* Tue Jun 09 2020 mls@suse.de
- Fix various security issues in the study_chunk function
[bnc#1171863] [CVE-2020-10543]
[bnc#1171864] [CVE-2020-10878]
[bnc#1171866] [CVE-2020-12723]
new patch: perl-study.diff
- Comment out bad warning in features.ph file [bnc#1172348]
* Wed Feb 05 2020 mls@suse.de
- Backport perl-fix2020.patch to make timelocal calls work in
the year 2020 [bnc#1102840] [bnc#1160039]
new patch: perl-fix2020.patch
* Wed Nov 21 2018 mls@suse.de
- fix heap-based buffer overflow in regex
[bnc#1114686] [CVE-2018-18314]
new patch: perl-extended-charclass-assert.diff
- fix heap-buffer-overflow read if regex contains \0 chars
[bnc#1114681] [CVE-2018-18313]
new patch: perl-regcomp-strchr-memchr.diff
- fix reg_node overrun
[bnc#1114675] [CVE-2018-18312]
new patch: perl-reg-node-overrun.diff
- fix integer overflow with oversize environment
[bnc#1114674] [CVE-2018-18311]
new patch: perl-setenv-integer-wrap.diff
* Wed Jun 27 2018 mls@suse.de
- fix Archive::Tar directory traversal vulnerability [bnc#1096718]
[CVE-2018-12015]
new patch: perl-archive-tar-dirtrav.diff
* Thu Feb 22 2018 fvogt@suse.com
- Use %license (boo#1082318)
* Mon Jan 22 2018 schwab@suse.de
- posix-sigaction.patch: make sure Perl_sighandler is always installed
with SA_SIGINFO (bsc#1064697)
* Wed Jan 10 2018 normand@linux.vnet.ibm.com
- ignore make check transient errors for PowerPC
that are reported since 20170907
bypass boo#1063176
new patch: perl_skip_flaky_tests_powerpc.patch
* Mon Dec 04 2017 bwiedemann@suse.com
- Add perl-reproducible.patch to make build reproducible (boo#1047218)
* Thu Nov 23 2017 rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
* Sat Sep 23 2017 coolo@suse.com
- update to perl-5.26.1
* [CVE-2017-12837] Heap buffer overflow in regular expression compiler
* [CVE-2017-12883] Buffer over-read in regular expression parser
* tons of bug fixes
- update list of obsoletes
* Wed Aug 30 2017 mls@suse.de
- update to perl-5.26.0
* "." no longer in @INC
* "do" may now warn
* regexp: a literal left brace "{" should be escaped
* lexical subroutines are no longer experimental
* indented Here-documents
* new regular expression modifier /xx
* declaring a reference to a variable
* unicode 9.0 is now supported
* new Hash Function For 64-bit Builds
- rename perl-5.24.0.dif to perl-5.26.0.dif
- remove obsolete perl-avoid-warnings.patch
- remove obsolete Compress-Raw-Zlib-2.071-zlib-1.2.11.patch
* Thu May 18 2017 tchvatal@suse.com
- Remove patch from previous commit, does not work:
* Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch
- Add patch taken from upstream release instead:
* Compress-Raw-Zlib-2.071-zlib-1.2.11.patch
* Wed May 10 2017 mpluskal@suse.com
- Fix building with zlib-1.2.10 (RT#119762):
* Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch
* Wed May 03 2017 coolo@suse.com
- Update to perl-5.24.1
- Di switch is now required for PerlIO debugging output
Previously PerlIO debugging output would be sent to the file specified
by the "PERLIO_DEBUG" environment variable if perl wasn't running setuid
and the -T or -t switches hadn't been parsed yet.
If perl performed output at a point where it hadn't yet parsed its
switches this could result in perl creating or overwriting the file
named by "PERLIO_DEBUG" even when the -T switch had been supplied.
Perl now requires the -Di switch to produce PerlIO debugging output. By
default this is written to "stderr", but can optionally be redirected to
a file by setting the "PERLIO_DEBUG" environment variable.
If perl is running setuid or the -T switch was supplied "PERLIO_DEBUG"
is ignored and the debugging output is sent to "stderr" as for any other
- D switch.
Core modules and tools no longer search "." for optional modules
The tools and many modules supplied in core no longer search the default
current directory entry in @INC for optional modules. For example,
Storable will remove the final "." from @INC before trying to load
Log::Agent.
This prevents an attacker injecting an optional module into a process
run by another user where the current directory is writable by the
attacker, e.g. the /tmp directory.
- Refresh patches
* Sun Jun 26 2016 schwab@suse.de
- Move parent.pm to perl-base, used by File::Temp
* Thu Jun 02 2016 idonmez@suse.com
- Add perl-avoid-warnings.patch to fix a warning in cop.h, which
breaks perf build due to -Werror. Already upstream.
* Tue May 10 2016 mls@suse.de
- Update to perl-5.24.0
* postfix dereferencing is no longer experimental
* unicode 8.0 is now supported
* perl will now croak when closing an in-place output file fails
* new "\b{lb}" boundary in regular expressions
* qr/(?[ ])/" now works in UTF-8 locales
* integer shift ("<<" and ">>") now more explicitly defined
* printf and sprintf now allow reordered precision arguments
* more fields provided to "sigaction" callback with "SA_SIGINFO"
* hashbang redirection to Perl 6
* set proper umask before calling mkstemp(3)
* fix loss of taint in canonpath
* remove duplicate environment variables from "environ"
- rename patch perl-5.22.0.dif to perl-5.24.0.dif
* Fri Feb 12 2016 idonmez@suse.com
- Update to perl-5.22.1
* Several bugs, including a segmentation fault, have been fixed
with the bounds checking constructs (introduced in Perl 5.22)
* Module::CoreList has been upgraded from version 5.20150520 to
5.20151213.
* PerlIO::scalar has been upgraded from version 0.22 to 0.23.
* POSIX has been upgraded from version 1.53 to 1.53_01.
* Storable has been upgraded from version 2.53 to 2.53_01.
* warnings has been upgraded from version 1.32 to 1.34.
* See perldelta.pod for all the changes.
- Update perl-5.22.0.dif stop patching CPAN.pm, it was MacOS only
and was breaking tests (due to SHA-1 mismatch).
* Thu Jan 07 2016 bwiedemann@suse.com
- fix perl_gen_filelist macro to not fail on foo.1 man page
* Mon Dec 07 2015 opensuse@dstoecker.de
- prevent bad RPM provides for Math::BigInt and DB
(patch file perl-5.22.0_wrong_rpm_provides.diff)