From 3aadae08859241a9b598ce06c6bbd1f04e4084ec Mon Sep 17 00:00:00 2001 From: "Paul \"LeoNerd\" Evans" Date: Tue, 28 Nov 2023 11:42:28 +0000 Subject: [PATCH] New perldelta for 5.34.3 --- MANIFEST | 1 + Makefile.SH | 8 +- pod/.gitignore | 2 +- pod/perl.pod | 1 + pod/perl5342delta.pod | 109 ++++++++++ pod/perldelta.pod | 424 ++++++++++++++++++++++++++++++++++----- vms/descrip_mms.template | 2 +- win32/GNUmakefile | 4 +- win32/Makefile | 4 +- win32/pod.mak | 4 + 10 files changed, 504 insertions(+), 55 deletions(-) create mode 100644 pod/perl5342delta.pod diff --git a/MANIFEST b/MANIFEST index 3bd1b27f0505..dc6f64062766 100644 --- a/MANIFEST +++ b/MANIFEST @@ -5233,6 +5233,7 @@ pod/perl5320delta.pod Perl changes in version 5.32.0 pod/perl5321delta.pod Perl changes in version 5.32.1 pod/perl5340delta.pod Perl changes in version 5.34.0 pod/perl5341delta.pod Perl changes in version 5.34.1 +pod/perl5342delta.pod Perl changes in version 5.34.2 pod/perl561delta.pod Perl changes in version 5.6.1 pod/perl56delta.pod Perl changes in version 5.6 pod/perl581delta.pod Perl changes in version 5.8.1 diff --git a/Makefile.SH b/Makefile.SH index 6c92b1c41c02..6b2dc8069858 100755 --- a/Makefile.SH +++ b/Makefile.SH @@ -589,7 +589,7 @@ esac $spitshell >>$Makefile <<'!NO!SUBS!' -perltoc_pod_prereqs = extra.pods pod/perl5342delta.pod pod/perlapi.pod pod/perlintern.pod pod/perlmodlib.pod pod/perluniprops.pod +perltoc_pod_prereqs = extra.pods pod/perl5343delta.pod pod/perlapi.pod pod/perlintern.pod pod/perlmodlib.pod pod/perluniprops.pod generated_pods = pod/perltoc.pod $(perltoc_pod_prereqs) generated_headers = uudmap.h bitcount.h mg_data.h @@ -1153,9 +1153,9 @@ pod/perlintern.pod: $(MINIPERL_EXE) autodoc.pl embed.fnc pod/perlmodlib.pod: $(MINIPERL_EXE) pod/perlmodlib.PL MANIFEST $(MINIPERL) pod/perlmodlib.PL -q -pod/perl5342delta.pod: pod/perldelta.pod - $(RMS) pod/perl5342delta.pod - $(LNS) perldelta.pod pod/perl5342delta.pod +pod/perl5343delta.pod: pod/perldelta.pod + $(RMS) pod/perl5343delta.pod + $(LNS) perldelta.pod pod/perl5343delta.pod extra.pods: $(MINIPERL_EXE) -@test ! -f extra.pods || rm -f `cat extra.pods` diff --git a/pod/.gitignore b/pod/.gitignore index 124d3929173e..cb07a85fd09d 100644 --- a/pod/.gitignore +++ b/pod/.gitignore @@ -48,7 +48,7 @@ /roffitall # generated -/perl5342delta.pod +/perl5343delta.pod /perlapi.pod /perlintern.pod /perlmodlib.pod diff --git a/pod/perl.pod b/pod/perl.pod index ea77bff7950e..64d9ae817fae 100644 --- a/pod/perl.pod +++ b/pod/perl.pod @@ -179,6 +179,7 @@ aux h2ph h2xs perlbug pl2pm pod2html pod2man splain xsubpp perlhist Perl history records perldelta Perl changes since previous version + perl5342delta Perl changes in version 5.34.2 perl5341delta Perl changes in version 5.34.1 perl5340delta Perl changes in version 5.34.0 perl5321delta Perl changes in version 5.32.1 diff --git a/pod/perl5342delta.pod b/pod/perl5342delta.pod new file mode 100644 index 000000000000..6015b2447a62 --- /dev/null +++ b/pod/perl5342delta.pod @@ -0,0 +1,109 @@ +=encoding utf8 + +=head1 NAME + +perl5342delta - what is new for perl v5.34.2 + +=head1 DESCRIPTION + +This document describes differences between the 5.34.1 release and the 5.34.2 +release. + +If you are upgrading from an earlier release such as 5.34.0, first read +L, which describes differences between 5.34.0 and 5.34.1. + +=head1 Security + +This release fixes the following security issues. + +=head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property + +This vulnerability was reported directly to the Perl security team by +Nathan Mills C. + +A crafted regular expression when compiled by perl 5.30.0 through +5.38.0 can cause a one-byte attacker controlled buffer overflow in a +heap allocated buffer. + +=head2 CVE-2023-47039 - Perl for Windows binary hijacking vulnerability + +This vulnerability was reported to the Intel Product Security Incident +Response Team (PSIRT) by GitHub user ycdxsb +L. PSIRT then +reported it to the Perl security team. + +Perl for Windows relies on the system path environment variable to +find the shell (C). When running an executable which uses +Windows Perl interpreter, Perl attempts to find and execute C +within the operating system. However, due to path search order issues, +Perl initially