perl5262cdelta - what is new for cperl v5.26.2
This document describes the differences between the cperl 5.26.1c and the cperl 5.26.2c releases.
If you are upgrading from an earlier release such as v5.26.0c, first read the perl5261cdelta documentation, which describes differences between v5.26.0c and v5.26.1c.
POSIX 2008 demands such an umask, but it is still problematic on Solaris, HP-UX and AIX and older libcs, e.g. glibc <= 2.06. The old umask 0177 was insecure.
E.g. <$fh\000> throws now the safe syscalls warning, and errors with Glob not terminated, and does not pass the illegal glob path to the internal or external glob.
See [cperl #342]
Fixed two security issues with the chroot op:
* fail on embedded NUL in the chroot argument. Set errno to EINVAL.
* If a call to chroot is not followed by a call to chdir("/") the chroot jail confinement can be violated. In Perl_pp_chroot: A call to chroot followed by an operation that may escape from the chroot jail. Coverity CID #165302 Insecure chroot.
Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed. [perl #131582]
For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed. [perl #131598]
$ENV{$key} stack buffer overflow on WindowsA possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. [perl #131665]
Silence gcc compiler warnings when -Wsign-compare is enabled #123688: Compilation warnings with clang
Silence gcc compiler warnings when -Wimplicit-fallthrough is enabled #123358: Compilation warnings with gcc-7.*
Windows uses -lzlib. Linux uses -lz #123699: wrong external zlib name used on Windows
Update zlib-src directory to use zlib 1.2.11 #123245: perl 5.26.1 is vulnerable to CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842
Don't allow offset to be greater than length of buffer in crc32.
Change my_zcalloc to use safecalloc. The link, https://github.com/madler/zlib/issues/253, is the upstream report for the remaining valgrind errors not already dealt with by 1.2.11. Using calloc in Zlib.xs for now as a workaround. #121074: valgrind errors in the test suite
* Add test for 5.26.1-RC1, and some cperl -V's
* Fix signature with argument
* Ignore ccache and compiler path in signature
* Add default_inc_excludes_dotlib/Encode/MIME/Name.pm t/mime-name.t Pulled: Add "euc-cn" => "EUC-CN" alias to Encode::MIME::Name https://github.com/dankogai/p5-encode/pull/124
lib/Encode/CN/HZ.pm lib/Encode/JP/JIS7.pm lib/Encode/MIME/Header.pm t/decode.t Pulled: Uninitialized value fixes #122 https://github.com/dankogai/p5-encode/pull/122
Makefile.PL Pulled: Fix -Werror=declaration-after-statement for gcc 4.1.2 https://github.com/dankogai/p5-encode/pull/121
use vars => our
C++ compat fixes. -Wliteral-suffix
better machine code on threaded perl (croak_nocontext)
skip PUTBACK;return; on XSRETURN in PPCODE
remove perl5 incompatible __attribute__global__ needed for -flto. XS_EXTERNAL has it already.
hpux should not use lftp. Switch test URL from www.cpan.org to httpbin.org
Try to fix readonly stacksize.h with perlbrew. [cperl #335]
annotate as methods.
Add updates from 0.9918: Add LAX_DECIMAL_VERSION, LAX_DOTTED_DECIMAL_VERSION, STRICT_DECIMAL_VERSION, STRICT_DOTTED_DECIMAL_VERSION regexes.
Add t/11_taint.t
Fixed wrong panic: distributed hash flood when dealing with large %^H hints hashes, with >127 entries, such as _charnames.pm in Regexp::Common. Fixed the logic dealing with such a hints hash. [cperl #350].
Fixed endless rpeep compiler loop with a constant loop and a nested loop, which e.g. broke Net:HTTP. [cperl #349].
Fixed return type of DynaLoader::dl_find_symbol_anywhere(), the address, not the name. [cperl #352].
The code that vivifies a typeglob out of a code ref made some false assumptions that could lead to a crash in cases such as $::{"A"} = sub {}; \&{"A"}. This has now been fixed. [perl #131085]
Several built-in functions previously had bugs that could cause them to write to the internal stack without allocating room for the item being written. In rare situations, this could have led to a crash. These bugs have now been fixed, and if any similar bugs are introduced in future, they will be detected automatically in debugging builds. [perl #131732] [commit 23891d5581278b].
my_atof2 no longer reads beyond the terminating NUL, which previously occurred if the decimal point is immediately before the NUL. [perl #131526]
Occasional "Malformed UTF-8 character" crashes in s// on utf8 strings have been fixed. [perl #131575]
perldoc -f s now finds s///. [perl #131371]
Some erroneous warnings after utf8 conversion have been fixed. [perl #131190]
The jmpenv frame to catch Perl exceptions is set up lazily, and this used to be a bit too lazy. The catcher is now set up earlier, preventing some possible crashes. [perl #105930]
Building with g++ on FreeBSD-11.0 has been fixed. [perl #131337]
Support for compiling perl on Windows using Microsoft Visual Studio 2017 (containing Visual C++ 14.1) has been added.
Building XS modules with GCC 6 in a 64-bit build of Perl failed due to incorrect mapping of strtoll and strtoull. This has now been fixed. [perl #131726] [cpan #121683] [cpan #122353]
cperl 5.26.2 represents approximately 5 months of development since cperl 5.26.1c and contains approximately 93,000 lines of changes across 550 files from 16 authors.
Excluding auto-generated files, documentation and release tools, there were approximately 13,000 lines of changes to 340 .pm, .t, .c and .h files.
The following people are known to have contributed the improvements that became cperl 5.26.2:
Reini Urban, Steve Hay, Karl Williamson, Tony Cook, David Mitchell, Yves Orton, Father Chrysostomos, James E Keenan, Dagfinn Ilmari Mannsåker, Lukas Mai, Andy Dougherty, John Peacock, Slaven Rezic, Zefram, Jacques Germishuys, Craig A. Berry.
The list above is almost certainly incomplete as it is automatically generated from version control history including the perl and cperl repos. In particular, it does not include the names of the (very much appreciated) contributors who reported issues to the Perl bug tracker and the cperl github issues.
Many of the changes included in this version originated in the CPAN modules included in Perl's core. We're grateful to the entire CPAN community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors, please see the AUTHORS file in the Perl source distribution.
Generated with:
cperl Porting/acknowledgements.pl cperl-5.26.1..HEAD -cIf you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at https://rt.perl.org/ . There may also be information at http://www.perl.org/ , the Perl Home Page.
If you believe you have an unreported bug, please run the cperlbug program included with your release. Be sure to trim your bug down to a tiny but sufficient test case. Your bug report, along with the output of perl -V, will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
If you think it's a cperl specific bug or trust the cperl developers more please file an issue at https://github.com/perl11/cperl/issues.
If the bug you are reporting has security implications which make it inappropriate to send to a publicly archived mailing list, then see "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec For details of how to report the issue.
The Changes file for an explanation of how to view exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.