-
Notifications
You must be signed in to change notification settings - Fork 2
/
perl5263cdelta.html
201 lines (128 loc) · 10.3 KB
/
perl5263cdelta.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>perl5263cdelta - what is new for cperl v5.26.3</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:[email protected]" />
</head>
<body>
<ul id="index">
<li><a href="#NAME">NAME</a></li>
<li><a href="#DESCRIPTION">DESCRIPTION</a></li>
<li><a href="#Security">Security</a>
<ul>
<li><a href="#CVE-2018-6797-heap-buffer-overflow-WRITE-of-size-1-in-S_regatom-regcomp.c">[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)</a></li>
<li><a href="#CVE-2018-6798-Heap-buffer-overflow-in-Perl__byte_dump_string-utf8.c">[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)</a></li>
<li><a href="#CVE-2018-6913-heap-buffer-overflow-in-S_pack_rec">[CVE-2018-6913] heap-buffer-overflow in S_pack_rec</a></li>
<li><a href="#Assertion-failure-in-Perl__core_swash_init-utf8.c">Assertion failure in Perl__core_swash_init (utf8.c)</a></li>
</ul>
</li>
<li><a href="#Incompatible-Changes">Incompatible Changes</a></li>
<li><a href="#Modules-and-Pragmata">Modules and Pragmata</a>
<ul>
<li><a href="#Updated-Modules-and-Pragmata">Updated Modules and Pragmata</a></li>
</ul>
</li>
<li><a href="#Documentation">Documentation</a>
<ul>
<li><a href="#Changes-to-Existing-Documentation">Changes to Existing Documentation</a>
<ul>
<li><a href="#perluniprops">perluniprops</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#Platform-Support">Platform Support</a>
<ul>
<li><a href="#Platform-Specific-Notes">Platform-Specific Notes</a></li>
</ul>
</li>
<li><a href="#Selected-Bug-Fixes">Selected Bug Fixes</a></li>
<li><a href="#Acknowledgements">Acknowledgements</a></li>
<li><a href="#Reporting-Bugs">Reporting Bugs</a></li>
<li><a href="#SEE-ALSO">SEE ALSO</a></li>
</ul>
<h1 id="NAME">NAME</h1>
<p>perl5263cdelta - what is new for cperl v5.26.3</p>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
<p>This document describes the differences between the cperl 5.26.2c and the cperl 5.26.3c releases.</p>
<p>If you are upgrading from an earlier release such as v5.26.1c, first read the <a href="/cperl/perl5262cdelta.html">perl5262cdelta</a> documentation, which describes differences between v5.26.1c and v5.26.2c.</p>
<h1 id="Security">Security</h1>
<h2 id="CVE-2018-6797-heap-buffer-overflow-WRITE-of-size-1-in-S_regatom-regcomp.c">[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)</h2>
<p>A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. <a href="https://rt.perl.org/Public/Bug/Display.html?id=132227">[perl #132227]</a></p>
<h2 id="CVE-2018-6798-Heap-buffer-overflow-in-Perl__byte_dump_string-utf8.c">[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)</h2>
<p>Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure. <a href="https://rt.perl.org/Public/Bug/Display.html?id=132063">[perl #132063]</a></p>
<h2 id="CVE-2018-6913-heap-buffer-overflow-in-S_pack_rec">[CVE-2018-6913] heap-buffer-overflow in S_pack_rec</h2>
<p><code>pack()</code> could cause a heap buffer write overflow with a large item count. <a href="https://rt.perl.org/Public/Bug/Display.html?id=131844">[perl #131844]</a></p>
<h2 id="Assertion-failure-in-Perl__core_swash_init-utf8.c">Assertion failure in Perl__core_swash_init (utf8.c)</h2>
<p>Control characters in a supposed Unicode property name could cause perl to crash. This has been fixed. <a href="https://rt.perl.org/Public/Bug/Display.html?id=132055">[perl #132055]</a> <a href="https://rt.perl.org/Public/Bug/Display.html?id=132553">[perl #132553]</a> <a href="https://rt.perl.org/Public/Bug/Display.html?id=132658">[perl #132658]</a></p>
<h1 id="Incompatible-Changes">Incompatible Changes</h1>
<p>There are no changes intentionally incompatible with 5.26.2c. If any exist, they are bugs, and we request that you submit a report. See <a href="#Reporting-Bugs">"Reporting Bugs"</a> below.</p>
<h1 id="Modules-and-Pragmata">Modules and Pragmata</h1>
<h2 id="Updated-Modules-and-Pragmata">Updated Modules and Pragmata</h2>
<ul>
<li><p><a href="/cperl/lib/Module/CoreList.html">Module::CoreList</a> has been upgraded from version 5.20170922_26 to 5.20180414_26.</p>
</li>
<li><p><a href="/cperl/lib/PerlIO/via.html">PerlIO::via</a> has been upgraded from version 0.16 to 0.17.</p>
</li>
<li><p><a href="/cperl/lib/Term/ReadLine.html">Term::ReadLine</a> has been upgraded from version 1.16 to 1.17.</p>
</li>
<li><p><a href="/cperl/lib/Unicode/UCD.html">Unicode::UCD</a> has been upgraded from version 0.68 to 0.69_02.</p>
</li>
</ul>
<h1 id="Documentation">Documentation</h1>
<h2 id="Changes-to-Existing-Documentation">Changes to Existing Documentation</h2>
<h3 id="perluniprops"><a href="/cperl/perluniprops.html">perluniprops</a></h3>
<ul>
<li><p>This has been updated to note that <code>\p{Word}</code> now includes code points matching the <code>\p{Join_Control}</code> property. The change to the property was made in Perl 5.18, but not documented until now. There are currently only two code points that match this property: U+200C (ZERO WIDTH NON-JOINER) and U+200D (ZERO WIDTH JOINER).</p>
