diff --git a/MANIFEST b/MANIFEST index d5f98eece49d..86e84f4a1dbd 100644 --- a/MANIFEST +++ b/MANIFEST @@ -5699,11 +5699,14 @@ pod/perl5321delta.pod Perl changes in version 5.32.1 pod/perl5340delta.pod Perl changes in version 5.34.0 pod/perl5341delta.pod Perl changes in version 5.34.1 pod/perl5342delta.pod Perl changes in version 5.34.2 +pod/perl5343delta.pod Perl changes in version 5.34.3 pod/perl5360delta.pod Perl changes in version 5.36.0 pod/perl5361delta.pod Perl changes in version 5.36.1 pod/perl5362delta.pod Perl changes in version 5.36.2 +pod/perl5363delta.pod Perl changes in version 5.36.3 pod/perl5380delta.pod Perl changes in version 5.38.0 pod/perl5381delta.pod Perl changes in version 5.38.1 +pod/perl5382delta.pod Perl changes in version 5.38.2 pod/perl5390delta.pod Perl changes in version 5.39.0 pod/perl5391delta.pod Perl changes in version 5.39.1 pod/perl5392delta.pod Perl changes in version 5.39.2 diff --git a/pod/perl.pod b/pod/perl.pod index 6c475fd13b36..00bd98284339 100644 --- a/pod/perl.pod +++ b/pod/perl.pod @@ -187,11 +187,14 @@ aux h2ph h2xs perlbug pl2pm pod2html pod2man splain xsubpp perl5392delta Perl changes in version 5.39.2 perl5391delta Perl changes in version 5.39.1 perl5390delta Perl changes in version 5.39.0 + perl5382delta Perl changes in version 5.38.2 perl5381delta Perl changes in version 5.38.1 perl5380delta Perl changes in version 5.38.0 + perl5363delta Perl changes in version 5.36.3 perl5362delta Perl changes in version 5.36.2 perl5361delta Perl changes in version 5.36.1 perl5360delta Perl changes in version 5.36.0 + perl5343delta Perl changes in version 5.34.3 perl5342delta Perl changes in version 5.34.2 perl5341delta Perl changes in version 5.34.1 perl5340delta Perl changes in version 5.34.0 diff --git a/pod/perl5343delta.pod b/pod/perl5343delta.pod new file mode 100644 index 000000000000..96aec5060423 --- /dev/null +++ b/pod/perl5343delta.pod @@ -0,0 +1,110 @@ +=encoding utf8 + +=head1 NAME + +perl5343delta - what is new for perl v5.34.3 + +=head1 DESCRIPTION + +This document describes differences between the 5.34.1 release and the 5.34.3 +release. B This document ignores Perl 5.34.2, a broken release +which existed for a couple of days only. + +If you are upgrading from an earlier release such as 5.34.0, first read +L, which describes differences between 5.34.0 and 5.34.1. + +=head1 Security + +This release fixes the following security issues. + +=head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property + +This vulnerability was reported directly to the Perl security team by +Nathan Mills C. + +A crafted regular expression when compiled by perl 5.30.0 through +5.38.0 can cause a one-byte attacker controlled buffer overflow in a +heap allocated buffer. + +=head2 CVE-2023-47039 - Perl for Windows binary hijacking vulnerability + +This vulnerability was reported to the Intel Product Security Incident +Response Team (PSIRT) by GitHub user ycdxsb +L. PSIRT then +reported it to the Perl security team. + +Perl for Windows relies on the system path environment variable to +find the shell (C). When running an executable which uses +Windows Perl interpreter, Perl attempts to find and execute C +within the operating system. However, due to path search order issues, +Perl initially looks for cmd.exe in the current working directory. + +An attacker with limited privileges can exploit this behavior by +placing C in locations with weak permissions, such as +C. By doing so, when an administrator attempts to use +this executable from these compromised locations, arbitrary code can +be executed. + +=head1 Acknowledgements + +Perl 5.34.3 represents approximately 1 month of development since Perl +5.34.1 and contains approximately 3,700 lines of changes across 40 files +from 4 authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 2,800 lines of changes to 9 .pm, .t, .c and .h files. + +Perl continues to flourish into its fourth decade thanks to a vibrant +community of users and developers. The following people are known to have +contributed the improvements that became Perl 5.34.3: + +Karl Williamson, Paul Evans, Steve Hay, Tony Cook. + +The list above is almost certainly incomplete as it is automatically +generated from version control history. In particular, it does not include +the names of the (very much appreciated) contributors who reported issues to +the Perl bug tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please +see the F file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the perl bug database +at L. There may also be