$HOME's parent directory isn't readable by an unprivileged user.
Tested on Linux with unprivileged pkgsrc (DreamHost, where the
problem was encountered) and on Mac OS X with a more typical setup.
A large number of packages have had their internal regression tests
run successfully with this update, including mod_perl for Apache.
Pkgsrc changes: a number of our local patches are no longer needed.
Upstream changes from version 5.8.8:
# Core Enhancements
* The feature pragma
* New -E command-line switch
* Defined-or operator
* Switch and Smart Match operator
* Regular expressions
* say()
* Lexical $_
* The _ prototype
* UNITCHECK blocks
* New Pragma, mro
* readdir() may return a "short filename" on Windows
* readpipe() is now overridable
* Default argument for readline()
* state() variables
* Stacked filetest operators
* UNIVERSAL::DOES()
* Formats
* Byte-order modifiers for pack() and unpack()
* no VERSION
* chdir, chmod and chown on filehandles
* OS groups
* Recursive sort subs
* Exceptions in constant folding
* Source filters in @INC
* New internal variables
* Miscellaneous
* UCD 5.0.0
* MAD
* kill() on Windows
# Incompatible Changes
* Packing and UTF-8 strings
* Byte/character count feature in unpack()
* The $* and $# variables have been removed
* substr() lvalues are no longer fixed-length
* Parsing of -f _
* :unique
* Effect of pragmas in eval
* chdir FOO
* Handling of .pmc files
* $^V is now a version object instead of a v-string
* @- and @+ in patterns
* $AUTOLOAD can now be tainted
* Tainting and printf
* undef and signal handlers
* strictures and dereferencing in defined()
* (?p{}) has been removed
* Pseudo-hashes have been removed
* Removal of the bytecode compiler and of perlcc
* Removal of the JPL
* Recursive inheritance detected earlier
# Modules and Pragmata
* Upgrading individual core modules
* Pragmata Changes
* New modules
* Selected Changes to Core Modules
# Utility Changes
# New Documentation
# Performance Enhancements
* In-place sorting
* Lexical array access
* XS-assisted SWASHGET
* Constant subroutines
* PERL_DONT_CREATE_GVSV
* Weak references are cheaper
* sort() enhancements
* Memory optimisations
* UTF-8 cache optimisation
* Sloppy stat on Windows
* Regular expressions optimisations
# Installation and Configuration Improvements
* Configuration improvements
* Compilation improvements
* Installation improvements
* New Or Improved Platforms
# Selected Bug Fixes
# New or Changed Diagnostics
# Changed Internals
* Reordering of SVt_* constants
* Elimination of SVt_PVBM
* New type SVt_BIND
* Removal of CPP symbols
* Less space is used by ops
* New parser
* Use of const
* Mathoms
* AvFLAGS has been removed
* av_* changes
* $^H and %^H
* B:: modules inheritance changed
* Anonymous hash and array constructors
...
See 'perldoc perldelta' or http://perldoc.perl.org/perldelta.html
for explanation of each of these points.
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
build executable, either by using the same constants or by sourcing the
config.sh script created by Configure.
Don't create $installsitearch and don't attempt to remove
$installvendorarch, the former is easy and the latter not needed.
in declarations when compiling C++ code. Patch the perl.h and XSUB.h
headers to avoid using this attribute if using GCC<3.4 and building
C++ modules. This fixes PR pkg/33403 by OBATA Akio.
Bump PKGREVISION to 2.
* Updates of many standard Perl modules.
* Performance enhancements for loadable modules and memory usage.
* Fixed bug when running with "-w". Previously when running with
warnings enabled globally via "-w", selective disabling of specific
warning categories would actually turn off all warnings. This
is now fixed; now "no warnings 'io';" will only turn off warnings
in the "io" class. This bug fix may cause some programs to start
correctly issuing warnings.
* Perl 5.8.4 introduced a change so that assignments of "undef" to a
scalar, or of an empty list to an array or a hash, were optimised away.
As this could cause problems when "goto" jumps were involved, this
change has been backed out.
* Using the sprintf function with some formats could lead to a
buffer overflow in some specific cases. This has been fixed,
along with several other bugs, notably in bounds checking.
