diff options
Diffstat (limited to 'pod/perldelta.pod')
-rw-r--r-- | pod/perldelta.pod | 442 |
1 files changed, 371 insertions, 71 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 0e30f9f44f..a805175869 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -2,129 +2,429 @@ =head1 NAME -perldelta - what is new for perl v5.28.3 +[ this is a template for a new perldelta file. Any text flagged as XXX needs +to be processed before release. ] + +perldelta - what is new for perl v5.28.4 =head1 DESCRIPTION -This document describes differences between the 5.28.2 release and the 5.28.3 +This document describes differences between the 5.28.3 release and the 5.28.4 release. -If you are upgrading from an earlier release such as 5.28.1, first read -L<perl5282delta>, which describes differences between 5.28.1 and 5.28.2. +If you are upgrading from an earlier release such as 5.28.2, first read +L<perl5283delta>, which describes differences between 5.28.2 and 5.28.3. + +=head1 Notice + +XXX Any important notices here + +=head1 Core Enhancements + +XXX New core language features go here. Summarize user-visible core language +enhancements. Particularly prominent performance optimisations could go +here, but most should go in the L</Performance Enhancements> section. + +[ List each enhancement as a =head2 entry ] =head1 Security -=head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression +XXX Any security-related notices go here. In particular, any security +vulnerabilities closed should be noted here rather than in the +L</Selected Bug Fixes> section. -A signed C<size_t> integer overflow in the storage space calculations for -nested regular expression quantifiers could cause a heap buffer overflow in -Perl's regular expression compiler that overwrites memory allocated after the -regular expression storage space with attacker supplied data. +[ List each security issue as a =head2 entry ] -The target system needs a sufficient amount of memory to allocate partial -expansions of the nested quantifiers prior to the overflow occurring. This -requirement is unlikely to be met on 64-bit systems. +=head1 Incompatible Changes -Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup). +XXX For a release on a stable branch, this section aspires to be: -=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression + There are no changes intentionally incompatible with 5.XXX.XXX + If any exist, they are bugs, and we request that you submit a + report. See L</Reporting Bugs> below. -Integer overflows in the calculation of offsets between instructions for the -regular expression engine could cause corruption of the intermediate language -state of a compiled regular expression. An attacker could abuse this behaviour -to insert instructions into the compiled form of a Perl regular expression. +[ List each incompatible change as a =head2 entry ] -Discovered by: Hugo van der Sanden and Slaven Rezic. +=head1 Deprecations -=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression +XXX Any deprecated features, syntax, modules etc. should be listed here. -Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to -optimize the intermediate language representation of a regular expression could -cause corruption of the intermediate language state of a compiled regular -expression. +=head2 Module removals -Discovered by: Sergey Aleynikov. +XXX Remove this section if not applicable. -=head2 Additional Note +The following modules will be removed from the core distribution in a +future release, and will at that time need to be installed from CPAN. +Distributions on CPAN which require these modules will need to list them as +prerequisites. -An application written in Perl would only be vulnerable to any of the above -flaws if it evaluates regular expressions supplied by the attacker. Evaluating -regular expressions in this fashion is known to be dangerous since the regular -expression engine does not protect against denial of service attacks in this -usage scenario. +The core versions of these modules will now issue C<"deprecated">-category +warnings to alert you to this fact. To silence these deprecation warnings, +install the modules in question from CPAN. -=head1 Incompatible Changes +Note that these are (with rare exceptions) fine modules that you are encouraged +to continue to use. Their disinclusion from core primarily hinges on their +necessity to bootstrapping a fully functional, CPAN-capable Perl installation, +not usually on concerns over their design. + +=over + +=item XXX + +XXX Note that deprecated modules should be listed here even if they are listed +as an updated module in the L</Modules and Pragmata> section. + +=back + +[ List each other deprecation as a =head2 entry ] + +=head1 Performance Enhancements + +XXX Changes which enhance performance without changing behaviour go here. +There may well be none in a stable release. + +[ List each enhancement as an =item entry ] + +=over 4 + +=item * -There are no changes