information at +L, the Perl Home Page. + +If you believe you have an unreported bug, please open an issue at +L. Be sure to trim your bug down to a +tiny but sufficient test case. + +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +L +for details of how to report the issue. + +=head1 Give Thanks + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, +you can do so by running the C program: + + perlthanks + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=head1 SEE ALSO + +The F file for an explanation of how to view exhaustive details on +what changed. + +The F file for how to build Perl. + +The F file for general stuff. + +The F and F files for copyright information. + +=cut diff --git a/pod/perl5363delta.pod b/pod/perl5363delta.pod new file mode 100644 index 000000000000..7790958b63a9 --- /dev/null +++ b/pod/perl5363delta.pod @@ -0,0 +1,110 @@ +=encoding utf8 + +=head1 NAME + +perl5363delta - what is new for perl v5.36.3 + +=head1 DESCRIPTION + +This document describes differences between the 5.36.1 release and the 5.36.3 +release. B This document ignores Perl 5.36.2, a broken release +which existed for a couple of days only. + +If you are upgrading from an earlier release such as 5.36.0, first read +L, which describes differences between 5.36.0 and 5.36.1. + +=head1 Security + +This release fixes the following security issues. + +=head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property + +This vulnerability was reported directly to the Perl security team by +Nathan Mills C. + +A crafted regular expression when compiled by perl 5.30.0 through +5.38.0 can cause a one-byte attacker controlled buffer overflow in a +heap allocated buffer. + +=head2 CVE-2023-47039 - Perl for Windows binary hijacking vulnerability + +This vulnerability was reported to the Intel Product Security Incident +Response Team (PSIRT) by GitHub user ycdxsb +L. PSIRT then +reported it to the Perl security team. + +Perl for Windows relies on the system path environment variable to +find the shell (C). When running an executable which uses +Windows Perl interpreter, Perl attempts to find and execute C +within the operating system. However, due to path search order issues, +Perl initially looks for cmd.exe in the current working directory. + +An attacker with limited privileges can exploit this behavior by +placing C in locations with weak permissions, such as +C. By doing so, when an administrator attempts to use +this executable from these compromised locations, arbitrary code can +be executed. + +=head1 Acknowledgements + +Perl 5.36.3 represents approximately 1 month of development since Perl +5.36.1 and contains approximately 2,300 lines of changes across 38 files +from 4 authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 1,400 lines of changes to 8 .pm, .t, .c and .h files. + +Perl continues to flourish into its fourth decade thanks to a vibrant +community of users and developers. The following people are known to have +contributed the improvements that became Perl 5.36.3: + +Karl Williamson, Paul Evans, Steve Hay, Tony Cook. + +The list above is almost certainly incomplete as it is automatically +generated from version control history. In particular, it does not include +the names of the (very much appreciated) contributors who reported issues to +the Perl bug tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please +see the F file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the perl bug database +at L. There may also be information at +L, the Perl Home Page. + +If you believe you have an unreported bug, please open an issue at +L. Be sure to trim your bug down to a +tiny but sufficient test case. + +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +L +for details of how to report the issue. + +=head1 Give Thanks + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, +you can do so by running the C program: + + perlthanks + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=head1 SEE ALSO + +The F file for an explanation of how to view exhaustive details on +what changed. + +The F file for how to build Perl. + +The F file for general stuff. + +The F and F files for copyright information. + +=cut diff --git a/pod/perl5382delta.pod b/pod/perl5382delta.pod new file mode 100644 index 000000000000..2068cebbb0c5 --- /dev/null +++ b/pod/perl5382delta.pod @@ -0,0 +1,110 @@ +=encoding utf8 + +=head1 NAME + +perl5382delta - what is new for perl v5.38.2 + +=head1 DESCRIPTION + +This document describes differences between the 5.38.0 release and the 5.38.2 +release. B This