| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
gh16947 and gh17743: studying GOSUB may restudy in an inner call
(via a mix of recursion and enframing) something that an outer call
is in the middle of looking at. Let the outer frame deal with it.
(CVE-2020-12723)
(cherry picked from commit c4033e740bd18d9fbe3456a9db2ec2053cdc5271)
|
| |
|
|
|
|
|
| |
(CVE-2020-10878) Be conservative for backporting, we'll aim to do
something more aggressive for bleadperl.
(cherry picked from commit 9d7759db46f3b31b1d3f79c44266b6ba42a47fc6)
|
| |
|
|
|
|
| |
(CVE-2020-10878)
(cherry picked from commit 93dee06613d4e1428fb10905ce1c3c96f53113dc)
|
| |
|
|
|
|
|
|
| |
(CVE-2020-10543) On 32bit systems the size calculations for nested regular
expression quantifiers could overflow causing heap memory corruption.
Fixes: Perl/perl5-security#125
(cherry picked from commit bfd31397db5dc1a5c5d3e0a1f753a4f89a736e71)
|
| |
|
|
| |
(cherry picked from commit 033d4d869f11e17980732c7baabfa2dce6b77d0f)
|
| |
|
|
|
|
| |
- Remove boilerplate
- Fill in Modules and Pragmata
- To do: Security, Acknowledgements
|
| |
|
|
| |
($VERSION bumps, Changes entry, Porting/corelist.pl and %released date)
|
| |
|
|
| |
(includes regen/opcode.pl)
|
| |
|
|
| |
(cherry picked from commit d4ae27f09bc08ceb90f8878b937ce53d1845d49d)
|
| |
|
|
| |
(cherry picked from commit e9526ab55c90efeae043256a53b4bebb489bc230)
|
| |
|
|
| |
(cherry picked from commit 68e9d03832718433d4bd89cc6821b0f4ce5bbb55)
|
| |
|
|
| |
(manually cherry picked from commit 184a23e13ae8a07c90d3d6abea6272e21f886ed3)
|
| |
|
|
| |
(cherry picked from commit c3aea60432d9deca9ad0870e6071027c514eed63)
|
| |
|
|
| |
(cherry picked from commit 6d07f99dbe90145c4a33f49168ee26b294f94748)
|
| |
|
|
| |
(cherry picked from commit f968313ecf52356c727d2b3a2c45a4db94778702)
|
| |
|
|
| |
(manually cherry picked from commit e11072e08116ca37e77aba06b913ef2594dab365)
|
| |
|
|
| |
(manually cherry picked from commit 184a23e13ae8a07c90d3d6abea6272e21f886ed3)
|
| |
|
|
| |
(cherry picked from commit a1405bc2659020f0f58fc485f6c1ebcf2deb4087)
|
| |
|
|
| |
(cherry picked from commit fa20e304ada6ee23683e564c03de9ca112ca97a7)
|
| |
|
|
| |
(manually cherry picked from commit 5ea547c5b45f696933a96dc26898455606df7b3d)
|
| |
|
|
| |
(manually cherry picked from commit e11072e08116ca37e77aba06b913ef2594dab365)
|
| |
|
|
| |
(manually cherry picked from commit 4e0a0b9417f340f4f5bcce09ea347510f2328c05)
|
| |
|
|
| |
(manually cherry picked from commit 422738c6f52f0741dc5c6fb973f4f46b9c2919b2)
|
| |
|
|
|
|
| |
This got missed by 4b9ba9feb3.
(cherry picked from commit 683abb3738712246e299a0933103519d9146c8b8)
|
| |
|
|
|
|
|
| |
use a convoluted incantation to be able to set
'use strict; use warnings' only for Perl > 5.6
(manually cherry picked from commit 043ae7481cd3d05b453e0830b34573b7eef2aade)
|
| |
|
|
| |
(manually cherry picked from commit 4b9ba9feb3d51bf370480b00365cd57068336ed4)
|
| |
|
|
| |
(cherry picked from commit 021cdc52fc693b45d1b1376d6a98c988d68a5106)
|
| |
|
|
|
|
| |
This got missed by 30107e92e6 on the maint-5.30 branch.
(cherry picked from commit 8a4b409d4945e83d6de4753c50e186bb35ce4ca5)
|
| | |
|
| |
|
|
| |
(cherry picked from commit 1f8b013156f6f63fc460b4a462c0b5d3508e306d)
|
| |
|
|
| |
(cherry picked from commit 7d4ef03ab043987c7855a6b24506e21bc39f0e23)
|
| | |
|
| |
|
|
| |
(cherry picked from commit a95cd3790b356200965b96c1708fc2d47f4a86cb)
|
| |
|
|
|
|
|
|
|
| |
This reverts commit b7b8b099a2106c45a577e9cd7b9f1653736cf89a.