intentionally incompatible with Perl 5.28.2. If any -exist, they are bugs, and we request that you submit a report. See -L</Reporting Bugs> below. +XXX + +=back =head1 Modules and Pragmata +XXX All changes to installed files in F<cpan/>, F<dist/>, F<ext/> and F<lib/> +go here. If Module::CoreList is updated, generate an initial draft of the +following sections using F<Porting/corelist-perldelta.pl>. A paragraph summary +for important changes should then be added by hand. In an ideal world, +dual-life modules would have a F<Changes> file that could be cribbed. + +The list of new and updated modules is modified automatically as part of +preparing a Perl release, so the only reason to manually add entries here is if +you're summarising the important changes in the module update. (Also, if the +manually-added details don't match the automatically-generated ones, the +release manager will have to investigate the situation carefully.) + +[ Within each section, list entries as an =item entry ] + +=head2 New Modules and Pragmata + +=over 4 + +=item * + +XXX Remove this section if not applicable. + +=back + =head2 Updated Modules and Pragmata =over 4 =item * -L<Module::CoreList> has been upgraded from version 5.20190419 to 5.20200601_28. +L<XXX> has been upgraded from version A.xx to B.yy. + +If there was something important to note about this change, include that here. + +=back + +=head2 Removed Modules and Pragmata + +=over 4 + +=item * + +XXX + +=back + +=head1 Documentation + +XXX Changes to files in F<pod/> go here. Consider grouping entries by +file and be sure to link to the appropriate page, e.g. L<perlfunc>. + +=head2 New Documentation + +XXX Changes which create B<new> files in F<pod/> go here. + +=head3 L<XXX> + +XXX Description of the purpose of the new file here + +=head2 Changes to Existing Documentation + +We have attempted to update the documentation to reflect the changes +listed in this document. If you find any we have missed, send email +to L<perlbug@perl.org|mailto:perlbug@perl.org>. + +XXX Changes which significantly change existing files in F<pod/> go here. +However, any changes to F<pod/perldiag.pod> should go in the L</Diagnostics> +section. + +Additionally, the following selected changes have been made: + +=head3 L<XXX> + +=over 4 + +=item * + +XXX Description of the change here + +=back + +=head1 Diagnostics + +The following additions or changes have been made to diagnostic output, +including warnings and fatal error messages. For the complete list of +diagnostic messages, see L<perldiag>. + +XXX New or changed warnings emitted by the core's C<C> code go here. Also +include any changes in L<perldiag> that reconcile it to the C<C> code. + +=head2 New Diagnostics + +XXX Newly added diagnostic messages go under here, separated into New Errors +and New Warnings + +=head3 New Errors + +=over 4 + +=item * + +XXX L<message|perldiag/"message"> + +=back + +=head3 New Warnings + +=over 4 + +=item * + +XXX L<message|perldiag/"message"> + +=back + +=head2 Changes to Existing Diagnostics + +XXX Changes (i.e. rewording) of diagnostic messages go here + +=over 4 + +=item * + +XXX Describe change here + +=back + +=head1 Utility Changes + +XXX Changes to installed programs such as F<perlbug> and F<xsubpp> go here. +Most of these are built within the directory F<utils>. + +[ List utility changes as a =head2 entry for each utility and =item +entries for each change +Use L<XXX> with program names to get proper documentation linking. ] + +=head2 L<XXX> + +=over 4 + +=item * + +XXX + +=back + +=head1 Configuration and Compilation + +XXX Changes to F<Configure>, F<installperl>, F<installman>, and analogous tools +go here. Any other changes to the Perl build process should be listed here. +However, any platform-specific changes should be listed in the +L</Platform Support> section, instead. + +[ List changes as an =item entry ]. + +=over 4 + +=item * + +XXX =back =head1 Testing -Tests were added and changed to reflect the other additions and changes in this -release. +XXX Any significant changes to the testing of a freshly built perl should be +listed here. Changes which create B<new> files in F<t/> go here as do any +large changes to the testing harness (e.g. when parallel testing was added). +Changes to existing files in F<t/> aren't worth summarizing, although the bugs +that they represent may be covered elsewhere. -=head1 Acknowledgements +XXX If there were no significant test changes, say this: + +Tests were added and changed to reflect the other additions and changes +in this release. + +XXX If instead there were significant changes, say this: + +Tests were added and changed to reflect the other additions and +changes in this release. Furthermore, these significant changes were +made: + +[ List each test improvement as an =item entry ] + +=over 4 + +=item * + +XXX + +=back + +=head1 Platform Support + +XXX Any changes to platform support should be listed in the sections below. + +[ Within the