Date: Friday June 12, 2020 @ 03:53 Author: argrath Update of /cvsroot/perldocjp/docs/perl/5.28.3 In directory sf-cvs:/tmp/cvs-serv142262/perl/5.28.3 Added Files: perl5283delta.pod Log Message: 5.28.3/perl5283delta =================================================================== File: perl5283delta.pod Status: Up-to-date Working revision: 1.1 Thu Jun 11 18:53:36 2020 Repository revision: 1.1 /cvsroot/perldocjp/docs/perl/5.28.3/perl5283delta.pod,v Sticky Options: -kb Existing Tags: No Tags Exist -------------- next part -------------- Index: docs/perl/5.28.3/perl5283delta.pod diff -u /dev/null docs/perl/5.28.3/perl5283delta.pod:1.1 --- /dev/null Fri Jun 12 03:53:36 2020 +++ docs/perl/5.28.3/perl5283delta.pod Fri Jun 12 03:53:36 2020 @@ -0,0 +1,382 @@ + +=encoding euc-jp + +=head1 NAME + +=begin original + +perldelta - what is new for perl v5.28.3 + +=end original + +perl5283delta - perl v5.28.3 ¤Ç¤ÎÊѹ¹ÅÀ + +=head1 DESCRIPTION + +=begin original + +This document describes differences between the 5.28.2 release and the 5.28.3 +release. + +=end original + +¤³¤Îʸ½ñ¤Ï 5.28.2 ¥ê¥ê¡¼¥¹¤È 5.28.3 ¥ê¥ê¡¼¥¹¤ÎÊѹ¹ÅÀ¤òµ½Ò¤·¤Æ¤¤¤Þ¤¹¡£ + +=begin original + +If you are upgrading from an earlier release such as 5.28.1, first read +L<perl5282delta>, which describes differences between 5.28.1 and 5.28.2. + +=end original + +5.28.1 ¤Î¤è¤¦¤Ê°ÊÁ°¤Î¥ê¥ê¡¼¥¹¤«¤é¹¹¿·¤¹¤ë¾ì¹ç¤Ï¡¢¤Þ¤º 5.28.1 ¤È +5.28.2 ¤Î°ã¤¤¤Ë¤Ä¤¤¤Æµ½Ò¤·¤Æ¤¤¤ë L<perl5282delta> ¤òÆɤó¤Ç¤¯¤À¤µ¤¤¡£ + +=head1 Security + +=head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression + +=begin original + +A signed C<size_t> integer overflow in the storage space calculations for +nested regular expression quantifiers could cause a heap buffer overflow in +Perl's regular expression compiler that overwrites memory allocated after the +regular expression storage space with attacker supplied data. + +=end original + +¥Í¥¹¥È¤·¤¿Àµµ¬É½¸½ÎÌ»ØÄê»Ò¤ÎÊÝ´É¥¹¥Ú¡¼¥¹¤Î·×»»¤Ç¤Î +Éä¹æÉÕ¤ C<size_t> À°¿ô¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤ò°ú¤µ¯¤³¤¹¤³¤È¤¬¤¢¤ê¤Þ¤¹; +¤³¤ì¤Ë¤è¤ê Perl ¤ÎÀµµ¬É½¸½¥³¥ó¥Ñ¥¤¥é¤¬¡¢ +¹¶·â¼Ô¤¬Ä󶡤·¤¿¥Ç¡¼¥¿¤ÎÀµµ¬É½¸½ÊÝ´É¥¹¥Ú¡¼¥¹¤Î¸å¤í¤Ë³ä¤êÅö¤Æ¤é¤ì¤¿ +¥á¥â¥ê¤ò¾å½ñ¤¤¹¤ë¤È¤¤¤¦¡¢ +¥Ò¡¼¥×¥Ð¥Ã¥Õ¥¡¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤ò°ú¤µ¯¤³¤¹¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£ + +=begin original + +The target