diff options
author | Florian Ragwitz <rafl@debian.org> | 2012-10-19 11:16:07 -0300 |
---|---|---|
committer | Florian Ragwitz <rafl@debian.org> | 2012-10-19 11:17:31 -0300 |
commit | 2d9cd31f143aa659c3f6b691e9f411421fe48e5f (patch) | |
tree | 429443efaddc84be116ac53b1646b5b6bc448967 | |
parent | 014e292f37a506551d3c1f9de227ebee22b175aa (diff) | |
download | perl-2d9cd31f143aa659c3f6b691e9f411421fe48e5f.tar.gz |
Perldelta up to 1443c94
-rw-r--r-- | pod/perldelta.pod | 75 |
1 files changed, 73 insertions, 2 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index d7781b8396..c3f934a3e6 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -48,6 +48,16 @@ L</Selected Bug Fixes> section. [ List each security issue as a =head2 entry ] +=head2 Avoid calling memset with a negative count + +Poorly written perl code that allows an attacker to specify the count to perl's +C<x> string repeat operator can already cause a memory exhaustion +denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate +that into a heap buffer overrun; coupled with versions of glibc before 2.16, it +possibly allows the execution of arbitrary code. + +The flaw addressed to this commit has been assigned identifier CVE-2012-5195. + =head1 Incompatible Changes XXX For a release on a stable branch, this section aspires to be: @@ -139,6 +149,10 @@ XXX =item * +L<AutoLoader> has been upgraded from version 5.72 to 5.73. + +=item * + L<B::Deparse> has been upgraded from version 1.17 to 1.18. It no longer dies when deparsing C<sort> without arguments. It now correctly omits the comma for C<system $prog @args> and C<exec $prog @args>. @@ -191,12 +205,29 @@ C<shortmess()> functions are now documented. =item * +L<CPANPLUS> has been upgraded from version 0.9131 to 0.9133. + +=item * + +L<Data::Dumper> has been upgraded from version 2.135_07 to 2.136. This promotes +the previous development release to a stable release. + +=item * + +L<Digest::SHA> has been upgraded from version 5.71 to 5.72. + +=item * + L<ExtUtils::CBuilder> has been upgraded from version 0.280208 to 0.280209. A list of symbols to export can now be passed to C<link()> when on Windows, as on other OSes [perl #115100]. =item * +L<feature> has been upgraded from version 1.30 to 1.31. + +=item * + L<File::Glob> has been upgraded from version 1.17 to 1.18. A space-separated list of patterns return long lists of results no longer results in memory corruption or crashes. This bug was introduced in Perl @@ -204,11 +235,42 @@ results in memory corruption or crashes. This bug was introduced in Perl =item * +L<HTTP::Tiny> has been upgraded from version 0.022 to 0.024. This improves +SSL support. + +=item * + +L<Module::CoreList> has been upgraded from version 2.73 to 2.74. + +=item * + L<PerlIO::encoding> has been upgraded from version 0.15 to 0.16. This is the module implementing the ":encoding(...)" I/O layer. It no longer corrupts memory or crashes when the encoding back-end reallocates the buffer or gives it a typeglob or shared hash key scalar. +=item * + +L<threads::shared> has been upgraded from version 1.41 to 1.42. This adds +support for dual-valued values as created by +L<Scalar::Util::dualvar|Scalar::Util/"dualvar NUM, STRING">. + +=item * + +L<Unicode::Collate> hsa been upgraded from version 0.89 to 0.90. + +=item * + +L<Unicode::Normalize> has been upgraded from version 1.14 to 1.15. + +=item * + +L<warnings> has been upgraded from version 1.14 to 1.15. + +=item * + +L<Win32CORE> has been upgraded from version 0.03 to 0.04. + =back =head2 Removed Modules and Pragmata @@ -395,9 +457,9 @@ L</Modules and Pragmata> section. =over 4 -=item XXX-some-platform +=item Win32 -XXX +The option to build without USE_SOCKETS_AS_HANDLES has been removed. =back @@ -640,6 +702,15 @@ buffer in place. C<length($object)> no longer returns the undefined value if the object has string overloading that returns undef. [perl #115260] +=item * + +The use of C<PL_stashcache>, the stash name lookup cache for method calls, has +been restored, + +Commit da6b625f78f5f133 in August 2011 inadvertently broke the code that looks +up values in C<PL_stashcache>. As it's a only cache, quite correctly everything +carried on working without it. + =back =head1 Known Problems |