1*de8cc8edSafresh1=encoding utf8 2*de8cc8edSafresh1 3*de8cc8edSafresh1=head1 NAME 4*de8cc8edSafresh1 5*de8cc8edSafresh1perl5283delta - what is new for perl v5.28.3 6*de8cc8edSafresh1 7*de8cc8edSafresh1=head1 DESCRIPTION 8*de8cc8edSafresh1 9*de8cc8edSafresh1This document describes differences between the 5.28.2 release and the 5.28.3 10*de8cc8edSafresh1release. 11*de8cc8edSafresh1 12*de8cc8edSafresh1If you are upgrading from an earlier release such as 5.28.1, first read 13*de8cc8edSafresh1L<perl5282delta>, which describes differences between 5.28.1 and 5.28.2. 14*de8cc8edSafresh1 15*de8cc8edSafresh1=head1 Security 16*de8cc8edSafresh1 17*de8cc8edSafresh1=head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression 18*de8cc8edSafresh1 19*de8cc8edSafresh1A signed C<size_t> integer overflow in the storage space calculations for 20*de8cc8edSafresh1nested regular expression quantifiers could cause a heap buffer overflow in 21*de8cc8edSafresh1Perl's regular expression compiler that overwrites memory allocated after the 22*de8cc8edSafresh1regular expression storage space with attacker supplied data. 23*de8cc8edSafresh1 24*de8cc8edSafresh1The target system needs a sufficient amount of memory to allocate partial 25*de8cc8edSafresh1expansions of the nested quantifiers prior to the overflow occurring. This 26*de8cc8edSafresh1requirement is unlikely to be met on 64-bit systems. 27*de8cc8edSafresh1 28*de8cc8edSafresh1Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup). 29*de8cc8edSafresh1 30*de8cc8edSafresh1=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression 31*de8cc8edSafresh1 32*de8cc8edSafresh1Integer overflows in the calculation of offsets between instructions for the 33*de8cc8edSafresh1regular expression engine could cause corruption of the intermediate language 34*de8cc8edSafresh1state of a compiled regular expression. An attacker could abuse this behaviour 35*de8cc8edSafresh1to insert instructions into the compiled form of a Perl regular expression. 36*de8cc8edSafresh1 37*de8cc8edSafresh1Discovered by: Hugo van der Sanden and Slaven Rezic. 38*de8cc8edSafresh1 39*de8cc8edSafresh1=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression 40*de8cc8edSafresh1 41*de8cc8edSafresh1Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to 42*de8cc8edSafresh1optimize the intermediate language representation of a regular expression could 43*de8cc8edSafresh1cause corruption of the intermediate language state of a compiled regular 44*de8cc8edSafresh1expression. 45*de8cc8edSafresh1 46*de8cc8edSafresh1Discovered by: Sergey Aleynikov. 47*de8cc8edSafresh1 48*de8cc8edSafresh1=head2 Additional Note 49*de8cc8edSafresh1 50*de8cc8edSafresh1An application written in Perl would only be vulnerable to any of the above 51*de8cc8edSafresh1flaws if it evaluates regular expressions supplied by the attacker. Evaluating 52*de8cc8edSafresh1regular expressions in this fashion is known to be dangerous since the regular 53*de8cc8edSafresh1expression engine does not protect against denial of service attacks in this 54*de8cc8edSafresh1usage scenario. 55*de8cc8edSafresh1 56*de8cc8edSafresh1=head1 Incompatible Changes 57*de8cc8edSafresh1 58*de8cc8edSafresh1There are no changes intentionally incompatible with Perl 5.28.2. If any 59*de8cc8edSafresh1exist, they are bugs, and we request that you submit a report. See 60*de8cc8edSafresh1L</Reporting Bugs> below. 61*de8cc8edSafresh1 62*de8cc8edSafresh1=head1 Modules and Pragmata 63*de8cc8edSafresh1 64*de8cc8edSafresh1=head2 Updated Modules and Pragmata 65*de8cc8edSafresh1 66*de8cc8edSafresh1=over 4 67*de8cc8edSafresh1 68*de8cc8edSafresh1=item * 69*de8cc8edSafresh1 70*de8cc8edSafresh1L<Module::CoreList> has been upgraded from version 5.20190419 to 5.20200601_28. 