In perl.git, the branch maint-5.16 has been updated <http://perl5.git.perl.org/perl.git/commitdiff/d88574fd8d73044fb580de6c7a5dda3665fd09fb?hp=495a70389718bcaa3f03781e37c0c82e8508f0fd>
- Log ----------------------------------------------------------------- commit d88574fd8d73044fb580de6c7a5dda3665fd09fb Author: Ricardo Signes <[email protected]> Date: Wed Oct 17 12:04:05 2012 -0400 update perldelta for 5.16.2 M pod/perldelta.pod commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b Author: Andy Dougherty <[email protected]> Date: Thu Sep 27 09:52:18 2012 -0400 avoid calling memset with a negative count Poorly written perl code that allows an attacker to specify the count to perl's 'x' string repeat operator can already cause a memory exhaustion denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate that into a heap buffer overrun; coupled with versions of glibc before 2.16, it possibly allows the execution of arbitrary code. The flaw addressed to this commit has been assigned identifier CVE-2012-5195. M util.c ----------------------------------------------------------------------- Summary of changes: pod/perldelta.pod | 294 ++--------------------------------------------------- util.c | 3 + 2 files changed, 10 insertions(+), 287 deletions(-) diff --git a/pod/perldelta.pod b/pod/perldelta.pod index b299e45..e6a1934 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -2,9 +2,6 @@ =head1 NAME -[ this is a template for a new perldelta file. Any text flagged as -XXX needs to be processed before release. ] - perldelta - what is new for perl v5.16.2 =head1 DESCRIPTION @@ -16,58 +13,11 @@ If you are upgrading from an earlier release such as 5.16.0, first read L<perl5161delta>, which describes differences between 5.16.0 and 5.16.1. -=head1 Notice - -XXX Any important notices here - -=head1 Core Enhancements - -XXX New core language features go here. Summarise user-visible core language -enhancements. Particularly prominent performance optimisations could go -here, but most should go in the L</Performance Enhancements> section. - -[ List each enhancement as a =head2 entry ] - -=head1 Security - -XXX Any security-related notices go here. In particular, any security -vulnerabilities closed should be noted here rather than in the -L</Selected Bug Fixes> section. - -[ List each security issue as a =head2 entry ] - =head1 Incompatible Changes -XXX For a release on a stable branch, this section aspires to be: - - There are no changes intentionally incompatible with 5.XXX.XXX - If any exist, they are bugs, and we request that you submit a - report. See L</Reporting Bugs> below. - -[ List each incompatible change as a =head2 entry ] - -=head1 Deprecations - -XXX Any deprecated features, syntax, modules etc. should be listed here. -In particular, deprecated modules should be listed here even if they are -listed as an updated module in the L</Modules and Pragmata> section. - -[ List each deprecation as a =head2 entry ] - -=head1 Performance Enhancements - -XXX Changes which enhance performance without changing behaviour go here. There -may well be none in a stable release. - -[ List each enhancement as a =item entry ] - -=over 4 - -=item * - -XXX - -=back +There are no changes intentionally incompatible with 5.16.0 +If any exist, they are bugs, and we request that you submit a +report. See L</Reporting Bugs> below. =head1 Modules and Pragmata @@ -81,16 +31,6 @@ cribbed. [ Within each section, list entries as a =item entry ] -=head2 New Modules and Pragmata - -=over 4 - -=item * - -XXX - -=back - =head2 Updated Modules and Pragmata =over 4 @@ -101,198 +41,20 @@ L<XXX> has been upgraded from version 0.69 to version 0.70. =back -=head2 Removed Modules and Pragmata - -=over 4 - -=item * - -XXX - -=back - -=head1 Documentation - -XXX Changes to files in F<pod/> go here. Consider grouping entries by -file and be sure to link to the appropriate page, e.g. L<perlfunc>. - -=head2 New Documentation - -XXX Changes which create B<new> files in F<pod/> go here. - -=head3 L<XXX> - -XXX Description of the purpose of the new file here - -=head2 Changes to Existing Documentation - -XXX Changes which significantly change existing files in F<pod/> go here. -However, any changes to F<pod/perldiag.pod> should go in the L</Diagnostics> -section. - -=head3 L<XXX> - -=over 4 - -=item * - -XXX Description of the change here - -=back - -=head1 Diagnostics - -The following additions or changes have been made to diagnostic output, -including warnings and fatal error messages. For the complete list of -diagnostic messages, see L<perldiag>. - -XXX New or changed warnings emitted by the core's