diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2020-06-01 21:24:05 +0100 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2020-06-01 21:24:05 +0100 |
commit | 189c28129ee3e755e38d673bc828af2a896d9fae (patch) | |
tree | eee62fa9f7ccc62b016f1d4cd93c9e137933fb28 | |
parent | 70396d2a3b2caa0a0c9479f95dd9eacee41374cf (diff) | |
download | perl-189c28129ee3e755e38d673bc828af2a896d9fae.tar.gz |
Import perl5283delta.pod and perl5303delta.pod
-rw-r--r-- | MANIFEST | 2 | ||||
-rw-r--r-- | pod/perl.pod | 2 | ||||
-rw-r--r-- | pod/perl5283delta.pod | 144 | ||||
-rw-r--r-- | pod/perl5303delta.pod | 142 | ||||
-rw-r--r-- | win32/pod.mak | 8 |
5 files changed, 298 insertions, 0 deletions
@@ -5185,9 +5185,11 @@ pod/perl5263delta.pod Perl changes in version 5.26.3 pod/perl5280delta.pod Perl changes in version 5.28.0 pod/perl5281delta.pod Perl changes in version 5.28.1 pod/perl5282delta.pod Perl changes in version 5.28.2 +pod/perl5283delta.pod Perl changes in version 5.28.3 pod/perl5300delta.pod Perl changes in version 5.30.0 pod/perl5301delta.pod Perl changes in version 5.30.1 pod/perl5302delta.pod Perl changes in version 5.30.2 +pod/perl5303delta.pod Perl changes in version 5.30.3 pod/perl561delta.pod Perl changes in version 5.6.1 pod/perl56delta.pod Perl changes in version 5.6 pod/perl581delta.pod Perl changes in version 5.8.1 diff --git a/pod/perl.pod b/pod/perl.pod index e97b458641..6be8d8016c 100644 --- a/pod/perl.pod +++ b/pod/perl.pod @@ -181,9 +181,11 @@ aux h2ph h2xs perlbug pl2pm pod2html pod2man splain xsubpp perlhist Perl history records perldelta Perl changes since previous version + perl5303delta Perl changes in version 5.30.3 perl5302delta Perl changes in version 5.30.2 perl5301delta Perl changes in version 5.30.1 perl5300delta Perl changes in version 5.30.0 + perl5283delta Perl changes in version 5.28.3 perl5282delta Perl changes in version 5.28.2 perl5281delta Perl changes in version 5.28.1 perl5280delta Perl changes in version 5.28.0 diff --git a/pod/perl5283delta.pod b/pod/perl5283delta.pod new file mode 100644 index 0000000000..cb9d9e0af1 --- /dev/null +++ b/pod/perl5283delta.pod @@ -0,0 +1,144 @@ +=encoding utf8 + +=head1 NAME + +perl5283delta - what is new for perl v5.28.3 + +=head1 DESCRIPTION + +This document describes differences between the 5.28.2 release and the 5.28.3 +release. + +If you are upgrading from an earlier release such as 5.28.1, first read +L<perl5282delta>, which describes differences between 5.28.1 and 5.28.2. + +=head1 Security + +=head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression + +A signed C<size_t> integer overflow in the storage space calculations for +nested regular expression quantifiers could cause a heap buffer overflow in +Perl's regular expression compiler that overwrites memory allocated after the +regular expression storage space with attacker supplied data. + +The target system needs a sufficient amount of memory to allocate partial +expansions of the nested quantifiers prior to the overflow occurring. This +requirement is unlikely to be met on 64-bit systems. + +Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup). + +=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression + +Integer overflows in the calculation of offsets between instructions for the +regular expression engine could cause corruption of the intermediate language +state of a compiled regular expression. An attacker could abuse this behaviour +to insert instructions into the compiled form of a Perl regular expression. + +Discovered by: Hugo van der Sanden and Slaven Rezic. + +=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression + +Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to +optimize the intermediate language representation of a regular expression could +cause corruption of the intermediate language state of a compiled regular +expression. + +Discovered by: Sergey Aleynikov. + +=head2 Additional Note + +An application written in Perl would only be vulnerable to any of the above +flaws if it evaluates regular expressions supplied by the attacker. Evaluating +regular expressions in this fashion is known to be dangerous since the regular +expression engine does not protect against denial of service attacks in this +usage scenario. + +=head1 Incompatible Changes + +There are no changes intentionally incompatible with Perl 5.28.2. If any +exist, they are bugs, and we request that you submit a report. See +L</Reporting Bugs> below. + +=head1 Modules and Pragmata + +=head2 Updated Modules and Pragmata + +=over 4 + +=item * + +L<Module::CoreList> has been upgraded from version 5.20190419 to 5.20200601_28. + +=back + +=head1 Testing + +Tests were added and changed to reflect the other additions and changes in this +release. + +=head1 Acknowledgements + +Perl 5.28.3 represents approximately 13 months of development since Perl 5.28.2 +and contains approximately 3,100 lines of changes across 48 files from 16 +authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 1,700 lines of changes to 9 .pm, .t, .c and .h files. + +Perl continues to flourish into its fourth decade thanks to a vibrant community +of users and developers. The following people are known to have contributed +the improvements that became Perl 5.28.3: + +Chris 'BinGOs' Williams, Dan Book, Hugo van der Sanden, James E Keenan, John +Lightsey, Karen Etheridge, Karl Williamson, Matthew Horsfall, Max Maischein, +Nicolas R., Renee Baecker, Sawyer X, Steve Hay, Tom Hukins, Tony Cook, Zak B. +Elep. + +The list above is almost certainly incomplete as it is automatically generated +from version control history. In particular, it does not include the names of +the (very much appreciated) contributors who reported issues to the Perl bug +tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please see +the F<AUTHORS> file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the perl bug database at +L<https://github.com/Perl/perl5/issues>. There may also be information at +L<https://www.perl.org/>, the Perl Home Page. + +If you believe you have an unreported bug, please open an issue at +L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a +tiny but sufficient test case. + +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to +report the issue. + +=head1 Give Thanks + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you +can do so by running the C<perlthanks> program: + + perlthanks + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=head1 SEE ALSO + +The F<Changes> file for an explanation of how to view exhaustive details on +what changed. + +The F<INSTALL> file for how to build Perl. + +The F<README> file for general stuff. + +The F<Artistic> and F<Copying> files for copyright information. + +=cut diff --git a/pod/perl5303delta.pod b/pod/perl5303delta.pod new file mode 100644 index 0000000000..56597925b1 --- /dev/null +++ b/pod/perl5303delta.pod @@ -0,0 +1,142 @@ +=encoding utf8 + +=head1 NAME + +perl5303delta - what is new for perl v5.30.3 + +=head1 DESCRIPTION + +This document describes differences between the 5.30.2 release and the 5.30.3 +release. + +If you are upgrading from an earlier release such as 5.30.1, first read +L<perl5302delta>, which describes differences between 5.30.1 and 5.30.2. + +=head1 Security + +=head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression + +A signed C<size_t> integer overflow in the storage space calculations for +nested regular expression quantifiers could cause a heap buffer overflow in +Perl's regular expression compiler that overwrites memory allocated after the +regular expression storage space with attacker supplied data. + +The target system needs a sufficient amount of memory to allocate partial +expansions of the nested quantifiers prior to the overflow occurring. This +requirement is unlikely to be met on 64-bit systems. + +Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup). + +=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression + +Integer overflows in the calculation of offsets between instructions for the +regular expression engine could cause corruption of the intermediate language +state of a compiled regular expression. An attacker could abuse this behaviour +to insert instructions into the compiled form of a Perl regular expression. + +Discovered by: Hugo van der Sanden and Slaven