sections, list each platform as an =item entry with specific +changes as paragraphs below it. ] + +=head2 New Platforms + +XXX List any platforms that this version of perl compiles on, that previous +versions did not. These will either be enabled by new files in the F<hints/> +directories, or new subdirectories and F<README> files at the top level of the +source tree. + +=over 4 + +=item XXX-some-platform + +XXX + +=back + +=head2 Discontinued Platforms + +XXX List any platforms that this version of perl no longer compiles on. + +=over 4 + +=item XXX-some-platform + +XXX -Perl 5.28.3 represents approximately 13 months of development since Perl 5.28.2 -and contains approximately 3,100 lines of changes across 48 files from 16 -authors. +=back + +=head2 Platform-Specific Notes + +XXX List any changes for specific platforms. This could include configuration +and compilation changes or changes in portability/compatibility. However, +changes within modules for platforms should generally be listed in the +L</Modules and Pragmata> section. + +=over 4 + +=item XXX-some-platform + +XXX + +=back + +=head1 Internal Changes + +XXX Changes which affect the interface available to C<XS> code go here. Other +significant internal changes for future core maintainers should be noted as +well. + +[ List each change as an =item entry ] -Excluding auto-generated files, documentation and release tools, there were -approximately 1,700 lines of changes to 9 .pm, .t, .c and .h files. +=over 4 + +=item * + +XXX + +=back -Perl continues to flourish into its fourth decade thanks to a vibrant community -of users and developers. The following people are known to have contributed -the improvements that became Perl 5.28.3: +=head1 Selected Bug Fixes + +XXX Important bug fixes in the core language are summarized here. Bug fixes in +files in F<ext/> and F<lib/> are best summarized in L</Modules and Pragmata>. + +[ List each fix as an =item entry ] + +=over 4 + +=item * -Chris 'BinGOs' Williams, Dan Book, Hugo van der Sanden, James E Keenan, John -Lightsey, Karen Etheridge, Karl Williamson, Matthew Horsfall, Max Maischein, -Nicolas R., Renee Baecker, Sawyer X, Steve Hay, Tom Hukins, Tony Cook, Zak B. -Elep. +XXX -The list above is almost certainly incomplete as it is automatically generated -from version control history. In particular, it does not include the names of -the (very much appreciated) contributors who reported issues to the Perl bug -tracker. +=back + +=head1 Known Problems + +XXX Descriptions of platform agnostic bugs we know we can't fix go here. Any +tests that had to be C<TODO>ed for the release would be noted here. Unfixed +platform specific bugs also go here. + +[ List each fix as an =item entry ] + +=over 4 + +=item * + +XXX + +=back + +=head1 Errata From Previous Releases + +=over 4 + +=item * + +XXX Add anything here that we forgot to add, or were mistaken about, in +the perldelta of a previous release. + +=back + +=head1 Obituary + +XXX If any significant core contributor or member of the CPAN community has +died, add a short obituary here. + +=head1 Acknowledgements -Many of the changes included in this version originated in the CPAN modules -included in Perl's core. We're grateful to the entire CPAN community for -helping Perl to flourish. +XXX Generate this with: -For a more complete list of all of Perl's historical contributors, please see -the F<AUTHORS> file in the Perl source distribution. + perl Porting/acknowledgements.pl v5.28.3..HEAD =head1 Reporting Bugs -If you find what you think is a bug, you might check the perl bug database at -L<https://github.com/Perl/perl5/issues>. There may also be information at -L<https://www.perl.org/>, the Perl Home Page. +If you find what you think is a bug, you might check the perl bug database +at L<https://rt.perl.org/> . There may also be information at +L<http://www.perl.org/> , the Perl Home Page. -If you believe you have an unreported bug, please open an issue at -L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a -tiny but sufficient test case. +If you believe you have an unreported bug, please run the L<perlbug> program +included with your release. Be sure to trim your bug down to a tiny but +sufficient test case. Your bug report, along with the output of C<perl -V>, +will be sent off to perlbug@perl.org to be analysed by the Perl porting team. If the bug you are reporting has security implications which make it -inappropriate to send to a public issue tracker, then see -L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to -report the issue. +inappropriate to send to a publicly archived mailing list, then see +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> +for details of how to report the issue. =head1 Give Thanks -If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you -can do so by running the C<perlthanks> program: +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, +you can do so by running the C<perlthanks> program: perlthanks |