In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/2917e21e155ca4848badf3411556471b5fe7ce13?hp=1443c94c5785506d57ff756925baa65702a6cf98>
- Log ----------------------------------------------------------------- commit 2917e21e155ca4848badf3411556471b5fe7ce13 Author: Florian Ragwitz <[email protected]> Date: Fri Oct 19 11:16:19 2012 -0300 Correct a version number in perl5180delta M Porting/perl5180delta.pod commit 2d9cd31f143aa659c3f6b691e9f411421fe48e5f Author: Florian Ragwitz <[email protected]> Date: Fri Oct 19 11:16:07 2012 -0300 Perldelta up to 1443c94 M pod/perldelta.pod commit 014e292f37a506551d3c1f9de227ebee22b175aa Author: Florian Ragwitz <[email protected]> Date: Tue Oct 16 17:16:04 2012 -0300 5.14.3 has been released M Porting/release_schedule.pod ----------------------------------------------------------------------- Summary of changes: Porting/perl5180delta.pod | 2 +- Porting/release_schedule.pod | 2 +- pod/perldelta.pod | 75 ++++++++++++++++++++++++++++++++++++++++- 3 files changed, 75 insertions(+), 4 deletions(-) diff --git a/Porting/perl5180delta.pod b/Porting/perl5180delta.pod index b0bc82a..2736236 100644 --- a/Porting/perl5180delta.pod +++ b/Porting/perl5180delta.pod @@ -333,7 +333,7 @@ platform specific bugs also go here. =item * -The following CPAN modules have test failures with perl 5.16. Patches have +The following CPAN modules have test failures with perl 5.18. Patches have been submitted for all of these, so hopefully there will be new releases soon: diff --git a/Porting/release_schedule.pod b/Porting/release_schedule.pod index 891fac8..e6fddd5 100644 --- a/Porting/release_schedule.pod +++ b/Porting/release_schedule.pod @@ -41,7 +41,7 @@ Release schedule (with release managers): 2011-05-14 5.14.0 (final) Jesse Vincent 2011-06-16 5.14.1 â Jesse Vincent 2011-09-14 5.14.2 â Florian Ragwitz - 2012-10-?? 5.14.3 Dominic Hargreaves + 2012-10-12 5.14.3 â Dominic Hargreaves ????-??-?? 5.14.4 ?? =head1 DEVELOPMENT RELEASE SCHEDULE diff --git a/pod/perldelta.pod b/pod/perldelta.pod index d7781b8..c3f934a 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -48,6 +48,16 @@ L</Selected Bug Fixes> section. [ List each security issue as a =head2 entry ] +=head2 Avoid calling memset with a negative count + +Poorly written perl code that allows an attacker to specify the count to perl's +C<x> string repeat operator can already cause a memory exhaustion +denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate +that into a heap buffer overrun; coupled with versions of glibc before 2.16, it +possibly allows the execution of arbitrary code. + +The flaw addressed to this commit has been assigned identifier CVE-2012-5195. + =head1 Incompatible Changes XXX For a release on a stable branch, this section aspires to be: @@ -139,6 +149,10 @@ XXX =item * +L<AutoLoader> has been upgraded from version 5.72 to 5.73. + +=item * + L<B::Deparse> has been upgraded from version 1.17 to 1.18. It no longer dies when deparsing C<sort> without arguments. It now correctly omits the comma for C<system $prog @args> and C<exec $prog @args>. @@ -191,12 +205,29 @@ C<shortmess()> functions are now documented. =item * +L<CPANPLUS> has been upgraded from version 0.9131 to 0.9133. + +=item * + +L<Data::Dumper> has been upgraded from version 2.135_07 to 2.136. This promotes +the previous development release to a stable release. + +=item * + +L<Digest::SHA> has been upgraded from version 5.71 to 5.72. + +=item * + L<ExtUtils::CBuilder> has been upgraded from version 0.280208 to 0.280209. A list of symbols to export can now be passed to C<link()> when on Windows, as on other OSes [perl #115100]. =item * +L<feature> has been upgraded from version 1.30 to 1.31. + +=item * + L<File::Glob> has been upgraded from version 1.17 to 1.18. A space-separated list of patterns return long lists of results no longer results in memory corruption or crashes. This bug was introduced in Perl @@ -204,11 +235,42 @@ results in memory corruption or crashes. This bug was introduced in Perl =item * +L<HTTP::Tiny> has been upgraded from version 0.022 to 0.024. This improves +SSL support. + +=item * + +L<Module::CoreList> has been upgraded from version 2.73 to 2.74. + +=item * + L<PerlIO::encoding> has been upgraded from version 0.15 to 0.16. This is the module implementing the ":encoding(...)" I/O layer. It no longer corrupts memory or crashes when the encoding back-end reallocates the buffer or gives it a typeglob or shared hash key scalar. +=item * + +L<threads::shared> has been upgraded from version 1.41 to 1.42. This adds +support for dual-valued values as created by +L<Scalar::Util::dualvar|Scalar::Util/"dualvar NUM, STRING">. + +=item * + +L<Unicode::Collate> hsa been upgraded from version 0.89 to 0.90. + +=item * + +L<Unicode::Normalize> has been upgraded from version 1.14 to 1.15. + +=item * + +L<warnings> has been upgraded from version 1.14 to 1.15. + +=item * + +L<Win32CORE> has been upgraded from version 0.03 to 0.04. + =back =head2 Removed Modules and Pragmata @@ -395,9 +457,9 @@ L</Modules and Pragmata> section. =over 4 -=item XXX-some-platform +=item Win32 -XXX +The option to build without USE_SOCKETS_AS_HANDLES has been removed. =back @@ -640,6 +702,15 @@ buffer in place. C<length($object)> no longer returns the undefined value if the object has string overloading that returns undef. [perl #115260] +=item * + +The use of C<PL_stashcache>, the stash name lookup cache for method calls, has +been restored, + +Commit da6b625f78f5f133 in August 2011 inadvertently broke the code that looks +up values in C<PL_stashcache>. As it's a only cache, quite correctly everything +carried on working without it. + =back =head1 Known Problems -- Perl5 Master Repository