looks for cmd.exe in the current working directory. + +An attacker with limited privileges can exploit this behavior by +placing C in locations with weak permissions, such as +C. By doing so, when an administrator attempts to use +this executable from these compromised locations, arbitrary code can +be executed. + +=head1 Acknowledgements + +Perl 5.34.2 represents approximately 1 month of development since Perl +5.34.1 and contains approximately 3,700 lines of changes across 40 files +from 4 authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 2,800 lines of changes to 9 .pm, .t, .c and .h files. + +Perl continues to flourish into its fourth decade thanks to a vibrant +community of users and developers. The following people are known to have +contributed the improvements that became Perl 5.34.2: + +Karl Williamson, Paul Evans, Steve Hay, Tony Cook. + +The list above is almost certainly incomplete as it is automatically +generated from version control history. In particular, it does not include +the names of the (very much appreciated) contributors who reported issues to +the Perl bug tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please +see the F file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the perl bug database +at L. There may also be information at +L, the Perl Home Page. + +If you believe you have an unreported bug, please open an issue at +L. Be sure to trim your bug down to a +tiny but sufficient test case. + +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +L +for details of how to report the issue. + +=head1 Give Thanks + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, +you can do so by running the C program: + + perlthanks + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=head1 SEE ALSO + +The F file for an explanation of how to view exhaustive details on +what changed. + +The F file for how to build Perl. + +The F file for general stuff. + +The F and F files for copyright information. + +=cut diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 1bd78e6f7319..77fd2fa117f0 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -2,74 +2,408 @@ =head1 NAME -perldelta - what is new for perl v5.34.2 +[ this is a template for a new perldelta file. Any text flagged as XXX needs +to be processed before release. ] + +perldelta - what is new for perl v5.34.3 =head1 DESCRIPTION -This document describes differences between the 5.34.1 release and the 5.34.2 +This document describes differences between the 5.34.2 release and the 5.34.3 release. -If you are upgrading from an earlier release such as 5.34.0, first read -L, which describes differences between 5.34.0 and 5.34.1. +If you are upgrading from an earlier release such as 5.34.1, first read +L, which describes differences between 5.34.1 and 5.34.2. + +=head1 Notice + +XXX Any important notices here + +=head1 Core Enhancements + +XXX New core language features go here. Summarize user-visible core language +enhancements. Particularly prominent performance optimisations could go +here, but most should go in the L section. + +[ List each enhancement as a =head2 entry ] =head1 Security -This release fixes the following security issues. +XXX Any security-related notices go here. In particular, any security +vulnerabilities closed should be noted here rather than in the +L section. -=head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property +[ List each security issue as a =head2 entry ] -This vulnerability was reported directly to the Perl security team by -Nathan Mills C. +=head1 Incompatible Changes -A crafted regular expression when compiled by perl 5.30.0 through -5.38.0 can cause a one-byte attacker controlled buffer overflow in a -heap allocated buffer. +XXX For a release on a stable branch, this section aspires to be: -=head2 CVE-2023-47039 - Perl for Windows binary hijacking vulnerability + There are no changes intentionally incompatible with 5.XXX.XXX + If any exist, they are bugs, and we request that you submit a + report. See L below. -This vulnerability was reported to the Intel Product Security Incident -Response Team (PSIRT) by GitHub user ycdxsb -L. PSIRT then -reported it to the Perl security team. +[ List each incompatible change as a =head2 entry ] -Perl for Windows relies