Fix merge issues, remove excess files - match perl-5.38.2 dist

ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@

Update to perl 5.36.3

No changes to perl, as those were already committed for the earlier errata.
This just brings documentation and such in line with upstream.

ok bluhm@

Update to perl 5.36.1

Many small bugfixes

you should commit 5.36.1 bluhm@

Fix merge issues, remove excess files - match perl-5.36.0 dist

OK bluhm@
a good time naddy@

Fix merge issues, remove excess files - match perl-5.32.1 dist

OK sthen@

Sync to perl 5.30.3

All functional changes were committed already, this updates the
version number, Module::Corelist, and documentation.

Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and

Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.

Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".


Proceed when you feel comfortable. deraadt@

show more ...

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

Update to perl 5.28.2

Minor bugfixes and documentation improvments. See perldelta for details.
https://metacpan.org/pod/release/SHAY/perl-5.28.2/pod/perldelta.pod

OK bluhm@

Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

Fix merge issues, remove excess files - match perl-5.24.2 dist

OK bluhm@, Reads ok sthen@

Fix merge issues, remove excess files - match perl-5.24.1 dist

Patch perl CVE-2016-1238

The problem relates to Perl 5 ("perl") loading modules from the
includes directory array ("@INC") in which the last element is the
current directory ("."). That means that,

Patch perl CVE-2016-1238

The problem relates to Perl 5 ("perl") loading modules from the
includes directory array ("@INC") in which the last element is the
current directory ("."). That means that, when "perl" wants to
load a module (during first compilation or during lazy loading of
a module in run-time), perl will look for the module in the current
directory at the end, since '.' is the last include directory in
its array of include directories to seek. The issue is with requiring
libraries that are in "." but are not otherwise installed.

The major problem with this behavior is that it unexpectedly puts
a user at risk whenever they execute any Perl scripts from a directory
that is writable by other accounts on the system. For instance, if
a user is logged in as root and changes directory into /tmp or an
account's home directory, it is possible to now run any shell
commands that are written in C, Python or Ruby without fear.

The same isn't true for any shell commands that are written in Perl,
since a significant proportion of Perl scripts will execute code
in the current working directory whenever they are run. For example,
if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm,
and then I log in as root, change directory to /tmp, and run "perldoc
perlrun", it will execute the code they have placed in the file.


ok deraadt@

show more ...

The XSLoader issue has been assigned CVE-2016-6185

Update to perl 5.20.3

OK bluhm@

Add entry for CVE-2015-8853 patch.

Fix merge issues, remove excess files - match perl-5.20.2 dist

Apply local patches to perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Fix a possibly infinite recursion in Perl Data::Dumper.

Derived from Perl git commit http://perl5.git.perl.org/perl.git
19be3be6968e2337bcdfe480693fff795ecd1304
Add a configuration variable/option t

Fix a possibly infinite recursion in Perl Data::Dumper.

Derived from Perl git commit http://perl5.git.perl.org/perl.git
19be3be6968e2337bcdfe480693fff795ecd1304
Add a configuration variable/option to limit recursion when dumping
deep data structures.
Defaults the limit to 1000, which can be reduced or increase, or
eliminated by setting it to 0.
This patch addresses CVE-2014-4330. This bug was found and
reported by: LSE Leading Security Experts GmbH employee Markus
Vervier.

From Maximilian Pascher; OK schwarze@ afresh1@

show more ...

update libnet to 1.27; various bugfixes and improvements:
http://cpansearch.perl.org/src/SHAY/libnet-1.27/Changes

ok millert@

apply fix from upstream to remedy RT 37700, which hardens the close() function

ok millert@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)