From 2d9cd31f143aa659c3f6b691e9f411421fe48e5f Mon Sep 17 00:00:00 2001 From: Florian Ragwitz Date: Fri, 19 Oct 2012 11:16:07 -0300 Subject: [PATCH] Perldelta up to 1443c94 --- pod/perldelta.pod | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/pod/perldelta.pod b/pod/perldelta.pod index d7781b8..c3f934a 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -48,6 +48,16 @@ L section. [ List each security issue as a =head2 entry ] +=head2 Avoid calling memset with a negative count + +Poorly written perl code that allows an attacker to specify the count to perl's +C string repeat operator can already cause a memory exhaustion +denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate +that into a heap buffer overrun; coupled with versions of glibc before 2.16, it +possibly allows the execution of arbitrary code. + +The flaw addressed to this commit has been assigned identifier CVE-2012-5195. + =head1 Incompatible Changes XXX For a release on a stable branch, this section aspires to be: @@ -139,6 +149,10 @@ XXX =item * +L has been upgraded from version 5.72 to 5.73. + +=item * + L has been upgraded from version 1.17 to 1.18. It no longer dies when deparsing C without arguments. It now correctly omits the comma for C and C. @@ -191,12 +205,29 @@ C functions are now documented. =item * +L has been upgraded from version 0.9131 to 0.9133. + +=item * + +L has been upgraded from version 2.135_07 to 2.136. This promotes +the previous development release to a stable release. + +=item * + +L has been upgraded from version 5.71 to 5.72. + +=item * + L has been upgraded from version 0.280208 to 0.280209. A list of symbols to export can now be passed to C when on Windows, as on other OSes [perl #115100]. =item * +L has been upgraded from version 1.30 to 1.31. + +=item * + L has been upgraded from version 1.17 to 1.18. A space-separated list of patterns return long lists of results no longer results in memory corruption or crashes. This bug was introduced in Perl @@ -204,11 +235,42 @@ results in memory corruption or crashes. This bug was introduced in Perl =item * +L has been upgraded from version 0.022 to 0.024. This improves +SSL support. + +=item * + +L has been upgraded from version 2.73 to 2.74. + +=item * + L has been upgraded from version 0.15 to 0.16. This is the module implementing the ":encoding(...)" I/O layer. It no longer corrupts memory or crashes when the encoding back-end reallocates the buffer or gives it a typeglob or shared hash key scalar. +=item * + +L has been upgraded from version 1.41 to 1.42. This adds +support for dual-valued values as created by +L. + +=item * + +L hsa been upgraded from version 0.89 to 0.90. + +=item * + +L has been upgraded from version 1.14 to 1.15. + +=item * + +L has been upgraded from version 1.14 to 1.15. + +=item * + +L has been upgraded from version 0.03 to 0.04. + =back =head2 Removed Modules and Pragmata @@ -395,9 +457,9 @@ L section. =over 4 -=item XXX-some-platform +=item Win32 -XXX +The option to build without USE_SOCKETS_AS_HANDLES has been removed. =back @@ -640,6 +702,15 @@ buffer in place. C no longer returns the undefined value if the object has string overloading that returns undef. [perl #115260] +=item * + +The use of C, the stash name lookup cache for method calls, has +been restored, + +Commit da6b625f78f5f133 in August 2011 inadvertently broke the code that looks +up values in C. As it's a only cache, quite correctly everything +carried on working without it. + =back =head1 Known Problems -- 2.7.4