system needs a sufficient amount of memory to allocate partial +expansions of the nested quantifiers prior to the overflow occurring. This +requirement is unlikely to be met on 64-bit systems. + +=end original + +¥¿¡¼¥²¥Ã¥È¥·¥¹¥Æ¥à¤Ï¡¢¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤¬µ¯¤¤ëÁ°¤Ë¡¢¥Í¥¹¥È¤·¤¿ÎÌ»ØÄê»Ò¤Î +ÉôʬŪ¤Ê½½Ê¬¤ÊÎ̤Υá¥â¥ê¤¬É¬ÍפǤ¹¡£ +¤³¤ÎÍ×µá¤ò 64 ¥Ó¥Ã¥È¥·¥¹¥Æ¥à¤ÇËþ¤¿¤¹¤³¤È¤Ï¤ª¤½¤é¤¯¤Ç¤¤Ê¤¤¤Ç¤·¤ç¤¦¡£ + +=begin original + +Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup). + +=end original + +ManhND of The Tarantula Team, VinCSS (Vingroup ¤Î¥á¥ó¥Ð¡¼) ¤Ë¤è¤Ã¤Æ +ȯ¸«¤µ¤ì¤Þ¤·¤¿¡£ + +=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression + +=begin original + +Integer overflows in the calculation of offsets between instructions for the +regular expression engine could cause corruption of the intermediate language +state of a compiled regular expression. An attacker could abuse this behaviour +to insert instructions into the compiled form of a Perl regular expression. + +=end original + +Àµµ¬É½¸½¥¨¥ó¥¸¥ó¤ÎÌ¿Îá¤Î´Ö¤Ç¤Î¥ª¥Õ¥»¥Ã¥È¤ÎÀ°¿ô¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤Ë¤è¤ê¡¢ +¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤¿Àµµ¬É½¸½¤ÎÃæ´Ö¸À¸ì¾õÂÖ¤¬Ç˲õ¤µ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£ +¹¶·â¼Ô¤Ï¤³¤Î¿¶¤ëÉñ¤¤¤ò¡¢Perl Àµµ¬É½¸½¤Î¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤¿·Á¼°¤ËÌ¿Îá¤ò +ÁÞÆþ¤¹¤ë¤³¤È¤Ë°ÍѤǤ¤Þ¤¹¡£ + +=begin original + +Discovered by: Hugo van der Sanden and Slaven Rezic. + +=end original + +Hugo van der Sanden ¤È Slaven Rezic ¤Ë¤è¤Ã¤Æȯ¸«¤µ¤ì¤Þ¤·¤¿¡£ + +=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression + +=begin original + +Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to +optimize the intermediate language representation of a regular expression could +cause corruption of the intermediate language state of a compiled regular +expression. + +=end original + +Àµµ¬É½¸½¤ÎÃæ´Ö¸À¸ìɽ¸½¤òºÇŬ²½¤¹¤ë¤¿¤á¤Ë¡¢ +Perl ¤ÎÀµµ¬É½¸½¥³¥ó¥Ñ¥¤¥é¤¬ C<S_study_chunk()> ¤òºÆµ¢¸Æ¤Ó½Ð¤·¤¹¤ë¤³¤È¤Ç¡¢ +¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤¿Àµµ¬É½¸½¤ÎÃæ´Ö¸À¸ì¾õÂÖ¤¬Ç˲õ¤µ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£ + +=begin original + +Discovered by: Sergey Aleynikov. + +=end original + +Sergey Aleynikov ¤Ë¤è¤Ã¤Æȯ¸«¤µ¤ì¤Þ¤·¤¿¡£ + +=head2 Additional Note + +(ÄɲäÎÃí°Õ) + +=begin original + +An application written in Perl would only be vulnerable to any of the above +flaws if it evaluates regular expressions supplied by the attacker. Evaluating +regular expressions in this fashion is known to be dangerous since the regular +expression engine does not protect against denial of service attacks in this +usage scenario. + +=end original + +Perl ¤Ç½ñ¤«¤ì¤¿¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢¹¶·â¼Ô¤Ë¤è¤Ã¤ÆÄ󶡤µ¤ì¤¿Àµµ¬É½¸½¤ò +ɾ²Á¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ß¡¢Á°½Ò¤ÎÉÔ¶ñ¹ç¤ËÂФ·¤ÆÀȼå¤Ç¤¹¡£ +¤³¤Î¤è¤¦¤ÊÊýË¡¤ÇÀµµ¬É½¸½¤òɾ²Á¤¹¤ë¤³¤È¤Ï¡¢´í¸±¤Ç¤¢¤ë¤³¤È¤¬ÃΤé¤ì¤Æ¤¤¤Þ¤¹; +Àµµ¬É½¸½¥¨¥ó¥¸¥ó¤Ï¤³¤Î¤è¤¦¤Ê»ÈÍÑ¥·¥Ê¥ê¥ª¤Ç¤Î¥µ¡¼¥Ó¥¹ÉÔǽ¹¶·â¤«¤é +¼é¤é¤ì¤Æ¤¤¤Ê¤¤¤«¤é¤Ç¤¹¡£ + +=head1 Incompatible Changes + +(¸ß´¹À¤Î¤Ê¤¤Êѹ¹) + +=begin original + +There are no changes intentionally incompatible with Perl 5.28.2. If any +exist, they are bugs, and we request that you submit a report. See +L</Reporting Bugs> below. + +=end original + +¸Î°Õ¤Ë¡¢5.28.2 ¤«¤é¸ß´¹À¤¬¤Ê¤¯¤Ê¤ë¤è¤¦¤Ë¤·¤¿Êѹ¹¤Ï¤¢¤ê¤Þ¤»¤ó¡£ +¤â¤· 5.28.2 ¤È¤Î¸ß´¹À¤¬¤Ê¤±¤ì¤Ð¡¢¤½¤ì¤Ï¥Ð¥°¤Ç¤¹¤Î¤Ç¡¢Êó¹ð¤ò¤ª´ê¤¤¤·¤Þ¤¹¡£ +°Ê²¼¤Î L</Reporting Bugs> ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ + +=head1 Modules and Pragmata + +(¥â¥¸¥å¡¼¥ë¤È¥×¥é¥°¥Þ) + +=head2 Updated Modules and Pragmata + +(¹¹¿·¤µ¤ì¤¿¥â¥¸¥å¡¼¥ë¤È¥×¥é¥°¥Þ) + +=over 4 + +=item * + +=begin original + +L<Module::CoreList> has been upgraded from version 5.20190419 to 5.20200601_28. + +=end original + +L<Module::CoreList> ¤Ï¥Ð¡¼¥¸¥ç¥ó 5.20190419 ¤«¤é 5.20200601_28 ¤Ë¹¹¿·¤µ¤ì¤Þ¤·¤¿¡£ + +=back + +=head1 Testing + +(¥Æ¥¹¥È) + +=begin original + +Tests were added and changed to reflect the other additions and changes in this +release. + +=end original + +¤³¤Î¥ê¥ê¡¼¥¹¤Î¤½¤Î¾¤ÎÄɲäÈÊѹ¹¤òÈ¿±Ç¤¹¤ë¤è¤¦¤Ë¥Æ¥¹¥È¤òÄɲ䪤è¤Ó +Êѹ¹¤·¤Þ¤·¤¿¡£ + +=head1 Acknowledgements + +=begin original + +Perl 5.28.3 represents approximately 13 months of development since Perl 5.28.2 +and contains approximately 3,100 lines of changes across 48 files from 16 +authors. + +=end original + +Perl 5.28.3 ¤Ï¡¢Perl 5.28.2 °Ê¹ß¡¢16 ¿Í¤Îºî¼Ô¤Ë¤è¤Ã¤Æ¡¢ +48 ¤Î¥Õ¥¡¥¤¥ë¤ËÌó 3,100 ¹Ô¤ÎÊѹ¹¤ò²Ã¤¨¤Æ¡¢ +Ìó 13 ¥ö·î³«È¯¤µ¤ì¤Æ¤¤Þ¤·¤¿¡£ + +=begin original + +Excluding auto-generated files, documentation and release tools, there were +approximately 1,700 lines of changes to 9 .pm, .t, .c and .h files. + +=end original + +¼«Æ°À¸À®¥Õ¥¡¥¤¥ë¡¢Ê¸½ñ¡¢¥ê¥ê¡¼¥¹¥Ä¡¼¥ë¤ò½ü¤¯¤È¡¢9 ¤Î .pm, .t, .c, +.h ¥Õ¥¡¥¤¥ë¤ËÌó 1,700 ¹Ô¤ÎÊѹ¹¤ò²Ã¤¨¤Þ¤·¤¿¡£ + +=begin original + +Perl continues to flourish into its fourth decade thanks to a vibrant community +of users and developers. The following people are known to have contributed +the improvements that became Perl 5.28.3: + +=end original + +Perl ¤Ï¡¢³èµ¤¤Î¤¢¤ë¥æ¡¼¥¶¡¼¤È³«È¯¼Ô¤Î¥³¥ß¥å¥Ë¥Æ¥£¤Î¤ª¤«¤²¤Ç 30 ǯ¤òĶ¤¨¤Æ +È˱ɤ·¤Æ¤¤¤Þ¤¹¡£ +°Ê²¼¤Î¿Í¡¹¤¬¡¢Perl 5.28.3 ¤Ë¤Ê¤ë¤¿¤á¤Î²þÎɤ˹׸¥¤·¤¿¤³¤È¤¬Ê¬¤«¤Ã¤Æ¤¤¤Þ¤¹: + +Chris 'BinGOs' Williams, Dan Book, Hugo van der Sanden, James E Keenan, John +Lightsey, Karen Etheridge, Karl Williamson, Matthew Horsfall, Max Maischein, +Nicolas R., Renee Baecker, Sawyer X, Steve Hay, Tom Hukins, Tony Cook, Zak B. +Elep. + +=begin original + +The list above is almost certainly incomplete as it is automatically generated +from version control history. In particular, it does not include the names of +the (very much appreciated) contributors who reported issues to the Perl bug +tracker. + +=end original + +¤³¤ì¤Ï¥Ð¡¼¥¸¥ç¥ó¥³¥ó¥È¥í¡¼¥ëÍúÎò¤«¤é¼«Æ°Åª¤ËÀ¸À®¤·¤Æ¤¤¤ë¤Î¤Ç¡¢¤Û¤Ü³Î¼Â¤Ë +ÉÔ´°Á´¤Ç¤¹¡£ +Æäˡ¢Perl ¥Ð¥°¥È¥é¥Ã¥«¡¼¤ËÌäÂê¤òÊó¹ð¤ò¤·¤Æ¤¯¤ì¤¿ (¤È¤Æ¤â¤¢¤ê¤¬¤¿¤¤)¹×¸¥¼Ô¤Î +̾Á°¤ò´Þ¤ó¤Ç¤¤¤Þ¤»¤ó¡£ + +=begin original + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +=end original + +¤³¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ëÊѹ¹¤Î¿¤¯¤Ï¡¢Perl ¥³¥¢¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë CPAN +¥â¥¸¥å¡¼¥ëͳÍè¤Î¤â¤Î¤Ç¤¹¡£ +»ä¤¿¤Á¤Ï Perl ¤ÎȯŸ¤ò½õ¤±¤Æ¤¤¤ë CPAN ¥³¥ß¥å¥Ë¥Æ¥£Á´ÂΤ˴¶¼Õ¤·¤Þ¤¹¡£ + +=begin original + +For a more complete list of all of Perl's historical contributors, please see +the F<AUTHORS> file in the Perl source distribution. + +=end original + +Á´¤Æ¤Î Perl ¤ÎÎò»ËŪ¤Ê¹×¸¥¼Ô¤Î¤è¤ê´°Á´¤Ê°ìÍ÷¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤É¤¦¤« Perl ¥½¡¼¥¹ +ÇÛÉۤ˴ޤޤì¤Æ¤¤¤ë F<AUTHORS> ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ + +=head1 Reporting Bugs + +(¥Ð¥°Êó¹ð) + +=begin original + +If you find what you think is a bug, you might check the perl bug database at +L<https://github.com/Perl/perl5/issues>. There may also be information at +L<https://www.perl.org/>, the Perl Home Page. + +=end original + +¤â¤·¥Ð¥°¤È»×¤ï¤ì¤ë¤â¤Î¤ò¸«¤Ä¤±¤¿¤é¡¢ +L<https://github.com/Perl/perl5/issues> ¤Ë¤¢¤ë perl ¥Ð¥°¥Ç¡¼¥¿¥Ù¡¼¥¹¤ò +³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£ +Perl ¥Û¡¼¥à¥Ú¡¼¥¸¡¢L<http://www.perl.org/> ¤Ë¤â¾ðÊ󤬤¢¤ê¤Þ¤¹¡£ + +=begin original + +If you believe you have an unreported bug, please open an issue at +L<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a +tiny but sufficient test case. + +=end original + +¤â¤·¤Þ¤ÀÊó¹ð¤µ¤ì¤Æ¤¤¤Ê¤¤¥Ð¥°¤À¤È³Î¿®¤·¤¿¤é¡¢ +L<https://github.com/Perl/perl5/issues> ¤Ë¥¤¥·¥å¡¼¤òÅÐÏ¿¤·¤Æ¤¯¤À¤µ¤¤¡£ +¥Ð¥°¤ÎºÆ¸½¥¹¥¯¥ê¥×¥È¤ò½½Ê¬¾®¤µ¤¯¡¢¤·¤«¤·Í¸ú¤Ê¥³¡¼¥É¤ËÀÚ¤ê¤Ä¤á¤ë¤³¤È¤ò +°Õ¼±¤·¤Æ¤¯¤À¤µ¤¤¡£ + +=begin original + +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to +report the issue. + +=end original + +Êó¹ð¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¥Ð¥°¤¬¥»¥¥å¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¤â¤Î¤Ç¡¢¸ø³«¤µ¤ì¤Æ¤¤¤ë +¥¤¥·¥å¡¼¥È¥é¥Ã¥«¡¼¤ËÁ÷¤ë¤Î¤¬ÉÔŬÀڤʤâ¤Î¤Ê¤é¡¢¥Ð¥°¤ÎÊó¹ðÊýË¡¤Î¾ÜºÙ¤Ë¤Ä¤¤¤Æ +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ + +=head1 Give Thanks + +(´¶¼Õ¤òÅÁ¤¨¤ë) + +=begin original + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you +can do so by running the C<perlthanks> program: + +=end original + +¤â¤· Perl 5 ¤Ç¤Ê¤µ¤ì¤¿ºî¶È¤Ë¤Ä¤¤¤Æ Perl 5 Porters ¤Ë´¶¼Õ¤·¤¿¤¤¤È¹Í¤¨¤¿¤Ê¤é¡¢ +C<perlthanks> ¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤¹¤ë¤³¤È¤Ç¤½¤¦¤Ç¤¤Þ¤¹: + + perlthanks + +=begin original + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=end original + +¤³¤ì¤Ï Perl 5 Porters ¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¤Ë¤¢¤Ê¤¿¤Î´¶¼Õ¤Î¸ÀÍÕ¤ò¥á¡¼¥ë¤·¤Þ¤¹¡£ + +=head1 SEE ALSO + +=begin original + +The F<Changes> file for an explanation of how to view exhaustive details on +what changed. + +=end original + +Êѹ¹ÅÀ¤Î´°Á´¤Ê¾ÜºÙ¤ò¸«¤ëÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï F<Changes> ¥Õ¥¡¥¤¥ë¡£ + +=begin original + +The F<INSTALL> file for how to build Perl. + +=end original + +Perl ¤Î¥Ó¥ë¥ÉÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï F<INSTALL> ¥Õ¥¡¥¤¥ë¡£ + +=begin original + +The F<README> file for general stuff. + +=end original + +°ìÈÌŪ¤Ê¤³¤È¤Ë¤Ä¤¤¤Æ¤Ï F<README> ¥Õ¥¡¥¤¥ë¡£ + +=begin original + +The F<Artistic> and F<Copying> files for copyright information. + +=end original + +Ãøºî¸¢¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï F<Artistic> µÚ¤Ó F<Copying> ¥Õ¥¡¥¤¥ë¡£ + +=cut + +=begin meta + +Translate: SHIRAKATA Kentaro <argra****@ub32*****> +Status: completed + +=end meta +