71*de8cc8edSafresh1 72*de8cc8edSafresh1=back 73*de8cc8edSafresh1 74*de8cc8edSafresh1=head1 Testing 75*de8cc8edSafresh1 76*de8cc8edSafresh1Tests were added and changed to reflect the other additions and changes in this 77*de8cc8edSafresh1release. 78*de8cc8edSafresh1 79*de8cc8edSafresh1=head1 Acknowledgements 80*de8cc8edSafresh1 81*de8cc8edSafresh1Perl 5.28.3 represents approximately 13 months of development since Perl 5.28.2 82*de8cc8edSafresh1and contains approximately 3,100 lines of changes across 48 files from 16 83*de8cc8edSafresh1authors. 84*de8cc8edSafresh1 85*de8cc8edSafresh1Excluding auto-generated files, documentation and release tools, there were 86*de8cc8edSafresh1approximately 1,700 lines of changes to 9 .pm, .t, .c and .h files. 87*de8cc8edSafresh1 88*de8cc8edSafresh1Perl continues to flourish into its fourth decade thanks to a vibrant community 89*de8cc8edSafresh1of users and developers. The following people are known to have contributed 90*de8cc8edSafresh1the improvements that became Perl 5.28.3: 91*de8cc8edSafresh1 92*de8cc8edSafresh1Chris 'BinGOs' Williams, Dan Book, Hugo van der Sanden, James E Keenan, John 93*de8cc8edSafresh1Lightsey, Karen Etheridge, Karl Williamson, Matthew Horsfall, Max Maischein, 94*de8cc8edSafresh1Nicolas R., Renee Baecker, Sawyer X, Steve Hay, Tom Hukins, Tony Cook, Zak B. 95*de8cc8edSafresh1Elep. 96*de8cc8edSafresh1 97*de8cc8edSafresh1The list above is almost certainly incomplete as it is automatically generated 98*de8cc8edSafresh1from version control history. In particular, it does not include the names of 99*de8cc8edSafresh1the (very much appreciated) contributors who reported issues to the Perl bug 100*de8cc8edSafresh1tracker. 101*de8cc8edSafresh1 102*de8cc8edSafresh1Many of the changes included in this version originated in the CPAN modules 103*de8cc8edSafresh1included in Perl's core. We're grateful to the entire CPAN community for 104*de8cc8edSafresh1helping Perl to flourish. 105*de8cc8edSafresh1 106*de8cc8edSafresh1For a more complete list of all of Perl's historical contributors, please see 107*de8cc8edSafresh1the F<AUTHORS> file in the Perl source distribution. 108*de8cc8edSafresh1 109*de8cc8edSafresh1=head1 Reporting Bugs 110*de8cc8edSafresh1 111*de8cc8edSafresh1If you find what you think is a bug, you might check the perl bug database at 112*de8cc8edSafresh1L<https://github.com/Perl/perl5/issues>. There may also be information at 113*de8cc8edSafresh1L<https://www.perl.org/>, the Perl Home Page. 114*de8cc8edSafresh1 115*de8cc8edSafresh1If you believe you have an unreported bug, please open an issue at 116*de8cc8edSafresh1L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a 117*de8cc8edSafresh1tiny but sufficient test case. 118*de8cc8edSafresh1 119*de8cc8edSafresh1If the bug you are reporting has security implications which make it 120*de8cc8edSafresh1inappropriate to send to a public issue tracker, then see 121*de8cc8edSafresh1L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to 122*de8cc8edSafresh1report the issue. 123*de8cc8edSafresh1 124*de8cc8edSafresh1=head1 Give Thanks 125*de8cc8edSafresh1 126*de8cc8edSafresh1If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you 127*de8cc8edSafresh1can do so by running the C<perlthanks> program: 128*de8cc8edSafresh1 129*de8cc8edSafresh1 perlthanks 130*de8cc8edSafresh1 131*de8cc8edSafresh1This will send an email to the Perl 5 Porters list with your show of thanks. 132*de8cc8edSafresh1 133*de8cc8edSafresh1=head1 SEE ALSO 134*de8cc8edSafresh1 135*de8cc8edSafresh1The F<Changes> file for an explanation of how to view exhaustive details on 136*de8cc8edSafresh1what changed. 137*de8cc8edSafresh1 138*de8cc8edSafresh1The F<INSTALL> file for how to build Perl. 139*de8cc8edSafresh1 140*de8cc8edSafresh1The F<README> file for general stuff. 141*de8cc8edSafresh1 142*de8cc8edSafresh1The F<Artistic> and F<Copying> files for copyright information. 143*de8cc8edSafresh1 144*de8cc8edSafresh1=cut 145