on the system path environment variable to -find the shell (C). When running an executable which uses -Windows Perl interpreter, Perl attempts to find and execute C -within the operating system. However, due to path search order issues, -Perl initially looks for cmd.exe in the current working directory. +=head1 Deprecations -An attacker with limited privileges can exploit this behavior by -placing C in locations with weak permissions, such as -C. By doing so, when an administrator attempts to use -this executable from these compromised locations, arbitrary code can -be executed. +XXX Any deprecated features, syntax, modules etc. should be listed here. -=head1 Acknowledgements +=head2 Module removals + +XXX Remove this section if not applicable. + +The following modules will be removed from the core distribution in a +future release, and will at that time need to be installed from CPAN. +Distributions on CPAN which require these modules will need to list them as +prerequisites. + +The core versions of these modules will now issue C<"deprecated">-category +warnings to alert you to this fact. To silence these deprecation warnings, +install the modules in question from CPAN. + +Note that these are (with rare exceptions) fine modules that you are encouraged +to continue to use. Their disinclusion from core primarily hinges on their +necessity to bootstrapping a fully functional, CPAN-capable Perl installation, +not usually on concerns over their design. + +=over + +=item XXX + +XXX Note that deprecated modules should be listed here even if they are listed +as an updated module in the L section. + +=back + +[ List each other deprecation as a =head2 entry ] + +=head1 Performance Enhancements + +XXX Changes which enhance performance without changing behaviour go here. +There may well be none in a stable release. + +[ List each enhancement as an =item entry ] + +=over 4 + +=item * + +XXX + +=back + +=head1 Modules and Pragmata + +XXX All changes to installed files in F, F, F and F +go here. If Module::CoreList is updated, generate an initial draft of the +following sections using F. A paragraph summary +for important changes should then be added by hand. In an ideal world, +dual-life modules would have a F file that could be cribbed. + +The list of new and updated modules is modified automatically as part of +preparing a Perl release, so the only reason to manually add entries here is if +you're summarising the important changes in the module update. (Also, if the +manually-added details don't match the automatically-generated ones, the +release manager will have to investigate the situation carefully.) + +[ Within each section, list entries as an =item entry ] + +=head2 New Modules and Pragmata + +=over 4 + +=item * + +XXX Remove this section if not applicable. + +=back + +=head2 Updated Modules and Pragmata + +=over 4 + +=item * + +L has been upgraded from version A.xx to B.yy. + +If there was something important to note about this change, include that here. + +=back + +=head2 Removed Modules and Pragmata + +=over 4 + +=item * + +XXX + +=back + +=head1 Documentation + +XXX Changes to files in F go here. Consider grouping entries by +file and be sure to link to the appropriate page, e.g. L. + +=head2 New Documentation + +XXX Changes which create B files in F go here. + +=head3 L + +XXX Description of the purpose of the new file here + +=head2 Changes to Existing Documentation + +We have attempted to update the documentation to reflect the changes +listed in this document. If you find any we have missed, open an issue +at L. + +XXX Changes which significantly change existing files in F go here. +However, any changes to F should go in the L +section. + +Additionally, the following selected changes have been made: + +=head3 L + +=over 4 + +=item * + +XXX Description of the change here + +=back + +=head1 Diagnostics + +The following additions or changes have been made to diagnostic output, +including warnings and fatal error messages. For the complete list of +diagnostic messages, see L. + +XXX New or changed warnings emitted by the core's C code go here. Also +include any changes in L that reconcile it to the C code. + +=head2 New Diagnostics + +XXX Newly added diagnostic messages go under