/ 
perl-5.34.2
⭐ Starred 2013
/ add-pod-file
Security Advisories (4)
CVE-2023-47038 (2023-10-30)

A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

NAME

add-pod-file - Utility to add new pod/*.pod file to core distribution

USAGE

After make test_prep has been run, call from top level of Perl 5 core distribution:

perl Porting/add-pod-file \
    --stub=<XXX> --section=<Z> --verbose

DESCRIPTION

This is a program which may be helpful when a committer has to add a new *.pod file in the pod/ directory.

Prerequisites

This program assumes that committer has taken the following steps (in the order listed):

1 You have run make test_prep.

This is to guarantee that all files are properly positioned.

2 You have placed a well-formatted .pod file into the pod/ directory.

In the NAME section of this file there is a single non-blank line which consists of a string in the format STUB - ABSTRACT, where STUB is the basename of the file without the .pod suffix and ABSTRACT is the short description of the file. For example, a new file whose path is pod/perlphonypod.pod must have a NAME section like this:

=head1 NAME

perlphonypod - This is phony POD

pod/*.pod files need entries in multiple locations to keep make test_porting happy. This program automates the formulation of most of those entries, but will need some assistance from the committer to work properly. The committer will have to make a reasonable choice as to which section of pod/perl.pod the new .pod file should be listed under. The eligible sections are shown in the following table:

Command-Line Value      Section in pod/perl.pod

     O               => 'Overview',
     T               => 'Tutorials',
     R               => 'Reference Manual',
     I               => 'Internals and C Language Interface',
     H               => 'History',
     M               => 'Miscellaneous',
     L               => 'Language-Specific',
     P               => 'Platform-Specific',

For a first pass, we'll put the new entry at the end of the ^=head2 section specified by the committer with the single-initial provided for command-line switch section.

Testing this program

1 Run configure and make in the source tree.
2 Create a well formatted .pod file somewhere on your system.
3 Copy it into the source tree under pod.
4 Call the program as in "USAGE" above.
5 Call git diff and examine results.
6 Run make test_porting.

BUGS

When the argument provided to the --section command-line switch is P (for platform-specific), win32/pod.mak is not getting updated -- but it's not clear whether it ought to be updated.