From 41bb65490e0fb76c79f9c6aa7185aa8c8815935d Mon Sep 17 00:00:00 2001 From: "Paul \"LeoNerd\" Evans" Date: Tue, 28 Nov 2023 12:32:38 +0000 Subject: [PATCH] Write perldelta for 5.34.3 - a reworded copy of the previous with notice that we ignore the broken 5.34.2 release --- pod/perldelta.pod | 425 +++++----------------------------------------- 1 file changed, 46 insertions(+), 379 deletions(-) diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 77fd2fa117f0..76fb6663edfc 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -2,408 +2,75 @@ =head1 NAME -[ this is a template for a new perldelta file. Any text flagged as XXX needs -to be processed before release. ] - perldelta - what is new for perl v5.34.3 =head1 DESCRIPTION -This document describes differences between the 5.34.2 release and the 5.34.3 -release. - -If you are upgrading from an earlier release such as 5.34.1, first read -L, which describes differences between 5.34.1 and 5.34.2. - -=head1 Notice - -XXX Any important notices here - -=head1 Core Enhancements +This document describes differences between the 5.34.1 release and the 5.34.3 +release. B This document ignores Perl 5.34.2, a broken release +which existed for a couple of days only. -XXX New core language features go here. Summarize user-visible core language -enhancements. Particularly prominent performance optimisations could go -here, but most should go in the L section. - -[ List each enhancement as a =head2 entry ] +If you are upgrading from an earlier release such as 5.34.0, first read +L, which describes differences between 5.34.0 and 5.34.1. =head1 Security -XXX Any security-related notices go here. In particular, any security -vulnerabilities closed should be noted here rather than in the -L section. - -[ List each security issue as a =head2 entry ] - -=head1 Incompatible Changes - -XXX For a release on a stable branch, this section aspires to be: - - There are no changes intentionally incompatible with 5.XXX.XXX - If any exist, they are bugs, and we request that you submit a - report. See L below. - -[ List each incompatible change as a =head2 entry ] - -=head1 Deprecations - -XXX Any deprecated features, syntax, modules etc. should be listed here. - -=head2 Module removals - -XXX Remove this section if not applicable. - -The following modules will be removed from the core distribution in a -future release, and will at that time need to be installed from CPAN. -Distributions on CPAN which require these modules will need to list them as -prerequisites. - -The core versions of these modules will now issue C<"deprecated">-category -warnings to alert you to this fact. To silence these deprecation warnings, -install the modules in question from CPAN. - -Note that these are (with rare exceptions) fine modules that you are encouraged -to continue to use. Their disinclusion from core primarily hinges on their -necessity to bootstrapping a fully functional, CPAN-capable Perl installation, -not usually on concerns over their design. - -=over - -=item XXX - -XXX Note that deprecated modules should be listed here even if they are listed -as an updated module in the L section. - -=back - -[ List each other deprecation as a =head2 entry ] - -=head1 Performance Enhancements - -XXX Changes which enhance performance without changing behaviour go here. -There may well be none in a stable release. - -[ List each enhancement as an =item entry ] - -=over 4 - -=item * - -XXX - -=back - -=head1 Modules and Pragmata - -XXX All changes to installed files in F, F, F and F -go here. If Module::CoreList is updated, generate an initial draft of the -following sections using F. A paragraph summary -for important changes should then be added by hand. In an ideal world, -dual-life modules would have a F file that could be cribbed. - -The list of new and updated modules is modified automatically as part of -preparing a Perl release, so the only reason to manually add entries here is if -you're summarising the important changes in the module update. (Also, if the -manually-added details don't match the automatically-generated ones, the -release manager will have to investigate the situation carefully.) - -[ Within each section, list entries as an =item entry ] - -=head2 New Modules and Pragmata - -=over 4 - -=item * - -XXX Remove this section if not applicable. - -=back - -=head2 Updated Modules and Pragmata - -=over 4 - -=item * - -L has been upgraded from version A.xx to B.yy. - -If there was something important to note about this change, include that here. - -=back - -=head2 Removed Modules and Pragmata - -=over 4 - -=item * - -XXX - -=back - -=head1 Documentation - -XXX Changes to files in F go here. Consider grouping entries by -file and be sure to link to the appropriate page, e.g. L. - -=head2 New Documentation - -XXX Changes which create B files in F go here. - -=head3 L - -XXX Description of the purpose of the new file here - -=head2 Changes to Existing Documentation - -We have attempted to update the documentation to reflect the changes -listed in this document. If you find any we have missed, open an issue -at L. - -XXX Changes which significantly change existing files in F go here. -However, any changes to F should go in the L -section. - -Additionally, the following selected changes have been made: - -=head3 L - -=over 4 - -=item * - -XXX Description of the change here - -=back - -=head1 Diagnostics - -The following additions or changes have been made to diagnostic output, -including warnings and fatal error messages. For the complete list of -diagnostic messages, see L. - -XXX New or changed warnings emitted by the core's C code go here. Also -include any changes in L that reconcile it to the C code. - -=head2 New Diagnostics - -XXX Newly added diagnostic messages go under here, separated into New Errors -and New Warnings - -=head3 New Errors - -=over 4 - -=item * - -XXX L - -=back - -=head3 New Warnings +This release fixes the following security issues. -=over 4 +=head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property -=item * +This vulnerability was reported directly to the Perl security team by +Nathan Mills C. -XXX L +A crafted regular expression when compiled by perl 5.30.0 through +5.38.0 can cause a one-byte attacker controlled buffer overflow in a +heap allocated buffer. -=back +=head2 CVE-2023-47039 - Perl for Windows binary hijacking vulnerability -=head2 Changes to Existing Diagnostics +This vulnerability was reported to the Intel Product Security Incident +Response Team (PSIRT) by GitHub user ycdxsb +L. PSIRT then +reported it to the Perl security team. -XXX Changes (i.e. rewording) of diagnostic messages go here +Perl for Windows relies on the system path environment variable to +find the shell (C). When running an executable which uses +Windows Perl interpreter, Perl attempts to find and execute C +within the operating system. However, due to path search order issues, +Perl initially looks for cmd.exe in the current working directory. -=over 4 +An attacker with limited privileges can exploit this behavior by +placing C in locations with weak permissions, such as +C. By doing so, when an administrator attempts to use +this executable from these compromised locations, arbitrary code can +be executed. -=item * - -XXX Describe change here - -=back - -=head1 Utility Changes - -XXX Changes to installed programs such as F and F go here. -Most of these are built within the directory F. - -[ List utility changes as a =head2 entry for each utility and =item -entries for each change -Use L with program names to get proper documentation linking. ] - -=head2 L - -=over 4 - -=item * - -XXX - -=back - -=head1 Configuration and Compilation - -XXX Changes to F, F, F, and analogous tools -go here. Any other changes to the Perl build process should be listed here. -However, any platform-specific changes should be listed in the -L section, instead. - -[ List changes as an =item entry ]. - -=over 4 - -=item * - -XXX - -=back - -=head1 Testing - -XXX Any significant changes to the testing of a freshly built perl should be -listed here. Changes which create B files in F go here as do any -large changes to the testing harness (e.g. when parallel testing was added). -Changes to existing files in F aren't worth summarizing, although the bugs -that they represent may be covered elsewhere. - -XXX If there were no significant test changes, say this: - -Tests were added and changed to reflect the other additions and changes -in this release. - -XXX If instead there were significant changes, say this: - -Tests were added and changed to reflect the other additions and -changes in this release. Furthermore, these significant changes were -made: - -[ List each test improvement as an =item entry ] - -=over 4 - -=item * - -XXX - -=back - -=head1 Platform Support - -XXX Any changes to platform support should be listed in the sections below. - -[ Within the sections, list each platform as an =item entry with specific -changes as paragraphs below it. ] - -=head2 New Platforms - -XXX List any platforms that this version of perl compiles on, that previous -versions did not. These will either be enabled by new files in the F -directories, or new subdirectories and F files at the top level of the -source tree. - -=over 4 - -=item XXX-some-platform - -XXX - -=back - -=head2 Discontinued Platforms - -XXX List any platforms that this version of perl no longer compiles on. - -=over 4 - -=item XXX-some-platform - -XXX - -=back - -=head2 Platform-Specific Notes - -XXX List any changes for specific platforms. This could include configuration -and compilation changes or changes in portability/compatibility. However, -changes within modules for platforms should generally be listed in the -L section. - -=over 4 - -=item XXX-some-platform - -XXX - -=back - -=head1 Internal Changes - -XXX Changes which affect the interface available to C code go here. Other -significant internal changes for future core maintainers should be noted as -well. - -[ List each change as an =item entry ] - -=over 4 - -=item * - -XXX - -=back - -=head1 Selected Bug Fixes - -XXX Important bug fixes in the core language are summarized here. Bug fixes in -files in F and F are best summarized in L. - -[ List each fix as an =item entry ] - -=over 4 - -=item * - -XXX - -=back - -=head1 Known Problems - -XXX Descriptions of platform agnostic bugs we know we can't fix go here. Any -tests that had to be Ced for the release would be noted here. Unfixed -platform specific bugs also go here. - -[ List each fix as an =item entry ] - -=over 4 - -=item * - -XXX - -=back - -=head1 Errata From Previous Releases - -=over 4 - -=item * +=head1 Acknowledgements -XXX Add anything here that we forgot to add, or were mistaken about, in -the perldelta of a previous release. +Perl 5.34.3 represents approximately 1 month of development since Perl +5.34.1 and contains approximately 3,700 lines of changes across 40 files +from 4 authors. -=back +Excluding auto-generated files, documentation and release tools, there were +approximately 2,800 lines of changes to 9 .pm, .t, .c and .h files. -=head1 Obituary +Perl continues to flourish into its fourth decade thanks to a vibrant +community of users and developers. The following people are known to have +contributed the improvements that became Perl 5.34.3: -XXX If any significant core contributor or member of the CPAN community has -died, add a short obituary here. +Karl Williamson, Paul Evans, Steve Hay, Tony Cook. -=head1 Acknowledgements +The list above is almost certainly incomplete as it is automatically +generated from version control history. In particular, it does not include +the names of the (very much appreciated) contributors who reported issues to +the Perl bug tracker. -XXX Generate this with: +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. - perl Porting/acknowledgements.pl v5.34.2..HEAD +For a more complete list of all of Perl's historical contributors, please +see the F file in the Perl source distribution. =head1 Reporting Bugs