pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/perl5 perl5: updated to 5.28.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/abd6c5b3f575
branches: trunk
changeset: 326262:abd6c5b3f575
user: adam <adam%pkgsrc.org@localhost>
date: Sun Dec 02 13:39:56 2018 +0000
description:
perl5: updated to 5.28.1
what is new for perl v5.28.1:
Security
[CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
Integer arithmetic in "Perl_my_setenv()" could wrap when the combined length of the environment variable
name and value exceeded around 0x7fffffff. This could lead to writing beyond the end of an allocated buffer
with attacker supplied data.
[CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
A crafted regular expression could cause heap-buffer-overflow write during compilation, potentially allowing
arbitrary code execution.
Incompatible Changes
There are no changes intentionally incompatible with 5.28.0. If any exist, they are bugs, and we request
that you submit a report. See "Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
o Module::CoreList has been upgraded from version 5.20180622 to 5.20181129_28.
Selected Bug Fixes
o Perl 5.28 introduced an "index()" optimization when comparing to -1 (or indirectly, e.g. >= 0). When
this optimization was triggered inside a "when" clause it caused a warning ("Argument %s isn't numeric
in smart match"). This has now been fixed.
o Matching of decimal digits in script runs, introduced in Perl 5.28, had a bug that led to "1\N{THAI
DIGIT FIVE}" matching "/^(*sr:\d+)$/" when it should not. This has now been fixed.
o The new in-place editing code no longer leaks directory handles.
diffstat:
lang/perl5/Makefile | 3 +-
lang/perl5/Makefile.common | 4 +-
lang/perl5/distinfo | 11 ++--
lang/perl5/patches/patch-doio.c | 96 -----------------------------------------
4 files changed, 8 insertions(+), 106 deletions(-)
diffs (155 lines):
diff -r 1a750fd53581 -r abd6c5b3f575 lang/perl5/Makefile
--- a/lang/perl5/Makefile Sun Dec 02 12:43:33 2018 +0000
+++ b/lang/perl5/Makefile Sun Dec 02 13:39:56 2018 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.250 2018/10/29 14:25:25 sevan Exp $
+# $NetBSD: Makefile,v 1.251 2018/12/02 13:39:56 adam Exp $
.include "license.mk"
.include "Makefile.common"
-PKGREVISION= 2
COMMENT= Practical Extraction and Report Language
CONFLICTS+= perl-base-[0-9]* perl-thread-[0-9]*
diff -r 1a750fd53581 -r abd6c5b3f575 lang/perl5/Makefile.common
--- a/lang/perl5/Makefile.common Sun Dec 02 12:43:33 2018 +0000
+++ b/lang/perl5/Makefile.common Sun Dec 02 13:39:56 2018 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.34 2018/08/22 08:37:46 wiz Exp $
+# $NetBSD: Makefile.common,v 1.35 2018/12/02 13:39:56 adam Exp $
#
# used by lang/perl5/Makefile
# used by databases/p5-gdbm/Makefile
-DISTNAME= perl-5.28.0
+DISTNAME= perl-5.28.1
CATEGORIES= lang devel perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/5.0/,}
DISTFILES+= ${DISTNAME}${EXTRACT_SUFX}
diff -r 1a750fd53581 -r abd6c5b3f575 lang/perl5/distinfo
--- a/lang/perl5/distinfo Sun Dec 02 12:43:33 2018 +0000
+++ b/lang/perl5/distinfo Sun Dec 02 13:39:56 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.155 2018/10/29 14:25:25 sevan Exp $
+$NetBSD: distinfo,v 1.156 2018/12/02 13:39:56 adam Exp $
-SHA1 (perl-5.28.0.tar.xz) = c0e9e7a0dea97ec9816687d865fd461a99ef185c
-RMD160 (perl-5.28.0.tar.xz) = 34c9ad0560a2eed134e09282696bfae307cbeb6a
-SHA512 (perl-5.28.0.tar.xz) = de701e37371b81cecf06098bb2c09017bde9cebaf9537d58838d0adf605ac2ecf739897b0a73576a7adb74d4cf65591ec4d2ed1f94b7191e695f88cb7e214a39
-Size (perl-5.28.0.tar.xz) = 12410536 bytes
+SHA1 (perl-5.28.1.tar.xz) = 5fc239bebb8c484c3f5c58e663274ce668981651
+RMD160 (perl-5.28.1.tar.xz) = e2f0618fc01bcd253ef6e003c1d9b957b6f6aa53
+SHA512 (perl-5.28.1.tar.xz) = 6d18e9684c3a15bea2ccd28f116d1829c3acd5547551ee3539f0060c0d1a75246dfe570dfb9d5f00625a994a0afb0cbd6a5a5f9a407fef75a421e7dbc6491b43
+Size (perl-5.28.1.tar.xz) = 12372080 bytes
SHA1 (patch-Configure) = 00754ccc8bbeb38f8a0363d1bfba908fea9ef4d6
SHA1 (patch-Makefile.SH) = febb87d876a44091a761d3ef99c649f3e4bdd394
SHA1 (patch-aa) = 3a2b39c9eb903e68ef7d03ae448c51c147c19aa1
@@ -12,7 +12,6 @@
SHA1 (patch-caretx.c) = cbe55cdb897c02805a51582f6a7e413ca313b630
SHA1 (patch-cflags.SH) = 7ad64e5a17b876bff4bbe238abc4a57354acf4fe
SHA1 (patch-dist_Storable_Makefile.PL) = fd8964cf3c94ba811caaf71be21650b29e4c8e50
-SHA1 (patch-doio.c) = 684563a5416604a61632bd9cf70f4f225cce81e5
SHA1 (patch-hints_cygwin.sh) = 1b21d927d6b7379754c4cd64a2b05d3632c35470
SHA1 (patch-hints_minix.sh) = cb62ad0be5c38ca5b79f180252ca0843a0444f8a
SHA1 (patch-hints_netbsd.sh) = 0d549a48800372d75fe34b783529a78cba90f646
diff -r 1a750fd53581 -r abd6c5b3f575 lang/perl5/patches/patch-doio.c
--- a/lang/perl5/patches/patch-doio.c Sun Dec 02 12:43:33 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,96 +0,0 @@
-$NetBSD: patch-doio.c,v 1.1 2018/09/19 13:52:33 gson Exp $
-
-This is to fix PR 53578.
