5.14.3 and wheezy

Niko Tyni ntyni at debian.org
Fri Oct 19 19:17:46 UTC 2012 

Hi,

assuming that it's too late to get all of 5.14.3 in wheezy, I had a look
at its changelog to find any candidates for cherry-picking.

The obvious ones I found are regressions from squeeze:
#629363, #690975, #690976, and #690979

I'd probably leave these out:
 - perlcheat was updated to 5.14.
 - The smartmatch operator ("~~") was changed so that the right-hand
     side takes precedence during "Any ~~ Object" operations.
 - Module::CoreList has been updated to version 2.49_04 to add data for this release.
 - The system gcc (rather than any other gcc which might be in
    the compiling user's path) is now used when searching for libraries
    such as "-lm".

but I'm a bit undecided particularly on the two first ones.
Input welcome.

All the rest of 5.14.3 is either already included or clearly
not wheezy material IMO. See below.

Detailed listing from perldelta with my notes inline:

- "Digest" unsafe use of eval (CVE-2011-3597)
  #644108, fixed in 5.14.2-2

- Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195)
  #689314, fixed in 5.14.2-14

- PerlIO::scalar was updated to fix a bug in which opening a filehandle
    to a glob copy caused assertion failures (under debugging) or hangs
    or other erratic behaviour without debugging.
  #629363, not strictly a regression as it didn't work properly in
   squeeze either, but the failure mode is now worse (eating all memory)
  wheezy candidate

- ODBM_File and NDBM_File were updated to allow building on GNU/Hurd.
  #636609, fixed in 5.14.1-2
  #645989, fixed in 5.14.2-2

- IPC::Open3 has been updated to fix a regression introduced in perl 5.12, which broke
    "IPC::Open3::open3($in, $out, $err, '-')".  [perl #95748]
  #683894, fixed in 5.14.2-13

- Module::CoreList has been updated to version 2.49_04 to add data for this release.
  probably not wheezy candidate

- perlcheat was updated to 5.14.
  purely a documentation change, not a priority. Not for wheezy?

- h2ph was updated to search correctly gcc include directories on
    platforms such as Debian with multi-architecture support.
  #625808, fixed in 5.14.1-1

- In Configure, the test for procselfexe was refactored into a loop.
    no use for us, not for wheezy

Skipping non-relevant platform specific fixes, remaining ones:

- Linux: libutil is no longer used when compiling on Linux platforms,
    which avoids warnings being emitted.
  fixed in a different way in 5.10.1-20

- Linux: The system gcc (rather than any other gcc which might be in
    the compiling user's path) is now used when searching for libraries
    such as "-lm".
  probably not for wheezy?

- GNU/Hurd: Various build and test fixes were included for GNU/Hurd.
  I believe these are all already in
  
- GNU/Hurd: LFS support was enabled in GNU/Hurd.
  #645790, fixed in 5.14.2-2

- A regression has been fixed that was introduced in 5.14, in "/i"
    regular expression matching, in which a match improperly fails
    if the pattern is in UTF-8, the target string is not, and a
    Latin-1 character precedes a character in the string that should
    match the pattern.  [perl #101710]
  #690975, regression from squeeze, wheezy candidate

- In case-insensitive regular expression pattern matching, no longer
    on UTF-8 encoded strings does the scan for the start of match
    only look at the first possible position.  This caused matches
    such as ""f\x{FB00}" =~ /ff/i" to fail.
  #690976, regression from squeeze, wheezy candidate
  perl -e 'print "ok\n" if "f\x{FB00}" =~ /ff/i'

- The sitecustomize support was made relocatableinc aware, so that
     -Dusesitecustomize and -Duserelocatableinc may be used together.
  not for wheezy

- The smartmatch operator ("~~") was changed so that the right-hand
     side takes precedence during "Any ~~ Object" operations.
  not a regression from squeeze, so probably not for wheezy?

- A bug has been fixed in the tainting support, in which an "index()"
     operation on a tainted constant would cause all other constants
     to become tainted.  [perl #64804]
  #291450, fixed in 5.14.1-1

- A regression has been fixed that was introduced in perl 5.12,
    whereby tainting errors were not correctly propagated through
    "die()".  [perl #111654]
  #663158, fixed in 5.14.2-10

- A regression has been fixed that was introduced in perl 5.14,
    in which "/[[:lower:]]/i" and "/[[:upper:]]/i" no longer matched
    the opposite case.  [perl #101970]
  #690979, regression from squeeze, wheezy candidate
  perl -Mcharnames=:full -e 'print "ok\n" if "\N{LATIN CAPITAL LETTER A WITH DIAERESIS}" =~ /[[:lower:]]/i'

-- 
Niko Tyni   ntyni at debian.org

More information about the Perl-maintainers mailing list