Upstream changes:
Incompatible Changes
There are no changes intentionally incompatible with 5.12.1.
If any exist, they are bugs and reports are welcome.
Core Enhancements
Other than the bug fixes listed below, there should be no
user-visible changes to the core language in this release.
Modules and Pragmata
New Modules and Pragmata
This release does not introduce any new modules or pragmata.
Pragmata Changes
In the previous release, no VERSION; statements triggered a bug
which could cause feature bundles to be loaded and strict mode
to be enabled unintentionally.
Updated Modules
Carp
Upgraded from version 1.16 to 1.17.
Carp now detects incomplete caller() overrides and avoids using bogus
@DB::args. To provide backtraces, Carp relies on particular behaviour
of the caller built-in. Carp now detects if other code has overridden
this with an incomplete implementation, and modifies its backtrace
accordingly. Previously incomplete overrides would cause incorrect
values in backtraces (best case), or obscure fatal errors (worst case)
This fixes certain cases of Bizarre copy of ARRAY caused by modules
overriding caller() incorrectly.
CPANPLUS
A patch to cpanp-run-perl has been backported from CPANPLUS 0.9004.
This resolves [perl #55964] and [perl #57106], both of which related
to failures to install distributions that use Module::Install::DSL.
File::Glob
A regression which caused a failure to find CORE::GLOBAL::glob after
loading File::Glob to crash has been fixed. Now, it correctly falls
back to external globbing via pp_glob.
File::Copy
File::Copy::copy(FILE, DIR) is now documented.
File::Spec
Upgraded from version 3.31 to 3.31_01.
Several portability fixes were made in File::Spec::VMS: a colon is now
recognized as a delimiter in native filespecs; caret-escaped
delimiters are recognized for better handling of extended filespecs;
catpath() returns an empty directory rather than the current
directory if the input directory name is empty; abs2rel() properly
handles Unix-style input.
Utility Changes
* perlbug now always gives the reporter a chance to change the email
address it guesses for them.
* perlbug should no longer warn about uninitialized values when using
the -d and -v options.
Changes to Existing Documentation
* The existing policy on backward-compatibility and deprecation has
been added to perlpolicy, along with definitions of terms like
deprecation.
* "srand" in perlfunc's usage has been clarified.
* The entry for "die" in perlfunc was reorganized to emphasize its role
in the exception mechanism.
* Perl's INSTALL file has been clarified to explicitly state that Perl
requires a C89 compliant ANSI C Compiler.
* IO::Socket's getsockopt() and setsockopt() have been documented.
* alarm()'s inability to interrupt blocking IO on Windows has been
documented.
* Math::TrulyRandom hasn't been updated since 1996 and has been removed
as a recommended solution for random number generation.
* perlrun has been updated to clarify the behaviour of octal flags to
perl.
* To ease user confusion, $# and $*, two special variables that were
removed in earlier versions of Perl have been documented.
* The version of perlfaq shipped with the Perl core has been updated
from the official FAQ version, which is now maintained in the
briandfoy/perlfaq branch of the Perl repository at
git://perl5.git.perl.org/perl.git.
Installation and Configuration Improvements
Configuration improvements
* The d_u32align configuration probe on ARM has been fixed.
Compilation improvements
* An "incompatible operand types" error in ternary expressions when
building with clang has been fixed.
* Perl now skips setuid File::Copy tests on partitions it detects to
be mounted as nosuid.
Selected Bug Fixes
* A possible segfault in the T_PRTOBJ default typemap has been fixed.
* A possible memory leak when using caller() to set @DB::args has been
fixed.
* Several memory leaks when loading XS modules were fixed.
* unpack() now handles scalar context correctly for %32H and %32u,
fixing a potential crash. split() would crash because the third item
on the stack wasn't the regular expression it expected.
unpack("%2H", ...) would return both the unpacked result and the
checksum on the stack, as would unpack("%2u", ...). [perl #73814]
* Perl now avoids using memory after calling free() in pp_require when
there are CODEREFs in @INC.
* A bug that could cause "Unknown error" messages when
"call_sv(code, G_EVAL)" is called from an XS destructor has been fixed.
* The implementation of the open $fh, '>' \$buffer feature now supports
get/set magic and thus tied buffers correctly.
* The pp_getc, pp_tell, and pp_eof opcodes now make room on the stack
for their return values in cases where no argument was passed in.
* When matching unicode strings under some conditions inappropriate
backtracking would result in a Malformed UTF-8 character (fatal)
error. This should no longer occur. See [perl #75680]
Platform Specific Notes
AIX
* README.aix has been updated with information about the XL C/C++ V11
compiler suite.
Windows
* When building Perl with the mingw64 x64 cross-compiler incpath,
libpth, ldflags, lddlflags and ldflags_nolargefiles values in
Config.pm and Config_heavy.pl were not previously not being set
correctly because, with that compiler, the include and lib
directories are not immediately below $(CCHOME).