</li>
</ul>
<h1 id="Platform-Support">Platform Support</h1>
<h2 id="Platform-Specific-Notes">Platform-Specific Notes</h2>
<dl>
<dt id="Windows">Windows</dt>
<dd>
<p>Visual C++ compiler version detection has been improved to work on non-English language systems. <a href="https://rt.perl.org/Public/Bug/Display.html?id=132421">[perl #132421]</a></p>
<p>We now set <code>$Config{libpth}</code> correctly for 64-bit builds using Visual C++ versions earlier than 14.1. <a href="https://rt.perl.org/Public/Bug/Display.html?id=132484">[perl #132484]</a></p>
</dd>
</dl>
<h1 id="Selected-Bug-Fixes">Selected Bug Fixes</h1>
<ul>
<li><p>The <code>readpipe()</code> built-in function now checks at compile time that it has only one parameter expression, and puts it in scalar context, thus ensuring that it doesn't corrupt the stack at runtime. <a href="https://rt.perl.org/Public/Bug/Display.html?id=4574">[perl #4574]</a></p>
</li>
<li><p>Fixed a use after free bug in <code>pp_list</code> introduced in Perl 5.27.1. <a href="https://rt.perl.org/Public/Bug/Display.html?id=131954">[perl #131954]</a></p>
</li>
<li><p>Parsing a <code>sub</code> definition could cause a use after free if the <code>sub</code> keyword was followed by whitespace including newlines (and comments). <a href="https://rt.perl.org/Public/Bug/Display.html?id=131836">[perl #131836]</a></p>
</li>
<li><p>The tokenizer now correctly adjusts a parse pointer when skipping whitespace in an <code> ${identifier} </code> construct. <a href="https://rt.perl.org/Public/Bug/Display.html?id=131949">[perl #131949]</a></p>
</li>
<li><p>Accesses to <code>${^LAST_FH}</code> no longer assert after using any of a variety of I/O operations on a non-glob. <a href="https://rt.perl.org/Public/Bug/Display.html?id=128263">[perl #128263]</a></p>
</li>
<li><p><code>sort</code> now performs correct reference counting when aliasing <code>$a</code> and <code>$b</code>, thus avoiding premature destruction and leakage of scalars if they are re-aliased during execution of the sort comparator. <a href="https://rt.perl.org/Public/Bug/Display.html?id=92264">[perl #92264]</a></p>
</li>
<li><p>Some convoluted kinds of regexp no longer cause an arithmetic overflow when compiled. <a href="https://rt.perl.org/Public/Bug/Display.html?id=131893">[perl #131893]</a></p>
</li>
<li><p>Fixed a duplicate symbol failure with <b>-flto -mieee-fp</b> builds. <i>pp.c</i> defined <code>_LIB_VERSION</code> which <b>-lieee</b> already defines. <a href="https://rt.perl.org/Public/Bug/Display.html?id=131786">[perl #131786]</a></p>
</li>
<li><p>A NULL pointer dereference in the <code>S_regmatch()</code> function has been fixed. <a href="https://rt.perl.org/Public/Bug/Display.html?id=132017">[perl #132017]</a></p>
</li>
<li><p>Failures while compiling code within other constructs, such as with string interpolation and the right part of <code>s///e</code> now cause compilation to abort earlier.</p>
<p>Previously compilation could continue in order to report other errors, but the failed sub-parse could leave partly parsed constructs on the parser shift-reduce stack, confusing the parser, leading to perl crashes. <a href="https://rt.perl.org/Public/Bug/Display.html?id=125351">[perl #125351]</a></p>
</li>
</ul>
<h1 id="Acknowledgements">Acknowledgements</h1>
<p>Generated with:</p>
<pre><code> cperl Porting/acknowledgements.pl cperl-5.26.2..HEAD</code></pre>
<h1 id="Reporting-Bugs">Reporting Bugs</h1>
<p>If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at <a href="https://rt.perl.org/">https://rt.perl.org/</a> . There may also be information at <a href="http://www.perl.org/">http://www.perl.org/</a> , the Perl Home Page.</p>
<p>If you believe you have an unreported bug, please run the <a>cperlbug</a> program included with your release. Be sure to trim your bug down to a tiny but sufficient test case. Your bug report, along with the output of <code>perl -V</code>, will be sent off to [email protected] to be analysed by the Perl porting team.</p>
<p>If you think it's a cperl specific bug or trust the cperl developers more please file an issue at <a href="https://github.com/perl11/cperl/issues">https://github.com/perl11/cperl/issues</a>.</p>
<p>If the bug you are reporting has security implications which make it inappropriate to send to a publicly archived mailing list, then see <a href="/cperl/perlsec.html#SECURITY-VULNERABILITY-CONTACT-INFORMATION">"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec</a> For details of how to report the issue.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
<p>The <i>Changes</i> file for an explanation of how to view exhaustive details on what changed.</p>
<p>The <i>INSTALL</i> file for how to build Perl.</p>
<p>The <i>README</i> file for general stuff.</p>
<p>The <i>Artistic</i> and <i>Copying</i> files for copyright information.</p>
</body>
</html>