In perl.git, the branch maint-5.22 has been updated <http://perl5.git.perl.org/perl.git/commitdiff/e821393bb6cd4bade1d9eaea2ed8338b44f80e14?hp=d6d49c3fc29d67d2932be51179346ab299a67c29>
- Log ----------------------------------------------------------------- commit e821393bb6cd4bade1d9eaea2ed8338b44f80e14 Author: Steve Hay <[email protected]> Date: Thu Apr 7 08:51:47 2016 +0100 perldelta - Some copy-editing M pod/perldelta.pod commit fd2cab4caa2f94d95516f958062bcf0a3a95ec15 Author: Steve Hay <[email protected]> Date: Thu Apr 7 08:27:03 2016 +0100 perldelta - Add rt.perl.org links M pod/perldelta.pod ----------------------------------------------------------------------- Summary of changes: pod/perldelta.pod | 190 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 100 insertions(+), 90 deletions(-) diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 0077de3..223010c 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -14,52 +14,55 @@ L<perl5221delta>, which describes differences between 5.22.0 and 5.22.1. =head1 Security -=head2 fix out of boundary access in Win32 path handling +=head2 Fix out of boundary access in Win32 path handling This is CVE-2015-8608. For more information see -L<[perl #126755]|https://rt.perl.org/Ticket/Display.html?id=126755> +L<[perl #126755]|https://rt.perl.org/Ticket/Display.html?id=126755>. -=head2 fix loss of taint in canonpath +=head2 Fix loss of taint in C<canonpath()> This is CVE-2015-8607. For more information see -L<[perl #126862]|https://rt.perl.org/Ticket/Display.html?id=126862> +L<[perl #126862]|https://rt.perl.org/Ticket/Display.html?id=126862>. =head2 Set proper umask before calling C<mkstemp(3)> -In 5.22 perl started setting umask to 0600 before calling C<mkstemp(3)> -and restoring it afterwards. This wrongfully tells open(2) to strip -the owner read and write bits from the given mode before applying it, -rather than the intended negation of leaving only those bits in place. +In 5.22 perl started setting umask to C<0600> before calling C<mkstemp(3)> and +restoring it afterwards. This wrongfully tells C<open(2)> to strip the owner +read and write bits from the given mode before applying it, rather than the +intended negation of leaving only those bits in place. -Systems that use mode 0666 in C<mkstemp(3)> (like old versions of -glibc) createa a file with permissions 0066, leaving world read and -write permissions regardless of current umask. +Systems that use mode C<0666> in C<mkstemp(3)> (like old versions of glibc) +create a file with permissions C<0066>, leaving world read and write permissions +regardless of current umask. -This has been fixed by using umask 0177 instead. [perl #127322] +This has been fixed by using umask C<0177> instead. -=head2 Avoid accessing uninitialized memory in win32 C<crypt()> +L<[perl #127322]|https://rt.perl.org/Ticket/Display.html?id=127322> -Added validation that will detect both a short salt and invalid characters -in the salt. L<[perl #126922]|https://rt.perl.org/Ticket/Display.html?id=126922> +=head2 Avoid accessing uninitialized memory in Win32 C<crypt()> + +Added validation that will detect both a short salt and invalid characters in +the salt. + +L<[perl #126922]|https://rt.perl.org/Ticket/Display.html?id=126922> =head2 Remove duplicate environment variables from C<environ> -Previously, if an environment variable appeared more than once in -C<environ[]>, C<%ENV> would contain the last entry for that name, -while a typical C<getenv()> would return the first entry. We now -make sure C<%ENV> contains the same as what C<getenv> returns. +Previously, if an environment variable appeared more than once in C<environ[]>, +C<%ENV> would contain the last entry for that name, while a typical C<getenv()> +would return the first entry. We now make sure C<%ENV> contains the same as +what C<getenv()> returns. -Second, we remove duplicates from C<environ[]>, so if a setting -with that name is set in C<%ENV> we won't pass an unsafe value -to a child process. +Second, we remove duplicates from C<environ[]>, so if a setting with that name +is set in C<%ENV> we won't pass an unsafe value to a child process. -[CVE-2016-2381] +This is CVE-2016-2381. =head1 Incompatible Changes -There are no changes intentionally incompatible with 5.22.1. -If any exist, they are bugs, and we request that you submit a -report. See L</Reporting Bugs> below. +There are no changes intentionally incompatible with 5.22.1. If any exist, +they are bugs, and we request that you submit a report. See L</Reporting Bugs> +below. =head1 Modules and Pragmata @@ -87,7 +90,7 @@ L<Module::CoreList> has been upgraded from version 5.20151213 to 5.20160410. =item * -The documentation of C<hex> has been revised to clarify valid inputs. +The documentation of C<hex()> has been revised to clarify valid inputs. =back @@ -97,18 +100,19 @@ The documentation of C<hex> has been revised to clarify valid inputs. =item * -Dtrace builds now build sucessfully on systems with a newer dtrace -that require an input object file that uses the probes in the F<.d> -file. +Dtrace builds now build successfully on systems with a newer dtrace that +require an input object file that uses the probes in the F<.d> file. -Previously the probe would fail and cause a build failure. [perl -#122287] +Previously the probe would fail and cause a build failure. + +L<[perl #122287]|https://rt.perl.org/Ticket/Display.html?id=122287> =item * -F<Configure> no longer probes for F<libnm> by default. Originally -this was the "New Math" library, but the name has been re-used by the -GNOME NetworkManager. [perl #127131] +F<Configure> no longer probes for F<libnm> by default. Originally this was the +"New Math" library, but the name has been re-used by the GNOME NetworkManager. + +L<[perl #127131]|https://rt.perl.org/Ticket/Display.html?id=127131> =back @@ -120,19 +124,19 @@ GNOME NetworkManager. [perl #127131] =item ppc64el floating point -The floating point format of ppc64el (Debian naming for little-endian -PowerPC) is now detected correctly. +The floating point format of ppc64el (Debian naming for little-endian PowerPC) +is now detected correctly. =item OS X/Darwin -Builds with both -DDEBUGGING and threading enabled would fail with a -"panic: free from wrong pool" error when built or tested from Terminal -on OS X. This was caused by perl's internal management of the -environment conflicting with an atfork handler using the libc -setenv() function to update the environment. +Builds with both C<-DDEBUGGING> and threading enabled would fail with a "panic: +free from wrong pool" error when built or tested from Terminal on OS X. This +was caused by perl's internal management of the environment conflicting with an +atfork handler using the libc C<setenv()> function to update the environment. -Perl now uses setenv()/unsetenv() to update the environment on OS X. -[perl #126240] +Perl now uses C<setenv()>/C<unsetenv()> to update the environment on OS X. + +L<[perl #126240]|https://rt.perl.org/Ticket/Display.html?id=126240> =back @@ -142,10 +146,11 @@ Perl now uses setenv()/unsetenv() to update the environment on OS X. =item * -Remove unwarranted assertion in C<Perl_newATTRSUB_x()>. If a stub subroutine +Remove unwarranted assertion in C<Perl_newATTRSUB_x()>. If a stub subroutine definition with a prototype has been seen, then any subsequent stub (or definition) of the same subroutine with an attribute was causing an assertion failure because of a null pointer. + L<[perl #126845]|https://rt.perl.org/Ticket/Display.html?id=126845> =back @@ -156,71 +161,76 @@ L<[perl #126845]|https://rt.perl.org/Ticket/Display.html?id=126845> =item * -Calls to the placeholder C<&PL_sv_yes> used internally when an -import() or unimport() method isn't found now correctly handle scalar -context. [perl #126042] +Calls to the placeholder C<&PL_sv_yes> used internally when an C<import()> or +C<unimport()> method isn't found now correctly handle scalar context. +L<[perl #126042]|https://rt.perl.org/Ticket/Display.html?id=126042> =item * -The pipe() operator would assert for DEBUGGING builds instead of -producing the correct error message. The condition asserted on is -detected and reported on correctly without the assertions, so the -assertions were removed. [perl #126480] +The C<pipe()> operator would assert for C<DEBUGGING> builds instead of +producing the correct error message. The condition asserted on is detected and +reported on correctly without the assertions, so the assertions were removed. +L<[perl #126480]|https://rt.perl.org/Ticket/Display.html?id=126480> =item * -In some cases, failing to parse a here-doc would attempt to use freed -memory. This was caused by a pointer not being restored correctly. -[perl #126443] +In some cases, failing to parse a here-doc would attempt to use freed memory. +This was caused by a pointer not being restored correctly. +L<[perl #126443]|https://rt.perl.org/Ticket/Display.html?id=126443> =item * -Report more context when we see an array where we expect to see an -operator and avoid an assertion failure. [perl #123737] +Report more context when we see an array where we expect to see an operator and +avoid an assertion failure. +L<[perl #123737]|https://rt.perl.org/Ticket/Display.html?id=123737> =item * -If a here-doc was found while parsing another operator, the parser had -already read end of file, and the here-doc was not terminated, perl -could produce an assertion or a segmentation fault. This now reliably -complains about the unterminated here-doc. [perl #125540] +If a here-doc was found while parsing another operator, the parser had already +read end of file, and the here-doc was not terminated, perl could produce an +assertion or a segmentation fault. This now reliably complains about the +unterminated here-doc. +L<[perl #125540]|https://rt.perl.org/Ticket/Display.html?id=125540> =item * -Caching of DESTROY methods could result in a non-pointer or a -non-STASH stored in the SvSTASH() slot of a stash, breaking the B -STASH() method. The DESTROY method is now cached in the MRO metadata -for the stash. [perl #126410] +Caching of C<DESTROY> methods could result in a non-pointer or a non-STASH +stored in the C<SvSTASH()> slot of a stash, breaking the L<B> C<STASH()> +method. The C<DESTROY> method is now cached in the MRO metadata for the stash. +L<[perl #126410]|https://rt.perl.org/Ticket/Display.html?id=126410> =item * -Avoid parsing beyond the end of the buffer when processing a C<#line> -directive with no filename. [perl #127334] +Avoid parsing beyond the end of the buffer when processing a C<#line> directive +with no filename. +L<[perl #127334]|https://rt.perl.org/Ticket/Display.html?id=127334> =item * -Perl 5.22 added support to the C99 hexadecimal floating point notation, -but sometimes misparses hex floats. This had been fixed. -[perl #127183] +Perl 5.22 added support to the C99 hexadecimal floating point notation, but +sometimes misparses hex floats. This had been fixed. +L<[perl #127183]|https://rt.perl.org/Ticket/Display.html?id=127183> =item * -Certain regex patterns involving a complemented posix class in an -inverted bracketed character class, and matching something else -optionally would improperly fail to match. An example of one that could -fail is C</qr/_?[^\Wbar]\x{100}/>. This has been fixed. -[perl #127537] +Certain regex patterns involving a complemented posix class in an inverted +bracketed character class, and matching something else optionally would +improperly fail to match. An example of one that could fail is +C</qr/_?[^\Wbar]\x{100}/>. This has been fixed. +L<[perl #127537]|https://rt.perl.org/Ticket/Display.html?id=127537> =item * -Fixed an issue with C<< pack >> where C<< pack "H" >> (and C<< pack "h" >>) -could read past the source when given a non-utf8 source, and a utf8 target. -[perl #126325] +Fixed an issue with C<pack()> where C<< pack "H" >> (and C<< pack "h" >>) could +read past the source when given a non-utf8 source and a utf8 target. +L<[perl #126325]|https://rt.perl.org/Ticket/Display.html?id=126325> =item * -Fixed some cases where perl would abort due to a segmentation fault, -or a C-level assert. [perl #126602], [perl #126193]. +Fixed some cases where perl would abort due to a segmentation fault, or a +C-level assert. +L<[perl #126602]|https://rt.perl.org/Ticket/Display.html?id=126602> +L<[perl #126193]|https://rt.perl.org/Ticket/Display.html?id=126193> =item * @@ -229,20 +239,20 @@ L<[perl #126240]|https://rt.perl.org/Ticket/Display.html?id=126240> =item * -Correctly raise an error when trying to compile patterns with -unterminated character classes while there are trailing backslashes. -[perl #126141]. +Correctly raise an error when trying to compile patterns with unterminated +character classes while there are trailing backslashes. +L<[perl #126141]|https://rt.perl.org/Ticket/Display.html?id=126141> =item * -Handle C<NOTHING> regops and C<EXACTFU_SS> regops in C<make_trie> properly. -[perl #126206] +Handle C<NOTHING> regops and C<EXACTFU_SS> regops in C<make_trie()> properly. +L<[perl #126206]|https://rt.perl.org/Ticket/Display.html?id=126206> =item * -Only test C<semctl> if we have everything needed to use it. In a FreeBSD -the C<semctl> entry point may exist, but it can be disabled by policy. -[perl #127533] +Only test C<semctl()> if we have everything needed to use it. In a FreeBSD the +C<semctl()> entry point may exist, but it can be disabled by policy. +L<[perl #127533]|https://rt.perl.org/Ticket/Display.html?id=127533> =back @@ -256,8 +266,8 @@ XXX Generate this with: If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at -https://rt.perl.org/ . There may also be information at -http://www.perl.org/ , the Perl Home Page. +https://rt.perl.org/ . There may also be information at http://www.perl.org/ , +the Perl Home Page. If you believe you have an unreported bug, please run the L<perlbug> program included with your release. Be sure to trim your bug down to a tiny but -- Perl5 Master Repository
