Perldelta up to 1443c94

1 files changed, 73 insertions, 2 deletions

diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index d7781b8396..c3f934a3e6 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -48,6 +48,16 @@ L</Selected Bug Fixes> section.
 
 [ List each security issue as a =head2 entry ]
 
+=head2 Avoid calling memset with a negative count
+
+Poorly written perl code that allows an attacker to specify the count to perl's
+C<x> string repeat operator can already cause a memory exhaustion
+denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate
+that into a heap buffer overrun; coupled with versions of glibc before 2.16, it
+possibly allows the execution of arbitrary code.
+
+The flaw addressed to this commit has been assigned identifier CVE-2012-5195.
+
 =head1 Incompatible Changes
 
 XXX For a release on a stable branch, this section aspires to be:
@@ -139,6 +149,10 @@ XXX
 
 =item *
 
+L<AutoLoader> has been upgraded from version 5.72 to 5.73.
+
+=item *
+
 L<B::Deparse> has been upgraded from version 1.17 to 1.18.  It no longer
 dies when deparsing C<sort> without arguments.  It now correctly omits the
 comma for C<system $prog @args> and C<exec $prog @args>.
@@ -191,12 +205,29 @@ C<shortmess()> functions are now documented.
 
 =item *
 
+L<CPANPLUS> has been upgraded from version 0.9131 to 0.9133.
+
+=item *
+
+L<Data::Dumper> has been upgraded from version 2.135_07 to 2.136.  This promotes
+the previous development release to a stable release.
+
+=item *
+
+L<Digest::SHA> has been upgraded from version 5.71 to 5.72.
+
+=item *
+
 L<ExtUtils::CBuilder> has been upgraded from version 0.280208 to 0.280209.  A
 list of symbols to export can now be passed to C<link()> when on Windows, as on
 other OSes [perl #115100].
 
 =item *
 
+L<feature> has been upgraded from version 1.30 to 1.31.
+
+=item *
+
 L<File::Glob> has been upgraded from version 1.17 to 1.18.  A
 space-separated list of patterns return long lists of results no longer
 results in memory corruption or crashes.  This bug was introduced in Perl
@@ -204,11 +235,42 @@ results in memory corruption or crashes.  This bug was introduced in Perl
 
 =item *
 
+L<HTTP::Tiny> has been upgraded from version 0.022 to 0.024.  This improves
+SSL support.
+
+=item *
+
+L<Module::CoreList> has been upgraded from version 2.73 to 2.74.
+
+=item *
+
 L<PerlIO::encoding> has been upgraded from version 0.15 to 0.16.  This is
 the module implementing the ":encoding(...)" I/O layer.  It no longer
 corrupts memory or crashes when the encoding back-end reallocates the
 buffer or gives it a typeglob or shared hash key scalar.
 
+=item *
+
+L<threads::shared> has been upgraded from version 1.41 to 1.42.  This adds
+support for dual-valued values as created by
+L<Scalar::Util::dualvar|Scalar::Util/"dualvar NUM, STRING">.
+
+=item *
+
+L<Unicode::Collate> hsa been upgraded from version 0.89 to 0.90.
+
+=item *
+
+L<Unicode::Normalize> has been upgraded from version 1.14 to 1.15.
+
+=item *
+
+L<warnings> has been upgraded from version 1.14 to 1.15.
+
+=item *
+
+L<Win32CORE> has been upgraded from version 0.03 to 0.04.
+
 =back
 
 =head2 Removed Modules and Pragmata
@@ -395,9 +457,9 @@ L</Modules and Pragmata> section.
 
 =over 4
 
-=item XXX-some-platform
+=item Win32
 
-XXX
+The option to build without USE_SOCKETS_AS_HANDLES has been removed.
 
 =back
 
@@ -640,6 +702,15 @@ buffer in place.
 C<length($object)> no longer returns the undefined value if the object has
 string overloading that returns undef.  [perl #115260]
 
+=item *
+
+The use of C<PL_stashcache>, the stash name lookup cache for method calls, has
+been restored,
+
+Commit da6b625f78f5f133 in August 2011 inadvertently broke the code that looks
+up values in C<PL_stashcache>. As it's a only cache, quite correctly everything
+carried on working without it.
+
 =back
 
 =head1 Known Problems