./lang/perl5, Practical Extraction and Report Language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.30.3, Package name: perl-5.30.3, Maintainer: pkgsrc-users

Perl is a general-purpose programming language originally developed
for text manipulation and now used for a wide range of tasks including
system administration, web development, network programming, GUI
development, and more. The language is intended to be practical (easy
to use, efficient, complete) rather than beautiful (tiny, elegant,
minimal). Its major features are that it's easy to use, supports both
procedural and object-oriented (OO) programming, has powerful built-in
support for text processing, and has one of the world's most impressive
collections of third-party modules.


Required to build:
[pkgtools/cwrappers]

Package options: 64bitauto, threads

Master sites: (Expand)

SHA1: 1003c6aa71d8966501038178459a9fa4e9aba747
RMD160: 7aaec213f6537a53abd8fd97bb96d91b681cdf1e
Filesize: 12085.086 KB

Version history: (Expand)


CVS history: (Expand)


   2020-06-03 10:39:16 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
perl5: updated to 5.30.3

perl v5.30.3

Security
   [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
       A signed "size_t" integer overflow in the storage space \ 
calculations for nested regular expression
       quantifiers could cause a heap buffer overflow in Perl's regular \ 
expression compiler that overwrites memory
       allocated after the regular expression storage space with attacker \ 
supplied data.

       The target system needs a sufficient amount of memory to allocate partial \ 
expansions of the nested
       quantifiers prior to the overflow occurring.  This requirement is \ 
unlikely to be met on 64-bit systems.

   [CVE-2020-10878] Integer overflow via malformed bytecode produced by a \ 
crafted regular expression
       Integer overflows in the calculation of offsets between instructions for \ 
the regular expression engine could
       cause corruption of the intermediate language state of a compiled regular \ 
expression.  An attacker could
       abuse this behaviour to insert instructions into the compiled form of a \ 
Perl regular expression.

   [CVE-2020-12723] Buffer overflow caused by a crafted regular expression
       Recursive calls to "S_study_chunk()" by Perl's regular \ 
expression compiler to optimize the intermediate
       language representation of a regular expression could cause corruption of \ 
the intermediate language state of
       a compiled regular expression.

   Additional Note
       An application written in Perl would only be vulnerable to any of the \ 
above flaws if it evaluates regular
       expressions supplied by the attacker.  Evaluating regular expressions in \ 
this fashion is known to be
       dangerous since the regular expression engine does not protect against \ 
denial of service attacks in this
       usage scenario.

Incompatible Changes
       There are no changes intentionally incompatible with Perl 5.30.2.

Modules and Pragmata
   Updated Modules and Pragmata
       o   Module::CoreList has been upgraded from version 5.20200314 to \ 
5.20200601_30.
   2020-03-17 04:45:56 by Roland Illig | Files touched by this commit (1)
Log message:
lang/perl5: remove obsolete SUBST actions

These did not have any effect since the files have changed meanwhile.
   2020-03-15 21:10:46 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
perl: update to 5.30.2.

Incompatible Changes

    There are no changes intentionally incompatible with 5.30.0. If any
    exist, they are bugs, and we request that you submit a report. See
    "Reporting Bugs" below.

Modules and Pragmata

  Updated Modules and Pragmata

    *   Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.

    *   Module::CoreList has been upgraded from version 5.20191110 to
        5.20200314.

Configuration and Compilation
    *   GCC 10 is now supported by Configure.

Selected Bug Fixes
    *   printf() or sprintf() with the %n format no longer cause a panic on
        debugging builds, or report an incorrectly cached length value when
        producing "SVfUTF8" flagged strings.

    *   A memory leak in regular expression patterns has been fixed.

    *   A read beyond buffer in grok_infnan has been fixed.

    *   An assertion failure in the regular expression engine has been
        fixed.

    *   "(?{...})" eval groups in regular expressions no longer
        unintentionally trigger "EVAL without pos change exceeded limit in
        regex".
   2019-11-24 02:08:22 by Greg Troxel | Files touched by this commit (1)
Log message:
lang/perl5: Fix compiler check via pkglint

AUTOFIX: Makefile:267: Replacing "${PKGSRC_COMPILER} == \ 
\"xlc\"" with "${PKGSRC_COMPILER:Mxlc}".
   2019-11-14 10:56:56 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
perl5: updated to 5.30.1

what is new for perl v5.30.1

Incompatible Changes
       There are no changes intentionally incompatible with 5.30.1.  If any
       exist, they are bugs, and we request that you submit a report.  See
       "Reporting Bugs" below.

Modules and Pragmata
   Updated Modules and Pragmata
       o   Module::CoreList has been upgraded from version 5.20190522 to
           5.20191110.

Documentation
   Changes to Existing Documentation
       We have attempted to update the documentation to reflect the changes
       listed in this document.  If you find any we have missed, send email to
       perlbug@perl.org <mailto:perlbug@perl.org>.

       Additionally, documentation has been updated to reference GitHub as the
       new canonical repository and to describe the new GitHub pull request
       workflow.

Configuration and Compilation
       o   The "ECHO" macro is now defined.  This is used in a \ 
"dtrace" rule
           that was originally changed for FreeBSD, and the FreeBSD make
           apparently predefines it.  The Solaris make does not predefine
           "ECHO" which broke this rule on Solaris.

Testing
       Tests were added and changed to reflect the other additions and changes
       in this release.

Platform Support
   Platform-Specific Notes
       Win32
           The locale tests could crash on Win32 due to a Windows bug, and
           separately due to the CRT throwing an exception if the locale name
           wasn't validly encoded in the current code page.

           For the second we now decode the locale name ourselves, and always
           decode it as UTF-8.

Selected Bug Fixes
       o   Setting $) now properly sets supplementary group ids, if you have
           the necessary privileges.

       o   "readline @foo" now evaluates @foo in scalar context.  \ 
Previously,
           it would be evaluated in list context, and since readline() pops
           only one argument from the stack, the stack could underflow, or be
           left with unexpected values on it.

       o   sv_gets() now recovers better if the target SV is modified by a
           signal handler.

       o   Matching a non-"SVf_UTF8" string against a regular expression
           containing Unicode literals could leak an SV on each match attempt.

       o   "sprintf("%.*a", -10000, $x)" would cause a \ 
buffer overflow due to
           mishandling of the negative precision value.

       o   "scalar()" on a reference could cause an erroneous assertion
           failure during compilation.
   2019-11-11 22:32:12 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
perl5: evaluating this regex to force utf8_heavy.pl to load no longer works,
use a unicode 'tr///' instead.

Fixes Bugzilla checksetup.pl, which uses Safe.

Thanks to many on #perl on freenode.
PR pkg/54625
Bump PKGREVISION
   2019-11-04 18:47:31 by Roland Illig | Files touched by this commit (14)
Log message:
mk: make BROKEN a list of lines, like PKG_FAIL_REASON

Packages defined the variable BROKEN inconsistently. Some added quotes,
like they are required in PKG_FAIL_REASON, some omitted them.

Now all packages behave the same, and pkglint will flag future mistakes.
   2019-11-03 20:04:09 by Roland Illig | Files touched by this commit (159)
Log message:
lang: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.