Commit | Line | Data |
---|---|---|
6253ee75 DR |
1 | =encoding utf8 |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | perl5177delta - what is new for perl v5.17.7 | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | This document describes differences between the 5.17.6 release and the 5.17.7 | |
10 | release. | |
11 | ||
12 | If you are upgrading from an earlier release such as 5.17.5, first read | |
13 | L<perl5176delta>, which describes differences between 5.17.5 and 5.17.6. | |
14 | ||
15 | =head1 Core Enhancements | |
16 | ||
17 | =head2 $&, $` and $' are no longer slow | |
18 | ||
19 | These three infamous variables have been redeemed and no longer slow down | |
20 | your program when used. Hence, the /p regular expression flag now does | |
21 | nothing. | |
22 | ||
23 | =head1 Security | |
24 | ||
25 | =head2 C<Storable> security warning in documentation | |
26 | ||
27 | The documentation for C<Storable> now includes a section which warns readers | |
28 | of the danger of accepting Storable documents from untrusted sources. The | |
29 | short version is that deserializing certain types of data can lead to loading | |
30 | modules and other code execution. This is documented behavior and wanted | |
31 | behavior, but this opens an attack vector for malicious entities. | |
32 | ||
33 | =head2 C<Locale::Maketext> allowed code injection via a malicious template | |
34 | ||
35 | If users could provide a translation string to Locale::Maketext, this could be | |
36 | used to invoke arbitrary Perl subroutines available in the current process. | |
37 | ||
38 | This has been fixed, but it is still possible to invoke any method provided by | |
39 | C<Locale::Maketext> itself or a subclass that you are using. One of these | |
40 | methods in turn will invoke the Perl core's C<sprintf> subroutine. | |
41 | ||
42 | In summary, allowing users to provide translation strings without auditing | |
43 | them is a bad idea. | |
44 | ||
45 | This vulnerability is documented in CVE-2012-6329. | |
46 | ||
47 | =head1 Incompatible Changes | |
48 | ||
49 | =head2 readline() with C<$/ = \N> now reads N characters, not N bytes | |
50 | ||
51 | Previously, when reading from a stream with I/O layers such as | |
52 | C<encoding>, the readline() function, otherwise known as the C<< <> >> | |
53 | operator, would read I<N> bytes from the top-most layer. [perl #79960] | |
54 | ||
55 | Now, I<N> characters are read instead. | |
56 | ||
57 | There is no change in behaviour when reading from streams with no | |
58 | extra layers, since bytes map exactly to characters. | |
59 | ||
60 | =head2 Lexical subroutine warnings have moved | |
61 | ||
62 | The warning about the use of an experimental feature emitted when lexical | |
63 | subroutines (added in 5.17.4) are used now happens when the subroutine | |
64 | itself is declared, not when the "lexical_subs" feature is activated via | |
65 | C<use feature>. | |
66 | ||
67 | This stops C<use feature ':all'> from warning, but causes | |
68 | C<my sub foo; my sub bar> to warn twice. | |
69 | ||
70 | =head2 Overridden C<glob> is now passed one argument | |
71 | ||
72 | C<glob> overrides used to be passed a magical undocumented second argument | |
73 | that identified the caller. Nothing on CPAN was using this, and it got in | |
74 | the way of a bug fix, so it was removed. If you really need to identify | |
75 | the caller, see L<Devel::Callsite> on CPAN. | |
76 | ||
77 | =head1 Deprecations | |
78 | ||
79 | =head2 Lexical $_ is now deprecated | |
80 | ||
81 | Since it was introduced in Perl 5.10, it has caused much confusion with no | |
82 | obvious solution: | |
83 | ||
84 | =over | |
85 | ||
86 | =item * | |
87 | ||
88 | Various modules (e.g., List::Util) expect callback routines to use the | |