Rezic. + +=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression + +Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to +optimize the intermediate language representation of a regular expression could +cause corruption of the intermediate language state of a compiled regular +expression. + +Discovered by: Sergey Aleynikov. + +=head2 Additional Note + +An application written in Perl would only be vulnerable to any of the above +flaws if it evaluates regular expressions supplied by the attacker. Evaluating +regular expressions in this fashion is known to be dangerous since the regular +expression engine does not protect against denial of service attacks in this +usage scenario. + +=head1 Incompatible Changes + +There are no changes intentionally incompatible with Perl 5.30.2. If any +exist, they are bugs, and we request that you submit a report. See +L</Reporting Bugs> below. + +=head1 Modules and Pragmata + +=head2 Updated Modules and Pragmata + +=over 4 + +=item * + +L<Module::CoreList> has been upgraded from version 5.20200314 to 5.20200601_30. + +=back + +=head1 Testing + +Tests were added and changed to reflect the other additions and changes in this +release. + +=head1 Acknowledgements + +Perl 5.30.3 represents approximately 3 months of development since Perl 5.30.2 +and contains approximately 1,100 lines of changes across 42 files from 7 +authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 350 lines of changes to 8 .pm, .t, .c and .h files. + +Perl continues to flourish into its fourth decade thanks to a vibrant community +of users and developers. The following people are known to have contributed +the improvements that became Perl 5.30.3: + +Chris 'BinGOs' Williams, Hugo van der Sanden, John Lightsey, Karl Williamson, +Nicolas R., Sawyer X, Steve Hay. + +The list above is almost certainly incomplete as it is automatically generated +from version control history. In particular, it does not include the names of +the (very much appreciated) contributors who reported issues to the Perl bug +tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please see +the F<AUTHORS> file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the perl bug database at +L<https://github.com/Perl/perl5/issues>. There may also be information at +L<https://www.perl.org/>, the Perl Home Page. + +If you believe you have an unreported bug, please open an issue at +L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a +tiny but sufficient test case. + +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to +report the issue. + +=head1 Give Thanks + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you +can do so by running the C<perlthanks> program: + + perlthanks + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=head1 SEE ALSO + +The F<Changes> file for an explanation of how to view exhaustive details on +what changed. + +The F<INSTALL> file for how to build Perl. + +The F<README> file for general stuff. + +The F<Artistic> and F<Copying> files for copyright information. + +=cut diff --git a/win32/pod.mak b/win32/pod.mak index e83385018d..81d87446b4 100644 --- a/win32/pod.mak +++ b/win32/pod.mak @@ -57,9 +57,11 @@ POD = perl.pod \ perl5280delta.pod \ perl5281delta.pod \ perl5282delta.pod \ + perl5283delta.pod \ perl5300delta.pod \ perl5301delta.pod \ perl5302delta.pod \ + perl5303delta.pod \ perl5320delta.pod \ perl561delta.pod \ perl56delta.pod \ @@ -213,9 +215,11 @@ MAN = perl.man \ perl5280delta.man \ perl5281delta.man \ perl5282delta.man \ + perl5283delta.man \ perl5300delta.man \ perl5301delta.man \ perl5302delta.man \ + perl5303delta.man \ perl5320delta.man \ perl561delta.man \ perl56delta.man \ @@ -369,9 +373,11 @@ HTML = perl.html \ perl5280delta.html \ perl5281delta.html \ perl5282delta.html \ + perl5283delta.html \ perl5300delta.html \ perl5301delta.html \ perl5302delta.html \ + perl5303delta.html \ perl5320delta.html \ perl561delta.html \ perl56delta.html \ @@ -525,9 +531,11 @@ TEX = perl.tex \ perl5280delta.tex \ perl5281delta.tex \ perl5282delta.tex \ + perl5283delta.tex \ perl5300delta.tex \ perl5301delta.tex \ perl5302delta.tex \ + perl5303delta.tex \ perl5320delta.tex \ perl561delta.tex \ perl56delta.tex \ |