Perl 5 Porters Mailing List Summary: September 18th-24th

[Sawyer X]

Blog:
http://blogs.perl.org/users/sawyer_x/2017/09/perl-5-porters-mailing-list-summary-september-18th-24th.html
Twitter: https://twitter.com/perl5summaries/status/912267415630827520

                              September 18th-24th

News and Updates

   Perl 5.27.4 is now [1]available!

   Perl 5.24.3 is now [2]available!

   Perl 5.26.1 is now [3]available!

   We are [4]looking for someone willing to help updating CPAN modules in
   core!

Issues

  New Issues

     * [5]Perl #131582: [CVE-2017-12837] Heap overflow in
       Perl__to_fold_latin1 when compiling case-insensitive regexp.
     * [6]Perl #131598: [CVE-2017-12883] Buffer over-read in
S_grok_bslash_N.
     * [7]Perl #131665: [CVE-2017-12814] Perl $ENV Key Stack Buffer
Overflow.
     * [8]Perl #132131: Missing feature flag -D_GNU_SOURCE on Linux/musl.
     * [9]Perl #132138: t/run/switches.t fails under miniperl.
     * [10]Perl #132139: make minitest non-zero error code ignored.
     * [11]Perl #132141: lvalue return broken in signature.
     * [12]Perl #132142: Bleadperl v5.27.3-34-gf6107ca24b breaks
       MLEHMANN/AnyEvent-HTTP-2.23.tar.gz.
     * [13]Perl #132145: [14]POSIX::localtime not identical to
       CORE::localtime.
     * [15]Perl #132150: ... (yada-yada) parsing is inconsistent.
     * [16]Perl #132153: perl-5.26.1/doio.c:1529: (style) Suspicious
       condition.
     * [17]Perl #131582: [CVE-2017-12837] Heap overflow in
       Perl__to_fold_latin1 when compiling case-insensitive regexp.
     * [18]Perl #131598: [CVE-2017-12883] Buffer over-read in
       S_grok_bslash_N.
     * [19]Perl #131665: [CVE-2017-12814] Perl $ENV Key Stack Buffer
       Overflow.

  Resolved Issues

     * [20]Perl #131582: [CVE-2017-12837] Heap overflow in
       Perl__to_fold_latin1 when compiling case-insensitive regexp.
     * [21]Perl #131598: [CVE-2017-12883] Buffer over-read in
       S_grok_bslash_N.
     * [22]Perl #131665: [CVE-2017-12814] Perl $ENV Key Stack Buffer
       Overflow.
     * [23]Perl #131777: signatures accept fancy assignment operators.
     * [24]Perl #132008: [25]Term::ReadLine generates empty &STDERR files.
     * [26]Perl #132138: t/run/switches.t fails under miniperl.

Suggested Patches

   James Keenan provided a patch in [27]Perl #132137 to document miniperl.

   James also provided a patch for [28]Perl #132139 (make minitest non-zero
   error code ignored).

   A patch by Scott Court for Perl 5.22 for CVE-2017-12883 in [29]Perl
   #132134.

   Nicholas R. (Atoomic) provided a patch, now merged, in [30]Perl
#132123 to
   add CvGvNAME_HEK helper.

   Nicholas also provided with Todd Rinaldo an updated patch for [31]Perl
   #129916: (CV symbol table optimization only works in main::).

   Vickenty provided a patch for [32]Perl #131867 (%{^CAPTURE_ALL} is
%+, not
   %-).

   Lukas Mai (mauke) provided a patch for [33]Perl #132150 (... (yada-yada)
   parsing is inconsistent).

References

   1. http://nntp.perl.org/group/perl.perl5.porters/246371
   2. http://nntp.perl.org/group/perl.perl5.porters/246407
   3. http://nntp.perl.org/group/perl.perl5.porters/246408
   4. http://nntp.perl.org/group/perl.perl5.porters/246389
   5. http://rt.perl.org/Ticket/Display.html?id=131582
   6. http://rt.perl.org/Ticket/Display.html?id=131598
   7. http://rt.perl.org/Ticket/Display.html?id=131665
   8. http://rt.perl.org/Ticket/Display.html?id=132131
   9. http://rt.perl.org/Ticket/Display.html?id=132138
  10. http://rt.perl.org/Ticket/Display.html?id=132139
  11. http://rt.perl.org/Ticket/Display.html?id=132141
  12. http://rt.perl.org/Ticket/Display.html?id=132142
  13. http://rt.perl.org/Ticket/Display.html?id=132145
  14. http://metacpan.org/pod/POSIX
  15. http://rt.perl.org/Ticket/Display.html?id=132150
  16. http://rt.perl.org/Ticket/Display.html?id=132153
  17. http://rt.perl.org/Ticket/Display.html?id=131582
  18. http://rt.perl.org/Ticket/Display.html?id=131598
  19. http://rt.perl.org/Ticket/Display.html?id=131665
  20. http://rt.perl.org/Ticket/Display.html?id=131582
  21. http://rt.perl.org/Ticket/Display.html?id=131598
  22. http://rt.perl.org/Ticket/Display.html?id=131665
  23. http://rt.perl.org/Ticket/Display.html?id=131777
  24. http://rt.perl.org/Ticket/Display.html?id=132008
  25. http://metacpan.org/pod/Term::ReadLine
  26. http://rt.perl.org/Ticket/Display.html?id=132138
  27. http://rt.perl.org/Ticket/Display.html?id=132137
  28. http://rt.perl.org/Ticket/Display.html?id=132139
  29. http://rt.perl.org/Ticket/Display.html?id=132134
  30. http://rt.perl.org/Ticket/Display.html?id=132123
  31. http://rt.perl.org/Ticket/Display.html?id=129916
  32. http://rt.perl.org/Ticket/Display.html?id=131867
  33. http://rt.perl.org/Ticket/Display.html?id=132150