Term::ReadLine has been upgraded from version 1.16 to 1.17.
Unicode::UCD has been upgraded from version 0.68 to 0.69.

Selected Bug Fixes
The readpipe() built-in function now checks at compile time that it has only one \ 
parameter expression, and puts it in scalar context, thus ensuring that it \ 
doesn't corrupt the stack at runtime.
Fixed a use after free bug in pp_list introduced in Perl 5.27.1.
Parsing a sub definition could cause a use after free if the sub keyword was \ 
followed by whitespace including newlines (and comments).
The tokenizer now correctly adjusts a parse pointer when skipping whitespace in \ 
an ${identifier} construct.
Accesses to ${^LAST_FH} no longer assert after using any of a variety of I/O \ 
operations on a non-glob.
sort now performs correct reference counting when aliasing $a and $b, thus \ 
avoiding premature destruction and leakage of scalars if they are re-aliased \ 
during execution of the sort comparator.
Some convoluted kinds of regexp no longer cause an arithmetic overflow when compiled.
Fixed a duplicate symbol failure with -flto -mieee-fp builds. pp.c defined \ 
_LIB_VERSION which -lieee already defines.
A NULL pointer dereference in the S_regmatch() function has been fixed.
Failures while compiling code within other constructs, such as with string \ 
interpolation and the right part of s///e now cause compilation to abort \ 
   2018-01-15 11:07:50 by Jonathan Perkin | Files touched by this commit (2)
Log message:
perl5: Don't add -ansi either.
   2018-01-12 12:32:21 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
perl5: Fix CFLAGS.

We need to remove -std=c89 so that compilers which default to C99 don't fail,
and don't automatically add -fstack-protector flags, leave it to the user to
decide via PKGSRC_USE_SSP.  Fixes clang on SmartOS.  Bump PKGREVISION.
   2018-01-07 12:40:57 by Roland Illig | Files touched by this commit (2)
Log message:
Improved documentation for "make help".
   2017-11-16 11:28:26 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
perl: Remove

This patch is a workaround for a perl core problem.
The patch has not been accepted upstream, and in its current form
introduces other bugs, see

   2017-10-04 14:54:17 by Havard Eidnes | Files touched by this commit (4) | Package updated
Log message:
Update perl to version 5.26.1.

Pkgsrc changes:
 * Remove patch which has been integrated upstream

Upstream changes:

       perldelta - what is new for perl v5.26.1

       This document describes differences between the 5.26.0 release and the
       5.26.1 release.

       If you are upgrading from an earlier release such as 5.24.0, first read
       perl5260delta, which describes differences between 5.24.0 and 5.26.0.

   [CVE-2017-12837] Heap buffer overflow in regular expression compiler
       Compiling certain regular expression patterns with the case-insensitive
       modifier could cause a heap buffer overflow and crash perl.  This has
       now been fixed.  [perl #131582]

   [CVE-2017-12883] Buffer over-read in regular expression parser
       For certain types of syntax error in a regular expression pattern, the
       error message could either contain the contents of a random, possibly
       large, chunk of memory, or could crash perl.  This has now been fixed.
       [perl #131598] <>

   [CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
       A possible stack buffer overflow in the %ENV code on Windows has been
       fixed by removing the buffer completely since it was superfluous
       anyway.  [perl #131665]

Incompatible Changes
       There are no changes intentionally incompatible with 5.26.0.  If any
       exist, they are bugs, and we request that you submit a report.  See
       "Reporting Bugs" below.

Modules and Pragmata
   Updated Modules and Pragmata
       *   base has been upgraded from version 2.25 to 2.26.

           The effects of dotless @INC on this module have been limited by the
           introduction of a more refined and accurate solution for removing
           '.' from @INC while reducing the false positives.

       *   charnames has been upgraded from version 1.44 to 1.45.

       *   Module::CoreList has been upgraded from version 5.20170530 to

Platform Support
   Platform-Specific Notes
           *   Building with g++ on FreeBSD-11.0 has been fixed.  [perl

           *   Support for compiling perl on Windows using Microsoft Visual
               Studio 2017 (containing Visual C++ 14.1) has been added.

