"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "pod/perldelta.pod" between
perl-5.30.2.tar.xz and perl-5.30.3.tar.xz

About: Perl (Practical Extraction and Report Language) is a high-level, general-purpose, interpreted, dynamic programming language. Latest stable release.

perldelta.pod  (perl-5.30.2.tar.xz):perldelta.pod  (perl-5.30.3.tar.xz)
=encoding utf8 =encoding utf8
=head1 NAME =head1 NAME
perldelta - what is new for perl v5.30.2 perldelta - what is new for perl v5.30.3
=head1 DESCRIPTION =head1 DESCRIPTION
This document describes differences between the 5.30.1 release and the 5.30.2 This document describes differences between the 5.30.2 release and the 5.30.3
release. release.
If you are upgrading from an earlier release such as 5.30.0, first read If you are upgrading from an earlier release such as 5.30.1, first read
L<perl5301delta>, which describes differences between 5.30.0 and 5.30.1. L<perl5302delta>, which describes differences between 5.30.1 and 5.30.2.
=head1 Incompatible Changes =head1 Security
There are no changes intentionally incompatible with 5.30.0. If any exist, =head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
they are bugs, and we request that you submit a report. See L</Reporting Bugs>
below.
=head1 Modules and Pragmata A signed C<size_t> integer overflow in the storage space calculations for
nested regular expression quantifiers could cause a heap buffer overflow in
Perl's regular expression compiler that overwrites memory allocated after the
regular expression storage space with attacker supplied data.
=head2 Updated Modules and Pragmata The target system needs a sufficient amount of memory to allocate partial
expansions of the nested quantifiers prior to the overflow occurring. This
requirement is unlikely to be met on 64-bit systems.
=over 4 Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup).
=item * =head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a cr afted regular expression
L<Compress::Raw::Bzip2> has been upgraded from version 2.084 to 2.089. Integer overflows in the calculation of offsets between instructions for the
regular expression engine could cause corruption of the intermediate language
state of a compiled regular expression. An attacker could abuse this behaviour
to insert instructions into the compiled form of a Perl regular expression.
=item * Discovered by: Hugo van der Sanden and Slaven Rezic.
L<Module::CoreList> has been upgraded from version 5.20191110 to 5.20200314. =head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression
=back Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to
optimize the intermediate language representation of a regular expression could
cause corruption of the intermediate language state of a compiled regular
expression.
Discovered by: Sergey Aleynikov.
=head2 Additional Note
=head1 Documentation An application written in Perl would only be vulnerable to any of the above
flaws if it evaluates regular expressions supplied by the attacker. Evaluating
regular expressions in this fashion is known to be dangerous since the regular
expression engine does not protect against denial of service attacks in this
usage scenario.
=head2 Changes to Existing Documentation =head1 Incompatible Changes
We have attempted to update the documentation to reflect the changes There are no changes intentionally incompatible with Perl 5.30.2. If any
listed in this document. If you find any we have missed, send email exist, they are bugs, and we request that you submit a report. See
to L<https://github.com/Perl/perl5/issues>. L</Reporting Bugs> below.
=head1 Configuration and Compilation =head1 Modules and Pragmata
=head2 Updated Modules and Pragmata
=over 4 =over 4
=item * =item *
GCC 10 is now supported by F<Configure>. L<Module::CoreList> has been upgraded from version 5.20200314 to 5.20200601_30.
=back =back
=head1 Testing =head1 Testing
Tests were added and changed to reflect the other additions and changes in this Tests were added and changed to reflect the other additions and changes in this
release. release.
=head1 Platform Support
=head2 Platform-Specific Notes
=over 4
=item Windows
The MYMALLOC (PERL_MALLOC) build on Windows has been fixed.
=back
=head1 Selected Bug Fixes
=over 4
=item *
printf() or sprintf() with the C<%n> format no longer cause a panic on
debugging builds, or report an incorrectly cached length value when producing
C<SVfUTF8> flagged strings.
[L<GH #17221|https://github.com/Perl/perl5/issues/17221>]
=item *
A memory leak in regular expression patterns has been fixed.