89 | global $_. C<use List::Util 'first'; my $_; first { $_ == 1 } @list> does | |
90 | not work as one would expect. | |
91 | ||
92 | =item * | |
93 | ||
94 | A C<my $_> declaration earlier in the same file can cause confusing closure | |
95 | warnings. | |
96 | ||
97 | =item * | |
98 | ||
99 | The "_" subroutine prototype character allows called subroutines to access | |
100 | your lexical $_, so it is not really private after all. | |
101 | ||
102 | =item * | |
103 | ||
104 | Nevertheless, subroutines with a "(@)" prototype and methods cannot access | |
105 | the caller's lexical $_, unless they are written in XS. | |
106 | ||
107 | =item * | |
108 | ||
109 | But even XS routines cannot access a lexical $_ declared, not in the | |
110 | calling subroutine, but in an outer scope, iff that subroutine happened not | |
111 | to mention $_ or use any operators that default to $_. | |
112 | ||
113 | =back | |
114 | ||
115 | =head2 Various XS-callable functions are now deprecated | |
116 | ||
117 | The following functions will be removed from a future version of Perl, | |
118 | and should not be used. With participating C compilers (e.g., gcc), | |
119 | compiling any file that uses any of these will generate a warning. | |
120 | These were not intended for public use; there are equivalent, faster, | |
121 | macros for most of them. See L<perlapi/Character classes>: | |
122 | C<is_uni_ascii>, C<is_uni_ascii_lc>, C<is_uni_blank>, C<is_uni_blank_lc>, | |
123 | C<is_uni_cntrl>, C<is_uni_cntrl_lc>, C<is_uni_idfirst_lc>, C<is_uni_space>, | |
124 | C<is_uni_space_lc>, C<is_uni_xdigit>, C<is_uni_xdigit_lc>, C<is_utf8_ascii>, | |
125 | C<is_utf8_blank>, C<is_utf8_cntrl>, C<is_utf8_idcont>, C<is_utf8_idfirst>, | |
126 | C<is_utf8_perl_space>, C<is_utf8_perl_word>, C<is_utf8_posix_digit>, | |
127 | C<is_utf8_space>, C<is_utf8_xdigit>. C<is_utf8_xidcont>, C<is_utf8_xidfirst>, | |
128 | C<to_uni_lower_lc>, C<to_uni_title_lc>, and C<to_uni_upper_lc>. | |
129 | ||
130 | =head1 Performance Enhancements | |
131 | ||
132 | =over 4 | |
133 | ||
134 | =item * | |
135 | ||
136 | Perl has a new copy-on-write mechanism that avoids the need to copy the | |
137 | internal string buffer when assigning from one scalar to another. This | |
138 | makes copying large strings appear much faster. Modifying one of the two | |
139 | (or more) strings after an assignment will force a copy internally. This | |
140 | makes it unnecessary to pass strings by reference for efficiency. | |
141 | ||
142 | =back | |
143 | ||
144 | =head1 Modules and Pragmata | |
145 | ||
146 | =head2 Updated Modules and Pragmata | |
147 | ||
148 | =over 4 | |
149 | ||
150 | =item * | |
151 | ||
152 | L<File::DosGlob> has been upgraded from version 1.08 to 1.09. The internal | |
153 | cache of file names that it keeps for each caller is now freed when that | |
154 | caller is freed. This means | |
155 | C<< use File::DosGlob 'glob'; eval 'scalar <*>' >> no longer leaks memory. | |
156 | ||
157 | =item * | |
158 | ||
159 | L<File::Glob> has been upgraded from version 1.18 to 1.19. File::Glob has | |
160 | had exactly the same fix as File::DosGlob. Since it is what Perl's own | |
161 | C<glob> operator itself uses (except on VMS), this means | |
162 | C<< eval 'scalar <*>' >> no longer leaks. | |
163 | ||
164 | =item * | |
165 | ||
166 | L<GDBM_File> has been upgraded from version 1.14 to 1.15. The undocumented | |
167 | optional fifth parameter to C<TIEHASH> has been removed. This was intended | |
168 | to provide control of the callback used by C<gdbm*> functions in case of | |
169 | fatal errors (such as filesystem problems), but did not work (and could | |
170 | never have worked). No code on CPAN even attempted to use it. The callback | |
171 | is now always the previous default, C<croak>. Problems on some platforms with | |
