Branch: refs/heads/maint-5.34
Home: https://github.com/Perl/perl5
Commit: 12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
Author: Karl Williamson <k...@cpan.org>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M regcomp.c
M t/re/pat_advanced.t
Log Message:
-----------
Fix read/write past buffer end: perl-security#140
A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.
In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.
This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.
What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.
The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.
This commit also does white-space adjustment so that things align
vertically for readability.
This can be easily backported to earlier Perl releases.
Commit: ba2b389c88d6ca1c20eace23ea955efe8a95bcc3
https://github.com/Perl/perl5/commit/ba2b389c88d6ca1c20eace23ea955efe8a95bcc3
Author: Tony Cook <t...@develop-help.com>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M t/win32/system.t
M win32/win32.c
Log Message:
-----------
win32: default the shell to cmd.exe in the Windows system directory
This prevents picking up cmd.exe from the current directory, or
even from the PATH.
This protects against a privilege escalation attack where an attacker
in a separate session creates a cmd.exe in a directory where the
target account happens to have its current directory.
Commit: 59f2cf5ef2613f4216cff34bc8a51f8bc52d30dd
https://github.com/Perl/perl5/commit/59f2cf5ef2613f4216cff34bc8a51f8bc52d30dd
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M pod/perldelta.pod
Log Message:
-----------
Add perldelta notes for the two security bug fixes
Commit: 5634f349fa3aef72726f21402aa02f426c7e9267
https://github.com/Perl/perl5/commit/5634f349fa3aef72726f21402aa02f426c7e9267
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M Cross/config.sh-arm-linux
M Cross/config.sh-arm-linux-n770
M INSTALL
M META.json
M META.yml
M NetWare/Makefile
M NetWare/config_H.wc
M Porting/config.sh
M Porting/config_H
M Porting/perldelta_template.pod
M Porting/todo.pod
M README.haiku
M README.macosx
M README.os2
M README.vms
M hints/catamount.sh
M lib/B/Op_private.pm
M patchlevel.h
M plan9/config_sh.sample
M win32/GNUmakefile
M win32/Makefile
Log Message:
-----------
Bump the perl version in various places for 5.34.2
Commit: 24648ef87f9c54e991e206180a03864e7fd9e1dc
https://github.com/Perl/perl5/commit/24648ef87f9c54e991e206180a03864e7fd9e1dc
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M README
M perl.c
Log Message:
-----------
Update copyright years; add 2023
Commit: 6ad2dcb81e36a588f2b13058d0943de2a96b92eb
https://github.com/Perl/perl5/commit/6ad2dcb81e36a588f2b13058d0943de2a96b92eb
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M dist/Module-CoreList/Changes
M dist/Module-CoreList/lib/Module/CoreList.pm
M dist/Module-CoreList/lib/Module/CoreList/Utils.pm
Log Message:
-----------
Import Module::CoreList v5.20231125 from blead
Commit: 6fde6b01ced40d1b0b073401083813aa50511e77
https://github.com/Perl/perl5/commit/6fde6b01ced40d1b0b073401083813aa50511e77
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M pod/perldelta.pod
Log Message:
-----------
Finalize perldelta for 5.34.2
Commit: 66307f5cf8c776fd87d6b35e5d277668d46485c2
https://github.com/Perl/perl5/commit/66307f5cf8c776fd87d6b35e5d277668d46485c2
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M pod/perlhist.pod
Log Message:
-----------
Sync perlhist.pod from blead
Commit: c5f4a3dcecc2955253992310b58477b6f8a3bcb8
https://github.com/Perl/perl5/commit/c5f4a3dcecc2955253992310b58477b6f8a3bcb8
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M META.json
M patchlevel.h
Log Message:
-----------
Bump patchlevel to RC1
Commit: 43cd7c85f40fc939f6377173352349540f200971
https://github.com/Perl/perl5/commit/43cd7c85f40fc939f6377173352349540f200971
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-25 (Sat, 25 Nov 2023)
Changed paths:
M pod/perldelta.pod
Log Message:
-----------
Manually override number of months of work claimed in perldelta.pod
Commit: c9e4657dd3dee9dd6cafe7abc6c98d54b218de97
https://github.com/Perl/perl5/commit/c9e4657dd3dee9dd6cafe7abc6c98d54b218de97
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-25 (Sat, 25 Nov 2023)
Changed paths:
M patchlevel.h
Log Message:
-----------
Bump patchlevel to RC2
Commit: 455df537296b75cf6a2b514ecb82e446733acdf0
https://github.com/Perl/perl5/commit/455df537296b75cf6a2b514ecb82e446733acdf0
Author: Paul "LeoNerd" Evans <leon...@leonerd.org.uk>
Date: 2023-11-25 (Sat, 25 Nov 2023)
Changed paths:
M patchlevel.h
Log Message:
-----------
Disarm RC2
Compare: https://github.com/Perl/perl5/compare/e940ca8ab15a...455df537296b
