|
| 1 | +=encoding utf8 |
| 2 | + |
| 3 | +=head1 NAME |
| 4 | + |
| 5 | +perl5384delta - what is new for perl v5.38.4 |
| 6 | + |
| 7 | +=head1 DESCRIPTION |
| 8 | + |
| 9 | +This document describes differences between the 5.38.3 release and the 5.38.4 |
| 10 | +release. |
| 11 | + |
| 12 | +If you are upgrading from an earlier release such as 5.38.2, first read |
| 13 | +L<perl5383delta>, which describes differences between 5.38.2 and 5.38.3. |
| 14 | + |
| 15 | +=head1 Security |
| 16 | + |
| 17 | +=head2 [CVE-2024-56406] Heap buffer overflow vulnerability with tr// |
| 18 | + |
| 19 | +A heap buffer overflow vulnerability was discovered in Perl. |
| 20 | + |
| 21 | +When there are non-ASCII bytes in the left-hand-side of the C<tr> operator, |
| 22 | +C<S_do_trans_invmap()> can overflow the destination pointer C<d>. |
| 23 | + |
| 24 | + $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' |
| 25 | + Segmentation fault (core dumped) |
| 26 | + |
| 27 | +It is believed that this vulnerability can enable Denial of Service or |
| 28 | +Arbitrary Code Execution attacks on platforms that lack sufficient defenses. |
| 29 | + |
| 30 | +Discovered by: Nathan Mills. |
| 31 | + |
| 32 | +=head1 Incompatible Changes |
| 33 | + |
| 34 | +There are no changes intentionally incompatible with 5.38.3. If any exist, |
| 35 | +they are bugs, and we request that you submit a report. See L</Reporting Bugs> |
| 36 | +below. |
| 37 | + |
| 38 | +=head1 Modules and Pragmata |
| 39 | + |
| 40 | +=head2 Updated Modules and Pragmata |
| 41 | + |
| 42 | +=over 4 |
| 43 | + |
| 44 | +=item * |
| 45 | + |
| 46 | +L<Module::CoreList> has been upgraded from version 5.20250118_38 to 5.20250413_38. |
| 47 | + |
| 48 | +=back |
| 49 | + |
| 50 | +=head1 Acknowledgements |
| 51 | + |
| 52 | +Perl 5.38.4 represents approximately 3 months of development since Perl 5.38.3 |
| 53 | +and contains approximately 1,500 lines of changes across 36 files from 7 |
| 54 | +authors. |
| 55 | + |
| 56 | +Excluding auto-generated files, documentation and release tools, there were |
| 57 | +approximately 640 lines of changes to 5 .pm, .t, .c and .h files. |
| 58 | + |
| 59 | +Perl continues to flourish into its fourth decade thanks to a vibrant community |
| 60 | +of users and developers. The following people are known to have contributed |
| 61 | +the improvements that became Perl 5.38.4: |
| 62 | + |
| 63 | +Karl Williamson, Lukas Mai, Max Maischein, Paul Evans, Richard Leach, Steve |
| 64 | +Hay, Thibault Duponchelle. |
| 65 | + |
| 66 | +The list above is almost certainly incomplete as it is automatically generated |
| 67 | +from version control history. In particular, it does not include the names of |
| 68 | +the (very much appreciated) contributors who reported issues to the Perl bug |
| 69 | +tracker. |
| 70 | + |
| 71 | +Many of the changes included in this version originated in the CPAN modules |
| 72 | +included in Perl's core. We're grateful to the entire CPAN community for |
| 73 | +helping Perl to flourish. |
| 74 | + |
| 75 | +For a more complete list of all of Perl's historical contributors, please see |
| 76 | +the F<AUTHORS> file in the Perl source distribution. |
| 77 | + |
| 78 | +=head1 Reporting Bugs |
| 79 | + |
| 80 | +If you find what you think is a bug, you might check the perl bug database at |
| 81 | +L<https://github.com/Perl/perl5/issues>. There may also be information at |
| 82 | +L<https://www.perl.org/>, the Perl Home Page. |
| 83 | + |
| 84 | +If you believe you have an unreported bug, please open an issue at |
| 85 | +L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a |
| 86 | +tiny but sufficient test case. |
| 87 | + |
| 88 | +If the bug you are reporting has security implications which make it |
| 89 | +inappropriate to send to a public issue tracker, then see |
| 90 | +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to |
| 91 | +report the issue. |
| 92 | + |
| 93 | +=head1 Give Thanks |
| 94 | + |
| 95 | +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, |
| 96 | +you can do so by running the C<perlthanks> program: |
| 97 | + |
| 98 | + perlthanks |
| 99 | + |
| 100 | +This will send an email to the Perl 5 Porters list with your show of thanks. |
| 101 | + |
| 102 | +=head1 SEE ALSO |
| 103 | + |
| 104 | +The F<Changes> file for an explanation of how to view exhaustive details on |
| 105 | +what changed. |
| 106 | + |
| 107 | +The F<INSTALL> file for how to build Perl. |
| 108 | + |
| 109 | +The F<README> file for general stuff. |
| 110 | + |
| 111 | +The F<Artistic> and F<Copying> files for copyright information. |
| 112 | + |
| 113 | +=cut |
0 commit comments