Log message:
perl5: remove workaround for /self/proc/exe being '/'

The patch is from 2008, and according to martin@ on current-users@,
the problem was fixed in 2007 in sys/miscfs/procfs/procfs_vnops.c
rev 1.152). If the problem is still there, please file a NetBSD bug
report.

Bump PKGREVISION.

Log message:
perl5: add link to upstream bug report

Log message:
perl5: stop two she-bang replacements that broke tests

after discussion with upstream

pkglint cleanups while here.

Log message:
*: recursive bump for perl 5.40

Log message:
perl5: pkglint -F

Log message:
perl: update to 5.40.0.

Core Enhancements

    New __CLASS__ Keyword
    :reader attribute for field variables
    Permit a space in -M command-line option
    Restrictions to use VERSION declarations
    New builtin::inf and builtin::nan functions (experimental)
    New ^^ logical xor operator
    try/catch feature is no longer experimental
    for iterating over multiple values at a time is no longer experimental
    builtin module is no longer experimental
    The :5.40 feature bundle adds try
    use v5.40; imports builtin functions

Security

    CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
    CVE-2023-47039 - Perl for Windows binary hijacking vulnerability

Incompatible Changes

    reset EXPR now calls set-magic on scalars
    Calling the import method of an unknown package produces a warning
    return no longer allows an indirect object
    Class barewords no longer resolved as file handles in method calls under no \ 
feature "bareword_filehandles"

Log message:
lang/perl5: fix typo in documentation about PERL5_PACKLIST

Log message:
lang/perl5: add show-all-perl5-packlist target for debugging

Log message:
perl: update to 5.38.2.

This document describes differences between the 5.38.0 release and the 5.38.2
release.  B<Please note:> This document ignores Perl 5.38.1, a broken release
which existed for a couple of days only.

Security

This release fixes the following security issues.

CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property

This vulnerability was reported directly to the Perl security team by
Nathan Mills C<the.true.nathan.mills@gmail.com>.

A crafted regular expression when compiled by perl 5.30.0 through
5.38.0 can cause a one-byte attacker controlled buffer overflow in a
heap allocated buffer.

CVE-2023-47039 - Perl for Windows binary hijacking vulnerability

This vulnerability was reported to the Intel Product Security Incident
Response Team (PSIRT) by GitHub user ycdxsb
L<https://github.com/ycdxsb/WindowsPrivilegeEscalation>. PSIRT then
reported it to the Perl security team.

Perl for Windows relies on the system path environment variable to
find the shell (C<cmd.exe>). When running an executable which uses
Windows Perl interpreter, Perl attempts to find and execute C<cmd.exe>
within the operating system. However, due to path search order issues,
Perl initially looks for cmd.exe in the current working directory.

An attacker with limited privileges can exploit this behavior by
placing C<cmd.exe> in locations with weak permissions, such as
C<C:\ProgramData>. By doing so, when an administrator attempts to use
this executable from these compromised locations, arbitrary code can
be executed.

Log message:
perl5: Normalize the legacy darwin hack with other hacks in the package.