Adding upstream version 4.22.0.upstream/4.22.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 200 insertions, 0 deletions

diff --git a/upstream/debian-bookworm/man1/perl5303delta.1 b/upstream/debian-bookworm/man1/perl5303delta.1
new file mode 100644
index 00000000..6d35cba7
--- /dev/null
+++ b/upstream/debian-bookworm/man1/perl5303delta.1
@@ -0,0 +1,200 @@
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\" ========================================================================
+.\"
+.IX Title "PERL5303DELTA 1"
+.TH PERL5303DELTA 1 "2023-11-25" "perl v5.36.0" "Perl Programmers Reference Guide"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+perl5303delta \- what is new for perl v5.30.3
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This document describes differences between the 5.30.2 release and the 5.30.3
+release.
+.PP
+If you are upgrading from an earlier release such as 5.30.1, first read
+perl5302delta, which describes differences between 5.30.1 and 5.30.2.
+.SH "Security"
+.IX Header "Security"
+.SS "[\s-1CVE\-2020\-10543\s0] Buffer overflow caused by a crafted regular expression"
+.IX Subsection "[CVE-2020-10543] Buffer overflow caused by a crafted regular expression"
+A signed \f(CW\*(C`size_t\*(C'\fR integer overflow in the storage space calculations for
+nested regular expression quantifiers could cause a heap buffer overflow in
+Perl's regular expression compiler that overwrites memory allocated after the
+regular expression storage space with attacker supplied data.
+.PP
+The target system needs a sufficient amount of memory to allocate partial
+expansions of the nested quantifiers prior to the overflow occurring.  This
+requirement is unlikely to be met on 64\-bit systems.
+.PP
+Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup).
+.SS "[\s-1CVE\-2020\-10878\s0] Integer overflow via malformed bytecode produced by a crafted regular expression"
+.IX Subsection "[CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression"
+Integer overflows in the calculation of offsets between instructions for the
+regular expression engine could cause corruption of the intermediate language
+state of a compiled regular expression.  An attacker could abuse this behaviour
+to insert instructions into the compiled form of a Perl regular expression.
+.PP
+Discovered by: Hugo van der Sanden and Slaven Rezic.
+.SS "[\s-1CVE\-2020\-12723\s0] Buffer overflow caused by a crafted regular expression"
+.IX Subsection "[CVE-2020-12723] Buffer overflow caused by a crafted regular expression"
+Recursive calls to \f(CW\*(C`S_study_chunk()\*(C'\fR by Perl's regular expression compiler to
+optimize the intermediate language representation of a regular expression could
+cause corruption of the intermediate language state of a compiled regular
+expression.
+.PP
+Discovered by: Sergey Aleynikov.
+.SS "Additional Note"
+.IX Subsection "Additional Note"
+An application written in Perl would only be vulnerable to any of the above
+flaws if it evaluates regular expressions supplied by the attacker.  Evaluating
+regular expressions in this fashion is known to be dangerous since the regular
+expression engine does not protect against denial of service attacks in this
+usage scenario.
+.SH "Incompatible Changes"
+.IX Header "Incompatible Changes"
+There are no changes intentionally incompatible with Perl 5.30.2.  If any
+exist, they are bugs, and we request that you submit a report.  See
+\&\*(L"Reporting Bugs\*(R" below.
+.SH "Modules and Pragmata"
+.IX Header "Modules and Pragmata"
+.SS "Updated Modules and Pragmata"
+.IX Subsection "Updated Modules and Pragmata"
+.IP "\(bu" 4
+Module::CoreList has been upgraded from version 5.20200314 to 5.20200601_30.
+.SH "Testing"
+.IX Header "Testing"
+Tests were added and changed to reflect the other additions and changes in this
+release.
+.SH "Acknowledgements"
+.IX Header "Acknowledgements"
+Perl 5.30.3 represents approximately 3 months of development since Perl 5.30.2
+and contains approximately 1,100 lines of changes across 42 files from 7
+authors.
+.PP
+Excluding auto-generated files, documentation and release tools, there were
+approximately 350 lines of changes to 8 .pm, .t, .c and .h files.
+.PP
+Perl continues to flourish into its fourth decade thanks to a vibrant community
+of users and developers.  The following people are known to have contributed
+the improvements that became Perl 5.30.3:
+.PP
+Chris 'BinGOs' Williams, Hugo van der Sanden, John Lightsey, Karl Williamson,
+Nicolas R., Sawyer X, Steve Hay.
+.PP
+The list above is almost certainly incomplete as it is automatically generated
+from version control history.  In particular, it does not include the names of
+the (very much appreciated) contributors who reported issues to the Perl bug
+tracker.
+.PP
+Many of the changes included in this version originated in the \s-1CPAN\s0 modules
+included in Perl's core.  We're grateful to the entire \s-1CPAN\s0 community for
+helping Perl to flourish.
+.PP
+For a more complete list of all of Perl's historical contributors, please see
+the \fI\s-1AUTHORS\s0\fR file in the Perl source distribution.
+.SH "Reporting Bugs"
+.IX Header "Reporting Bugs"
+If you find what you think is a bug, you might check the perl bug database at
+<https://github.com/Perl/perl5/issues>.  There may also be information at
+<https://www.perl.org/>, the Perl Home Page.
+.PP
+If you believe you have an unreported bug, please open an issue at
+<https://github.com/Perl/perl5/issues>.  Be sure to trim your bug down to a
+tiny but sufficient test case.
+.PP
+If the bug you are reporting has security implications which make it
+inappropriate to send to a public issue tracker, then see
+\&\*(L"\s-1SECURITY VULNERABILITY CONTACT INFORMATION\*(R"\s0 in perlsec for details of how to
+report the issue.
+.SH "Give Thanks"
+.IX Header "Give Thanks"
+If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you
+can do so by running the \f(CW\*(C`perlthanks\*(C'\fR program:
+.PP
+.Vb 1
+\&    perlthanks
+.Ve
+.PP
+This will send an email to the Perl 5 Porters list with your show of thanks.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+The \fIChanges\fR file for an explanation of how to view exhaustive details on
+what changed.
+.PP
+The \fI\s-1INSTALL\s0\fR file for how to build Perl.
+.PP
+The \fI\s-1README\s0\fR file for general stuff.
+.PP
+The \fIArtistic\fR and \fICopying\fR files for copyright information.