here, separated into New Errors +and New Warnings + +=head3 New Errors + +=over 4 + +=item * + +XXX L + +=back + +=head3 New Warnings + +=over 4 + +=item * + +XXX L + +=back + +=head2 Changes to Existing Diagnostics + +XXX Changes (i.e. rewording) of diagnostic messages go here + +=over 4 -Perl 5.34.2 represents approximately 1 month of development since Perl -5.34.1 and contains approximately 3,700 lines of changes across 40 files -from 4 authors. +=item * -Excluding auto-generated files, documentation and release tools, there were -approximately 2,800 lines of changes to 9 .pm, .t, .c and .h files. +XXX Describe change here -Perl continues to flourish into its fourth decade thanks to a vibrant -community of users and developers. The following people are known to have -contributed the improvements that became Perl 5.34.2: +=back -Karl Williamson, Paul Evans, Steve Hay, Tony Cook. +=head1 Utility Changes -The list above is almost certainly incomplete as it is automatically -generated from version control history. In particular, it does not include -the names of the (very much appreciated) contributors who reported issues to -the Perl bug tracker. +XXX Changes to installed programs such as F and F go here. +Most of these are built within the directory F. + +[ List utility changes as a =head2 entry for each utility and =item +entries for each change +Use L with program names to get proper documentation linking. ] + +=head2 L + +=over 4 + +=item * + +XXX + +=back + +=head1 Configuration and Compilation + +XXX Changes to F, F, F, and analogous tools +go here. Any other changes to the Perl build process should be listed here. +However, any platform-specific changes should be listed in the +L section, instead. + +[ List changes as an =item entry ]. + +=over 4 + +=item * + +XXX + +=back + +=head1 Testing + +XXX Any significant changes to the testing of a freshly built perl should be +listed here. Changes which create B files in F go here as do any +large changes to the testing harness (e.g. when parallel testing was added). +Changes to existing files in F aren't worth summarizing, although the bugs +that they represent may be covered elsewhere. + +XXX If there were no significant test changes, say this: + +Tests were added and changed to reflect the other additions and changes +in this release. + +XXX If instead there were significant changes, say this: + +Tests were added and changed to reflect the other additions and +changes in this release. Furthermore, these significant changes were +made: + +[ List each test improvement as an =item entry ] + +=over 4 + +=item * + +XXX + +=back + +=head1 Platform Support + +XXX Any changes to platform support should be listed in the sections below. + +[ Within the sections, list each platform as an =item entry with specific +changes as paragraphs below it. ] + +=head2 New Platforms + +XXX List any platforms that this version of perl compiles on, that previous +versions did not. These will either be enabled by new files in the F +directories, or new subdirectories and F files at the top level of the +source tree. + +=over 4 + +=item XXX-some-platform + +XXX + +=back + +=head2 Discontinued Platforms + +XXX List any platforms that this version of perl no longer compiles on. + +=over 4 + +=item XXX-some-platform + +XXX + +=back + +=head2 Platform-Specific Notes + +XXX List any changes for specific platforms. This could include configuration +and compilation changes or changes in portability/compatibility. However, +changes within modules for platforms should generally be listed in the +L section. + +=over 4 + +=item XXX-some-platform + +XXX + +=back + +=head1 Internal Changes + +XXX Changes which affect the interface available to C code go here. Other +significant internal changes for future core maintainers should be noted as +well. + +[ List each change as an =item entry ] + +=over 4 + +=item * + +XXX + +=back + +=head1 Selected Bug Fixes + +XXX Important bug fixes in the core language are summarized here. Bug fixes in +files in F and F are best summarized in L. + +[ List each fix as an =item entry ] + +=over 4 + +=item * + +XXX + +=back + +=head1 Known Problems + +XXX Descriptions of platform agnostic bugs we know we can't fix go here. Any +tests that