Import perl5384delta.pod and perl5402delta.pod

steve-m-hay · steve-m-hay · commit 7946d6a39ecd · 2025-04-13T15:02:44.000+01:00
diff --git a/MANIFEST b/MANIFEST
@@ -5742,8 +5742,10 @@ pod/perl5380delta.pod			Perl changes in version 5.38.0
 pod/perl5381delta.pod			Perl changes in version 5.38.1
 pod/perl5382delta.pod			Perl changes in version 5.38.2
 pod/perl5383delta.pod			Perl changes in version 5.38.3
+pod/perl5384delta.pod			Perl changes in version 5.38.4
 pod/perl5400delta.pod			Perl changes in version 5.40.0
 pod/perl5401delta.pod			Perl changes in version 5.40.1
+pod/perl5402delta.pod			Perl changes in version 5.40.2
 pod/perl5410delta.pod			Perl changes in version 5.41.0
 pod/perl54110delta.pod			Perl changes in version 5.41.10
 pod/perl5411delta.pod			Perl changes in version 5.41.1
diff --git a/pod/perl.pod b/pod/perl.pod
@@ -192,8 +192,10 @@ aux h2ph h2xs perlbug pl2pm pod2html pod2man splain xsubpp
     perl5412delta       Perl changes in version 5.41.2
     perl5411delta       Perl changes in version 5.41.1
     perl5410delta       Perl changes in version 5.41.0
+    perl5402delta       Perl changes in version 5.40.2
     perl5401delta       Perl changes in version 5.40.1
     perl5400delta       Perl changes in version 5.40.0
+    perl5384delta       Perl changes in version 5.38.4
     perl5383delta       Perl changes in version 5.38.3
     perl5382delta       Perl changes in version 5.38.2
     perl5381delta       Perl changes in version 5.38.1
diff --git a/pod/perl5384delta.pod b/pod/perl5384delta.pod
@@ -0,0 +1,113 @@
+=encoding utf8
+
+=head1 NAME
+
+perl5384delta - what is new for perl v5.38.4
+
+=head1 DESCRIPTION
+
+This document describes differences between the 5.38.3 release and the 5.38.4
+release.
+
+If you are upgrading from an earlier release such as 5.38.2, first read
+L<perl5383delta>, which describes differences between 5.38.2 and 5.38.3.
+
+=head1 Security
+
+=head2 [CVE-2024-56406] Heap buffer overflow vulnerability with tr//
+
+A heap buffer overflow vulnerability was discovered in Perl.
+
+When there are non-ASCII bytes in the left-hand-side of the C<tr> operator,
+C<S_do_trans_invmap()> can overflow the destination pointer C<d>.
+
+  $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'
+  Segmentation fault (core dumped)
+
+It is believed that this vulnerability can enable Denial of Service or
+Arbitrary Code Execution attacks on platforms that lack sufficient defenses.
+
+Discovered by: Nathan Mills.
+
+=head1 Incompatible Changes
+
+There are no changes intentionally incompatible with 5.38.3.  If any exist,
+they are bugs, and we request that you submit a report.  See L</Reporting Bugs>
+below.
+
+=head1 Modules and Pragmata
+
+=head2 Updated Modules and Pragmata
+
+=over 4
+
+=item *
+
+L<Module::CoreList> has been upgraded from version 5.20250118_38 to 5.20250413_38.
+
+=back
+
+=head1 Acknowledgements
+
+Perl 5.38.4 represents approximately 3 months of development since Perl 5.38.3
+and contains approximately 1,500 lines of changes across 36 files from 7
+authors.
+
+Excluding auto-generated files, documentation and release tools, there were
+approximately 640 lines of changes to 5 .pm, .t, .c and .h files.
+
+Perl continues to flourish into its fourth decade thanks to a vibrant community
+of users and developers.  The following people are known to have contributed
+the improvements that became Perl 5.38.4:
+
+Karl Williamson, Lukas Mai, Max Maischein, Paul Evans, Richard Leach, Steve
+Hay, Thibault Duponchelle.
+
+The list above is almost certainly incomplete as it is automatically generated
+from version control history.  In particular, it does not include the names of
+the (very much appreciated) contributors who reported issues to the Perl bug
+tracker.
+
+Many of the changes included in this version originated in the CPAN modules
+included in Perl's core.  We're grateful to the entire CPAN community for
+helping Perl to flourish.
+
+For a more complete list of all of Perl's historical contributors, please see
+the F<AUTHORS> file in the Perl source distribution.
+
+=head1 Reporting Bugs
+
+If you find what you think is a bug, you might check the perl bug database at
+L<https://github.com/Perl/perl5/issues>.  There may also be information at
+L<https://www.perl.org/>, the Perl Home Page.
+
+If you believe you have an unreported bug, please open an issue at
+L<https://github.com/Perl/perl5/issues>.  Be sure to trim your bug down to a
+tiny but sufficient test case.
+
+If the bug you are reporting has security implications which make it
+inappropriate to send to a public issue tracker, then see
+L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to
+report the issue.
+
+=head1 Give Thanks
+
+If you wish to thank the Perl 5 Porters for the work we had done in Perl 5,
+you can do so by running the C<perlthanks> program:
+
+    perlthanks
+
+This will send an email to the Perl 5 Porters list with your show of thanks.
+
+=head1 SEE ALSO
+
+The F<Changes> file for an explanation of how to view exhaustive details on
+what changed.
+
+The F<INSTALL> file for how to build Perl.
+
+The F<README> file for general stuff.
