4a94479f96
Required changes: * Add qualifying '.' to scripts or to @INC, as appropriate since we're enabling default_inc_excludes_dot; * Add new platform/library definitions like double-double format and locale library functions/headers; * Delete patch 020 as it's been upstreamed; Optional changes: * Instead of using -@rm and having that fail, emit an error message, and be ignored, just use @rm -f instead which will always succeed. Security [CVE-2017-12837] Heap buffer overflow in regular expression compiler Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed. [perl #131582] [CVE-2017-12883] Buffer over-read in regular expression parser For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed. [perl #131598] [CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows A possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. [perl #131665] Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> |
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| Config.in | ||
| Makefile | ||
| perlbase.mk | ||
| perlmod.mk | ||
| README.patches | ||
The patches in this package are loosely sorted into the following categories: 0xx - Bugfixes 1xx - Cross-compile fixes 3xx - Workarounds 7xx - Testsuite fixes Feel free to add another one if your new patch doesn't seem to fit into an existing category.