document ignores Perl 5.38.1, a broken release +which existed for a couple of days only. + +If you are upgrading from an earlier release such as 5.37.0, first read +L, which describes differences between 5.37.0 and 5.38.0. + +=head1 Security + +This release fixes the following security issues. + +=head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property + +This vulnerability was reported directly to the Perl security team by +Nathan Mills C. + +A crafted regular expression when compiled by perl 5.30.0 through +5.38.0 can cause a one-byte attacker controlled buffer overflow in a +heap allocated buffer. + +=head2 CVE-2023-47039 - Perl for Windows binary hijacking vulnerability + +This vulnerability was reported to the Intel Product Security Incident +Response Team (PSIRT) by GitHub user ycdxsb +L. PSIRT then +reported it to the Perl security team. + +Perl for Windows relies on the system path environment variable to +find the shell (C). When running an executable which uses +Windows Perl interpreter, Perl attempts to find and execute C +within the operating system. However, due to path search order issues, +Perl initially looks for cmd.exe in the current working directory. + +An attacker with limited privileges can exploit this behavior by +placing C in locations with weak permissions, such as +C. By doing so, when an administrator attempts to use +this executable from these compromised locations, arbitrary code can +be executed. + +=head1 Acknowledgements + +Perl 5.38.2 represents approximately 5 months of development since Perl +5.38.0 and contains approximately 6,100 lines of changes across 34 files +from 4 authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 1,300 lines of changes to 9 .pm, .t, .c and .h files. + +Perl continues to flourish into its fourth decade thanks to a vibrant +community of users and developers. The following people are known to have +contributed the improvements that became Perl 5.38.2: + +Karl Williamson, Paul Evans, Steve Hay, Tony Cook. + +The list above is almost certainly incomplete as it is automatically +generated from version control history. In particular, it does not include +the names of the (very much appreciated) contributors who reported issues to +the Perl bug tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please +see the F file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the perl bug database +at L. There may also be information at +L, the Perl Home Page. + +If you believe you have an unreported bug, please open an issue at +L. Be sure to trim your bug down to a +tiny but sufficient test case. + +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +L +for details of how to report the issue. + +=head1 Give Thanks + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, +you can do so by running the C program: + + perlthanks + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=head1 SEE ALSO + +The F file for an explanation of how to view exhaustive details on +what changed. + +The F file for how to build Perl. + +The F file for general stuff. + +The F and F files for copyright information. + +=cut diff --git a/win32/pod.mak b/win32/pod.mak index 9f279040b97d..81cfcd895495 100644 --- a/win32/pod.mak +++ b/win32/pod.mak @@ -67,11 +67,14 @@ POD = perl.pod \ perl5340delta.pod \ perl5341delta.pod \ perl5342delta.pod \ + perl5343delta.pod \ perl5360delta.pod \ perl5361delta.pod \ perl5362delta.pod \ + perl5363delta.pod \ perl5380delta.pod \ perl5381delta.pod \ + perl5382delta.pod \ perl5390delta.pod \ perl5391delta.pod \ perl5392delta.pod \ @@ -246,11 +249,14 @@ MAN = perl.man \ perl5340delta.man \ perl5341delta.man \ perl5342delta.man \ + perl5343delta.man \ perl5360delta.man \ perl5361delta.man \ perl5362delta.man \ + perl5363delta.man \ perl5380delta.man \ perl5381delta.man \ + perl5382delta.man \ perl5390delta.man \ perl5391delta.man \ perl5392delta.man \ @@ -425,11 +431,14 @@ HTML = perl.html \ perl5340delta.html \ perl5341delta.html \ perl5342delta.html \ + perl5343delta.html \ perl5360delta.html \ perl5361delta.html \ perl5362delta.html \ + perl5363delta.html \ perl5380delta.html \ perl5381delta.html \ + perl5382delta.html \ perl5390delta.html \ perl5391delta.html \ perl5392delta.html \ @@ -604,11 +613,14 @@ TEX = perl.tex \ perl5340delta.tex \ perl5341delta.tex \ perl5342delta.tex \ + perl5343delta.tex \ perl5360delta.tex \ perl5361delta.tex \ perl5362delta.tex \ + perl5363delta.tex \ perl5380delta.tex \ perl5381delta.tex \ + perl5382delta.tex \ perl5390delta.tex \ perl5391delta.tex \ perl5392delta.tex \