25980 – perl bug fix: misc bug fixes

Bug 25980 - perl bug fix: misc bug fixes

Summary: perl bug fix: misc bug fixes

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA7-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2019-12-28 07:55 CET by Thierry Vignaud
Modified:	2020-01-22 11:38 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	perl-5.28.2-2.mga7
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thierry Vignaud 2019-12-28 07:55:48 CET

Advisory:
========================
This update fixes detecting various bugs which should improve the stability of perl written programs:
- Avoid panic when last value of search-and-replace is tainted and UTF-8
  (RT#134409)
- Fix overloading for binary and octal floats (RT#125557)
- Fix handling undefined array members in Dumpvalue (RT#134441)
- Fix taint mode documentation regarding @INC
- Fix handling a layer argument in Tie::StdHandle::BINMODE() (RT#132475)
- Fix an unintended upgrade to UTF-8 in the middle of a transliteration
- Fix a race in File::stat() tests (GH#17234)
- Fix GCC 10 version detection (GH#17295)
- Fix a memory leak when compiling a regular expression with a non-word class
  (GH#17218)
- Fix a memory leak when matching a UTF-8 regular expression (RT#134390)
- Fix a detection for futimes (RT#134432)
- Fix propagating non-string variables in an exception value (RT#134291)
- Include trailing zero in scalars holding trie data (RT#134207)
- Fix a use after free in /(?{...})/ (RT#134208)
- Fix a use after free in debugging output of a collation
- Fix file mode of a perl-example.stp example
- Fix a NULL pointer dereference in PerlIOVia_pushed()
- Fix a crash when setting $@ on unwinding a call stack (RT#134266)
- Fix a documentation about a future API change
- Do not panic when evaluating non-ASCII bare words (RT#134061)
- Fix a crash in SIGALARM handler when waiting on a child process to be closed
  (RT#122112)
- Fix a crash with a negative precision in sprintf function (RT#134008)
- Prevent from wrapping a width in a numeric format string (RT#133913)
- Fix subroutine protypes to track reference aliases (RT#134072)
- Improve retrieving a scalar value of a variable modified in a signal handler
  (RT#134035)
- Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)
- Fix a stack underflow in readline() if passed an empty array as an argument
  (#RT133989)
- Fix %%{^CAPTURE_ALL} to be an alias for %%- variable (RT#131867)
- Fix %%{^CAPTURE} value when used after @{^CAPTURE} (RT#134193)
- Fix a test for a crash in SIGALARM handler when waiting on a child process to
  be closed (RT#122112)
- Fix a crash on an uninitialized warning when processing a multideref node
  (RT#134275)
- Preserve append mode when opening anonymous files (RT#134221)


========================

Updated packages in core/updates_testing:
========================
perl-5.28.2-1.mga7
perl-base-5.28.2-1.mga7
perl-devel-5.28.2-1.mga7
perl-doc-5.28.2-1.mga7

Comment 1 Len Lawrence 2020-01-09 01:07:25 CET

Mageia7, x86_64

These packages having been in place a few hours.  The list of perl dependent packages is quite long.
$ urpmq --whatrequires perl | sort -u | wc -l
2105

It includes a few games, iceape and gurpmi.

Installed iceape using gurpmi and launched it.  The trace did not show any direct access to perl but  for gurpmi there were numerous references to perl5 and perl-tk.  Played frozen-bubble.

Installed boomaga.
$ urpmq --requires-recursive boomaga | grep perl
groff-perl
perl
perl-File-HomeDir
perl-File-Sync
perl-File-Which
perl-MDK-Common
perl-base

No problems so far.

CC: (none) => tarazed25
Whiteboard: (none) => MGA7-64-OK

Comment 2 Thomas Backlund 2020-01-12 00:07:44 CET

Not OK.

This is built as 5.28.2-1.mga7 which we already have in release

And this confirms it that patches were added but no rel or subrel was bumped:
http://svnweb.mageia.org/packages/updates/7/perl/current/SPECS/perl.spec?r1=1470079&r2=1470078&pathrev=1470079

Keywords: (none) => feedback
Whiteboard: MGA7-64-OK => (none)
CC: (none) => tmb

Comment 3 Thierry Vignaud 2020-01-14 12:31:53 CET

Updated, release was bumped to 2 (clearer than using sub as here, cauldron's perl has been updated to 5.30)

Source RPM: perl-5.28.2-1.mga7 => perl-5.28.2-2.mga7
Status: NEW => ASSIGNED

Comment 4 Thomas Backlund 2020-01-15 13:15:31 CET

So to be clear, the rpms to test are now:


perl-5.28.2-2.mga7
perl-base-5.28.2-2.mga7
perl-devel-5.28.2-2.mga7
perl-doc-5.28.2-2.mga7

Keywords: feedback => (none)

Thomas Backlund 2020-01-19 11:05:28 CET

Keywords: (none) => advisory

Comment 5 Thomas Andrews 2020-01-19 22:28:44 CET

64-bit Plasma system, i5-2500, integrated graphics.

The following 3 packages are going to be installed:

- perl-5.28.2-2.mga7.x86_64
- perl-base-5.28.2-2.mga7.x86_64
- perl-doc-5.28.2-2.mga7.noarch

Packages installed cleanly. Following Len's lead, I used gurpmi to install Frozen Bubble, and dependencies. I played it afterward, and it worked OK. (I like the Android version on my tablet better, though...)

If those tests are adequate, then the newer packages look OK here. With the number of bugs this is supposed to address, I'm going to send it on it's way. Validating, too.

Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 6 Mageia Robot 2020-01-22 11:38:38 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2020-0027.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.