           *   Building XS modules with GCC 6 in a 64-bit build of Perl failed
               due to incorrect mapping of "strtoll" and \ 
"strtoull".  This has
               now been fixed.  [perl #131726]
               <> [cpan
               <> [cpan

Selected Bug Fixes
       *   Several built-in functions previously had bugs that could cause
           them to write to the internal stack without allocating room for the
           item being written.  In rare situations, this could have led to a
           crash.  These bugs have now been fixed, and if any similar bugs are
           introduced in future, they will be detected automatically in
           debugging builds.  [perl #131732]

       *   Using a symbolic ref with postderef syntax as the key in a hash
           lookup was yielding an assertion failure on debugging builds.
           [perl #131627]

       *   List assignment ("aassign") could in some rare cases allocate an
           entry on the mortal stack and leave the entry uninitialized.  [perl
           #131570] <>

       *   Attempting to apply an attribute to an "our" variable where a
           function of that name already exists could result in a NULL pointer
           being supplied where an SV was expected, crashing perl.  [perl
           #131597] <>

       *   The code that vivifies a typeglob out of a code ref made some false
           assumptions that could lead to a crash in cases such as \ 
$::{"A"} =
           sub {}; \&{"A"}.  This has now been fixed.  [perl #131085]

       *   "my_atof2" no longer reads beyond the terminating NUL, which
           previously occurred if the decimal point is immediately before the
           NUL.  [perl #131526]

       *   Occasional "Malformed UTF-8 character" crashes in \ 
"s//" on utf8
           strings have been fixed.  [perl #131575]

       *   "perldoc -f s" now finds "s///".  [perl #131371]

       *   Some erroneous warnings after utf8 conversion have been fixed.
           [perl #131190]

       *   The "jmpenv" frame to catch Perl exceptions is set up \ 
lazily, and
           this used to be a bit too lazy.  The catcher is now set up earlier,
           preventing some possible crashes.  [perl #105930]

       *   Spurious "Assuming NOT a POSIX class" warnings have been \ 
           [perl #131522]

       Perl 5.26.1 represents approximately 4 months of development since Perl
       5.26.0 and contains approximately 8,900 lines of changes across 85
       files from 23 authors.

       Excluding auto-generated files, documentation and release tools, there
       were approximately 990 lines of changes to 38 .pm, .t, .c and .h files.

       Perl continues to flourish into its third decade thanks to a vibrant
       community of users and developers.  The following people are known to
       have contributed the improvements that became Perl 5.26.1:

       Aaron Crane, Andy Dougherty, Aristotle Pagaltzis, Chris 'BinGOs'
       Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David Mitchell, E.
       Choroba, Eric Herman, Father Chrysostomos, Jacques Germishuys, James E
       Keenan, John SJ Anderson, Karl Williamson, Ken Brown, Lukas Mai,
       Matthew Horsfall, Ricardo Signes, Sawyer X, Steve Hay, Tony Cook, Yves
       Orton, Zefram.

       The list above is almost certainly incomplete as it is automatically
       generated from version control history.  In particular, it does not
       include the names of the (very much appreciated) contributors who
       reported issues to the Perl bug tracker.

       Many of the changes included in this version originated in the CPAN
       modules included in Perl's core.  We're grateful to the entire CPAN
       community for helping Perl to flourish.

       For a more complete list of all of Perl's historical contributors,
       please see the AUTHORS file in the Perl source distribution.

Reporting Bugs
       If you find what you think is a bug, you might check the perl bug
       database at <> .  There may also be information at
       <> , the Perl Home Page.

       If you believe you have an unreported bug, please run the perlbug
       program included with your release.  Be sure to trim your bug down to a
       tiny but sufficient test case.  Your bug report, along with the output
       of "perl -V", will be sent off to to be analysed by
       the Perl porting team.

       If the bug you are reporting has security implications which make it
       inappropriate to send to a publicly archived mailing list, then see
details of
       how to report the issue.

Give Thanks
       If you wish to thank the Perl 5 Porters for the work we had done in
       Perl 5, you can do so by running the "perlthanks" program:


       This will send an email to the Perl 5 Porters list with your show of

       The Changes file for an explanation of how to view exhaustive details
       on what changed.

       The INSTALL file for how to build Perl.

       The README file for general stuff.

       The Artistic and Copying files for copyright information.
   2017-09-23 07:29:07 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
perl5: patch for CVE-2017-12837, CVE-2017-12883

CVE-2017-12837: heap buffer overflow in regular expression compiler
CVE-2017-12883: buffer over-read in regular expression parser

From upstream commits: … d2041f300f … 9a822dc8a5

   2017-09-03 10:53:18 by Thomas Klausner | Files touched by this commit (165)
Log message:
Follow some redirects.
   2017-07-07 07:54:24 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Use ldflags during build.
Allow -Wl,-z arguments into lddlflags.

Fixes RELRO build.


While here, remove bogus comment from patch and remove reference
to two non-existing files.

Next | Query returned 411 messages, browsing 1 to 10 | Previous