C<C> code go here. Also -include any changes in L<perldiag> that reconcile it to the C<C> code. - -[ Within each section, list entries as a =item entry that links to perldiag, - e.g. - - =item * - - L<Invalid version object|perldiag/"Invalid version object"> -] - -=head2 New Diagnostics - -XXX Newly added diagnostic messages go here - -=head3 New Errors - -=over 4 - -=item * - -XXX L<message|perldiag/"message"> - -=back - -=head3 New Warnings - -=over 4 - -=item * - -XXX L<message|perldiag/"message"> - -=back - -=head2 Changes to Existing Diagnostics - -XXX Changes (i.e. rewording) of diagnostic messages go here - -=over 4 - -=item * - -XXX Describe change here - -=back - -=head1 Utility Changes - -XXX Changes to installed programs such as F<perlbug> and F<xsubpp> go -here. Most of these are built within the directories F<utils> and F<x2p>. - -[ List utility changes as a =head3 entry for each utility and =item -entries for each change -Use L<XXX> with program names to get proper documentation linking. ] - -=head3 L<XXX> - -=over 4 - -=item * - -XXX - -=back - =head1 Configuration and Compilation -XXX Changes to F<Configure>, F<installperl>, F<installman>, and analogous tools -go here. Any other changes to the Perl build process should be listed here. -However, any platform-specific changes should be listed in the -L</Platform Support> section, instead. - -[ List changes as a =item entry ]. - -=over 4 - -=item * - -XXX - -=back - -=head1 Testing - -XXX Any significant changes to the testing of a freshly built perl should be -listed here. Changes which create B<new> files in F<t/> go here as do any -large changes to the testing harness (e.g. when parallel testing was added). -Changes to existing files in F<t/> aren't worth summarising, although the bugs -that they represent may be covered elsewhere. - -[ List each test improvement as a =item entry ] - =over 4 -=item * - -XXX +=item * configuration should no longer be confused by ls colorization =back =head1 Platform Support -XXX Any changes to platform support should be listed in the sections below. - -[ Within the sections, list each platform as a =item entry with specific -changes as paragraphs below it. ] - -=head2 New Platforms - -XXX List any platforms that this version of perl compiles on, that previous -versions did not. These will either be enabled by new files in the F<hints/> -directories, or new subdirectories and F<README> files at the top level of the -source tree. - -=over 4 - -=item XXX - - -=back - -=head2 Discontinued Platforms - -XXX List any platforms that this version of perl no longer compiles on. - -=over 4 - -=item XXX-some-platform - -XXX - -=back - =head2 Platform-Specific Notes -XXX List any changes for specific platforms. This could include configuration -and compilation changes or changes in portability/compatibility. However, -changes within modules for platforms should generally be listed in the -L</Modules and Pragmata> section. - =over 4 -=item XXX-some-platform - -XXX - =item AIX Configure now always adds -qlanglvl=extc99 to the CC flags on AIX when @@ -301,61 +63,19 @@ that assume C99 [perl #113778]. =back -=head1 Internal Changes - -XXX Changes which affect the interface available to C<XS> code go here. -Other significant internal changes for future core maintainers should -be noted as well. - -[ List each change as a =item entry ] - -=over 4 - -=item * - -XXX - -=back - =head1 Selected Bug Fixes -XXX Important bug fixes in the core language are summarised here. -Bug fixes in files in F<ext/> and F<lib/> are best summarised in -L</Modules and Pragmata>. - -[ List each fix as a =item entry ] - =over 4 -=item * +=item * fix /\h/ equivalence with /[\h]/ -XXX +see [perl #114220] =back =head1 Known Problems -XXX Descriptions of platform agnostic bugs we know we can't fix go here. Any -tests that had to be C<TODO>ed for the release would be noted here, unless -they were specific to a particular platform (see below). - -This is a list of some significant unfixed bugs, which are regressions -from either 5.XXX.XXX or 5.XXX.XXX. - -[ List each fix as a =item entry ] - -=over 4 - -=item * - -XXX - -=back - -=head1 Obituary - -XXX If any significant core contributor has died, we've added a short obituary -here. +There are no new known problems. =head1 Acknowledgements diff --git a/util.c b/util.c index 171456f..34f5fa9 100644 --- a/util.c +++ b/util.c @@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I { PERL_ARGS_ASSERT_REPEATCPY; + if (count < 0) + Perl_croak_nocontext("%s",PL_memory_wrap); + if (len == 1) memset(to, *from, count); else if (count) { -- Perl5 Master Repository
