2024-01-19 01:01:35 by Roland Illig | Files touched by this commit (1) |
Log message:
lang/perl5: fix typo in documentation about PERL5_PACKLIST
|
2024-01-19 00:49:33 by Roland Illig | Files touched by this commit (1) |
Log message:
lang/perl5: add show-all-perl5-packlist target for debugging
|
2023-12-05 20:36:26 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
perl: update to 5.38.2.
This document describes differences between the 5.38.0 release and the 5.38.2
release. B<Please note:> This document ignores Perl 5.38.1, a broken release
which existed for a couple of days only.
Security
This release fixes the following security issues.
CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
This vulnerability was reported directly to the Perl security team by
Nathan Mills C<the.true.nathan.mills@gmail.com>.
A crafted regular expression when compiled by perl 5.30.0 through
5.38.0 can cause a one-byte attacker controlled buffer overflow in a
heap allocated buffer.
CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
This vulnerability was reported to the Intel Product Security Incident
Response Team (PSIRT) by GitHub user ycdxsb
L<https://github.com/ycdxsb/WindowsPrivilegeEscalation>. PSIRT then
reported it to the Perl security team.
Perl for Windows relies on the system path environment variable to
find the shell (C<cmd.exe>). When running an executable which uses
Windows Perl interpreter, Perl attempts to find and execute C<cmd.exe>
within the operating system. However, due to path search order issues,
Perl initially looks for cmd.exe in the current working directory.
An attacker with limited privileges can exploit this behavior by
placing C<cmd.exe> in locations with weak permissions, such as
C<C:\ProgramData>. By doing so, when an administrator attempts to use
this executable from these compromised locations, arbitrary code can
be executed.
|
2023-11-05 19:18:46 by Nia Alarie | Files touched by this commit (1) |
Log message:
perl5: Normalize the legacy darwin hack with other hacks in the package.
|
2023-11-05 19:04:20 by Nia Alarie | Files touched by this commit (1) |
Log message:
perl5: Fix building on Mac OS X Tiger.
|
2023-07-06 11:22:15 by Thomas Klausner | Files touched by this commit (8) | |
Log message:
perl: update to 5.38.0.
Core Enhancements
New class Feature
Unicode 15.0 is supported
Deprecation warnings now have specific subcategories
%{^HOOK} API introduced
PERL_RAND_SEED
Defined-or and logical-or assignment default expressions in signatures
@INC Hook Enhancements and $INC and INCDIR
Forbidden control flow out of defer or finally now detected at compile-time
Optimistic Eval in Patterns
REG_INF has been raised from 65,536 to 2,147,483,647
New API functions optimize_optree and finalize_optree
Some gotos are now permitted in defer and finally blocks
New regexp variable ${^LAST_SUCCESSFUL_PATTERN}
Locale category LC_NAME now supported on participating platforms
Incompatible Changes
readline() no longer clears the stream error and eof flags
INIT blocks no longer run after an exit() in BEGIN
Syntax errors no longer produce "phantom error messages"
utf8::upgrade()
Changes to "thread-safe" locales
Deprecations
Use of ' as a package name separator is deprecated
Switch and Smart Match operator
More details at https://metacpan.org/release/RJBS/perl-5.38.0/view/pod/perldelta.pod
|
2023-07-04 12:26:29 by Jonathan Perkin | Files touched by this commit (3) |
Log message:
perl5: Revert reproducibility patch.
The perl configure script parses the output of "uname -a" to calculate \
the OS
name, version, and also has logic to alter behaviour based on the CPU type,
etc. The reproducibility patch breaks all that by only running "uname \
-s", so
all of the logic returns nothing.
This at minimum breaks the build on SunOS platforms, but likely breaks others,
if not hiding nasty bugs on platforms that on the surface appear to build ok.
|
2023-07-03 23:06:13 by nikita | Files touched by this commit (3) |
Log message:
perl5: reproducibility patch.
|
2023-06-06 14:42:56 by Taylor R Campbell | Files touched by this commit (1319) |
Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.
Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).
No change to BUILD_DEPENDS as used correctly inside buildlink3.
As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
|
2023-05-06 01:01:32 by Jonathan Perkin | Files touched by this commit (1) |
Log message:
perl5: Stop using csh on SunOS.
illumos is in the process of removing it from the system, but perl still
prefers it when globbing if available, and will still try to exec /bin/csh.
|