172 | how the C<C> C<croak> function is called have also been resolved. | |
173 | ||
174 | =item * | |
175 | ||
176 | L<Module::CoreList> has been upgraded from version 2.78 to 2.79. | |
177 | ||
178 | =back | |
179 | ||
180 | =head1 Documentation | |
181 | ||
182 | =head2 Changes to Existing Documentation | |
183 | ||
184 | =head3 L<perlapi/Character classes> | |
185 | ||
186 | =over 4 | |
187 | ||
188 | =item * | |
189 | ||
190 | There are quite a few macros callable from XS modules that classify | |
191 | characters into things like alphabetic, punctuation, etc. More of these | |
192 | are now documented, including ones which work on characters whose code | |
193 | points are outside the Latin-1 range. | |
194 | ||
195 | =back | |
196 | ||
197 | =head1 Diagnostics | |
198 | ||
199 | The following additions or changes have been made to diagnostic output, | |
200 | including warnings and fatal error messages. For the complete list of | |
201 | diagnostic messages, see L<perldiag>. | |
202 | ||
203 | =head2 Changes to Existing Diagnostics | |
204 | ||
205 | =over 4 | |
206 | ||
207 | =item * | |
208 | ||
209 | L<Constant(%s): Call to &{$^H{%s}} did not return a defined value|perldiag/Constant(%s): Call to &{$^H{%s}} did not return a defined value> | |
210 | ||
211 | Constant overloading that returns C<undef> results in this error message. | |
212 | For numeric constants, it used to say "Constant(undef)". "undef" has been | |
213 | replaced with the number itself. | |
214 | ||
215 | =back | |
216 | ||
217 | =head1 Internal Changes | |
218 | ||
219 | =over 4 | |
220 | ||
221 | =item * | |
222 | ||
223 | SvUPGRADE() is no longer an expression. Originally this macro (and its | |
224 | underlying function, sv_upgrade()) were documented as boolean, although | |
225 | in reality they always croaked on error and never returned false. In 2005 | |
226 | the documentation was updated to specify a void return value, but | |
227 | SvUPGRADE() was left always returning 1 for backwards compatibility. This | |
228 | has now been removed, and SvUPGRADE() is now a statement with no return | |
229 | value. | |
230 | ||
231 | So this is now a syntax error: | |
232 | ||
233 | if (!SvUPGRADE(sv)) { croak(...); } | |
234 | ||
235 | If you have code like that, simply replace it with | |
236 | ||
237 | SvUPGRADE(sv); | |
238 | ||
239 | or to to avoid compiler warnings with older perls, possibly | |
240 | ||
241 | (void)SvUPGRADE(sv); | |
242 | ||
243 | =item * | |
244 | ||
245 | Perl has a new copy-on-write mechanism that allows any SvPOK scalar to be | |
246 | upgraded to a copy-on-write scalar. A reference count on the string buffer | |
247 | is stored in the string buffer itself. | |
248 | ||
249 | This breaks a few XS modules by allowing copy-on-write scalars to go | |
250 | through code paths that never encountered them before. | |
251 | ||
252 | This behaviour can still be disabled by running F<Configure> with | |
253 | B<-Accflags=-DPERL_NO_COW>. This option will probably be removed in Perl | |
254 | 5.20. | |
255 | ||
256 | =item * | |
257 | ||
258 | Copy-on-write no longer uses the SvFAKE and SvREADONLY flags. Hence, | |
259 | SvREADONLY indicates a true read-only SV. | |
260 | ||
261 | Use the SvIsCOW macro (as before) to identify a copy-on-write scalar. | |
262 | ||
263 | =item * | |
264 | ||
265 | C<PL_sawampersand> is now a constant. The switch this variable provided | |
266 | (to enable/disable the pre-match copy depending on whether C<$&> had been | |
267 | seen) has been removed and replaced with copy-on-write, eliminating a few | |
268 | bugs. | |
269 | ||
270 | The previous behaviour can still be enabled by running F<Configure> with | |
271 | B<-Accflags=-DPERL_SAWAMPERSAND>. | |
272 | ||
273 | =item * | |
274 | ||
275 | PL_glob_index is gone. | |
276 | ||