VMS
* git_version.h is now installed on VMS. This was an oversight in
v5.12.0 which caused some extensions to fail to build.
* Several memory leaks in stat() have been fixed.
* A memory leak in Perl_rename() due to a double allocation has been
fixed.
* A memory leak in vms_fid_to_name() (used by realpath() and
realname()) has been fixed.
last two years. From the git commit log:
2010-06-23
Create longest possible path first in mkdirs routine. radmind-1.14.0rc1
2010-05-28
Updated radmind man page with CRL documentation.
2010-05-28
[Patch 2930172]: Add support for CRLs
2010-02-03
Fix: check argument count when encountering a minus...
2010-01-28
[Bug 2927309]: ktcheck cores with recursive command...
2010-01-20
Fix: -r (use randfile) was being ignored.
2010-01-13
[Patch 2931438]: Change port back to standard on failur...
2009-12-15
node_create sometimes takes a NULL transcript name.
2009-12-06
[Bug 1816150]: Can't replace dir with file.
2009-11-19
Accidentally placed dns_sd check in the PAM if-block.
2009-11-19
Pull Wes's path repetition dectection patch from CVS.
2009-11-19
Add --with-pam.
2009-11-17
[Patch 2899332] Fix and document -p option to ra.sh.
2009-11-11
[Patch 2524867] Add -p option for ra.sh (for port).
2009-11-11
[Patch 2877346] Add a copy mode to lmerge.
2009-11-11
Fix: missing closing quotation mark in lcksum error...
2009-10-28
[Bug 2887658]: fsdiff prints multiple lines for changin...
2009-10-15
Fix: lcksum crashes when given a minus (-) line with...
2009-10-15
Accept 2845279: Updated rash manpage
2009-09-11
Quick fix for pam_conv struct compiler nagging.
2009-09-11
Fix empty prepath check in lapply and lcksum
2009-08-18
Exclude leftovers from autoconf and git when making...
2009-08-18
Do not track configure script.
2009-08-01
Eliminate old workaround for broken mkdir on old versio... origin
2009-02-23
Only use $USERNAME if $USERAUTH is enabled.
2009-01-29
Fix bug 2541171. Patch from bawood at umich dot edu.
2008-12-11
Proof-of-concept code using Apple's FSEvents API. Can...
As of the 1.2 release, the core Django framework includes a system, enabled by
default, for detecting and preventing cross-site request forgery (CSRF) attacks
against Django-powered applications. Previous Django releases provided
a different, optionally-enabled system for the same purpose.
The Django 1.2 CSRF protection system involves the generation of a random
token, inserted as a hidden field in outgoing forms. The same value is also
set in a cookie, and the cookie value and form value are compared on submission.
The provided template tag for inserting the CSRF token into forms --
{% csrf_token %} -- explicitly trusts the cookie value, and displays it as-is.
Thus, an attacker who is able to tamper with the value of the CSRF cookie can
cause arbitrary content to be inserted, unescaped, into the outgoing HTML of
the form, enabling cross-site scripting (XSS) attacks.
This issue was first reported via a public ticket in Django's Trac instance;
while being triaged it was then independently reported, with broader
description, by Jeff Balogh of Mozilla.
close PR#43791.
Changes to pkgsrc
* use INSTALL_SCRIPT from configure (patch-ab).
* update tclsh name, current its version in pkgsrc is 8.4.
CHANGES TO REMIND
* Version 3.1 Patch 9 - 2010-06-20
- MAJOR ENHANCEMENT: New "purge mode" to delete expired reminders. See
the PURGE MODE section of the remind man page.
- ENHANCEMENT: Support DURATION in TkRemind. Thanks to Marek Marczykowski.
- BUG FIX: Don't change the order of PS and PSFILE reminders. Bug found
by John McGowan.
- BUG FIX: "REM 1990-01-01 SATISFY 1" would yield a spurious parse error
in earlier versions of Remind.
- BUG FIX: Yom HaShoah is moved to Thursday if it would normally fall on
a Friday. Thanks to Jonathan Kamens for pointing this out.
* Version 3.1 Patch 8 - 2010-03-09
- ENHANCEMENT: Include some useful scripts in contrib/
- ENHANCEMENT: Add the $T, $Td, $Tm, $Tw, $Ty, $U, $Ud, $Um, $Uw, $Uy
special variables to make reminder files less wordy. See man page
for details.
- MINOR ENHANCEMENT: Set an icon photo window manager resource on TkRemind.
- POLICY CHANGE: Discourage use of Remind on MS Windows or Apple Mac OS X.
- BUG FIX: Ignore msgprefix() and msgsuffix() on RUN-type reminders.
- BUG FIX: Adjust Remind and Rem2PS so that SHADE specials don't obliterate
earlier MOON specials.
- BUG FIX: Fix bug in SCHED calculations if Remind is started in the middle
of a SCHED interval.
* Message-ID searches on Google Groups work again
* Add-ons preferences button for Lightning should work now
* Security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-60 XSS using SJOW scripted function
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
