1 files changed, 186 insertions, 0 deletions
diff --git a/upstream/mageia-cauldron/man1/perl5283delta.1 b/upstream/mageia-cauldron/man1/perl5283delta.1
new file mode 100644
index 00000000..fe1a5ef3
--- /dev/null
+++ b/upstream/mageia-cauldron/man1/perl5283delta.1
@@ -0,0 +1,186 @@
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
+.ie n \{\
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\" ========================================================================
+.\"
+.IX Title "PERL5283DELTA 1"
+.TH PERL5283DELTA 1 2023-11-28 "perl v5.38.2" "Perl Programmers Reference Guide"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH NAME
+perl5283delta \- what is new for perl v5.28.3
+.SH DESCRIPTION
+.IX Header "DESCRIPTION"
+This document describes differences between the 5.28.2 release and the 5.28.3
+release.
+.PP
+If you are upgrading from an earlier release such as 5.28.1, first read
+perl5282delta, which describes differences between 5.28.1 and 5.28.2.
+.SH Security
+.IX Header "Security"
+.SS "[CVE\-2020\-10543] Buffer overflow caused by a crafted regular expression"
+.IX Subsection "[CVE-2020-10543] Buffer overflow caused by a crafted regular expression"
+A signed \f(CW\*(C`size_t\*(C'\fR integer overflow in the storage space calculations for
+nested regular expression quantifiers could cause a heap buffer overflow in
+Perl's regular expression compiler that overwrites memory allocated after the
+regular expression storage space with attacker supplied data.
+.PP
+The target system needs a sufficient amount of memory to allocate partial
+expansions of the nested quantifiers prior to the overflow occurring.  This
+requirement is unlikely to be met on 64\-bit systems.
+.PP
+Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup).
+.SS "[CVE\-2020\-10878] Integer overflow via malformed bytecode produced by a crafted regular expression"
+.IX Subsection "[CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression"
+Integer overflows in the calculation of offsets between instructions for the
+regular expression engine could cause corruption of the intermediate language
+state of a compiled regular expression.  An attacker could abuse this behaviour
+to insert instructions into the compiled form of a Perl regular expression.
+.PP
+Discovered by: Hugo van der Sanden and Slaven Rezic.
+.SS "[CVE\-2020\-12723] Buffer overflow caused by a crafted regular expression"
+.IX Subsection "[CVE-2020-12723] Buffer overflow caused by a crafted regular expression"
+Recursive calls to \f(CWS_study_chunk()\fR by Perl's regular expression compiler to
+optimize the intermediate language representation of a regular expression could
+cause corruption of the intermediate language state of a compiled regular
+expression.
+.PP
+Discovered by: Sergey Aleynikov.
+.SS "Additional Note"
+.IX Subsection "Additional Note"
+An application written in Perl would only be vulnerable to any of the above
+flaws if it evaluates regular expressions supplied by the attacker.  Evaluating
+regular expressions in this fashion is known to be dangerous since the regular
+expression engine does not protect against denial of service attacks in this
+usage scenario.
+.SH "Incompatible Changes"
+.IX Header "Incompatible Changes"
+There are no changes intentionally incompatible with Perl 5.28.2.  If any
+exist, they are bugs, and we request that you submit a report.  See
+"Reporting Bugs" below.
+.SH "Modules and Pragmata"
+.IX Header "Modules and Pragmata"
+.SS "Updated Modules and Pragmata"
+.IX Subsection "Updated Modules and Pragmata"
+.IP \(bu 4
+Module::CoreList has been upgraded from version 5.20190419 to 5.20200601_28.
+.SH Testing
+.IX Header "Testing"
+Tests were added and changed to reflect the other additions and changes in this
+release.
+.SH Acknowledgements
+.IX Header "Acknowledgements"
+Perl 5.28.3 represents approximately 13 months of development since Perl 5.28.2
+and contains approximately 3,100 lines of changes across 48 files from 16
+authors.
+.PP
+Excluding auto-generated files, documentation and release tools, there were
+approximately 1,700 lines of changes to 9 .pm, .t, .c and .h files.
+.PP
+Perl continues to flourish into its fourth decade thanks to a vibrant community
+of users and developers.  The following people are known to have contributed
+the improvements that became Perl 5.28.3:
+.PP
+Chris 'BinGOs' Williams, Dan Book, Hugo van der Sanden, James E Keenan, John
+Lightsey, Karen Etheridge, Karl Williamson, Matthew Horsfall, Max Maischein,
+Nicolas R., Renee Baecker, Sawyer X, Steve Hay, Tom Hukins, Tony Cook, Zak B.
+Elep.
+.PP
+The list above is almost certainly incomplete as it is automatically generated
+from version control history.  In particular, it does not include the names of
+the (very much appreciated) contributors who reported issues to the Perl bug
+tracker.
+.PP
+Many of the changes included in this version originated in the CPAN modules
+included in Perl's core.  We're grateful to the entire CPAN community for
+helping Perl to flourish.
+.PP
+For a more complete list of all of Perl's historical contributors, please see
+the \fIAUTHORS\fR file in the Perl source distribution.
+.SH "Reporting Bugs"
+.IX Header "Reporting Bugs"
+If you find what you think is a bug, you might check the perl bug database at
+<https://github.com/Perl/perl5/issues>.  There may also be information at
+<https://www.perl.org/>, the Perl Home Page.
+.PP
+If you believe you have an unreported bug, please open an issue at
+<https://github.com/Perl/perl5/issues>.  Be sure to trim your bug down to a
+tiny but sufficient test case.
+.PP
+If the bug you are reporting has security implications which make it
+inappropriate to send to a public issue tracker, then see
+"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of how to
+report the issue.
+.SH "Give Thanks"
+.IX Header "Give Thanks"
+If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you
+can do so by running the \f(CW\*(C`perlthanks\*(C'\fR program:
+.PP
+.Vb 1
+\&    perlthanks
+.Ve
+.PP
+This will send an email to the Perl 5 Porters list with your show of thanks.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+The \fIChanges\fR file for an explanation of how to view exhaustive details on
+what changed.
+.PP
+The \fIINSTALL\fR file for how to build Perl.
+.PP
+The \fIREADME\fR file for general stuff.
+.PP
+The \fIArtistic\fR and \fICopying\fR files for copyright information.