277 | =back | |
278 | ||
279 | =head1 Selected Bug Fixes | |
280 | ||
281 | =over 4 | |
282 | ||
283 | =item * | |
284 | ||
285 | C<sort {undef} ...> under fatal warnings no longer crashes. It started | |
286 | crashing in Perl 5.16. | |
287 | ||
288 | =item * | |
289 | ||
290 | Stashes blessed into each other | |
291 | (C<bless \%Foo::, 'Bar'; bless \%Bar::, 'Foo'>) no longer result in double | |
292 | frees. This bug started happening in Perl 5.16. | |
293 | ||
294 | =item * | |
295 | ||
296 | Numerous memory leaks have been fixed, mostly involving fatal warnings and | |
297 | syntax errors. | |
298 | ||
299 | =item * | |
300 | ||
301 | Lexical constants (C<my sub answer () { 42 }>) no longer cause double | |
302 | frees. | |
303 | ||
304 | =item * | |
305 | ||
306 | Constant subroutine redefinition warns by default, but lexical constants | |
307 | were accidentally exempt from default warnings. This has been corrected. | |
308 | ||
309 | =item * | |
310 | ||
311 | Some failed regular expression matches such as C<'f' =~ /../g> were not | |
312 | resetting C<pos>. Also, "match-once" patterns (C<m?...?g>) failed to reset | |
313 | it, too, when invoked a second time [perl #23180]. | |
314 | ||
315 | =item * | |
316 | ||
317 | Accessing C<$&> after a pattern match now works if it had not been seen | |
318 | before the match. I.e., this applies to C<${'&'}> (under C<no strict>) and | |
319 | C<eval '$&'>. The same applies to C<$'> and C<$`> [perl #4289]. | |
320 | ||
321 | =item * | |
322 | ||
323 | Several bugs involving C<local *ISA> and C<local *Foo::> causing stale | |
324 | MRO caches have been fixed. | |
325 | ||
326 | =item * | |
327 | ||
328 | Defining a subroutine when its typeglob has been aliased no longer results | |
329 | in stale method caches. This bug was introduced in Perl 5.10. | |
330 | ||
331 | =item * | |
332 | ||
333 | Localising a typeglob containing a subroutine when the typeglob's package | |
334 | has been deleted from its parent stash no longer produces an error. This | |
335 | bug was introduced in Perl 5.14. | |
336 | ||
337 | =item * | |
338 | ||
339 | Under some circumstances, C<local *method=...> would fail to reset method | |
340 | caches upon scope exit. | |
341 | ||
342 | =item * | |
343 | ||
344 | C</[.foo.]/> is no longer an error, but produces a warning (as before) and | |
345 | is treated as C</[.fo]/> [perl #115818]. | |
346 | ||
347 | =item * | |
348 | ||
349 | C<goto $tied_var> now calls FETCH before deciding what type of goto | |
350 | (subroutine or label) this is. | |
351 | ||
352 | =item * | |
353 | ||
354 | Renaming packages through glob assignment | |
355 | (C<*Foo:: = *Bar::; *Bar:: = *Baz::>) in combination with C<m?...?> and | |
356 | C<reset> no longer makes threaded builds crash. | |
357 | ||
358 | =item * | |
359 | ||
360 | An earlier release in the 5.17.x series could crash if user code prevented | |
361 | _charnames from loading via C<$INC{'_charnames.pm'}++>. | |
362 | ||
363 | =item * | |
364 | ||
365 | A number of bugs related to assigning a list to hash have been fixed. Many of | |
366 | these involve lists with repeated keys like C<(1, 1, 1, 1)>. | |
367 | ||
7a4cf484 | 368 | =over 4 |
6253ee75 | 369 | |
7a4cf484 | 370 | =item * |
6253ee75 DR |
371 | |
372 | The expression C<scalar(%h = (1, 1, 1, 1))> now returns C<4>, not C<2>. | |
373 | ||
7a4cf484 | 374 | =item * |
6253ee75 DR |
375 | |
376 | The return value of C<%h = (1, 1, 1)> in list context was wrong. Previously | |
377 | this would return C<(1, undef, 1)>, now it returns C<(1, undef)>. | |
378 | ||
7a4cf484 | 379 | =item * |
6253ee75 DR |
380 | |
381 | Perl now issues the same warning on C<($s, %h) = (1, {})> as it does for | |
382 | C<(%h) = ({})>, "Reference found where even-sized list expected". | |
383 | ||
7a4cf484 | 384 | =item * |
