Commit | Line | Data |
---|---|---|
77efd0f7 FR |
1 | =encoding utf8 |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | perl5142delta - what is new for perl v5.14.2 | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | This document describes differences between the 5.14.1 release and | |
10 | the 5.14.2 release. | |
11 | ||
12 | If you are upgrading from an earlier release such as 5.14.0, first read | |
13 | L<perl5141delta>, which describes differences between 5.14.0 and | |
14 | 5.14.1. | |
15 | ||
16 | =head1 Core Enhancements | |
17 | ||
18 | No changes since 5.14.0. | |
19 | ||
20 | =head1 Security | |
21 | ||
22 | =head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728). | |
23 | ||
24 | Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would | |
25 | cause an access violation / segfault. A Perl program that accepts a flags value from | |
26 | an external source could expose itself to denial of service or arbitrary code | |
27 | execution attacks. There are no known exploits in the wild. The problem has been | |
28 | corrected by explicitly disabling all unsupported flags and setting unused function | |
29 | pointers to null. Bug reported by Clément Lecigne. | |
30 | ||
31 | =head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939) | |
32 | ||
33 | A bug in C<Encode> could, on certain inputs, cause the heap to overflow. | |
34 | This problem has been corrected. Bug reported by Robert Zacek. | |
35 | ||
36 | =head1 Incompatible Changes | |
37 | ||
38 | There are no changes intentionally incompatible with 5.14.0. If any | |
39 | exist, they are bugs and reports are welcome. | |
40 | ||
41 | =head1 Deprecations | |
42 | ||
43 | There have been no deprecations since 5.14.0. | |
44 | ||
45 | =head1 Modules and Pragmata | |
46 | ||
47 | =head2 New Modules and Pragmata | |
48 | ||
49 | None | |
50 | ||
51 | =head2 Updated Modules and Pragmata | |
52 | ||
53 | =over 4 | |
54 | ||
55 | =item * | |
56 | ||
57 | L<CPAN> has been upgraded from version 1.9600 to version 1.9600_01. | |
58 | ||
59 | L<CPAN::Distribution> has been upgraded from version 1.9602 to 1.9602_01. | |
60 | ||
61 | Backported bugfixes from CPAN version 1.9800. Ensures proper | |
62 | detection of C<configure_requires> prerequisites from CPAN Meta files | |
63 | in the case where C<dynamic_config> is true. [rt.cpan.org #68835] | |
64 | ||
65 | Also ensures that C<configure_requires> is only checked in META files, | |
66 | not MYMETA files, so protect against MYMETA generation that drops | |
67 | C<configure_requires>. | |
68 | ||
69 | =item * | |
70 | ||
71 | L<Encode> has been upgraded from version 2.42 to 2.42_01. | |
72 | ||
73 | See L</Security>. | |
74 | ||
75 | =item * | |
76 | ||
77 | L<File::Glob> has been upgraded from version 1.12 to version 1.13. | |
78 | ||
79 | See L</Security>. | |
80 | ||
81 | =item * | |
82 | ||
83 | L<PerlIO::scalar> has been upgraded from version 0.11 to 0.11_01. | |
84 | ||
85 | It fixes a problem with C<< open my $fh, ">", \$scalar >> not working if | |
86 | C<$scalar> is a copy-on-write scalar. | |
87 | ||
88 | =back | |
89 | ||
90 | =head2 Removed Modules and Pragmata | |
91 | ||
92 | None | |
93 | ||
94 | =head1 Platform Support | |
95 | ||
96 | =head2 New Platforms | |
97 | ||
98 | None | |
99 | ||
100 | =head2 Discontinued Platforms | |
101 | ||
102 | None | |
103 | ||
104 | =head2 Platform-Specific Notes | |
105 | ||
106 | =over 4 | |
107 | ||
108 | =item HP-UX PA-RISC/64 now supports gcc-4.x | |
109 | ||
110 | A fix to correct the socketsize now makes the test suite pass on HP-UX | |
111 | PA-RISC for 64bitall builds. | |
112 | ||
113 | =item Building on OS X 10.7 Lion and Xcode 4 works again | |
114 | ||
115 | The build system has been updated to work with the build tools under Mac OS X | |
116 | 10.7. | |
117 | ||
118 | =back | |
119 | ||
120 | =head1 Bug Fixes | |
121 | ||
122 | =over 4 | |
123 | ||
124 | =item * | |
125 | ||
126 | In @INC filters (subroutines returned by subroutines in @INC), $_ used to | |
127 | misbehave: If returned from a subroutine, it would not be copied, but the | |
128 | variable itself would be returned; and freeing $_ (e.g., with C<undef *_>) | |
129 | would cause perl to crash. This has been fixed [perl #91880]. | |
130 | ||
131 | =item * | |
132 | ||
133 | Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of | |
134 | a pack template equivalent to "U0" if the input string was empty. This has | |
135 | been fixed [perl #90160]. | |
136 | ||
137 | =item * | |
