./lang/perl5, Practical Extraction and Report Language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 5.38.2, Package name: perl-5.38.2, Maintainer: pkgsrc-users

Perl is a general-purpose programming language originally developed
for text manipulation and now used for a wide range of tasks including
system administration, web development, network programming, GUI
development, and more. The language is intended to be practical (easy
to use, efficient, complete) rather than beautiful (tiny, elegant,
minimal). Its major features are that it's easy to use, supports both
procedural and object-oriented (OO) programming, has powerful built-in
support for text processing, and has one of the world's most impressive
collections of third-party modules.

Required to build:

Package options: perl-64bitauto, threads

Master sites: (Expand)

Filesize: 13358.91 KB

Version history: (Expand)

CVS history: (Expand)

   2024-01-19 01:01:35 by Roland Illig | Files touched by this commit (1)
Log message:
lang/perl5: fix typo in documentation about PERL5_PACKLIST
   2024-01-19 00:49:33 by Roland Illig | Files touched by this commit (1)
Log message:
lang/perl5: add show-all-perl5-packlist target for debugging
   2023-12-05 20:36:26 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
perl: update to 5.38.2.

This document describes differences between the 5.38.0 release and the 5.38.2
release.  B<Please note:> This document ignores Perl 5.38.1, a broken release
which existed for a couple of days only.


This release fixes the following security issues.

CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property

This vulnerability was reported directly to the Perl security team by
Nathan Mills C<the.true.nathan.mills@gmail.com>.

A crafted regular expression when compiled by perl 5.30.0 through
5.38.0 can cause a one-byte attacker controlled buffer overflow in a
heap allocated buffer.

CVE-2023-47039 - Perl for Windows binary hijacking vulnerability

This vulnerability was reported to the Intel Product Security Incident
Response Team (PSIRT) by GitHub user ycdxsb
L<https://github.com/ycdxsb/WindowsPrivilegeEscalation>. PSIRT then
reported it to the Perl security team.

Perl for Windows relies on the system path environment variable to
find the shell (C<cmd.exe>). When running an executable which uses
Windows Perl interpreter, Perl attempts to find and execute C<cmd.exe>
within the operating system. However, due to path search order issues,
Perl initially looks for cmd.exe in the current working directory.

An attacker with limited privileges can exploit this behavior by
placing C<cmd.exe> in locations with weak permissions, such as
C<C:\ProgramData>. By doing so, when an administrator attempts to use
this executable from these compromised locations, arbitrary code can
be executed.
   2023-11-05 19:18:46 by Nia Alarie | Files touched by this commit (1)
Log message:
perl5: Normalize the legacy darwin hack with other hacks in the package.
   2023-11-05 19:04:20 by Nia Alarie | Files touched by this commit (1)
Log message:
perl5: Fix building on Mac OS X Tiger.
   2023-07-06 11:22:15 by Thomas Klausner | Files touched by this commit (8) | Package updated
Log message:
perl: update to 5.38.0.

Core Enhancements

    New class Feature
    Unicode 15.0 is supported
    Deprecation warnings now have specific subcategories
    %{^HOOK} API introduced
    Defined-or and logical-or assignment default expressions in signatures
    @INC Hook Enhancements and $INC and INCDIR
    Forbidden control flow out of defer or finally now detected at compile-time
    Optimistic Eval in Patterns
    REG_INF has been raised from 65,536 to 2,147,483,647
    New API functions optimize_optree and finalize_optree
    Some gotos are now permitted in defer and finally blocks
    New regexp variable ${^LAST_SUCCESSFUL_PATTERN}
    Locale category LC_NAME now supported on participating platforms

Incompatible Changes

    readline() no longer clears the stream error and eof flags
    INIT blocks no longer run after an exit() in BEGIN
    Syntax errors no longer produce "phantom error messages"
    Changes to "thread-safe" locales


    Use of ' as a package name separator is deprecated
    Switch and Smart Match operator

More details at https://metacpan.org/release/RJBS/perl-5.38.0/view/pod/perldelta.pod
   2023-07-04 12:26:29 by Jonathan Perkin | Files touched by this commit (3)
Log message:
perl5: Revert reproducibility patch.

The perl configure script parses the output of "uname -a" to calculate \ 
the OS
name, version, and also has logic to alter behaviour based on the CPU type,
etc.  The reproducibility patch breaks all that by only running "uname \ 
-s", so
all of the logic returns nothing.

This at minimum breaks the build on SunOS platforms, but likely breaks others,
if not hiding nasty bugs on platforms that on the surface appear to build ok.
   2023-07-03 23:06:13 by nikita | Files touched by this commit (3)
Log message:
perl5: reproducibility patch.