had to be Ced for the release would be noted here. Unfixed +platform specific bugs also go here. + +[ List each fix as an =item entry ] + +=over 4 + +=item * + +XXX + +=back + +=head1 Errata From Previous Releases + +=over 4 + +=item * + +XXX Add anything here that we forgot to add, or were mistaken about, in +the perldelta of a previous release. + +=back + +=head1 Obituary + +XXX If any significant core contributor or member of the CPAN community has +died, add a short obituary here. + +=head1 Acknowledgements -Many of the changes included in this version originated in the CPAN modules -included in Perl's core. We're grateful to the entire CPAN community for -helping Perl to flourish. +XXX Generate this with: -For a more complete list of all of Perl's historical contributors, please -see the F file in the Perl source distribution. + perl Porting/acknowledgements.pl v5.34.2..HEAD =head1 Reporting Bugs diff --git a/vms/descrip_mms.template b/vms/descrip_mms.template index fbcadb02c209..de165c5597a9 100644 --- a/vms/descrip_mms.template +++ b/vms/descrip_mms.template @@ -313,7 +313,7 @@ utils : $(utils1) $(utils2) $(utils3) $(utils4) $(utils5) extra.pods : miniperl @ @extra_pods.com -PERLDELTA_CURRENT = [.pod]perl5342delta.pod +PERLDELTA_CURRENT = [.pod]perl5343delta.pod $(PERLDELTA_CURRENT) : [.pod]perldelta.pod Copy/NoConfirm/Log $(MMS$SOURCE) $(PERLDELTA_CURRENT) diff --git a/win32/GNUmakefile b/win32/GNUmakefile index c59f80ec998c..d5092fb1947e 100644 --- a/win32/GNUmakefile +++ b/win32/GNUmakefile @@ -1783,7 +1783,7 @@ utils: $(HAVEMINIPERL) ..\utils\Makefile copy ..\README.tw ..\pod\perltw.pod copy ..\README.vos ..\pod\perlvos.pod copy ..\README.win32 ..\pod\perlwin32.pod - copy ..\pod\perldelta.pod ..\pod\perl5342delta.pod + copy ..\pod\perldelta.pod ..\pod\perl5343delta.pod $(MINIPERL) -I..\lib $(PL2BAT) $(UTILS) $(MINIPERL) -I..\lib ..\autodoc.pl .. $(MINIPERL) -I..\lib ..\pod\perlmodlib.PL -q .. @@ -1881,7 +1881,7 @@ distclean: realclean -if exist $(LIBDIR)\Win32API rmdir /s /q $(LIBDIR)\Win32API -if exist $(LIBDIR)\XS rmdir /s /q $(LIBDIR)\XS -cd $(PODDIR) && del /f *.html *.bat roffitall \ - perl5342delta.pod perlaix.pod perlamiga.pod perlandroid.pod \ + perl5343delta.pod perlaix.pod perlamiga.pod perlandroid.pod \ perlapi.pod perlbs2000.pod perlcn.pod perlcygwin.pod \ perldos.pod perlfreebsd.pod perlhaiku.pod perlhpux.pod \ perlhurd.pod perlintern.pod perlirix.pod perljp.pod perlko.pod \ diff --git a/win32/Makefile b/win32/Makefile index 91f6645a8708..1f78e6c2e771 100644 --- a/win32/Makefile +++ b/win32/Makefile @@ -1242,7 +1242,7 @@ utils: $(PERLEXE) ..\utils\Makefile copy ..\README.tw ..\pod\perltw.pod copy ..\README.vos ..\pod\perlvos.pod copy ..\README.win32 ..\pod\perlwin32.pod - copy ..\pod\perldelta.pod ..\pod\perl5342delta.pod + copy ..\pod\perldelta.pod ..\pod\perl5343delta.pod cd ..\win32 $(PERLEXE) $(PL2BAT) $(UTILS) $(MINIPERL) -I..\lib ..\autodoc.pl .. @@ -1341,7 +1341,7 @@ distclean: realclean -if exist $(LIBDIR)\Win32API rmdir /s /q $(LIBDIR)\Win32API -if exist $(LIBDIR)\XS rmdir /s /q $(LIBDIR)\XS -cd $(PODDIR) && del /f *.html *.bat roffitall \ - perl5342delta.pod perlaix.pod perlamiga.pod perlandroid.pod \ + perl5343delta.pod perlaix.pod perlamiga.pod perlandroid.pod \ perlapi.pod perlbs2000.pod perlcn.pod perlcygwin.pod \ perldos.pod perlfreebsd.pod perlhaiku.pod perlhpux.pod \ perlhurd.pod perlintern.pod perlirix.pod perljp.pod perlko.pod \ diff --git a/win32/pod.mak b/win32/pod.mak index 14bd882a30c1..fae32a4ecab6 100644 --- a/win32/pod.mak +++ b/win32/pod.mak @@ -67,6 +67,7 @@ POD = perl.pod \ perl5340delta.pod \ perl5341delta.pod \ perl5342delta.pod \ + perl5343delta.pod \ perl561delta.pod \ perl56delta.pod \ perl581delta.pod \ @@ -232,6 +233,7 @@ MAN = perl.man \ perl5340delta.man \ perl5341delta.man \ perl5342delta.man \ + perl5343delta.man \ perl561delta.man \ perl56delta.man \ perl581delta.man \ @@ -397,6 +399,7 @@ HTML = perl.html \ perl5340delta.html \ perl5341delta.html \ perl5342delta.html \ + perl5343delta.html \ perl561delta.html \ perl56delta.html \ perl581delta.html \ @@ -562,6 +565,7 @@ TEX = perl.tex \ perl5340delta.tex \ perl5341delta.tex \ perl5342delta.tex \ + perl5343delta.tex \ perl561delta.tex \ perl56delta.tex \ perl581delta.tex \