138 | ||
139 | C<caller> no longer leaks memory when called from the DB package if | |
140 | C<@DB::args> was assigned to after the first call to C<caller>. L<Carp> | |
141 | was triggering this bug [perl #97010]. | |
142 | ||
143 | =item * | |
144 | ||
145 | C<utf8::decode> had a nasty bug that would modify copy-on-write scalars' | |
146 | string buffers in place (i.e., skipping the copy). This could result in | |
147 | hashes having two elements with the same key [perl #91834]. | |
148 | ||
149 | =item * | |
150 | ||
151 | Localising a tied variable used to make it read-only if it contained a | |
152 | copy-on-write string. | |
153 | ||
154 | =item * | |
155 | ||
156 | Elements of restricted hashes (see the L<fields> pragma) containing | |
157 | copy-on-write values couldn't be deleted, nor could such hashes be cleared | |
158 | (C<%hash = ()>). | |
159 | ||
160 | =item * | |
161 | ||
162 | Locking a hash element that is a glob copy no longer causes subsequent | |
163 | assignment to it to corrupt the glob. | |
164 | ||
165 | =item * | |
166 | ||
167 | A panic involving the combination of the regular expression modifiers | |
168 | C</aa> introduced in 5.14.0 and the C<\b> escape sequence has been | |
169 | fixed [perl #95964]. | |
170 | ||
171 | =back | |
172 | ||
173 | =head1 Known Problems | |
174 | ||
175 | This is a list of some significant unfixed bugs, which are regressions | |
176 | from 5.12.0. | |
177 | ||
178 | =over 4 | |
179 | ||
180 | =item * | |
181 | ||
182 | C<PERL_GLOBAL_STRUCT> is broken. | |
183 | ||
184 | Since perl 5.14.0, building with C<-DPERL_GLOBAL_STRUCT> hasn't been | |
185 | possible. This means that perl currently doesn't work on any platforms that | |
186 | require it to be built this way, including Symbian. | |
187 | ||
188 | While C<PERL_GLOBAL_STRUCT> now works again on recent development versions of | |
189 | perl, it actually working on Symbian again hasn't been verified. | |
190 | ||
191 | We'd be very interested in hearing from anyone working with Perl on Symbian. | |
192 | ||
193 | =back | |
194 | ||
195 | =head1 Acknowledgements | |
196 | ||
197 | Perl 5.14.2 represents approximately three months of development since | |
198 | Perl 5.14.1 and contains approximately 1200 lines of changes | |
199 | across 61 files from 9 authors. | |
200 | ||
201 | Perl continues to flourish into its third decade thanks to a vibrant | |
202 | community of users and developers. The following people are known to | |
203 | have contributed the improvements that became Perl 5.14.2: | |
204 | ||
205 | Craig A. Berry, David Golden, Father Chrysostomos, Florian Ragwitz, H.Merijn | |
206 | Brand, Karl Williamson, Nicholas Clark, Pau Amma and Ricardo Signes. | |
207 | ||
208 | =head1 Reporting Bugs | |
209 | ||
210 | If you find what you think is a bug, you might check the articles | |
211 | recently posted to the comp.lang.perl.misc newsgroup and the perl | |
212 | bug database at http://rt.perl.org/perlbug/ . There may also be | |
213 | information at http://www.perl.org/ , the Perl Home Page. | |
214 | ||
215 | If you believe you have an unreported bug, please run the L<perlbug> | |
216 | program included with your release. Be sure to trim your bug down | |
217 | to a tiny but sufficient test case. Your bug report, along with the | |
218 | output of C<perl -V>, will be sent off to perlbug@perl.org to be | |
219 | analysed by the Perl porting team. | |
220 | ||
221 | If the bug you are reporting has security implications, which make it | |
222 | inappropriate to send to a publicly archived mailing list, then please send | |
223 | it to perl5-security-report@perl.org. This points to a closed subscription | |
224 | unarchived mailing list, which includes all the core committers, who be able | |
225 | to help assess the impact of issues, figure out a resolution, and help | |
226 | co-ordinate the release of patches to mitigate or fix the problem across all | |
227 | platforms on which Perl is supported. Please only use this address for | |
228 | security issues in the Perl core, not for modules independently | |
229 | distributed on CPAN. | |
230 | ||
231 | =head1 SEE ALSO | |
232 | ||
233 | The F<Changes> file for an explanation of how to view exhaustive details | |
234 | on what changed. | |
235 | ||
236 | The F<INSTALL> file for how to build Perl. | |
237 | ||
238 | The F<README> file for general stuff. | |
239 | ||
240 | The F<Artistic> and F<Copying> files for copyright information. | |
241 | ||
242 | =cut |