[L<GH #17218|https://github.com/Perl/perl5/issues/17218>]
=item *
A read beyond buffer in grok_infnan has been fixed.
[L<GH #17370|https://github.com/Perl/perl5/issues/17370>]
=item *
An assertion failure in the regular expression engine has been fixed.
[L<GH #17372|https://github.com/Perl/perl5/issues/17372>]
=item *
C<(?{...})> eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".
[L<GH #17490|https://github.com/Perl/perl5/issues/17490>]
=back
=head1 Acknowledgements =head1 Acknowledgements
Perl 5.30.2 represents approximately 4 months of development since Perl 5.30.1 Perl 5.30.3 represents approximately 3 months of development since Perl 5.30.2
and contains approximately 2,100 lines of changes across 110 files from 15 and contains approximately 1,100 lines of changes across 42 files from 7
authors. authors.
Excluding auto-generated files, documentation and release tools, there were Excluding auto-generated files, documentation and release tools, there were
approximately 920 lines of changes to 30 .pm, .t, .c and .h files. approximately 350 lines of changes to 8 .pm, .t, .c and .h files.
Perl continues to flourish into its fourth decade thanks to a vibrant community Perl continues to flourish into its fourth decade thanks to a vibrant community
of users and developers. The following people are known to have contributed of users and developers. The following people are known to have contributed
the improvements that became Perl 5.30.2: the improvements that became Perl 5.30.3:
Chris 'BinGOs' Williams, Dan Book, David Mitchell, Hugo van der Sanden, Karen Chris 'BinGOs' Williams, Hugo van der Sanden, John Lightsey, Karl Williamson,
Etheridge, Karl Williamson, Matthew Horsfall, Nicolas R., Petr Písař, Renee Nicolas R., Sawyer X, Steve Hay.
Baecker, Sawyer X, Steve Hay, Tomasz Konojacki, Tony Cook, Yves Orton.
The list above is almost certainly incomplete as it is automatically generated The list above is almost certainly incomplete as it is automatically generated
from version control history. In particular, it does not include the names of from version control history. In particular, it does not include the names of
the (very much appreciated) contributors who reported issues to the Perl bug the (very much appreciated) contributors who reported issues to the Perl bug
tracker. tracker.
Many of the changes included in this version originated in the CPAN modules Many of the changes included in this version originated in the CPAN modules
included in Perl's core. We're grateful to the entire CPAN community for included in Perl's core. We're grateful to the entire CPAN community for
helping Perl to flourish. helping Perl to flourish.
For a more complete list of all of Perl's historical contributors, please see For a more complete list of all of Perl's historical contributors, please see
the F<AUTHORS> file in the Perl source distribution. the F<AUTHORS> file in the Perl source distribution.
=head1 Reporting Bugs =head1 Reporting Bugs
If you find what you think is a bug, you might check the perl bug database at If you find what you think is a bug, you might check the perl bug database at
L<https://rt.perl.org/>. There may also be information at L<https://github.com/Perl/perl5/issues>. There may also be information at
L<http://www.perl.org/>, the Perl Home Page. L<https://www.perl.org/>, the Perl Home Page.
If you believe you have an unreported bug, please open an issue at If you believe you have an unreported bug, please open an issue at
L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a
tiny but sufficient test case. tiny but sufficient test case.
If the bug you are reporting has security implications which make it If the bug you are reporting has security implications which make it
inappropriate to send to a public issue tracker, then see L<perlsec/SECURITY inappropriate to send to a public issue tracker, then see
VULNERABILITY CONTACT INFORMATION> for details of how to report the issue. L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to
report the issue.
=head1 Give Thanks =head1 Give Thanks
If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you
you can do so by running the C<perlthanks> program: can do so by running the C<perlthanks> program:
perlthanks perlthanks
This will send an email to the Perl 5 Porters list with your show of thanks. This will send an email to the Perl 5 Porters list with your show of thanks.
=head1 SEE ALSO =head1 SEE ALSO
The F<Changes> file for an explanation of how to view exhaustive details on The F<Changes> file for an explanation of how to view exhaustive details on
what changed. what changed.
 End of changes. 26 change blocks. 
87 lines changed or deleted 55 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)