Branch: refs/heads/maint-5.38
Home: https://github.com/Perl/perl5
Commit: 92a9eb3d0d52ec7655c1beb29999a5a5219be664
https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664
Author: Karl Williamson <k...@cpan.org>
Date: 2023-10-20 (Fri, 20 Oct 2023)
Changed paths:
M regcomp.c
M t/re/pat_advanced.t
Log Message:
-----------
Fix read/write past buffer end: perl-security#140
A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.
In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.
This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.
What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.
The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.
This commit also does white-space adjustment so that things align
vertically for readability.
This can be easily backported to earlier Perl releases.
Commit: 8b943e377b1541a72513bb824d45603ab9a7fc97
https://github.com/Perl/perl5/commit/8b943e377b1541a72513bb824d45603ab9a7fc97
Author: Tony Cook <t...@develop-help.com>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M t/win32/system.t
M win32/win32.c
Log Message:
-----------
win32: default the shell to cmd.exe in the Windows system directory
This prevents picking up cmd.exe from the current directory, or
even from the PATH.
This protects against a privilege escalation attack where an attacker
in a separate session creates a cmd.exe in a directory where the
target account happens to have its current directory.
Commit: 2eead8d6a0be02a592cfd41e7f124d2b10154267
https://github.com/Perl/perl5/commit/2eead8d6a0be02a592cfd41e7f124d2b10154267
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M MANIFEST
M Makefile.SH
M pod/.gitignore
A pod/perl5380delta.pod
M pod/perldelta.pod
M vms/descrip_mms.template
M win32/GNUmakefile
M win32/Makefile
M win32/pod.mak
Log Message:
-----------
Create new perldelta for 5.38.1
Needed to manually edit win32/pod.mak to make sure it didn't lose the entries
for perl5380delta.pod
Commit: 2d00bc45c5a0a53e522a6b986b0e343097e4696c
https://github.com/Perl/perl5/commit/2d00bc45c5a0a53e522a6b986b0e343097e4696c
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M pod/perldelta.pod
Log Message:
-----------
Add perldelta notes for the two security bug fixes
Commit: 391f9c6a1545a5e2f3d602a384cd5f7e3ae50d78
https://github.com/Perl/perl5/commit/391f9c6a1545a5e2f3d602a384cd5f7e3ae50d78
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M Cross/config.sh-arm-linux
M Cross/config.sh-arm-linux-n770
M INSTALL
M META.json
M META.yml
M Porting/config.sh
M Porting/config_H
M Porting/sync-with-cpan
M README.haiku
M README.macosx
M README.os2
M README.vms
M hints/catamount.sh
M lib/B/Op_private.pm
M patchlevel.h
M plan9/config_sh.sample
M win32/GNUmakefile
M win32/Makefile
Log Message:
-----------
Bump the perl version in various places for 5.38.1
Commit: d7765ca484d1eac2afa4f6156d2f3df077a6e3ed
https://github.com/Perl/perl5/commit/d7765ca484d1eac2afa4f6156d2f3df077a6e3ed
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M pod/perl.pod
Log Message:
-----------
fixup add perldelta
Commit: ac8e9945b12eb814b75f6c7fc6de1b24a99a72c0
https://github.com/Perl/perl5/commit/ac8e9945b12eb814b75f6c7fc6de1b24a99a72c0
Author: Steve Hay <steve.m....@googlemail.com>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M ext/XS-APItest/t/xsub_h.t
Log Message:
-----------
Revert "Also adjust t/xsub_h.t to use $^V." part of 4a88c3486c for maint
The error produced in this test, running against perl 5.36.1, is:
Perl API version v1.0.16 of Pie does not match v5.36.0
which doesn't match the expected error when $^V is used because that is
5.36.1.
It's the API version that we're expecting in the output, and that's frozen
at .0 for maint releases (unlike blead, where it incremented for every
release).
Commit: 03d126771664e9012508d8bcd3c20744f642af8c
https://github.com/Perl/perl5/commit/03d126771664e9012508d8bcd3c20744f642af8c
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M dist/Module-CoreList/Changes
M dist/Module-CoreList/lib/Module/CoreList.pm
M dist/Module-CoreList/lib/Module/CoreList/Utils.pm
Log Message:
-----------
Import Module::CoreList v5.20231125 from blead
Commit: 64e39bd34a61a8c41c7d6c8ef69a2a1689ecdc4c
https://github.com/Perl/perl5/commit/64e39bd34a61a8c41c7d6c8ef69a2a1689ecdc4c
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M pod/perldelta.pod
Log Message:
-----------
Finalize perldelta for 5.38.1
Commit: 27778ad969f6c0384bb7e50c700e15e43a76d3d0
https://github.com/Perl/perl5/commit/27778ad969f6c0384bb7e50c700e15e43a76d3d0
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M MANIFEST
M pod/perl.pod
A pod/perl5342delta.pod
A pod/perl5362delta.pod
M win32/pod.mak
Log Message:
-----------
Import perl5342delta.pod and perl5362delta.pod
Commit: 45c358143f40d6c007afb3985ac815af41709c84
https://github.com/Perl/perl5/commit/45c358143f40d6c007afb3985ac815af41709c84
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M pod/perlhist.pod
Log Message:
-----------
Sync perlhist.pod from blead
Commit: bbb63412cd349e65265cd0ad7935191bc7013a41
https://github.com/Perl/perl5/commit/bbb63412cd349e65265cd0ad7935191bc7013a41
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M META.json
M patchlevel.h
Log Message:
-----------
Bump patchlevel to RC1
Commit: 8fddb434ae0d0353473456561ec6b844580ff726
https://github.com/Perl/perl5/commit/8fddb434ae0d0353473456561ec6b844580ff726
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-25 (Sat, 25 Nov 2023)
Changed paths:
M patchlevel.h
Log Message:
-----------
Disarm RC1
Compare: https://github.com/Perl/perl5/compare/76298ae68aa7...8fddb434ae0d