-
-commit 3d5e9c119db6b727684fe75dfcfe5831c4351bec
-Author: Tony Cook <tony%develop-help.com@localhost>
-Date: Mon Jul 2 10:43:19 2018 +1000
-
- (perl #133314) always close the directory handle on clean up
-
- Previously the directory handle was only closed if the rest of the
- magic free clean up is done, but in most success cases that code
- doesn't run, leaking the directory handle.
-
- So always close the directory if our AV is available.
-
-diff --git a/doio.c b/doio.c
-index 4b8923f77c..16daf9fd11 100644
---- a/doio.c
-+++ doio.c
-@@ -1163,44 +1163,50 @@ S_argvout_free(pTHX_ SV *io, MAGIC *mg) {
-
- /* mg_obj can be NULL if a thread is created with the handle open, in which
- case we leave any clean up to the parent thread */
-- if (mg->mg_obj && IoIFP(io)) {
-- SV **pid_psv;
-+ if (mg->mg_obj) {
- #ifdef ARGV_USE_ATFUNCTIONS
- SV **dir_psv;
- DIR *dir;
-+
-+ dir_psv = av_fetch((AV*)mg->mg_obj, ARGVMG_ORIG_DIRP, FALSE);
-+ assert(dir_psv && *dir_psv && SvIOK(*dir_psv));
-+ dir = INT2PTR(DIR *, SvIV(*dir_psv));
- #endif
-- PerlIO *iop = IoIFP(io);
-+ if (IoIFP(io)) {
-+ SV **pid_psv;
-+ PerlIO *iop = IoIFP(io);
-
-- assert(SvTYPE(mg->mg_obj) == SVt_PVAV);
-+ assert(SvTYPE(mg->mg_obj) == SVt_PVAV);
-
-- pid_psv = av_fetch((AV*)mg->mg_obj, ARGVMG_ORIG_PID, FALSE);
-+ pid_psv = av_fetch((AV*)mg->mg_obj, ARGVMG_ORIG_PID, FALSE);
-
-- assert(pid_psv && *pid_psv);
-+ assert(pid_psv && *pid_psv);
-
-- if (SvIV(*pid_psv) == (IV)PerlProc_getpid()) {
-- /* if we get here the file hasn't been closed explicitly by the
-- user and hadn't been closed implicitly by nextargv(), so
-- abandon the edit */
-- SV **temp_psv = av_fetch((AV*)mg->mg_obj, ARGVMG_TEMP_NAME, FALSE);
-- const char *temp_pv = SvPVX(*temp_psv);
-+ if (SvIV(*pid_psv) == (IV)PerlProc_getpid()) {
-+ /* if we get here the file hasn't been closed explicitly by the
-+ user and hadn't been closed implicitly by nextargv(), so
-+ abandon the edit */
-+ SV **temp_psv = av_fetch((AV*)mg->mg_obj, ARGVMG_TEMP_NAME, FALSE);
-+ const char *temp_pv = SvPVX(*temp_psv);
-
-- assert(temp_psv && *temp_psv && SvPOK(*temp_psv));
-- (void)PerlIO_close(iop);
-- IoIFP(io) = IoOFP(io) = NULL;
-+ assert(temp_psv && *temp_psv && SvPOK(*temp_psv));
-+ (void)PerlIO_close(iop);
-+ IoIFP(io) = IoOFP(io) = NULL;
- #ifdef ARGV_USE_ATFUNCTIONS
-- dir_psv = av_fetch((AV*)mg->mg_obj, ARGVMG_ORIG_DIRP, FALSE);
-- assert(dir_psv && *dir_psv && SvIOK(*dir_psv));
-- dir = INT2PTR(DIR *, SvIV(*dir_psv));
-- if (dir) {
-- if (unlinkat(my_dirfd(dir), temp_pv, 0) < 0 &&
-- NotSupported(errno))
-- (void)UNLINK(temp_pv);
-- closedir(dir);
-- }
-+ if (dir) {
-+ if (unlinkat(my_dirfd(dir), temp_pv, 0) < 0 &&
-+ NotSupported(errno))
-+ (void)UNLINK(temp_pv);
-+ }
- #else
-- (void)UNLINK(temp_pv);
-+ (void)UNLINK(temp_pv);
- #endif
-+ }
- }
-+#ifdef ARGV_USE_ATFUNCTIONS
-+ if (dir)
-+ closedir(dir);
-+#endif
- }
-
- return 0;
Home |
Main Index |
Thread Index |
Old Index