* Fixed bug in pkgsrc-installed perl-5.8.7 and all subsequent
PKGREVISIONs, where perl didn't look for site modules under
/usr/pkg/lib/perl5/site_perl, but only under
/usr/pkg/lib/perl5/site_perl/5.8.0, and similarly for the vendor
modules.
* Honor PKGMANDIR when installing man pages.
CVE-2005-3916 - format string vulnerability in scripts using syslog()
CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn()
Bump the PKGREVISION to 7.
library searches to start in the system directories instead of in the
pkgsrc-controlled directories. This change is in the same spirit as
the one that caused the PKGREVISION bump to 6, but is more likely to
work on IRIX where plibpth needs to be set from the Configure script.
This time, we patch the Configure script instead of setting libpth in
the hints file because we depend on the values of variables which are
defined after the hints file is sourced by the Configure script.
XXX This breaks building perl on a platform that has native pthreads
XXX with PREFER_NATIVE_PTHREADS=no, but that's not really worthwhile
XXX to fix.
perl suffers from an integer wrap overflow inside the explicit
parameter format string functionality. This has been confirmed to
be a vector for remote code execution.
Bump PKGREVISION to 5.
because some Perl modules make some (bad) assumptions about the
structure of a MakeMaker-generated Makefile. Instead, remove the
perllocal.pod file whenever a p5-* module or perl itself is removed.
While here, rename some of the install/deinstall templates to more
descriptive names.
Bump the PKGREVISION to 3.
$(prefix) == $(siteprefix) == $(vendorprefix)
so that if a perl module is configured with "perl Makefile.PL PREFIX=...",
then that single PREFIX definition will override all three of the
above, and files will be properly installed into the correct relative
path. Also, patch a test so that it understands the different behavior
of the pkgsrc ExtUtils::MakeMaker module. Bump the PKGREVISION to 2.
for many "core" modules, UTF-8 and Unicode bugfixes, and ithreads
bugfixes.
The major changes are in the pkgsrc infrastructure to handle Perl and
Perl modules. All pkgsrc-installed Perl modules are now installed in
"vendor" directories, and the perl interpreter has been modifed to
search for libraries in the following order: site, vendor, perl. The
Perl library is stored in a directory that is named for the Perl ABI
version associated with the Perl release, so any updates of Perl to
newer versions can be done "in-place" as long as Perl ABI version
remains the same. All Perl scripts and man pages are stored in
locations that won't conflict between site, vendor, and perl modules,
and a new utility perllink(1) now manages symlinks to those scripts
and man pages under the usual ${LOCALBASE}/bin and ${LOCALBASE}/man/man1.
PERL5_SITEPREFIX may be set to the prefix where local, site-specific
modules will be installed, e.g. PERL5_SITEPREFIX=/usr/local. Note
that modules installed here are completely unmanaged by pkgsrc.
Update the buildlink and tool dependencies on perl to require perl>=5.8.7
to reflect the new locations for Perl modules and the Perl shared
library.
MIPSPro compiler/preprocessor behaves differently if invoked on
stdin vs file. In configure, we test for stdin, but lateron we use files.
So force it to work the way we know it does.
and 5.6.1nb10 include pulling in changes from the latest Perl sources
that add a more complete set of directories on NetBSD systems to the
rpath of Perl modules so that they may find libperl.so. The module
build/installation is now robust against the user overriding the value
of INSTALLARCHLIB.
libgcc.a isn't linked "whole archive" into the perl executable on newer
NetBSD systems (>1.5.x). Newer NetBSD systems have libgcc_pic.a linked
into shared libraries, so this hack isn't needed. This change was tested
by building and testing textproc/xerces-p, a C++ perl5 module that uses
functions in libgcc.a.
we install them into a private directory under the the normal Perl
installation and configure Perl so that site-specific Perl man3 pages
are installed into a private directory within site_perl. This avoids
manpage conflicts between 3rd-party modules, the standard Perl library,
and other packages.
The changes implement some unfinished work that is alluded to in the
MakeMaker.pm module by allowing "installsiteman{1,3}dir" to be set
during the configuration process and are used to provide default values
for INSTALLSITEMAN{1,3}DIR during the Perl module build/install process.
Bump PKGREVISIONs for lang/perl5 and lang/perl58.