+
+The F<Artistic> and F<Copying> files for copyright information.
+
+=cut
diff --git a/pod/perl5402delta.pod b/pod/perl5402delta.pod
@@ -0,0 +1,113 @@
+=encoding utf8
+
+=head1 NAME
+
+perl5402delta - what is new for perl v5.40.2
+
+=head1 DESCRIPTION
+
+This document describes differences between the 5.40.1 release and the 5.40.2
+release.
+
+If you are upgrading from an earlier release such as 5.40.0, first read
+L<perl5401delta>, which describes differences between 5.40.0 and 5.40.1.
+
+=head1 Security
+
+=head2 [CVE-2024-56406] Heap buffer overflow vulnerability with tr//
+
+A heap buffer overflow vulnerability was discovered in Perl.
+
+When there are non-ASCII bytes in the left-hand-side of the C<tr> operator,
+C<S_do_trans_invmap()> can overflow the destination pointer C<d>.
+
+  $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'
+  Segmentation fault (core dumped)
+
+It is believed that this vulnerability can enable Denial of Service or
+Arbitrary Code Execution attacks on platforms that lack sufficient defenses.
+
+Discovered by: Nathan Mills.
+
+=head1 Incompatible Changes
+
+There are no changes intentionally incompatible with 5.40.1.  If any exist,
+they are bugs, and we request that you submit a report.  See L</Reporting Bugs>
+below.
+
+=head1 Modules and Pragmata
+
+=head2 Updated Modules and Pragmata
+
+=over 4
+
+=item *
+
+L<Module::CoreList> has been upgraded from version 5.20250118_40 to 5.20250413_40.
+
+=back
+
+=head1 Acknowledgements
+
+Perl 5.40.2 represents approximately 3 months of development since Perl 5.40.1
+and contains approximately 1,600 lines of changes across 37 files from 7
+authors.
+
+Excluding auto-generated files, documentation and release tools, there were
+approximately 640 lines of changes to 5 .pm, .t, .c and .h files.
+
+Perl continues to flourish into its fourth decade thanks to a vibrant community
+of users and developers.  The following people are known to have contributed
+the improvements that became Perl 5.40.2:
+
+Karl Williamson, Lukas Mai, Max Maischein, Paul Evans, Richard Leach, Steve
+Hay, Thibault Duponchelle.
+
+The list above is almost certainly incomplete as it is automatically generated
+from version control history.  In particular, it does not include the names of
+the (very much appreciated) contributors who reported issues to the Perl bug
+tracker.
+
+Many of the changes included in this version originated in the CPAN modules
+included in Perl's core.  We're grateful to the entire CPAN community for
+helping Perl to flourish.
+
+For a more complete list of all of Perl's historical contributors, please see
+the F<AUTHORS> file in the Perl source distribution.
+
+=head1 Reporting Bugs
+
+If you find what you think is a bug, you might check the perl bug database at
+L<https://github.com/Perl/perl5/issues>.  There may also be information at
+L<https://www.perl.org/>, the Perl Home Page.
+
+If you believe you have an unreported bug, please open an issue at
+L<https://github.com/Perl/perl5/issues>.  Be sure to trim your bug down to a
+tiny but sufficient test case.
+
+If the bug you are reporting has security implications which make it
+inappropriate to send to a public issue tracker, then see
+L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to
+report the issue.
+
+=head1 Give Thanks
+
+If you wish to thank the Perl 5 Porters for the work we had done in Perl 5,
+you can do so by running the C<perlthanks> program:
+
+    perlthanks
+
+This will send an email to the Perl 5 Porters list with your show of thanks.
+
+=head1 SEE ALSO
+
+The F<Changes> file for an explanation of how to view exhaustive details on
+what changed.
+
+The F<INSTALL> file for how to build Perl.
+
+The F<README> file for general stuff.
+
+The F<Artistic> and F<Copying> files for copyright information.
+
+=cut
diff --git a/win32/pod.mak b/win32/pod.mak
@@ -76,8 +76,10 @@ POD = perl.pod	\
 	perl5381delta.pod	\
 	perl5382delta.pod	\
 	perl5383delta.pod	\
+	perl5384delta.pod	\
 	perl5400delta.pod	\
 	perl5401delta.pod	\
+	perl5402delta.pod	\
 	perl5410delta.pod	\
 	perl54110delta.pod	\
 	perl54111delta.pod	\
@@ -266,8 +268,10 @@ MAN = perl.man	\
 	perl5381delta.man	\
 	perl5382delta.man	\
 	perl5383delta.man	\
+	perl5384delta.man	\
 	perl5400delta.man	\
 	perl5401delta.man	\
+	perl5402delta.man	\
 	perl5410delta.man	\
 	perl54110delta.man	\
 	perl54111delta.man	\
@@ -456,8 +460,10 @@ HTML = perl.html	\
 	perl5381delta.html	\
 	perl5382delta.html	\
 	perl5383delta.html	\
+	perl5384delta.html	\
 	perl5400delta.html	\
 	perl5401delta.html	\
+	perl5402delta.html	\
 	perl5410delta.html	\
 	perl54110delta.html	\
 	perl54111delta.html	\
@@ -646,8 +652,10 @@ TEX = perl.tex	\
 	perl5381delta.tex	\
 	perl5382delta.tex	\
 	perl5383delta.tex	\
+	perl5384delta.tex	\
 	perl5400delta.tex	\
 	perl5401delta.tex	\
+	perl5402delta.tex	\
 	perl5410delta.tex	\
 	perl54110delta.tex	\
 	perl54111delta.tex	\
