1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
=encoding utf8
=head1 NAME
perldelta - what is new for perl v5.28.1
=head1 DESCRIPTION
This document describes differences between the 5.28.0 release and the 5.28.1
release.
If you are upgrading from an earlier release such as 5.26.0, first read
L<perl5280delta>, which describes differences between 5.26.0 and 5.28.0.
=head1 Security
=head2 [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
Integer arithmetic in C<Perl_my_setenv()> could wrap when the combined length
of the environment variable name and value exceeded around 0x7fffffff. This
could lead to writing beyond the end of an allocated buffer with attacker
supplied data.
L<[perl #133204]|https://rt.perl.org/Ticket/Display.html?id=133204>
=head2 [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
A crafted regular expression could cause heap-buffer-overflow write during
compilation, potentially allowing arbitrary code execution.
L<[perl #133423]|https://rt.perl.org/Ticket/Display.html?id=133423>
=head1 Incompatible Changes
There are no changes intentionally incompatible with 5.28.0. If any exist,
they are bugs, and we request that you submit a report. See
L</Reporting Bugs> below.
=head1 Modules and Pragmata
=head2 Updated Modules and Pragmata
=over 4
=item *
L<Module::CoreList> has been upgraded from version 5.20180622 to 5.20181129_28.
=back
=head1 Selected Bug Fixes
=over 4
=item *
Perl 5.28 introduced an C<index()> optimization when comparing to -1 (or
indirectly, e.g. >= 0). When this optimization was triggered inside a C<when>
clause it caused a warning ("Argument %s isn't numeric in smart match"). This
has now been fixed.
L<[perl #133368]|https://rt.perl.org/Ticket/Display.html?id=133368>
=item *
Matching of decimal digits in script runs, introduced in Perl 5.28, had a bug
that led to C<"1\N{THAI DIGIT FIVE}"> matching C</^(*sr:\d+)$/> when it should
not. This has now been fixed.
=item *
The new in-place editing code no longer leaks directory handles.
L<[perl #133314]|https://rt.perl.org/Ticket/Display.html?id=133314>
=back
=head1 Acknowledgements
XXX Generate this with:
perl Porting/acknowledgements.pl v5.27.11..HEAD
=head1 Reporting Bugs
If you find what you think is a bug, you might check the perl bug database
at L<https://rt.perl.org/> . There may also be information at
L<http://www.perl.org/> , the Perl Home Page.
If you believe you have an unreported bug, please run the L<perlbug> program
included with your release. Be sure to trim your bug down to a tiny but
sufficient test case. Your bug report, along with the output of C<perl -V>,
will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then see
L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION>
for details of how to report the issue.
=head1 Give Thanks
If you wish to thank the Perl 5 Porters for the work we had done in Perl 5,
you can do so by running the C<perlthanks> program:
perlthanks
This will send an email to the Perl 5 Porters list with your show of thanks.
=head1 SEE ALSO
The F<Changes> file for an explanation of how to view exhaustive details on
what changed.
The F<INSTALL> file for how to build Perl.
The F<README> file for general stuff.
The F<Artistic> and F<Copying> files for copyright information.
=cut
|