6253ee75 DR |
385 | |
386 | A number of additional edge cases in list assignment to hashes were | |
387 | corrected. For more details see commit 23b7025ebc. | |
388 | ||
389 | =back | |
390 | ||
391 | =back | |
392 | ||
393 | =head1 Known Problems | |
394 | ||
395 | There may be a failure in the F<t/op/require_errors.t> test if you run the | |
396 | test suite as the root user. | |
397 | ||
398 | =head1 Acknowledgements | |
399 | ||
400 | Perl 5.17.7 represents approximately 4 weeks of development since Perl 5.17.6 | |
401 | and contains approximately 30,000 lines of changes across 490 files from 26 | |
402 | authors. | |
403 | ||
404 | Perl continues to flourish into its third decade thanks to a vibrant community | |
405 | of users and developers. The following people are known to have contributed the | |
406 | improvements that became Perl 5.17.7: | |
407 | ||
408 | Alexandr Ciornii, Bob Ernst, Brian Carlson, Chris 'BinGOs' Williams, Craig A. | |
409 | Berry, Daniel Dragan, Dave Rolsky, David Mitchell, Father Chrysostomos, Hugo | |
410 | van der Sanden, James E Keenan, Joel Berger, Karl Williamson, Lukas Mai, Martin | |
411 | Hasch, Matthew Horsfall, Nicholas Clark, Ricardo Signes, Ruslan Zakirov, Sergey | |
412 | Alekseev, Steffen Müller, Sullivan Beck, Sven Strickroth, Sébastien | |
413 | Aperghis-Tramoni, Tony Cook, Yves Orton. | |
414 | ||
415 | The list above is almost certainly incomplete as it is automatically generated | |
416 | from version control history. In particular, it does not include the names of | |
417 | the (very much appreciated) contributors who reported issues to the Perl bug | |
418 | tracker. | |
419 | ||
420 | Many of the changes included in this version originated in the CPAN modules | |
421 | included in Perl's core. We're grateful to the entire CPAN community for | |
422 | helping Perl to flourish. | |
423 | ||
424 | For a more complete list of all of Perl's historical contributors, please see | |
425 | the F<AUTHORS> file in the Perl source distribution. | |
426 | ||
427 | =head1 Reporting Bugs | |
428 | ||
429 | If you find what you think is a bug, you might check the articles recently | |
430 | posted to the comp.lang.perl.misc newsgroup and the perl bug database at | |
431 | http://rt.perl.org/perlbug/ . There may also be information at | |
432 | http://www.perl.org/ , the Perl Home Page. | |
433 | ||
434 | If you believe you have an unreported bug, please run the L<perlbug> program | |
435 | included with your release. Be sure to trim your bug down to a tiny but | |
436 | sufficient test case. Your bug report, along with the output of C<perl -V>, | |
437 | will be sent off to perlbug@perl.org to be analysed by the Perl porting team. | |
438 | ||
439 | If the bug you are reporting has security implications, which make it | |
440 | inappropriate to send to a publicly archived mailing list, then please send it | |
441 | to perl5-security-report@perl.org. This points to a closed subscription | |
442 | unarchived mailing list, which includes all the core committers, who will be | |
443 | able to help assess the impact of issues, figure out a resolution, and help | |
444 | co-ordinate the release of patches to mitigate or fix the problem across all | |
445 | platforms on which Perl is supported. Please only use this address for | |
446 | security issues in the Perl core, not for modules independently distributed on | |
447 | CPAN. | |
448 | ||
449 | =head1 SEE ALSO | |
450 | ||
451 | The F<Changes> file for an explanation of how to view exhaustive details on | |
452 | what changed. | |
453 | ||
454 | The F<INSTALL> file for how to build Perl. | |
455 | ||
456 | The F<README> file for general stuff. | |
457 | ||
458 | The F<Artistic> and F<Copying> files for copyright information. | |
459 | ||
460 | =cut |