I do not think this is currently suitable for maint, given GH#17567
and the attempt at fixing it in fb8188b84d which was itself
reverted in 6311900a66. (See also the documentation update in
ee428a211d.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
darwin can compile perlapi.o without any symbols.
libperl.t is running 'mm -m ./libperl.a' and is
is viewing the 'no symbols' stderr output from perlapi.o
then fail.
'nm -g perlapi.o'
We can either add a dummy symbol to libperl via
regen/embed.pl or simply ignore that error in a generic way,
or avoid compiling that file when not needed.
Notice the error with nm 11.0.0
Apple LLVM version 11.0.0 (clang-1100.0.33.8)
The older version of nm does not raise a warning for empty .o
files.
Steps to reproduce:
echo '' > test.c; gcc -o test.o -c test.c; nm -g test.o
(cherry picked from commit d74b131b0ba952f0c894f2462279e1dc12f94d82)
|
| |
|
|
| |
(cherry picked from commit ae01c992e1a43c5a5a9f4d6ec02f28d57974d9ac)
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
(cherry picked from commit 67f717d4992283a8a6a501bf75b64863453970f1)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I got a notice from Jeff Law <law@redhat.com>:
Your particular package fails its testsuite. This was ultimately
tracked down to a Configure problem. The perl configure script treated
gcc-10 as gcc-1 and turned on -fpcc-struct-return. This is an ABI
changing flag and caused Perl to not be able to interact properly with
the dbm libraries on the system leading to a segfault.
His proposed patch corrected only this one instance of the version
mismatch. Reading the Configure script revealed more issues. This
patch fixes all of them I found.
Please note I do not have GCC 10 available, I tested it by faking the version
with:
--- a/Configure
+++ b/Configure
@@ -4672,7 +4672,7 @@ $cat >try.c <<EOM
int main() {
#if defined(__GNUC__) && !defined(__INTEL_COMPILER)
#ifdef __VERSION__
- printf("%s\n", __VERSION__);
+ printf("%s\n", "10.0.0");
#else
printf("%s\n", "1");
#endif
(cherry picked from commit 6bd6308fcea3541e505651bf8e8127a4a03d22cd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 15cab4d7052 the if (!SIZE_ONLY) logic was removed from regcomp.c,
but in a few places this was excessively zealous, as the braces were
removed from multiline constructs inside of DEBUG_PARSE_r macros.
EG:
DEBUG_PARSE_r(if (!SIZE_ONLY) {
stuff1;
stuff2;
stuff3;
});
was turned into
DEBUG_PARSE_r(
stuff1;
stuff2;
stuff3;
);
Which means that ONLY the first statement in the block was covered
by the DEBUG_PARSE_r() conditional logic. The conversion should have
been:
DEBUG_PARSE_r({
stuff1;
stuff2;
stuff3;
});
IOW, it was necessary to preserve the {} braces in the macro call.
This silences various forms of debugging that should not be visible
in a plain
use re 'debug';
and should only be visible with something like
use re Debug => 'ALL';
Eg in:
$ ./perl -Ilib -Mre=debug -le'/(foo|bar|baz)/'
Compiling REx "(foo|bar|baz)"
~ tying lastbr BRANCH (9) to ender CLOSE1 (12) offset 3
~ tying lastbr OPEN1 (1) to ender END (14) offset 13
Final program:
1: OPEN1 (3)
3: TRIE-EXACT[bf] (12)
<foo>
<bar>
<baz>
12: CLOSE1 (14)
14: END (0)
stclass AHOCORASICK-EXACT[bf] minlen 3
Freeing REx: "(foo|bar|baz)"
The "~ tying lastbr" lines are of interest pretty much only to
someone working on or maintaining the regex engine and should not
be visible to a casual user, not only because they are ugly but
also because the context to understand them is missing and they
do not help understanding how the regex operates.
(cherry picked from commit d8e1e69d20817fd4b9d94736c97ef585900451a4)
|
| |
|
|
|
| |
Now aiming for 14th March. (A security-based 5.30.3 will hopefully follow
soonish afterwards.)
|
| |
|
|
| |
(cherry picked from commit 0b07af7387796329c0568b1e68d5a16421beb623)
|
| |
|
|
| |
(cherry picked from commit 7724f4c3794b4357947786b9e9a9021d38d0911c)
|
