Import perl5283delta.pod and perl5303delta.pod

1 files changed, 142 insertions, 0 deletions

diff --git a/pod/perl5303delta.pod b/pod/perl5303delta.pod
new file mode 100644
index 0000000000..56597925b1
--- /dev/null
+++ b/pod/perl5303delta.pod
@@ -0,0 +1,142 @@
+=encoding utf8
+
+=head1 NAME
+
+perl5303delta - what is new for perl v5.30.3
+
+=head1 DESCRIPTION
+
+This document describes differences between the 5.30.2 release and the 5.30.3
+release.
+
+If you are upgrading from an earlier release such as 5.30.1, first read
+L<perl5302delta>, which describes differences between 5.30.1 and 5.30.2.
+
+=head1 Security
+
+=head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
+
+A signed C<size_t> integer overflow in the storage space calculations for
+nested regular expression quantifiers could cause a heap buffer overflow in
+Perl's regular expression compiler that overwrites memory allocated after the
+regular expression storage space with attacker supplied data.
+
+The target system needs a sufficient amount of memory to allocate partial
+expansions of the nested quantifiers prior to the overflow occurring.  This
+requirement is unlikely to be met on 64-bit systems.
+
+Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup).
+
+=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression
+
+Integer overflows in the calculation of offsets between instructions for the
+regular expression engine could cause corruption of the intermediate language
+state of a compiled regular expression.  An attacker could abuse this behaviour
+to insert instructions into the compiled form of a Perl regular expression.
+
+Discovered by: Hugo van der Sanden and Slaven Rezic.
+
+=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression
+
+Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to
+optimize the intermediate language representation of a regular expression could
+cause corruption of the intermediate language state of a compiled regular
+expression.
+
+Discovered by: Sergey Aleynikov.
+
+=head2 Additional Note
+
+An application written in Perl would only be vulnerable to any of the above
+flaws if it evaluates regular expressions supplied by the attacker.  Evaluating
+regular expressions in this fashion is known to be dangerous since the regular
+expression engine does not protect against denial of service attacks in this
+usage scenario.
+
+=head1 Incompatible Changes
+
+There are no changes intentionally incompatible with Perl 5.30.2.  If any
+exist, they are bugs, and we request that you submit a report.  See
+L</Reporting Bugs> below.
+
+=head1 Modules and Pragmata
+
+=head2 Updated Modules and Pragmata
+
+=over 4
+
+=item *
+
+L<Module::CoreList> has been upgraded from version 5.20200314 to 5.20200601_30.
+
+=back
+
+=head1 Testing
+
+Tests were added and changed to reflect the other additions and changes in this
+release.
+
+=head1 Acknowledgements
+
+Perl 5.30.3 represents approximately 3 months of development since Perl 5.30.2
+and contains approximately 1,100 lines of changes across 42 files from 7
+authors.
+
+Excluding auto-generated files, documentation and release tools, there were
+approximately 350 lines of changes to 8 .pm, .t, .c and .h files.
+
+Perl continues to flourish into its fourth decade thanks to a vibrant community
+of users and developers.  The following people are known to have contributed
+the improvements that became Perl 5.30.3:
+
+Chris 'BinGOs' Williams, Hugo van der Sanden, John Lightsey, Karl Williamson,
+Nicolas R., Sawyer X, Steve Hay.
+
+The list above is almost certainly incomplete as it is automatically generated
+from version control history.  In particular, it does not include the names of
+the (very much appreciated) contributors who reported issues to the Perl bug
+tracker.
+
+Many of the changes included in this version originated in the CPAN modules
+included in Perl's core.  We're grateful to the entire CPAN community for
+helping Perl to flourish.
+
+For a more complete list of all of Perl's historical contributors, please see
+the F<AUTHORS> file in the Perl source distribution.
+
+=head1 Reporting Bugs
+
+If you find what you think is a bug, you might check the perl bug database at
+L<https://github.com/Perl/perl5/issues>.  There may also be information at
+L<https://www.perl.org/>, the Perl Home Page.
+
+If you believe you have an unreported bug, please open an issue at
+L<https://github.com/Perl/perl5/issues>.  Be sure to trim your bug down to a
+tiny but sufficient test case.
+
+If the bug you are reporting has security implications which make it
+inappropriate to send to a public issue tracker, then see
+L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to
+report the issue.
+
+=head1 Give Thanks
+
+If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you
+can do so by running the C<perlthanks> program:
+
+    perlthanks
+
+This will send an email to the Perl 5 Porters list with your show of thanks.
+
+=head1 SEE ALSO
+
+The F<Changes> file for an explanation of how to view exhaustive details on
+what changed.
+
+The F<INSTALL> file for how to build Perl.
+
+The F<README> file for general stuff.
+
+The F<Artistic> and F<Copying> files for copyright information.
+
+=cut